LGPD establishes guidelines for data protection in the health segment

The LGPD (General Data Protection Law) establishes clear guidelines on the collection, storage, use and disclosure of personal data, in order to protect the privacy of individuals. This also applies to information collected in the field of health, such as name, address, CPF number, among other information requested for the provision of health services, such as hospitals, offices, health plan and pharmacies.

The lack of regulation in data collection represents one of the main problems for the exchange of information and has been a major challenge for health systems worldwide.

With the implementation of the National Health Data Network (RNDS), it is possible to take a significant step towards overcoming this challenge, as it will provide for the integration and standardization of health data, allowing essential information to be shared efficiently among different health systems and institutions.

In the context of health, professionals assume the important responsibility of protecting the personal data of their patients and clients, maintaining compliance with the LGPD. In this sense, it is essential to provide clear information on how this data will be treated.

Health professionals are responsible for protecting the personal data of their patients and, in the case of pharmacies, their customers, in accordance with LGPD regulations.

Patients, on the other hand, have specific rights in relation to their personal data, including the right to access, correct and delete this information.

Data protection in pharmacies: Approaches and challenges

The protection of personal data that is collected in pharmacies is an essential concern for compliance with the LGPD. Pharmacies, as establishments that handle personal and sensitive data, must adopt adequate measures to guarantee the security and privacy of this data.

Pharmacies must ensure that data is collected transparently and in accordance with the rules established by law. Furthermore, it is critical that they adopt technical and organizational measures to protect this data once morest improper access, loss, theft or any form of unauthorized processing.

It is important to emphasize that pharmacies must inform customers in a clear and accessible way regarding how data will be used, shared and stored. Data subjects also have the right to access, correct, update and request deletion of their personal information, as provided for in the LGPD.

Recently (05/12/2023), the ANPD released a technical note informing that it will intensify inspection in pharmacies due to excessive collection of personal data.

According to the National Data Protection Authority, which has been monitoring the processing of personal data in pharmacies since 2020, some practices were identified that were not yet fully compliant with the LGPD. Among them was the lack of transparency regarding the sharing of personal data with third parties without the consent of the data subjects.

Some notes from the technical note

• A lack of transparency was identified regarding the sharing without consent of personal data to third parties;
• Indications of the use of personal data processing for purposes other than those indicated to the holders and excessive data collection, including sensitive data, such as the collection of biometrics;
• Pharmacy chains that have loyalty programs sometimes do not go into detail regarding their methodology and under what conditions data holders are treated;
• Some pharmacy websites do not even provide information regarding their privacy policies.

ANPD will continue to closely monitor the activities of the pharmaceutical sector and adopt the necessary measures to ensure compliance with the provisions of the General Data Protection Law (LGPD), with a view to respecting the rights of data subjects.

Pharmacies Pague Menos implements a management system for the LGPD with Privacy Tools aimed at the privacy of its customers

With the entry into force of the LGPD in September 2020, companies began to prioritize adequacy projects, aimed at the privacy and data protection of their customers. This was one of the initiatives of Farmácias Pague Menos, a company in the North and Northeast regions, which implemented Privacy Tools’ privacy management tools.

According to the DPO and Executive Manager of IT Governance and Information Security at Pague Menos, Clayton Soares “We deal with B2C and there are many business areas, each with its managers and specific needs, we needed a partner not just a supplier”.

Complete case: Pague Menos Pharmacy.

Sobre Privacy Tools

A Privacy Tools is a privacy tool that aims to help companies in the process of complying with the obligations of different legislations, such as LGPD and GDPR.

Website: