Compliance Map

Legal & Regulatory Compliance

​

🧾 Use Case: Data Protection Law

Standard / Requirement: GDPR (EU 2016/679); Data Protection Act 2018 (Ireland)
How PharmaFAST Complies: A Data Processing Agreement (DPA) is issued to all partners. Our role-based architecture ensures the pharmacy is the Data Controller and PharmaFAST acts as a compliant Data Processor.

​

💊 Use Case: Prescription Handling

Standard / Requirement: Medicinal Products (Prescription & Control of Supply) Regulations
How PharmaFAST Complies: We never alter prescriptions. The platform securely routes scanned or uploaded prescriptions to verified Healthmail addresses.

​

💼 Use Case: PCS Compliance

Standard / Requirement: HSE Primary Care Services Guidelines
How PharmaFAST Complies: Our PCS module is built using official HSE templates. The full service flow is aligned with reimbursement structures and audit expectations.

​

📡 Use Case: Electronic Communications

Standard / Requirement: ePrivacy Regulations; Healthmail Compliance
How PharmaFAST Complies: All clinical communication is routed via encrypted Healthmail. No prescription data is stored in the platform post-transmission.

​

👩‍⚕️ Use Case: Clinical Governance

Standard / Requirement: HSE & PSI Clinical Governance Protocols
How PharmaFAST Complies: Our platform includes vaccine administration logs, digital patient consent, adverse event tagging, and auditable service trails to support pharmacy compliance.

​

Data Protection & GDPR Compliance

​

🔄 Use Case: Data Roles

Control: Controller / Processor Split
Description: Pharmacies act as the Data Controller; PharmaFAST operates as the Data Processor under a signed DPA.

⚖️ Use Case: Lawful Basis

Control: Legitimate Interest / Consent
Description: Explicit consent is gathered before any data processing, ensuring legal basis for all core functions.

🛂 Use Case: Access Control

Control: RBAC + 2FA
Description: All staff access is permission-based, and sensitive functions require two-factor authentication.

📉 Use Case: Data Minimization

Control: Field Restrictions
Description: Only essential personal data is collected — such as name, date of birth, and Eircode.

🗄️ Use Case: Data Storage

Control: Encrypted + EU-Only Servers
Description: All data is securely hosted in ISO 27001-certified data centers within the EU (AWS Dublin / Azure Ireland).

🔁 Use Case: Data Sharing

Control: Secure Healthmail API Routing
Description: Patient data is only shared with verified recipients (GPs, pharmacies, HSE) through Healthmail — never stored or reused.

📋 Use Case: DPIA

Control: Available
Description: A full Data Protection Impact Assessment (DPIA) has been conducted on each platform module and is available upon request.

📜 Use Case: Audit Logs

Control: Full Tracking
Description: All interactions — from logins to patient record access — are fully logged and auditable.

🧾 Use Case: Retention Policy

Control: 7-Year Clinical Record
Description: Records are stored in line with HSE guidance unless a shorter retention period is requested

by the pharmacy.

​

Clinical Safety & Audit Compliance

​

💉 Use Case: Vaccination & Service Logs

Compliance Element: Digital Record
Details: Each log includes vaccine name, batch, expiry, injection site, and administrator signature — supporting PSI inspections.

🖊️ Use Case: Consent

Compliance Element: Digital Signature
Details: Captured electronically before each service and timestamped for audit records.

💶 Use Case: PCS Claim Trail

Compliance Element: Claim ID, Fee Code, Status
Details: Automatically generated and exportable via CSV — filterable by service, period, or pharmacist.

🚨 Use Case: Adverse Events

Compliance Element: Reporting Tag
Details: Staff can flag and document any adverse reactions, meeting PSI and HSE obligations.

📤 Use Case: Audit Readiness

Compliance Element: Real-Time Export
Details: One-click export of all activity logs and claims in an HSE-friendly format.

🧾 Use Case: Walk-In Logbooks

Compliance Element: Paperless Module
Details: A digital log of all walk-in patients, including those without prior booking, complete with timestamp.

✅ Use Case: Service Eligibility Checks

Compliance Element: Age, Gender, GP Verification
Details: Built-in logic checks patient eligibility for PCS services before submission.

​

Technical Infrastructure & Security

​

🏢 Use Case: Hosting

Feature: Secure EU Data Centers
Details: All data is hosted within GDPR-aligned, ISO-certified data environments.

🔐 Use Case: Encryption

Feature: TLS 1.3 + AES-256
Details: All data is encrypted in transit and at rest using the latest standards.

🗃️ Use Case: Backups

Feature: Redundant Daily Backups
Details: Daily secure backups are retained for 30 days to ensure disaster recovery capability.

🔍 Use Case: Pen Testing

Feature: Quarterly Penetration Testing
Details: Regular independent security assessments are conducted to identify vulnerabilities.

🛡️ Use Case: Vulnerability Management

Feature: CVE Patch Policy
Details: Zero-day vulnerabilities are patched within 24 hours of discovery.

🔐 Use Case: API Security

Feature: OAuth 2.0 + Scope Limiting
Details: All APIs are protected by industry-standard authorization protocols with role-based access tokens.

🔁 Use Case: Disaster Recovery

Feature: <1h RTO, <24h RPO
Details: Platform recovery time objective (RTO) is less than 1 hour, and data recovery point objective (RPO) is less than 24 hours.

📱 Use Case: Device Access

Feature: No Local Storage
Details: The app is fully web-based. No patient data is downloaded or stored on user devices.

​

User Compliance & Training

​

🎓 Use Case: Staff Training

Description: All users complete onboarding and receive periodic training on PCS procedures, Healthmail usage, and GDPR responsibilities.

📝 Use Case: Usage Agreements

Description: Each staff member must sign a T&Cs agreement, Acceptable Use Policy, and platform code of conduct.

🛠️ Use Case: Change Logs

Description: Platform updates are tracked with a public changelog so pharmacies can review what’s changed at any time.

📞 Use Case: Support Logging

Description: All pharmacy support queries are logged with full traceability for regulatory or follow-up use.

​

Consent, Opt-In & Communications

​

🧾 Use Case: Patient Prescription Consent

Method: SMS + Digital Consent Form
Compliance: Patients must actively consent before uploading or routing prescriptions via PharmaFAST. This ensures full GDPR and HSE alignment with informed patient participation.

📧 Use Case: Marketing Emails

Method: Double Opt-In
Compliance: Both patients and pharmacies must explicitly opt in to receive marketing or platform update emails. All communications include an easy unsubscribe option, as required under GDPR and ePrivacy laws.

💬 Use Case: GP & Pharmacy Messaging

Method: Healthmail Routing Only
Compliance: All sensitive or clinical data is transmitted only via Healthmail — a secure, encrypted channel approved by the HSE. No sensitive data is ever stored in the app or sent through unencrypted systems.