Home delivery of medicines: between patient needs and legal requirements
In recent years, the healthcare model has rapidly evolved, giving rise to new forms of service delivery, including remote medical and pharmaceutical care. One modality that has gained particular interest is the home delivery of prescription medications. While this option is attractive and convenient, it raises important legal considerations that must be taken into account by both professionals and users of the healthcare system.
Regulations on Home Pharmaceutical Care
The dispensing of medications is a healthcare act that, according to Article 86 of Royal Legislative Decree 1/2015, is reserved exclusively for licensed and accredited pharmacists. Their role goes beyond simply handing over the medication they are responsible for advising and supervising its proper use. This distinction is crucial, as it separates the mere delivery of medicines (a logistical task) from professional pharmaceutical dispensing, which requires active involvement by a qualified healthcare provider.
Traditionally, this activity is carried out in person at pharmacies. However, Royal Decree-Law 5/2023 introduced a significant development by allowing, under certain conditions, Spain’s regional governments (Autonomous Communities) to authorize non-presential dispensing that is, delivering medications directly to a patient’s home. These conditions are strictly limited to situations of clinical vulnerability, dependency, public health risks, or geographic distance from dispensing centers.
Therefore, home dispensing is not a freely available distribution model, but rather a highly regulated exception. Any business model based on the general delivery of prescription medicines to homes must comply with these specific legal conditions.
What Legal Aspects Must Be Considered?
A key legal requirement for operating within the online prescription and dispensing space is the use of the Spanish Private Electronic Prescription System (SREP), regulated under Royal Decree 1718/2010. This system allows doctors registered in Spain to issue prescriptions electronically, ensuring traceability and legal safety throughout the process.
Any platform that enables online medical prescriptions must be certified by the General Council of Official Medical Associations (CGCOM) and integrated with the Nodofarma platform. This process involves technical audits, integration tests, and formal certification to ensure regulatory compliance.
Furthermore, electronic prescriptions must include mandatory data from both the patient and the prescriber such as identification, dosage, route of administration, and the doctor’s electronic signature. This information is not only essential for the safe use of the medicine but is also a legal requirement for the validity of the prescription.
As a result, any party wishing to participate in the prescription and dispensing chain must ensure that these legal and technical conditions are met. Omitting the role of the pharmacist by reducing it to a mere logistics function, for example may constitute a legal breach and compromise patient safety.
Protection of Patient Data
Healthcare services, whether in person or digital, inherently involve the processing of sensitive personal data, particularly health-related data. In this regard, the General Data Protection Regulation (GDPR) and Spain’s Organic Law 3/2018 set out clear obligations for data controllers.
Any entity operating an online medical consultation, prescription, or medicine delivery platform must obtain the patient’s express consent through clear clauses, typically included in the Terms and Conditions accepted during the registration process. This consent must be informed, specific, and verifiable.
In addition, platforms must uphold the data subject’s rights (access, rectification, erasure, objection, restriction, and portability) and offer effective channels for handling inquiries or complaints related to data protection. Negligence in this area may result in significant fines and a loss of patient trust.
Digital data processing also requires adequate technical safeguards, such as data encryption, access controls, and secure storage of clinical information. In the case of electronic prescriptions, the system must ensure the authenticity of the issuer, the integrity of the prescription, and the confidentiality of the transmission until final delivery whether at a pharmacy or, when legally authorized, at the patient’s home.
Claudia Somovilla Ruiz es abogada especialista en derecho digital, propiedad intelectual y protección de datos.
Graduada en Derecho por la Universidad de Deusto, continúa su formación con un máster en derecho digital y nuevas tecnologías en UNIR. Asesora en comercio electrónico, marketing digital y privacidad, aplicando un enfoque proactivo y orientado a ofrecer garantías legales sólidas a sus clientes.
More from my site
Global strategy on minors, digital health and privacy of the AEPD
Features and objectives of the European Health Data Space
Health surveillance and GDPR: what can my employer know about my health status?
Sanction of 10,000 euros to Gymoogymnasios by the AEPD for forcing its clients to transfer their health data
AEPD and COP sign a protocol to encourage measures to promote mental health on the Internet
Alcohol Advertising on Social Media: What You Can (and Cannot) Legally Do