By Tim Ferguson, 6 February 2008 17:40
NEWS
More than 4,000 NHS smartcards used to access a range of electronic systems and applications have gone missing since they were introduced two and a half years ago.
A Freedom of Information request by GP magazine Pulse found a total of 4,147 smartcards have been lost - 142 of which have been stolen.
silicon.com Public Sector
Get the latest public sector news straight to your inbox. Sign up for the PS newsletter today!
Of the 221 NHS bodies that replied to the FoI request, one in ten said they had no idea how many cards had been lost or stolen.
A Connecting for Health spokeswoman told silicon.com that as soon as lost cards are reported they are disabled. She added that active cards require a unique six-digit PIN number known only by their owner.
In a statement, Connecting for Health said there is "no evidence that any security breaches have ever arisen from lost or stolen cards".
The spokeswoman added there are no plans to change the system as a result of the findings.
The smartcards have been issued to 438,314 NHS staff since their introduction in mid-2005 with around 1.2 million staff expected to eventually carry one.
Systems the smartcards are used to access include the Choose and Book system and Electronic Prescriptions Service.
Comments
There are 2 comments. Join the discussion
1. Chris Goodman
Conservatively assuming the cost of a secure access card is £10 then the NHS employees have lost an awful lot of public money.
Perhaps NHS employees who require to be issued with a card should be required to make a £25 security deposit for their card, forfeited on loss. Accidental loss is invariably due to carelessness and loss by theft must also be put down to lack of personal security. So make the losers pay!! - not the public purse.
2. Jeremy Wickins
OK, my maths have been known to be a bit dodgy in the past, but I reckon 4147 out of 438,314 to be roughly 1 per cent. I know that that might seem an acceptable rate in some areas, but not this one. Loss of one of these cards should be a disciplinary offence for the numpty that does not have respect for other people's data. I bet they don't lose their own purses, credit cards, car keys, etc, etc.
"Of the 221 NHS bodies that replied to the FoI request, one in ten said they had no idea how many cards had been lost or stolen." How much more incompetent can they be? Imprisonment is too good for them. Records of the number of lost cards should be publicly available, and reported annually, especially for Foundation Trusts.
"She added that active cards require a unique six-digit PIN number known only by their owner." And the PIN was writtten on the card, or kept with it, in *how* many cases?? They don't know, because they have no way of auditing. How many cards have been lost but not reported, because one card (with the PIN being 123456) is kept in a drawer for everyone to use? This is one area where biometrics should be used, not PINs.
"In a statement, Connecting for Health said there is "no evidence that any security breaches have ever arisen from lost or stolen cards"." That's alright then - no evidence of something that hasn't even been looked for, from the level of other complacent bo***cks being spouted here. Given that tis scheme controls access to Electronic Prescriptions, one would expect the people with the illicit cards to be VERY careful about not rousing suspicions.