NHS: 'No risk over smartcard sharing'

NHS Connecting for Health (CfH) has admitted smartcards were shared between staff at a Warwickshire hospital but denied that this compromised the confidentiality of patient data.

Reports emerged recently that smartcards - used by clinical staff to access patient records on the overhauled NHS IT network - were being shared between A&E clinicians at South Warwickshire General Hospitals NHS Trust. This activity, which had been sanctioned by the Trust board, was caused by clinicians trying to avoid lengthy login times.

A spokesman for the British Medical Association's GP IT subcommittee, told Computer Weekly at the time that this approval "[drove] a coach and horses through the so-called privacy in the new systems".

Late last week, CfH - the NHS department administering the IT overhaul (the National Programme for IT, or NPfIT) - issued a statement claiming there was "no question of the confidentiality of patient data having been compromised" at the Trust, as the staff authorised by the board to share smartcards "were all clinical staff, bound by their professional codes of confidentiality, operating in a secure non-public part of the hospital".

The statement added: "The Trust is aware of the need to revert to the normal policy framework for the use of smartcards and, as these early issues relating to the speed of the application are resolved, it is hoped this will happen in the near future."

Previous statements from CfH had suggested the sharing of smartcards would be treated as misconduct, requiring disciplinary procedures. However, according to this latest statement, "responsibility for the security of patient information ultimately lies with individual Trusts, hospitals and NHS organisations".

David Meyer writes for ZDNet UK