NHS denies privacy risk over smartcard sharing

NHS Connecting for Health has admitted that smartcards were shared between staff at a Warwickshire hospital, but denied that this compromised the confidentiality of patient data.

Last week reports emerged that smartcards — used by clinical staff to access patient records on the overhauled NHS IT network — were being shared between A&E clinicians at South Warwickshire General Hospitals NHS Trust. This activity, which had been sanctioned by the Trust board, was caused by clinicians trying to avoid lengthy log-in times.

Paul Cundy, a spokesman for the British Medical Association's GP IT subcommittee, told Computer Weekly at the time that this approval "[drove] a coach and horses through the so-called privacy in the new systems".

On Thursday, Connecting for Health (CfH) — the NHS department administering the IT overhaul (the National Programme for IT, or NPfIT) — issued a statement claiming that there was "no question of the confidentiality of patient data having been compromised" at the Trust, as the staff authorised by the board to share smartcards "were all clinical staff, bound by their professional codes of confidentiality, operating in a secure non-public part of the hospital".

"The Trust is aware of the need to revert to the normal policy framework for the use of smartcards and, as these early issues relating to the speed of the application are resolved, it is hoped this will happen in the near future," the statement added.

Previous statements from CfH had suggested that the sharing of smartcards would be treated as misconduct, requiring disciplinary procedures. However, Thursday's statement conceded that "responsibility for the security of patient information ultimately lies with individual Trusts, hospitals and NHS organisations".