NHS staff regularly breach security rules, says survey

One in six GPs told Pulse magazine they were aware of staff sharing smartcards, which were issued as part of the Government's multi-billion pound upgrade of the NHS computer system.

The cards allow staff to access confidential details contained on patients' medical records.

It has been suggested that staff share cards to avoid going through the process of logging on or because they wish to access data at multiple computer terminals.

Breaching the rules on security is a disciplinary offence.

One in 20 GPs questioned by Pulse admitted they had shared their own smartcard.

More than 300 GPs in total responded to the survey.

One GP in Coventry told the magazine: "Our receptionists always share cards and PC log-ons as it takes a few minutes to close the medical software, put in another smartcard and then restart the software.

"Would you like to wait that long to get your appointment or order your repeat prescription?"

Another GP in Nottingham said he had been forced to borrow a manager's card when his was "out of date" or when he had left it at home.

And another GP from Yorkshire said sharing smartcards was "a real issue for office and reception staff".

"It is often impractical to continually log in and out of different machines as staff move around the office. They would have to log in and out of machines many times an hour," he said.

Richard Hoey, deputy editor of Pulse, said: "Smartcards are supposed to set a staff member's individual level of access to patient records and also provide a personal audit trail, so if any information is inappropriately accessed you can find out who was responsible.

"But the system is so cumbersome and time-consuming that our survey suggests NHS staff are often forced to ignore it, which of course badly undermines the security of patient records.

"It seems incredible that a system was devised without properly taking into account the pressurised environment in which NHS staff work."

A spokesman for Connecting for Health, which oversees the National Programme for IT, said: "Healthcare staff should not share smartcards and if smartcards are used improperly, disciplinary procedures should follow.

"Smartcards are issued only after stringent identity checks.

"Patient confidentiality is a top priority of the National Programme for IT in the NHS.

"The NHS care record guarantee confirms the NHS's undertaking to use patients' records in ways that protect their rights and promote patient health and wellbeing.

"Access to specific clinical information is controlled by the smartcard and this has to be both respected and protected."