Password-sharing hinders probe into serious blunder

The sharing of passwords on a hospital x-ray system at a hospital in Devon has made it difficult to identify which doctor wrongly verified the treatment of a patient who died after a blunder.

The case sheds light on the collison between culture of the NHS – where the sharing of passwords is said to be common practice – and the high security needed when NHS staff and doctors access large databases of confidential patient information under the £12.7bn National Programme for IT [NPfIT].

Password-sharing in the NHS – which has been highlighted in case studies published in Computer Weekly – is said to be endemic partly because space for computer screens in wards is limited, as is time for clinicians to log in and out.

Officials at NHS Connecting for Health who help run the NPfIT have said that national systems are more secure than paper records, in part because audit trials show who has viewed what patient records.

But in the latest instance of password-sharing the audit trials caused some confusion because several clinicians were sharing the same passwords. The result is that investigators at Derriford Hospital in Plymouth in Devon have been unable to identify a doctor who was involved in the care of Muriel Elliott.

She had a feeding tube wrongly inserted into her lung instead of her stomach and died 13 days later, in September last year. Mrs Elliott was in her late 70s. She was in hospital after suffering a stroke following heart by-pass surgery.

A hospital investigation, the results of which have been shared with the local coroner, could not establish which doctor had viewed an electronic x-ray image and had told nursing staff that the nasal gastric tube was in the correct position before Mrs Elliott was transferred to the Acute Stroke Unit.

A report prepared by Derriford Hospital’s legal department in relation to the case was leaked to BBC’s regional news programme “Spotlight” and the Herald newspaper. They said that the doctor who checked the position of the tube had not made a record of it in the patient’s notes. And the doctor whose password was used to view the stored x-ray image was not working at the hospital at the time.

Two other doctors who were on duty when Mrs Elliott’s x-ray was verified knew the password but denied they approved the tube’s positioning.

Mrs Elliott had an x-ray at 30 minutes after midnight and a nurse on the stroke unit asked a Senior House Officer to check the position of the feeding tube on the x-ray image. The log identified a doctor who had viewed the image at 0328 – but it appears that doctor gave his password to a Senior House Officer, a female doctor.

However the stroke unit nurse said the x-ray was checked by a man. At 0730 the nurse began feeding Mrs Elliott through the tube.

The report by the hospital’s legal department said: “Despite a thorough investigation involving several members of staff, it has not been possible to identity the doctor who verified the position of the NGT [nasal gastric tube].”

The hospital uses a picture archiving and communication system [PACS] and “CRIS” Radiology Information System which were installed in 2006 under the NPfIT. The PACS system is linked by the N3 broadband network to a remote data store, with access to images through workstations and web-based PCs.

The local police “Major Crime Investigation Team” has been called in. Police officers have met Paul Roberts, the chief executive of the Plymouth Hospitals NHS Trust, who assured them of support and co-operation. Trust staff have put together a small team of senior staff to support the inquiry.

Brian Gerrish, Mrs Elliott’s son-in-law, told the BBC:

“This is absolutely incredible… Derriford does not know who the doctor was that made a clinical decision that resulted in a death and it’s possible it could have been somebody who just walked in off the street, because they have no idea.”

A statement issued by Plymouth Hospitals NHS Trust said: “The Trust has stringent policies and guidelines concerning patient confidentiality and the use of its IT systems. We expect all staff to work according to these policies and any breach of security is investigated and appropriate disciplinary action taken whenever necessary.”

It added: “This case has been subject to a full investigation within the Trust and the results and recommendations of that investigation have been shared with the coroner. The case has recently been referred to Devon and Cornwall police and enquiries are at an early stage. At this time it is not appropriate for the Trust to comment further.”

NHS Connecting for Health said: “Individual users sets their own passcode which may not be shared with anyone else. Password sharing represents a misuse of a system and the Department of Health published a joint statement along with the GMC and the Information Commissioner, which made it clear that from policy, professional and legal perspectives there is zero tolerance on such behaviour.”


Staff at Derriford Hospital learned some useful lessons from the go-live in 2006 of picture archiving and communication system [PACS] and radiology information systems [RIS]

This is part of a presentation given in 2006 on the “difficult implementation of PACS” at Derriford Hospital by a clinical radiologist:

Some of what went well

  • Project roll out to schedule despite tight time scale
  • Project delivered within budget
  • Phased roll out maintaining imaging capacity
  • Dedicated implementation team
  • Support from, networks, estates, and hospital IT
  • Equipment scoping close to requirements
  • WebPACS is well liked and trouble free
  • Migration of data from old RAD/Agfa system – but at a cost

Some of what went badly

  • Suppliers unprepared for a hospital of this size and complexity
  • Inadequate system training from supplier
  • No integrated training on the whole system prior to implementation led to many problems particularly related to workflows and generation of unspecified and split examinations
  • Training given was much too long before go live date
  • Inadequate system support from supplier after implementation – little activity until trust staff shouted
  • No provision for support in contract
  • Fujitsu Help desk time-consuming and frustrating
  • Slow speed of system [Log in times averaged 10 minutes and community log in times of 45 minutes]
  • Size of Radiology IT team too small [Overwhelmed by technical problems and requests for training/support following implementation]
  • Roll out of radiology information system more time consuming than expected
  • Level of support from clinicians outside radiology variable during the difficult early days following roll out, expectations perhaps unrealistic
  • More contribution needed from users inside and outside radiology
  • Workflows inadequately thought through
  • Lack of sharing of problems and solutions with other hospitals
  • Problems with image sharing with other hospitals

Some of the complications

  • Real clinical risk
  • Serious impact on reporting throughput
  • Workstations incorrectly setup not automatically displaying Doppler ultrasound images


NHS Trust uncovers password-sharing risk to patient data

Smartcard sharing by an NHS trust – a breach of IT security or a practical way around slow access to the NHS Care Records Service?

Smartcard sharing at South Warwickshire Hospitals NHS Trust – comment by Martyn Thomas

North Bristol NHS Trust – policy of passwords

NPfIT – getting a bit complex?