NHS security dilemma as smartcards shared

Trust goes against guidelines in high-pressure A&E department

An NHS trust board has approved the sharing of smartcards, in breach of security policy under the £12.4bn NHS National Programme for IT (NPfIT), because slow log-in times would restrict the time of doctors treating emergency patients.

South Warwickshire General Hospitals NHS Trust has allowed some staff to share smartcards used to access patient records, after concluding that log-in times for systems were too long for high-activity areas such as Accident and Emergency.

The move raises the question of whether the Care Records Service system installed under the NPfIT has been supplied with busy hospital departments in mind, and just how stringent security can be in highly pressured environments.

Connecting for Health, which runs the NPfIT, has stated in policy papers that smartcard sharing by NHS staff is "misconduct" that may result in disciplinary action.

Paul Cundy, spokesman for the British Medical Association's GP IT subcommittee, said the actions of the trust "drive a coach and horses through the so-called privacy in the new systems".

He said, "This is precisely what we have long predicted and shows that security systems, although highly specified on paper, need to be tested against live environments before they can be said to be secure."

But Duncan Robinson, director of IT at the trust, said it had decided specifically in Accident and Emergency to slightly depart from what he called security "guidelines" to allow the sharing of smartcards on certain PCs.

He said the trust was concerned that logging on could take up to 90 seconds. Without smartcard sharing, if doctors using a secure PC are called away when accessing a file, they may have to log off and on again when they return to it.

Sharing the shift leader's smartcard, more than a dozen clinicians can access files on PCs without logging on and off each time.

The trust said the risks had been assessed and data access and throughput is monitored closely. "The monitoring process revealed no breaches of security," said Robinson. PCs logged into the new systems may be left unattended, but they are in a secure area not readily accessible by the public.

Robinson added that Connecting for Health was working with its suppliers to "considerably reduce log-on time". When this happens to the satisfaction of the trust, its sharing policy will be reviewed.

A spokesman for Connecting for Health said smartcard sharing policy and guidance was unambiguous - it is misconduct and should be dealt with via disciplinary procedures or professional bodies.

He added that access controls exist for good reasons, but "at the end of the day, it is a matter for local NHS organisations".



Related article: Academics air 'concerns' over NPfIT

Read more on IT risk management