< links for 2007-02-07 Write to your MEP: JURI to vote on IPRED2 at the end of this month >

South Warwickshire clinicians sharing smart cards

Posted by Becky in NHS, Privacy at February 7th, 2007

Last week, news emerged that the board of South Warwickshire General Hospitals NHS Trust is allowing clinicians in their Accident and Emergency department to share smart cards. Apparently, at an average of between 60 and 90 seconds, login times were compromising efficiency in this very busy hospital department.

Although Connecting for Health had previously advised that sharing of smartcards is considered misconduct and could result in disciplinary action (see this July 2006 .doc briefing note), in a statement issued on 1 February they appeared to back off from this advice, suggesting that “responsibility for the security of patient information ultimately lies with individual Trusts, hospitals and NHS organisations.”

And although the BMA’s GP IT subcommittee spokesman, Paul Cundy told Computer Weekly magazine the actions of the trust “drive a coach and horses through the so-called privacy in the new systems”, CfH stated there was “no question of the confidentiality of patient data having been compromised by South Warwickshire General Hospitals NHS Trust.”

Even when you’re not in a life or death situation, over a minute is a long time to wait to log in. CfH is now working with its suppliers to reduce log in time to something that works in practice as well as in theory.

In the meantime, this story raises one vital question: where in the NHS does ultimate responsibility for patient privacy lie?

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “South Warwickshire clinicians sharing smart cards”

  1. Simon Gibbs Says:
    February 9th, 2007 at 3:08 pm

    I took responsibility myself, and opted out of the upload.

    However, I must simply trust the system to respect this preference and, frankly, I don’t. Therefore, I must conclude that I am, at this moment, probably being data raped by untracable multi-faced bureaucrats.

  2. David Jenkinson Says:
    February 12th, 2007 at 11:14 am

    I work in the IT department of my local hospital, we are currently looking at the national smartcard and integrating it with our own PKI unfrastructure. I came across a product that allows ‘hot-swapping’ of clinicians with next to no time delay called ‘Imprivata one-sign’ This allows clinicians to use the smart card to hot swap profiles and also single-sign them into all their applications saving masses of time and effort.
    Take a look at http://www.imprivata.com although this does not stop users sharing cards and pin numbers it does cut the time considerably which negates the need for them to share!

Leave a Reply

Contributors to the Open Rights Group wiki and blog should note their input forms part of a collaborative resource that is Creative Commons (by-sa 2.5) licensed. We hope these resources will be reused and remixed in the public interest. You do not need to seek permission before you re-use our works, although we do require that users attribute Open Rights Group as their source, and license the resulting work under the same terms.

< links for 2007-02-07 Write to your MEP: JURI to vote on IPRED2 at the end of this month >