Digital Privacy

South Warwickshire clinicians sharing smart cards

Last week, news emerged that the board of South Warwickshire General Hospitals NHS Trust is allowing clinicians in their Accident and Emergency department to share smart cards. Apparently, at an average of between 60 and 90 seconds, login times were compromising efficiency in this very busy hospital department.

Although Connecting for Health had previously advised that sharing of smartcards is considered misconduct and could result in disciplinary action (see this July 2006 .doc briefing note), in a statement issued on 1 February they appeared to back off from this advice, suggesting that “responsibility for the security of patient information ultimately lies with individual Trusts, hospitals and NHS organisations.”

And although the BMA’s GP IT subcommittee spokesman, Paul Cundy told Computer Weekly magazine the actions of the trust “drive a coach and horses through the so-called privacy in the new systems”, CfH stated there was “no question of the confidentiality of patient data having been compromised by South Warwickshire General Hospitals NHS Trust.”

Even when you’re not in a life or death situation, over a minute is a long time to wait to log in. CfH is now working with its suppliers to reduce log in time to something that works in practice as well as in theory.

In the meantime, this story raises one vital question: where in the NHS does ultimate responsibility for patient privacy lie?