GPs' fears over new IT security loophole
By Steve Nowottny
A senior GP has exposed a security loophole in an NHS database containing the addresses and personal details of millions of patients.
NHS bosses have admitted they have no idea how many inappropriate or unauthorised accesses there could have been to the Personal Demographics Service, a national electronic database which contains demographic information such as the name, address, date of birth, NHS number and contact information on almost every patient in the country.
Dr Paul Golik, secretary of North Staffordshire LMC and a GP in Norton-in-the-Moors, Stoke on Trent, raised concerns after a patient asked about NHS IT security, and Dr Golik discovered it was possible to access his own demographic record even though he was registered at another practice.
Dr Golik subsequently accessed the personal details of a number of other patients registered elsewhere, including, with their consent, staff at his practice – all without being detected.
And while no clinical information is contained in the Personal Demographics Service, Dr Golik said he was ‘appalled' that such information was at the fingertips of tens of thousands of NHS staff with smartcard access.
‘It's basically open – we might as well put our names and addresses on Google,' he said. ‘If I know what your name is and roughly how old you are, within about ten seconds I can find your exact date of birth, your full name, your address, potentially your telephone number and your NHS number.'
‘It could be used for criminal purposes – you may have an estranged wife or estranged husband whose other half could track them down. I don't think anybody is widely aware of this.'
A spokesperson for NHS Stoke-on-Trent said was unable to say how many inappropriate accesses had taken place, but said the PCT was looking into Dr Golik's concerns and insisted ‘audit processes are in place at a national level'.
A Department of Health spokesperson said that figures on the number of inappropriate accesses were ‘not held centrally'.
The NHS Connecting for Health website advises that records are kept of updates to the PDS, tracing, retrievals and confirmation of an NHS number, and allocations of an NHS number.
It adds: ‘In the future, PDS will generate alerts to privacy officers in specific circumstances where actions have been taken by NHS healthcare professionals which may constitute a breach of confidentiality.'
Dr Neil Bhatia, a GP in Yateley in Hampshire, said he shared concerns about ‘massive flaws' in the system's security.
‘Accessing my own PDS record, my wife's with her permission, and my childrens' never seems to generate an alert,' he said.A new security loophole?
-The Personal Demographics Service is a national electronic database accessible by NHS smartcard holders holding demographic information for millions of patients including names, address, dates of birth, NHS numbers and contact information, but no clinical information
- Unlike the Summary Care Record, the PDS has no automatic security alert system for detecting potentially unauthorised accesses – and NHS IT chiefs apparently have no idea how many unauthorised accesses there could have been
- Connecting for Health plans to upgrade the system to generate alerts to privacy officers highlighting potentially unauthorised accesses – but the timescales for this are unclearGPs have raised concern about the security of the Personal Demographics Service GPs have raised concern about the security of the Personal Demographics Service