Smartcard loophole fears
Administrative staff in a Midlands PCT are logging on to Choose and Book using GP practice access rights, in a loophole that practices have warned could have implications for the NHS Care Records Service.Five employees of Warwickshire PCT have a smartcard enabling them to access the referral system, which is registered in the name of a local GP practice. Staff accessing the system are able to view patient information, including why a GP has referred a patient, writes Steve Nowottny.Dr Paul Cundy, chair of the GPC IT subcommittee, warned PCTs could use a similar workaround when Summary Care Records are rolled out across England next year.'It makes a nonsense of the so-called access controls and audit trail,' he said. 'Choose and Book is a system that is supposed to be secure and free of interference, but it's being worked around in a variety of places and I dare say the same thing will happen to the Summary Care Record.'Dr Paul Thornton, a GP in Kingsbury in Warwickshire, said PCT staff using GP practice access rights would lead to a loss of accountability.'There will be a record of it, but the record will have it that they are employees of the practice,' he said. 'Smartcards are only as secure as the systems that allow for them to be issued.'A spokesperson for NHS Warwickshire said the PCT staff had been given GP practice access rights with the support of local GPs: 'It is important to allow the trust to provide information on referral patterns to practices.'A Connecting for Health spokesperson said the matter was 'an information governance and business process matter for the PCT' and was 'not a system security issue'.