This site is intended for health professionals only


GPs ‘mistakenly given online access to pensions data belonging to colleagues’


pensions data


Exclusive Some GPs found they were mistakenly given access to other people’s ‘sensitive’ pensions information after logging into their own account on PCSE’s new online portal, Pulse has learned.

GP Survival chair Dr John Hughes told Pulse that the organisation heard from ‘three or four’ GPs last week who were stunned to find they could access the pensions information of colleagues after signing into their own PCSE pensions accounts.

When the GPs look at their accounts, the system ‘would bring up a list of lots of other people, plus their pension numbers’, which together with their names, ‘could be used to then go and access someone else’s complete pension payment details’, he said.

This is the latest issue with the new pay and pensions portal, after it emerged earlier in the week that around 1,000 GP practices have not received their QOF payments this month, alongside a host of other problems.

Dr Hughes said: ‘This is a very serious breach of confidentiality. I would say it further damages trust in the system, but I don’t think anybody has any trust in PCSE and the system at all at the moment.’

PCSE said the pay portal is designed to allow GP principals to see the pensions data of other GPs within their practice.

It also said that it could not find any record of complaints from GPs about the issue. 

However, Hampshire GP and information governance lead Dr Neil Bhatia told Pulse that his colleague – a salaried GP – reported to him that her account was allowing her access to the pensions data of other practice staff. He also said that he himself then reported the issue to PCSE.

He said: ‘One of my GPs noticed this. She logged in and was immediately able to access, had she chosen to, the records of every other GP in the surgery. There were screens and screens of GPs. This is very sensitive information – people’s earnings – all sorts of information. 

‘I rang PCSE and reported it. They said it’s just a one off – that she has just been given the wrong type of access. But I think this has happened elsewhere.’

He said PCSE would need to report this as a data breach to the Information Commissioner’s Office (ICO), if it hasn’t already. 

He added: ‘The good thing is, the people who have been given unauthorised access are not the type of people who are deliberately going to click on a person’s record and look at it.’

PCSE launched a new online GP Pensions and Payments service on 1 June, which lets GPs manage their pensions accounts digitally, including viewing statements and submitting information such as end-of-year certificates and self-assessment forms.

A BMA spokesperson said: ‘It’s vital that the new system is fully secure and compliant with data protection legislation, and that only relevant staff with appropriate permissions are able to access employees’ pension details when necessary. 

‘We would welcome assurances from PCSE and NHSEI that this is the case, but if there are instances where it is not we would urge any GPs or practices to contact the BMA with details.’

Pulse has approached PCSE for comment.

Earlier this month, PCSE had to reassure GPs who were left confused after the new online pensions portal allocated everyone roles as partner, salaried and locum GPs ahead of launch.

The GP pay and pensions system had been due to launch in October, but was delayed due to issues with its performance

READERS' COMMENTS [6]

Turn out The Lights 24 June, 2021 10:24 am

Isnt this a data breach,hope its been reported.

Lucy Marchand 24 June, 2021 11:02 am

Given that I’ve never even been able to access my OWN pension data without ringing them and have no online access as their system permanently refuses to acknowledge my existence, I find this quite impressive!!

Not on your nelly 24 June, 2021 12:46 pm

Seriously how incompetent do Crapita need to get before they’re stripped of their contract? If I ran my practice this badly I’d have lost my GMS contract long ago.

Dylan Summers 24 June, 2021 2:35 pm

@Lucy Marhand

Ha ha ha. That’s my experience too.

We need to find out who these GPs are who have access and ask them to tell us our data.

David Church 24 June, 2021 9:47 pm

Yes, please, whoever it was, could you lool up my accoutn please, as , although I can access ESR (sometimes – I am 31% non compliant with mandatory training for efficiency) whenever I try to get a TRS statement the website always (still) pops up that no data is available and I cannot have one.
🙁

Dave Haddock 30 June, 2021 8:16 am

Cannot access my own information, perhaps I should ask a colleague?
Crapita are and akways have been unfit for purpose but are still making £millions.