The two most senior GP representatives in England have written to Connecting for Health to demand reassurances on patient confidentiality after it emerged that non-clinical staff can access and change patient details held on the personal demographics service.

Dr Hamish Meldrum, chairman of the British Medical Association’s General Practitioner Committee and Dr Mayur Lakhani, chairman of the Royal College of General practitioners, sent a letter to Connecting for Health (CfH) IT director general Richard Granger at the weekend.

The content of the letter has not been released but EHI Primary Care understands that it outlines two “extremely serious problems” with the current access arrangements to the personal demographics service (PDS) which links to Choose and Book.

The letter says investigations by GPs have found that patient details, including name, address, date of birth, Choose and Book password and consent flags, are accessible to non-clinical practice staff with a smartcard and that, in addition, staff with access to the PDS can change any of those details on the system including the consent flag.

EHI Primary Care understands that the letter adds that the two organisations will not support the upload of information to the NHS Care Records Service (NCRS) until information about the consent models is clear.

A joint statement issued to EHI Primary Care by the two bodies says: “We have become aware of problems with security controls on the patient demographic system (PDS) of the Choose and Book Web based application. We are extremely concerned about this development.

"On behalf of GPs, and in the best interests of patients, we have notified Connecting for Health (CfH) at the highest levels to take urgent action to investigate and rectify the problem. It is of paramount importance that access controls work as they are intended and that both patients and doctors have confidence in the system. We will be monitoring the situation closely and have sought specific reassurances so that GPs can be supported in using CfH applications and patient care safeguarded.”

A spokesperson for NHS Connecting for Health told EHI Primary Care that only staff with the right role allocated to them can access the PDS using a smartcard and unique passcode like the chip and pin system.

He added: “Access to basic patient demographic data eg. name, address, date of birth and NHS number for health professionals is crucial to ensure they are able to identify the patient correctly so they can access and record information on the patient they are treating. Additional access rights are required to see clinical information – a clinician will have to be treating the patient.

"In addition, as part of their terms and conditions of employment, all NHS staff work within a code of conduct which governs the use of patient information. Everyone working for, or on behalf of, the NHS is responsible for the information they access, and has a legal duty to respect patient confidentiality and to keep information about patients secure."

The spokesperson added that once the NHS CRS is fully up and running, rigorous safeguards will be put in place to protect patient confidentiality and anyone wanting to look at a record that identifies a patient will have to have a smartcard and passcode and a legitimate relationship – that is, be involved in the care of the patient.

He said that in addition there will be role-based access, audit trails, alerts if anyone without authority tries to look at clinical information and security against hackers, viruses and system crashes.