The GPs who raised concerns about the security of the personal demographic service(PDS) say they have been satisfied that clinical information is secure although they remain concerned about the potential to view basic demographic data.

Senior members of the national Choose and Book team met with a Nottinghamshire GP and two representatives from the local medical committee (LMC) after Nottinghamshire GPs discovered last month  that it was possible to view demographic data belonging to a patient registered in Nottinghamshire from a practice 200 miles away.

Chris Locke, chief executive of Nottinghamshire LMC, said it was clear from the meeting that clinical details could not be accessed via the PDS, except by the referring practice or the practice the patient is registered with.

However he told EHI Primary Care: “There was an acknowledgement that it is possible to access basic demographic details so that you might be able to find someone’s address from any part of the country if you have a smartcard and the necessary password access.”

EHI Primary Care understands that it is not possible to trawl through a list of matching surnames to find someone’s address details but if someone has an unusual surname so that only one match is made it would be possible to view their details via the PDS.

Concerns voiced following the revelations about the PDS last month were that clinical information might be insecure, now ruled out, and that patients with valid reasons for withholding their demographic data had not been given the opportunity to do so before the PDS went live.

Locke added: “Audit trails would be able to pick up where somebody had accessed something inappropriately but that could be too late.”

NHS Connecting for Health acknowledged in its statement on the Nottinghamshire meeting that remaining concerns included “the time lag in applying blocks on access to demographic information.”

It also emerged from the Nottinghamshire investigation that it was possible for anyone to change the consent flag on the PDS, designed to indicate whether patients were happy to share their clinical information when the NHS Care Records Service goes live.

Following the revelations the chairman of the BMA’s General Practitioner Committee and the chairman of the Royal College of General Practitioners wrote a joint letter to Richard Granger, NHS IT director general, to demand reassurances on patient confidentiality.

A statement issued by NHS Connecting for Health after the Nottinghamshire meeting says the GP was reassured about the level of access to an individual’s data, and that referral episodes could only be viewed by their own practice staff, that the audit trail of access to any element of data appeared to be robust and clear and that there were proposals to review access to the consent flag.

The statement adds: “ Remaining concerns the GP had following the meeting related to the time lag in applying blocks on access to demographic information held on the Personal Data Service (PDS); the need to inform practice staff how to handle patients’ requests for audits into their data and the need for a public information campaign. These items were already being progressed by NHS Connecting for Health as part of our routine business.

“NHS Connecting for Health approaches patient safety and system security and the protection of confidential patient information with the utmost priority. Choose and Book is clinically safe and fit for purpose and NHS Connecting for Health works with clinicians and the appropriate professional bodies to ensure this continues to be the case.”


Not so secure