Registered smartcard holders must keep their smartcard secure (for example, must not share their smartcard login details and passcode with others, or leave their smartcard logged into a reader when they are not using it). Otherwise, there is the potential for a third party to have unauthorised access to confidential patient information, including via the e-RS application, under the original user’s login details. This might result in a passer-by having access to patient information without having a legitimate relationship with that patient.
NHS staff must have a legitimate relationship with the patient in order to be authorised to view or access their information on e-RS. The e-RS application has an audit trail which stores data on the use of the application – allowing appropriate staff to retrieve this data to check that those using the application are authorised to do so. If users do not keep their smartcard secure or share it with others they could be questioned about inappropriate access, which would be evident on the audit trail under their name.
All employees have a professional responsibility to ensure that they use their smartcards, login details and passcode appropriately. Organisations must stress these responsibilities to their employees when issuing smartcards and re- enforce them regularly – monitoring smartcard usage and taking necessary disciplinary action where appropriate.
Allocating smartcard roles
Where an organisation gives an employee incorrect access control to the e- RS application this could allow them to initiate and process referrals, resulting in confidential patient information being viewed and used by employees who do not have an appropriate legitimate relationship with the patient. There is also the potential for referrals to be made incorrectly in the e- RS application which could affect patient safety and confidentiality.
Employees who do not have the appropriate access control and legitimate relationship with a patient should not be authorised to view or use that patient’s information. Organisations must ensure they follow the registration authority process when allocating access control to employees. The issuing of smartcards should be overseen by a Caldicott Guardian, who should be fully aware of access control regulations. Organisations should ensure their process for issuing smartcards is regularly audited and take immediate action when any inappropriate use of the e-RS application is discovered.
An overview of e-RS smartcard roles and the NHS staff roles to which they are typically applied is available on e-RS business roles page.
Accessing the e-RS application to view a patient’s record without authorisation (such as for friends, relatives or colleagues) is completely inappropriate.
Employees should be aware that unauthorised access of the e-RS application is not permitted. Organisations have a responsibility to highlight this to employees and provide appropriate training.
Printing referral letters
If an NHS employee prints a hard copy of a referral letter for a consultant to review in the ’traditional way’, then there is the potential for these referral letters to go astray (as they always could). This could lead to the referral letter being found by a third party. This third party does not have a legitimate relationship with the patient, so they are not authorised to view or access this information. Most third parties would not use the information inappropriately. However, there is the possibility that the information could fall into the wrong hands.
The most secure method for reviewing referral letters is online. If providers choose to print referral letters for review, then these letters must not be taken into non-secure areas of the organisation. Organisations need to ensure that only consultants or other clinicians (for example, Allied Health Professionals) review these referral letters and that this is done in a secure environment. They should train their employees to adhere to these guidelines. Organisations should also ensure their employees understand that there is the potential for disciplinary action if these guidelines are not followed.
Personal demographics service
If a referrer is aware of a change in a patient’s address or telephone number but does not update this information in the personal demographics service (PDS), then there is the potential for incorrect address or telephone numbers to be used in clinical systems. This could result in confirmation letters being sent to the wrong address or telephone calls made to the wrong number.
The e-RS application sources patient contact details from the personal demographics service, the central source of demographic data. Organisations need to ensure that patient contact details are updated in the personal demographics service. This will help to ensure letters and telephone calls are always directed to the correct place.
Consent to call back flag
This flag indicates whether the patient is willing to be telephoned about their referral. The default setting of this flag is consent, meaning that the patient is willing to be telephoned. If a patient does not wish to be telephoned about their referral then this flag should be changed from the default setting.
Organisations need to ensure that the "consent to call back flag" is switched off for patients who do not give their consent to be called regarding their referral as this will reduced uneccessary calls made to patients.
If an NHS employee uses the e-RS application at home, or another unsecured location, via a Virtual Private Network (VPN) connection to their organisation, then there is the potential for confidential patient information to be viewed by other people within that location, such as friends or relatives.
Organisations need to restrict use of the e-RS application to secure premises wherever possible. Organisations also need to ensure that there is strict guidance for the use of remote access to the e-RS application; train their employees to adhere to these guidelines; and take necessary disciplinary action where appropriate.