PDS access requires ‘business reason’

News

  • 20 October 2009
Fiona Barr
December 1, 2016

Staff accessing the Personal Demographics Service must have an appropriate ‘business reason’ for doing so, but need not have a legitimate relationship with a patient, according to NHS Connecting for Health.

The Department of Health’s IT agency has published new guidance on managing access to the PDS, which sets out rules for access and the action that local health communities should take if NHS staff, GPs or GP practice staff inappropriately view a patient’s demographic information.

The guidance states that only those who have a genuine ‘need to know’ should be able to access a patient’s demographic information, and then only when it is reasonable to believe that the person concerned would not object or has been asked for their permission.

CfH said NHS staff can search for and view information on the PDS without having a legitimate relationship recording on the system because ‘legitimate relationships’ applied to clinical information and no clinical data was stored on the PDS.

It said a ‘legitimate relationship’ meant a person was working in a team involved in a patient care, whereas others might have justifiable reasons for accessing the PDS. As an example, it cited a receptionist in an out-of-hours centre booking a patient into a local system.

Staff must have a justifiable ‘business reason’ to access the patient’s demographic information to perform their role.

Patients in sensitive or vulnerable positions – such as victims of domestic abuse or people in the public eye – can have their information on the PDS flagged as sensitive, known as ‘s-flagging.

This means the PDS will not return any of the patient’s contact details or other information that could be used to determine their location.

CfH said it was possible to see who had accessed a patient’s information on the PDS, but not through which programme they had accessed it.

It said GPs should exercise due care in their own use of the system and ensure their own staff do not access the PDS inappropriately.

It said local communities can monitor access to the PDS by requesting a report on who has accessed a patient’s demographic information or a report showing which records have been accessed by an individual.

If inappropriate access is discovered sanctions could include criminal prosecution under the Data Protection Act, civil action for breach of confidentiality, disciplinary action under terms of employment and action by the General Medical Council for breach of confidentiality.

Read more: More details are available in our Comment and Analysis, written by CfH Caldicott Guardian Dr Maureen Baker.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Prev News

EPR: the drama

Next News

Lorenzo R1.9 to debut at EHI event

Related News

GPs face EMIS IT outage at busiest time of the week
Digital Transformation November 5, 2024

GPs face EMIS IT outage at busiest time of the week

An outage to the EMIS IT system caused “chaos” for GPs in England when access was cut off to appointment booking systems and patient records.
One in five GPs using AI tools in clinical practice, finds BMJ survey
AI and Data September 24, 2024

One in five GPs using AI tools in clinical practice, finds BMJ survey

An online survey of UK GPs by the BMJ has revealed that one in five are using generative AI tools such as ChatGPT in clinical…
Digital Health Coffee Time Briefing ☕
News July 9, 2024

Digital Health Coffee Time Briefing ☕

Today's edition includes GOSH using AI to help identify Parkinson's Disease and a look at the challenges of evaluating digital health tech.