CfH removes door entry codes from PDS

NHS Connecting for Health has removed confidential door entry codes wrongly held on the Personal Demographics Service, following an investigation.

CfH told EHI Primary Care it had no evidence that storage of the data had led to security breaches.

However, it has removed the information and warned NHS organisations that their actions had led to “a serious risk” of a security breach.

Last month, CfH’s National Back Office Service Management team wrote to practices to alert them that door code details were being stored within the address field on the PDS.

In some cases, these had been printed as part of the address on letters sent to patients.

The discovery promoted an investigation by CfH which has now concluded. A Department of Health spokesperson said it had taken action to remove the inappropriately stored data on both the PDS and the National Health Applications and Infrastructure Services.

The spokesperson added: “The situation is likely to have occurred because NHS staff want to ensure access to patients requiring treatment or care at home and have recorded access codes in their local systems.

"We have no evidence this had led to security breaches, however, it is important that it is stopped so that patient confidentiality is protected.”

The DH has written to 142 GP practices, 46 primary care trusts and 12 acute trusts that had patients’ with door entry codes on the PDS.

The letter warns that it is essential that staff do not continue to enter access codes into local systems as the PDS could become “re-infected” with the data when the information is synchronised to the PDS and secondary care patient administration systems.

The letter tells NHS organisations to audit the extent to which access code information is held on records on local systems and decide whether it should continue to be held there.

It adds that if the information is needed NHS organisations need to guarantee that it will be held in such a way that it is not synchronised to the PDS.

It says affected organisations will also need to decide whether patients’ with codes that had appeared on the PDS needed to be contacted so they could decide whether their access code should be changed.

The letter adds: “We will also be working with system suppliers to examine any steps we can take to ensure that users are alerted to or prevented from entering access code data into inappropriate fields that synchronise with the PDS.”

In a separate letter sent to the whole of the health service, CfH has told organisations to ensure access codes for key safe boxes and other door entry systems are not stored in the address, telephone number or name fields or either local or national systems.