Is this normal? Nhs employees

[Chiefspidercatcher]

I don't think it is. Or it shouldn't be.

I work in a GP practice. Not long started.

I've witnessed a newbie given a 'spare' smart card (which belonged to a colleague on leave, a spare for them sonehow the practice manager has) to access eg emis while training before newbies own smart card arrived.
So colleague was on leave but there's logged actions throughout the system that they eg ordered prescriptions, blood tests etc as their smart card was used.

I had a patient complain earlier this week about a request not done from a week prior. I checked the system & was shocked to see my own name logged as the person cancelling their request. I didn't remember doing this & am v careful. When I got home later I checked my shifts & I wasn't in work when it was done so someone must have a spare smart card for me & be accessing the system using my profile.

I feel like the risks & ramifications are huge.

Am I overreacting? Does this go on?

I'm trying to decide how to proceed. I'm concerned about patient security & confidentiality being compromised. Also the risk of reputational damage to me or anyone else whose card is being used by someone else for goodness knows what.

I think the PM is likely the one who has the spares & letting certain ppl access them. However we are a small practice & she'd also be my point of contact to raise issues to so I'm not sure which way to move forward. ICO suggested whistleblowing. Has anyone else been in a similar position?

That's really bad

I haven't but there's no way I would be okay with this. If anything goes wrong it's your name against it.
Is your PM approachable?
It would be a massive no no in our service (NHS but not a GP practice).

Also, when I worked in the nhs I had emis training with IT and used like a training account. They shouldn't be using emis until they are trained and have their own account

That's really bad.

I agree use the whistleblowing policy, or speak in confidence to a senior partner.

No it’s not normal. Why would anyone need a spare smart card for you or anyone else?!

It's not really normal OP. That would worry me! I used to let my apprentices borrow my smart card to look at notes before they got their smart cards, but only when we were I the same room and I could keep an eye! I never ever let them input any notes or anything in my name. People in my team did that kind of thing a lot though. There is no way I want anyone else inputting stuff under my name thanks!!

I'm public sector (not NHS but work closely with them) and have a lot of data protection experience.

This is beyond bad - you absolutely need to follow whistleblowing procedures!

Yes I've known it happen even though it's a big no for the reasons you've described. Often these practices are normalised as ok when they're clearly not. If the PM is instigating it then you're in a tricky place.. in my experience whistle blowing never ends well in the NHS (for the person who raises concerns), it's such a toxic culture.

I don't work in the NHS but in my industry it's absolutely NO shared log ons.

I think the PM reordered cards when originals didn't arrive quick enough & they thought the original card was lost in transit. Then when the 2nd turned up the PM kept both. I've heard them say they have 2 for themself aswell. I stuck me as less secure to have spares in a cupvlboard somewhere but I'd just started & was processing a lot of info.

Not normal at all, really concerning!

We aren’t meant to share logins at all or give anyone else access but the trust make no provision for medical students so there are times I support them to gain access to notes using my login but only when I have logged in and under supervision!

ICO said I could request to stay anonymous. We have nhs patients but the practice is privately owned. Not sure if that makes a difference.

I'm planning on leaving before Christmas. It's a terrible environment to be in, it's really getting to me for a host of reasons but the others are more personal. This feels a responsibility to the public to not ignore & for my reputation if someone is accessing the system under my name. It's purely chance I discovered this action & checked the history of the error so I'm worried what else lurks that will appear to be my work but isn't.

I'm amazed 2 smart cards stay active. Surely only one should be activated at a time.

Does anyone know if its possible to change your 6 digit login?

Mine is known to everyone. It was announced in the office & is v memorable. Altho it depends if I changed my passcode on the card I have would it change for both cards or just the one I was using at the time.

We have spare smart cards for bank staff, new starters etc but they have to be signed in and out. Absolutely not allowed to share log ins.

surely its a GDPR breach. using others access codes is so wrong on every level especially NHS

I wouldn’t discuss anyone else’s actions but ask about your own situation.

Say you were looking into a customer call and your name was logged against an action but you weren’t on shift at the time. Just tell her you want to flag that there might be a problem with the system.

See where that goes.

This, this, this! And do it tomorrow. You are vigilant and professional, and we appreciate people like you in the GP surgery 👏🏼

Yes this is why I contacted ico to query, they suggested whistleblowing but said it's up to a 14 wk wait for anything to be done. I plan to be gone by then.

This is gross misconduct.

You need to put in a greivance regarding your case. If you'd been on duty yiy'd be stuffed.

No this is not normal at all. Only you should know your pin and login details should not be shared.

I'm glad my instinct was right & I'm not overreacting at least.

Absolutely not normal at all. I would suggest phoning your IT department and ask them to change your log in pin. They should be able to do this for you or talk you through how to do it yourself.

I also agree with pp's that this need to be reported.

We don't have an IT dept, everything goes thru the PM who has separate office at other end of the building. Everything I do is done in the communal reception office where patients also pass & at least 1 other receptionist most of the time is near so no calls are private. I'd not put it past the PM to call IT & req my new passcode if I changed it either given how they've behaved so far.