According to the The Information Commissioner’s Office (ICO) for the financial year 2019-20, the health sector generated nearly 20% of all personal data breach complaints.
Healthcode takes our customers’ information security very seriously but we also need you to help us protect you. One important requirement is that everyone in your practice with access to our online services must have their own unique user ID and password. Sharing login details with others may be a quick and convenient way of providing access to the system and may seem harmless.
However, this shortcut may result in the unauthorised disclosure of patient records or financial records and the ICO itself clearly states that you should “only allow your staff access to the information they need to do their job and don’t let them share passwords.”
Choosing to share your password could also be costly because you have little control over what has been done (or not done) in your name. If a mistake is made, you might have to answer awkward questions from a PMI or even be criticised for failing to protect patient confidentiality. A breach of the DPA in these circumstances will almost certainly result in a fine and embarrassment for the practice.
Ultimately, sharing user-IDs is an unnecessary risk. It’s a simple matter to request a new user ID from Healthcode by completing a user login request form. This ensures the individual is set up with the correct level of access so your practice can meet your legal obligations under the DPA and continue to use our services securely.
In 2016, a GP surgery was fined £40,000 after breaching the confidentiality of a woman patient and her family to her ex-partner.
The Information Commissioner’s Office (ICO), which oversees data protection, found that the practice concerned had insufficient systems in place to guard against releasing unauthorised personal data and that staff did not receive adequate guidance or supervision.
This case highlights the risks that all healthcare providers run if they do not take reasonable steps to secure sensitive patient information. A breach of confidentiality is likely to cause distress to patients, but there are financial implications too: the ICO has the power to issue fines of up to £17.5 million for serious breaches of the Data Protection Act (DPA) and, of course, any breach is likely to attract significant adverse publicity and reputational damage.
It is extremely important that your staff IDs are up to date; please let us know when staff members leave so we can delete the details. If you have any new user ID or leaver requests email our customer services team on This email address is being protected from spambots. You need JavaScript enabled to view it.