How to prevent smartcard sharing and why it matters
Protecting patient safety and legal compliance by tackling a risky habit in primary care
Författad av Thomas Andrew Porteus, MBCSUrsprungligen publicerad 9 jul 2025
Uppfyller patientens redaktionella riktlinjer
- Ladda nerLadda ner
- Dela
- Language
- Diskussion
- Ljudversion
- Lägg till i föredragna källor på Google
Medicinska yrkesverksamma
Professionella referensartiklar är utformade för att användas av hälso- och sjukvårdspersonal. De är skrivna av brittiska läkare och baserade på forskningsbevis, brittiska och europeiska riktlinjer. Du kanske hittar en av våra hälsoartiklar mer användbar.
In the fast-paced world of general practice, where systems crash, queues build up, and staff cover multiple roles, it’s easy to see how a “quick fix” like using someone else’s NHS smartcard might seem harmless. But smartcard sharing - even with the best of intentions - poses serious risks to patient safety, staff accountability, and information governance. And more importantly, it’s not just poor practice - it’s against national NHS policy and potentially unlawful under data protection law. So why does it still happen? And how can your practice stop it? This guide explains what’s at stake, how to change the culture around smartcard use, and what practical steps can make a real difference.
What is smartcard sharing and why is it risky?
Smartcard sharing happens when one member of staff uses another’s NHS smartcard or login credentials to access clinical or administrative systems. It often takes the form of:
Borrowing someone’s card because yours is lost or not working.
Logging in under someone else’s name to “save time”.
Leaving cards inserted so others can quickly access systems.
It might feel like a shortcut - especially under pressure - but the consequences are significant.
Key risks include:
Loss of accountability - The system logs actions under the wrong person’s name, making clinical safety incidents harder to trace.
Potential data breaches - Accessing records beyond your role or permissions could breach GDPR and patient confidentiality.
DSPT non-compliance - Sharing credentials breaches national NHS Digital guidance and compromises your Data Security and Protection Toolkit (DSPT) status.
CQC concern - Inspectors are increasingly focused on digital access controls. Repeated sharing could affect your rating.
Staff discipline - NHS organisations have dismissed staff over serious smartcard misuse.
Even in small practices with tight teams, the risks outweigh the convenience.
Why staff still share smartcards
Understanding the reasons behind smartcard sharing is key to changing behaviour. Common factors include:
Delays with RA (Registration Authority) for issuing or renewing cards.
Smartcard readers not working or unavailable on all workstations.
System pressures - for example, front desk queues or clinical time constraints.
Lack of understanding of why sharing is problematic.
“It’s just how we do things” culture - especially when shortcuts have never led to obvious problems.
These challenges are real, but none are unsolvable.
How to prevent smartcard sharing in your practice
1. Raise awareness and explain the risks
Start by discussing the issue in a non-judgemental way. Use team briefings or protected learning time to:
Explain why smartcard sharing compromises safety and legality.
Share examples (anonymised) of near misses or incidents from other practices.
Remind staff that actions logged under their name are their responsibility.
Use phrases like “we’re tightening up because this matters” rather than “you’re doing it wrong”.
2. Improve access to card readers and logins
Audit how easy it is for staff to log in with their own credentials. Ask:
Are there enough smartcard readers at workstations?
Are readers faulty or poorly placed?
Do all staff have active cards and the right access levels?
If technical barriers are driving sharing, fix those first.
3. Make smartcard maintenance part of onboarding and exit processes
Include smartcard status checks in your:
New starter onboarding - Apply for or transfer cards before their first day.
Leavers process - Revoke or report lost cards promptly.
Role changes - Ensure access rights reflect current responsibilities.
Keep a central record of smartcard holders and expiry dates.
4. Work with your RA and ICB
Your local Registration Authority (RA) is there to help. Ask for support with:
Troubleshooting faulty readers.
Bulk renewals or replacements.
Streamlining access for new staff or locums.
Promoting the use of CIS (Care Identity Service) for remote smartcard authentication.
Having a named contact at your RA or CSU makes a big difference.
5. Implement practical safeguards
Use posters or desktop reminders: “Your smartcard - your responsibility”.
Train managers to monitor and challenge inappropriate use.
Include access behaviour in appraisals or audits.
Review logs of who accessed what, especially after an incident.
Make it clear that this isn’t about mistrust - it’s about best practice.
Final word: smartcards are personal for a reason
Smartcard sharing may feel like a minor rule-bend in the name of efficiency. But the risks it carries - to patients, to staff, and to your entire governance standing - are significant.
By addressing the root causes, supporting staff, and making systems more accessible, you can change the culture around smartcard use. It starts with a conversation - and ends with a safer, more accountable practice.
Exklusiva uppdateringar för vårdpersonal
Håll dig informerad med de senaste kliniska uppdateringarna, professionella insikter och evidensbaserad vägledning. Patient Pro-nyhetsbrevet sammanställer viktigt innehåll för vårdpersonal—levererat direkt till din inkorg.
Genom att prenumerera accepterar du våra Sekretesspolicy. Du kan avsluta prenumerationen när som helst. Vi säljer aldrig dina uppgifter.
Om författarenVisa fullständig biografi

Thomas Andrew Porteus, MBCS
Hälsoteknik
MBCS
Thomas skriver för att informera, inspirera och utrusta praktikledare och vårdpersonal som navigerar förändringar, med utgångspunkt i två decennier av praktiskt arbete inom det brittiska hälsosystemet.
Artikelhistorik
Informationen på denna sida är skriven och granskad av kvalificerade kliniker.
Artikeln finns också på Engelska, Tyska, Spanska, Franska, Italienska, Portugisiska, Hindi, Hebreiska, Arabiska, och Svenska.
Nästa granskning: 9 jul 2028
9 jul 2025 | Ursprungligen publicerad
Författad av:
Thomas Andrew Porteus, MBCS

Fråga, dela, anslut.
Bläddra i diskussioner, ställ frågor och dela erfarenheter inom hundratals hälsorelaterade ämnen.

Känner du dig sjuk?
Bedöm dina symtom online gratis
Mer om informationsstyrning och säkerhet
- Lagen om användning och tillgång till data 2025 - vad det innebär för allmänläkare
- Hur man undviker IG-huvudvärk när man arbetar med PCN-personal
- Hur man genomför en praxisomfattande IG-riskbedömning
- Hur man skapar en kultur av IG-medvetenhet i din verksamhet
- Hur man skapar en praktisk IG-kalender som verkligen fungerar
- Hur man hanterar ett dataintrång för patientinformation
- Hur man hanterar en begäran om registerutdrag (SAR)
- Hur man hanterar vanliga patientfrågor om informationssäkerhet
- Hur man hanterar cybersäkerhet i en hybridarbetsmiljö
- Hur man förbereder sig för en DSPT-inlämning utan panik
- Hur man svarar på ett misstänkt e-postmeddelande på under 60 sekunder
- Hur man genomför en 15-minuters IG-uppfräschning på nästa teammöte
- Hur man upptäcker och stoppar interna IG-risker
- Hur man utbildar personal i cybersäkerhet utan att tråka ut dem
- Hur man skriver ett patientinriktat integritetsmeddelande som bygger förtroende