Access to the national health service care record 'spine' is strictly controlled by the use of smartcards, which are only issued on proof of identity and residence. The smartcards contain role-based profiles that restrict access to patient information depending on the role performed.
There are clear processes for NHS trusts to follow in the administration of smartcards and for adherence to information governance standards. However, legal responsibility for the secure handling and managing of patient data rests with individual NHS organisations.
Details of which staff have been authorised by their employing organisation, and which staff have not been so authorised, are therefore held locally, not by the Department. The cost of collecting and maintaining this information centrally would be considerable and disproportionate to the benefit in doing so. However, there is no evidence that inappropriate access currently happens other than very exceptionally.