Smartcards and their access control provide security measures to protect patient data. Access control ensures only those people who are directly involved in patient care, and have a legitimate reason to access patient medical information can do so. The local Registration Authority will assign roles onto the Smartcard, and will also set the Smartcard so that it can be used in the relevant pharmacy, or multiple pharmacies.
Each pharmacy team member whose role means that they need a Smartcard should have one; Smartcards should not be shared by staff.
Further information about the Smartcard model
The Smartcard model for dispensing contractors and their staff operating EPS Release 2 systems is:
|Smartcard per user||One||One RA01 Smartcard per authorised user of the service.|
|Sharing of cards?||No||To use an EPS Release 2 compliant system, all cardholders will confirm the terms and conditions (this means no Smartcard sharing and no sharing of access sessions).|
|User roles||To be set at right level||EPS Release 2 (R2) pharmacy staff will need an appropriate user role profile (URP) registered with the NHS CRS User Directory before they can use any R2 compliant dispensing system.|
|Standards||Set by RAs||
The NHS RA policies and procedures will ensure that pharmacy staff are issued with Smartcards and registered with the user role profile to meet the e-GIF Level 3 Government Standard.
All users who need access to the system such as pharmacists, pre-registration pharmacists, counter assistants, and dispensing technicians will need to be registered with an appropriate access profile as defined by the local RA.
|Smartcard access rights set by sponsor?||Yes||
All pharmacy staff will be registered with an organisation identifier that represents the ODS code of the pharmacy site where they operate the service on a regular basis.
Pharmacy staff will be allocated access rights dependent on their roles within the pharmacy as deemed appropriate by the sponsor.
|Can local RAs adjust smartcard user roles for organisations outside their area?||No except when applying the ‘locum’ code||
The local RA can only add, modify, or delete a user role profile for an organisation associated within that RA’s local area.
The only permitted exception to this model is the case of community pharmacists, pharmacy technicians and dispensing assistants who may need to legitimately work within many community pharmacies at short notice. In such cases, they will also have a user role profile registered against a generic organisation ODS code (FFFFF) for a “locum pharmacy”. In such cases, a warning will be displayed to the user when they log on to a local pharmacy system.
|Can a user with the ‘locum’ role use their smartcard anywhere?||Yes, any R2 site||All pharmacists, technicians and dispensing assistants with a locum user role profile will be able to work with any R2 compliant system connected to the service at any pharmacy site in England.|
|Can a user use their smartcard anywhere?||No||If a user does not have a user profile for the site they are in or the locum pharmacy profile they will not be able to use the service.|
|Can a user look at patient details unnecessarily? Are there controls in place?||No. There are controls.||In R2 dispensing contractors will have access to a part of the Personal Demographics Service. If a user attempts to access a record in the PDS that has previously been flagged as sensitive, an alert will be generated by the service. These will be sent to the appropriate authority within NHS England. Note, a record is kept of everyone who looks at information the NHS CRS holds about a patient. Patients can ask to have a list of everyone who has looked at their records and when they did so.|
Q. Can a pharmacy access nominated prescriptions that have been downloaded without a smartcard (in Release 2)?
A. No, a pharmacy system can automatically download nominated prescriptions from the spine without a smartcard being present, for example overnight, however those prescriptions are not fully accessible by the local system without a Smartcard being present. After a smartcard has been presented, and the user authenticated, the prescriptions then become local patient medication records. It will be possible to access the local patient medication records held on the system without a smartcard, subject to the local system security controls. These controls are likely to vary between systems.
Q. What is e-GIF Level 3?
A. e-GIF stands for e-government interoperability framework. It is a set of policies and standards to enable information to flow seamlessly across the public sector. As part of the framework, four confidentiality levels were set (zero to three) representing degrees of impact of disclosure of private information. The levels are layered according to the severity of consequences that might arise. Level 3 which imposes the most stringent security requirements around confidentiality has been adopted for the NHS CRS.
Q. Which EPS functions will prompt the system to look for a valid Smartcard?
A. The EPS Release 2 functions that a Smartcard will be required for are:
Set, change or delete a patient’s nominated pharmacy;
Download electronic prescriptions from the spine;
Return electronic prescriptions to the spine;
Confirm an electronic prescription has been dispensed; and
- Submit an electronic prescription to NHS Prescription Services for payment