How to prevent smartcard sharing and why it matters

In the fast-paced world of general practice, where systems crash, queues build up, and staff cover multiple roles, it’s easy to see how a “quick fix” like using someone else’s NHS smartcard might seem harmless. But smartcard sharing - even with the best of intentions - poses serious risks to patient safety, staff accountability, and information governance. And more importantly, it’s not just poor practice - it’s against national NHS policy and potentially unlawful under data protection law. So why does it still happen? And how can your practice stop it? This guide explains what’s at stake, how to change the culture around smartcard use, and what practical steps can make a real difference. 

What is smartcard sharing and why is it risky? 

Smartcard sharing happens when one member of staff uses another’s NHS smartcard or login credentials to access clinical or administrative systems. It often takes the form of: 

• Borrowing someone’s card because yours is lost or not working. 

• Logging in under someone else’s name to “save time”. 

• Leaving cards inserted so others can quickly access systems. 

It might feel like a shortcut - especially under pressure - but the consequences are significant. 

Key risks include: 

• Loss of accountability - The system logs actions under the wrong person’s name, making clinical safety incidents harder to trace. 

• Potential data breaches - Accessing records beyond your role or permissions could breach GDPR and patient confidentiality. 

• DSPT non-compliance - Sharing credentials breaches national NHS Digital guidance and compromises your Data Security and Protection Toolkit (DSPT) status. 

• CQC concern - Inspectors are increasingly focused on digital access controls. Repeated sharing could affect your rating. 

• Staff discipline - NHS organisations have dismissed staff over serious smartcard misuse. 

Even in small practices with tight teams, the risks outweigh the convenience. 

Why staff still share smartcards 

Understanding the reasons behind smartcard sharing is key to changing behaviour. Common factors include: 

• Delays with RA (Registration Authority) for issuing or renewing cards. 

• Smartcard readers not working or unavailable on all workstations. 

• System pressures - for example, front desk queues or clinical time constraints. 

• Lack of understanding of why sharing is problematic. 

• “It’s just how we do things” culture - especially when shortcuts have never led to obvious problems. 

These challenges are real, but none are unsolvable. 

How to prevent smartcard sharing in your practice 

1. Raise awareness and explain the risks 

Start by discussing the issue in a non-judgemental way. Use team briefings or protected learning time to: 

• Explain why smartcard sharing compromises safety and legality. 

• Share examples (anonymised) of near misses or incidents from other practices. 

• Remind staff that actions logged under their name are their responsibility. 

Use phrases like “we’re tightening up because this matters” rather than “you’re doing it wrong”. 

2. Improve access to card readers and logins 

Audit how easy it is for staff to log in with their own credentials. Ask: 

• Are there enough smartcard readers at workstations? 

• Are readers faulty or poorly placed? 

• Do all staff have active cards and the right access levels? 

If technical barriers are driving sharing, fix those first. 

3. Make smartcard maintenance part of onboarding and exit processes 

Include smartcard status checks in your: 

• New starter onboarding - Apply for or transfer cards before their first day. 

• Leavers process - Revoke or report lost cards promptly. 

• Role changes - Ensure access rights reflect current responsibilities. 

Keep a central record of smartcard holders and expiry dates. 

4. Work with your RA and ICB

Your local Registration Authority (RA) is there to help. Ask for support with: 

• Troubleshooting faulty readers. 

• Bulk renewals or replacements. 

• Streamlining access for new staff or locums. 

• Promoting the use of CIS (Care Identity Service) for remote smartcard authentication. 

Having a named contact at your RA or CSU makes a big difference. 

5. Implement practical safeguards 

• Use posters or desktop reminders: “Your smartcard - your responsibility”. 

• Train managers to monitor and challenge inappropriate use. 

• Include access behaviour in appraisals or audits. 

• Review logs of who accessed what, especially after an incident. 

Make it clear that this isn’t about mistrust - it’s about best practice. 

Final word: smartcards are personal for a reason 

Smartcard sharing may feel like a minor rule-bend in the name of efficiency. But the risks it carries - to patients, to staff, and to your entire governance standing - are significant. 

By addressing the root causes, supporting staff, and making systems more accessible, you can change the culture around smartcard use. It starts with a conversation - and ends with a safer, more accountable practice.