Controlling access to the PDS is the responsibility of each authorised organisation and its healthcare professionals.

PCTs, in conjunction with general practice information governance officers, will set the access permissions on staff smartcards to support the needs and working practices in their surgeries.

All healthcare professionals and other NHS staff have a duty of confidentiality to patients and must comply with legal and professional obligations, for example, as set out in the NHS Confidentiality Code of Practice.

Inappropriate and unlawful processing of confidential patient information could lead to dismissal, litigation and, for healthcare professionals, sanctions by professional regulatory bodies.

Each health and social care organisation is responsible for establishing appropriate and effective management processes for information governance.

Each NHS trust has a Caldicott Guardian who takes the lead on patient confidentiality issues and works with other information governance staff to ensure that applicable standards are met.

Similar principles apply within each GP practice who will have a nominated information governance officer, supported by their Primary Care Trust (PCT), whose responsibilities will include ensuring that:

• Healthcare professionals and other staff understand and meet information governance standards.
• The information governance controls are effectively implemented.
• Healthcare professionals and other staff are aware that inappropriate use of the PDS will be subject to disciplinary proceedings.
• Procedures are in place for auditing use of the PDS and responding to any confidentiality alerts generated by the systems.