The information governance controls protecting patient information include:

• Registration and authentication processes that allow systems to identify which actions have been taken by which healthcare professional
• Role-based access controls, linked to the identity of each authorised healthcare professional, control precisely what they are able to see and do when logged on to the system
• Search controls that constrain how healthcare professionals are able to look up the details of individual patients
• Sensitive record controls that prevent local healthcare professionals from accessing PDS information when records are flagged as sensitive
• Tools for auditing who has looked at or amended PDS records and local access to these by 'privacy officers' so as to identify appropriate use

Registration, authentication and smartcards

Registration Authorities (RAs) within each trust or healthcare organisation will register all healthcare professionals who are allowed access to NHS Care Records Service systems. 

For further information please visit the Registration Authority webpage.

Sensitive records

Certain people require extra protection from unauthorised access, e.g. identity protection and domestic violence.

Controls are also in place to limit access to patient details that would allow such patients to be contacted. In these cases the patient's address, telephone numbers and GP registration will not be returned from the PDS.

Auditing tools

Records are kept of the following actions on the PDS:

• Tracing, retrievals and confirmation of a PDS record
• Updates
• Creation of PDS records (including allocation of NHS Numbers)
• Merges of demographics records