It has come to our attention that Bucks PCT are retaining phones without consent. A member of the TBOO staff had a issue with her own referral she phoned the PCT PALS service without withholding her number and left a different mobile number she wished to be called back on . She never ever gave them the telephone number she had called from. However they called her back on the number she had not given them! The only conclusion we can come to is that the PCT are retaining the telephone numbers of everyone who calls them without their consent.
This raises serious confidentiality issues for example, a 17 year old girl may phone the PCT asking about contraception from her home phone, without withholding the number, but leave her Pay As You Go Mobile for the PCT to call her back. Bucks PCT retain the home phone number and call her back on that and her parents answer the phone.
There is nothing in the PCT Information Governance Policy to tell patients that their numbers are retained nor is there is anything the general PCT patient information leaflets.
where they clearly state if they need to obtain personal information they will get your permission first! They even state you can remain anonymous however you are hardly anonymous if they are retaining your telephone number! See here
Another issue is are they retaining numbers to populate the Personal Demographics Service (PDS) without patient consent? PDS is a database of everyone name, address, date of birth, NHS number, GP details, telephone numbers including ex directory numbers and is available to 800, 000 plus NHS staff. If a victim of domestic violence phones them from her home number and leaves a mobile number for them to call back yet they retain the home number and place it on the PDS database this could cause serious distress if the ex partner managed to obtained her contact details via relative who worked in the NHS.
Prof Ross Anderson talks abut the safety issues of PDS here. He also discusses a case we at TBOO are involved with regarding the safety aspects of PDS.
PDS is very insecure as there are no privacy alerts to flag up when someone has had unauthorised access to a patient details and NHS employees do not need to have a clinical relationship with a patient to access the PDS records.
We are doing a series of FOI requests to both Bucks PCT and PCT’s and Hospital Trusts nationally for further information on this issue. The TBOO member of staff has said she will be making a formal complaint to the Information Commissioner (ICO). We will update this story with the outcomes of the FOI requests and ICO complaint.
In the meantime if have any concerns when contacting the the NHS please remember to withhold your number and get them to call you back a Pay As You Sim, that you can throw away if you want to.