Here are the latest National Smartcard Terms and Conditions that all staff MUST adhere to.
All staff will, at some point, have been prompted to read and accept these terms and conditions during first use of ther smartcard.
As a registered Smartcard holder you will;
1. agree that you will keep your Smartcard / Authorised Device private and secure and that you will not permit anybody else to use it or to establish any session with the NHS Care Records Service applications. You will not share your Passcode with any other user. You will not write your Passcode down, nor use any kind of electronic storage (media or otherwise) to store it, for example by using a programmable function key on a keyboard. You will take all reasonable steps to ensure that you always leave your workstation secure when you are not using it by removing your Smartcard / locking your Authorised Device. If you lose your Smartcard / Authorised Device or if you suspect that it has been stolen or used by a third party, you will report this to your local Registration Authority as soon as possible;
2. understand and accept that your personal data will be used as described in the "Notice to Smartcard / Authorised Device users on the use of your personal data" above. Furthermore, you agree to provide any additional information and documentation required by the Registration Authority to verify your identity. Each user must have their identity assured and verified to the relevant standard applicable at the time of registration5. This requirement may be refreshed from time to time;
3. confirm that the information which you provide in the process of your application is accurate. You agree to notify your local Registration Authority immediately of any changes to this information;
4. understand and accept that the Smartcard / Authorised Devices issued to you is the property of the NHS and you agree to use it only in the normal course of your employment or contract arrangement;
5. agree that you will check the operation of your Smartcard / Authorised Device promptly after you receive it. This will ensure that you have been granted the correct access profiles. You also agree to notify your local Registration Authority promptly if you become aware of any problem with your Smartcard / Authorised Device or your access profiles;
6. agree that you will only access the NHS Care Records Service application by using a Smartcard or Authorised Device. You agree that you will only use your Smartcard / Authorised Device, the NHS Care Records Service applications and all patient data in accordance with The NHS Confidentiality Code of Practice (www.dh.gov.uk) and (where applicable) in accordance with your contract of employment or contract of provision for service (whichever is appropriate) and with any instructions relating to the NHS Care Records Service applications which are notified to you;
7. agree not to maliciously alter, neutralise, circumvent, tamper with or manipulate your Smartcard / Authorised Device, NHS Care Records Service applications components or any access profiles given to you;
8. agree not to deliberately corrupt, invalidate, deface, damage or otherwise misuse any NHS Care Records Service applications or information stored by them. This includes, but is not limited to, the introduction of computer viruses or other malicious software that may cause disruption to the services or breaches in confidentiality;
9. understand and accept that your Smartcard / Authorised Device may be revoked, or your access profiles changed at any time without notice if you breach this Agreement; if you breach any guidance or instructions notified to you for the use of the NHS Care Records Service applications or if such revocation or change is necessary as a security precaution. You also understand and accept that if you breach this Agreement this may be brought to the attention of your employer (or governing body in relation to independent contractors) who may then take appropriate action (including disciplinary proceedings and/or criminal prosecution);
10. understand and accept that the Registration Authority’s sole responsibility is for the administration of access profiles and the issue of Smartcard / Authorised Device for the NHS Care Records Service applications. The Registration Authority is not responsible for the availability of the NHS Care Records Service applications or applications which use NHS Care Records Service authentication or the accuracy of any patient data;
11. understand and accept that you, or your employer, shall notify your local Registration Authority at any time should either wish to terminate this Agreement and to have your Smartcard / Authorised Device revoked e.g. on cessation of your employment or contractual arrangement with health care organisations or other relevant change in your job role;
12. understand and accept that NHS Digital may unilaterally change the terms of this Agreement6 from time to time, and unless otherwise stated these will be effective from publication; and
13. understand and accept that these terms and conditions form a binding Agreement between yourself and those organisations who have sponsored your role(s). You also understand and accept that this Agreement is governed by English law and that the English courts shall settle any dispute under this Agreement.