It was under the auspices of a hospital but at another GP's surgery. Somewhat disorganised and complex. I expect they needed the number to misfile my record -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Nick Landau Sent: 02 May 2007 17:16 To: [log in to unmask] Subject: Re: [data-protection] While we are on medical things Was this at your local hospital? It should presumably have been done through a computer system rather than by phone. In fact, some years ago I worked at a Central London Mental Health Trust where one of my jobs was to look up the NHS numbers of patients for the Trust to identify which PCT the patient lived in, for the purpose of obtaining payment for the Trust. The patients could have been from anywhere in the country and, by definition, they would have often been admitted in an emergency. In that case, the information is contained on the NHS Strategic Tracing Service and I had to have be specially registered to do this. See http://www.connectingforhealth.nhs.uk/systemsandservices/nsts If you are a patient of the PCT they would have your name and address on their register with NHS Number. I have no doubt that NHS colleagues will tell you what the correct procedure should have been. It seems to me that you could have just claimed to be Tim Trent and got treatment that wasn't intended for you. I am not quite clear why they specifically needed your NHS Number at that point. Was it to obtain your record? I assume that your name and address would have accessed that? My final point would be that, at the very minimum, if someone rings up by phone that there should be a procedure whereby the surgery rings the number back to check who they are speaking to. I am sure that there are protocols for that. Nick Landau Nick Landau's Profile on LinkedIn.com http://www.linkedin.com/in/nicklandau1 The Numbers Game www.thebestof.co.uk/barnet/33615/1/1/the_best_of.aspx ----- Original Message ----- From: Tim Trent To: [log in to unmask] Sent: Wednesday, May 02, 2007 4:02 PM Subject: [data-protection] While we are on medical things On Monday I went for an eye test. Tubby chaps of my age tend to get diagnosed with type 2 diabetes, and I am a tubby chap of my age. It was the first such annual eye MOT I have had and I was not on the usual list because of a standard foul-up. So I had no letter with the all important NHS number. I was amused when the eye test lady called my GP's surgery and was given my NHS number. She had to present no credentials at all, and the number was given out without question. My question is "Is this a reasonable process?" Tim Trent - Consultant Direct: +44(0)1344 392644 Mobile:+44(0)7710 126618 Personal blog: http://timtrent.blogspot.com/ See also http://complianceandprivacy.com email: [log in to unmask] Marketing Improvement Limited, Abbey House, Grenville Place, Bracknell, United Kingdom, RG12 1BP http://www.marketingimprovement.com Important: This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. This email and any attachment(s) are believed to be virus-free, but it is the responsibility of the recipient to make all the necessary virus checks. This email and any attachments to it are copyright of Marketing Improvement Limited unless otherwise stated. Their copying, transmission, reproduction in whole or in part may only be undertaken with the express permission, in writing, of Marketing Improvement Limited. Marketing Improvement Limited is registered in England No. 4283972. Registered Office: 643 Watford Way, London NW7 3JR and its VAT number is GB798 2065 86. All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format): Leaving this list: send leave data-protection to [log in to unmask] Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask] To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask] To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask] Any queries about sending or receiving messages please send to the list owner [log in to unmask] (Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^