Computer Weekly reports that:
"The UK's largest NHS trust has discovered endemic sharing of passwords and log-in identifications by staff, recording 70,000 cases of "inappropriate access" to systems, including medical records, in one month."
And that is just the 70000 that were detected. Essentially the security of private patient data is non-existent in the new £multi-billion NHS IT system. FIPR have been saying this for quite some time.