Hundreds of thousands of NHS clinical staff are to be issued with secure smartcards to authenticate access to electronic patient records, Computing can reveal.

Vital patient information is to be held in a national 'data spine' and accessed though a portal by swiping a valid card through a reader on a suitably-equipped PC.

Insiders estimate that as many as 800,000 of the 1.2 million health service staff could be issued with the cards in the first phase.

'The UK has around 600,000 nurses alone so at least 800,000 people will need the smartcards or the system won't work,' said a senior source.

The data spine is the core of the £2.3bn National Programme for NHS IT. It will act as the first point of reference for patient data and will also underpin national ebookings and eprescriptions applications.

Ultimately, non-clinical staff such as ward clerks and Primary Care Trust commissioning directors will also need to be issued with cards to access data held in the national applications.

All NHS PCs needing access to the spine will have to be fitted with card readers and 'intelligent broker' software to manage the interface with the portal.

Under current plans, the ideal environment for running the broker software is either Windows 2000 or XP, prompting concerns among NHS IT staff that the majority of existing PCs will not be sufficiently capable.

It is possible that the software will run on lower-specification PCs, but the response times guaranteed by the Local Service Providers contracted to deliver the National Programme will only apply in a higher-specification 'warranted environment'.

At this stage the cost of the smartcards, readers, PC upgrades and card issuing and enrolment procedure are to be borne locally. But an enterprise-wide agreement for the hardware, such as that agreed for database software in January with Oracle, could capitalise on the vast economies of scale.

John Powell, chairman of the British Medical Association IT committee, says smartcards must work with another level of identification such as a password.

'We would want assurances that not just anyone who happens to have the right card can access patient data because obviously cards can go missing or get stolen,' he said.

The National Programme declined to comment.