Smartcards are issued to healthcare professionals to enable them to access confidential patient data on the national care record database set up by Connecting for Health.
But Norman Lamb, the Liberal Democrat MP for North Norfolk, told a House of Commons debate on the NHS IT programme this month that security measures to protect NHS smartcards and PINs were inadequate.
He told GP he had been informed that many PCTs hold lists of all PINs issued, but declined to name them.
In the Commons debate on 6 June, Mr Lamb voiced concern that there was no guidance on how this information should be protected. 'No guidance has been issued on the security of those,' Mr Lamb told MPs. 'The principles should have been in place earlier.'
Connecting for Health defended its record on security, and said guidance on PINs and smartcards was clear.
'National guidance states that smartcard passcodes should be set and known by the person who is using the smartcard,' a spokeswoman said.
PIN numbers should not be 'stored or shared with anyone', she confirmed.
'Smartcards should be treated like credit cards - you shouldn't share your smartcard passcode.'
GPC negotiator and IT lead Dr Richard Vautrey said he was not aware of PCTs storing PINs.
'I would be unhappy if someone had access to that information,' he said.