NHS data breach fears: Vaccine booking website accidentally exposes medical details

Vaccine: Expert confirms over-45s can book

When you subscribe we will use the information you provide to send you these newsletters. Sometimes they’ll include recommendations for other related newsletters or services we offer. Our Privacy Notice explains more about how we use your data, and your rights. You can unsubscribe at any time.

The regulator for medical data has flagged concerns with NHS digital after it appeared possible for strangers to access information about individuals’ vaccination records. Campaigners have called the breach a “seriously shocking failure”.

Anyone looking to book a coronavirus vaccine appointment is asked to enter their NHS number online.

However, those who do not know the number are still able to book by simply providing a few key details.

Those who have received two jabs are immediately taken to a page informing them “you have had both of your appointments”.

Anyone without a jab is taken to a screening page, while those with just one injection are asked to enter a booking reference for their second shot.

It means those with just limited information about an individual are able to find out personal medical information.

Campaigners have warned the system could be exploited by rogue employers to find out which of their staff have been vaccinated.

“This is a seriously shocking failure to protect patients’ medical confidentiality at a time when it could not be more important, Silkie Carlo, the director of privacy group Big Brother Watch told The Guardian.

“This online system has left the population’s Covid vaccine statuses exposed to absolutely anyone to pry into.

“Date of birth and postcode are fields of data that can be easily found or bought, even on the electoral roll.

“This is personal health information that could easily be exploited by companies, insurers, employers or scammers.

“Robust protections must be put in place immediately and an urgent investigation should be opened to establish how such basic privacy protections could be missing from one of the most sensitive health databases in the country.”

A spokesperson for the national data guardian for health and social care, which regulates the use of medical data, said it had been contacted by two people who were worried at the lack of privacy on the NHS website.

It confirmed the National Data Guardian had made contact with NHS Digital to relay the concerns.

They said: “The NDG has contacted the organisations which run the website to ensure that they are aware of the concerns that have been raised and will discuss with them the twin important aims of protecting confidentiality whilst maintaining easy access to vaccinations for the public.”

DON’T MISS:
Half of adults in England think government is handling pandemic well [SURVEY]
Dominic Raab hails UK backed AstraZeneca’s ‘huge boom’ globally [WATCH]
Covid vaccine schedule timeline: When YOU could get the jab – dates [INSIGHT]

Meanwhile, NHS Digital has said it is working to revise the page in light of the privacy corners.

It said: “The online ‘book a coronavirus vaccination’ service has enabled millions of people to book their vaccinations quickly and easily, with over 17million first and second dose appointments made in over four months.

“The system does not have any direct access to anyone’s medical record and people should not be fraudulently using the service – it should only be used by people booking their own vaccines or for someone who has knowingly provided their details for this purpose.”

Since coronavirus vaccinations were rolled out in December last year, nearly 35 million Brits have had at least one injection.

While 66.1 percent of the adult population has had a first dose, more than 30 percent have received their second and are fully vaccinated.

The vaccine take-up rate continues to exceed expectations.

In England, 95 percent of those aged 50 and over have had at least one dose.

Ministers say the UK is on track to offer a jab to all adults by the end of July.

Source: Read Full Article