The NHS is being forced to revise its digital booking system for Covid-19 vaccinations after the shocking discovery that it leaks people’s vaccination details.
According to The Guardian, the booking system makes personal vaccination details easily accessible with basic personal details.
The website allows users to book appointments using their NHS number.
If users do not have their NHS number to hand, they can book an appointment with basic identity information.
The process discloses a user’s vaccination process which means anybody with basic personal details of a friend, family member or colleague could easily access private medical information.
The issue raises a number of concerns including employers being able to find out if their employees have been vaccinated.
Different responses on the website will take users to different landing pages. If users have not received their first jab, personal details will take them to the standard screening page while people who have had their first vaccine shot will be asked for their booking reference to continue.
Silkie Carlo, the director of privacy group Big Brother Watch said: “This is a seriously shocking failure to protect patients’ medical confidentiality at a time when it could not be more important.
“This online system has left the population’s Covid vaccine statuses exposed to absolutely anyone to pry into. Date of birth and postcode are fields of data that can be easily found or bought, even on the electoral roll.
“This is personal health information that could easily be exploited by companies, insurers, employers or scammers."
A spokesperson for the national data guardian for health and social care said: “The office of the national data guardian has been contacted by two individuals about the way that the coronavirus booking website works.
“It is important that it is as simple and easy as possible for people to book their vaccinations and we understand that the website has been developed to support this aim.
“The NDG has contacted the organisations which run the website to ensure that they are aware of the concerns that have been raised and will discuss with them the twin important aims of protecting confidentiality whilst maintaining easy access to vaccinations for the public.”
The Guardian reports that NHS Digital said it was working to rectify any issues with the pages.
A spokesperson said: “The online ‘book a coronavirus vaccination’ service has enabled millions of people to book their vaccinations quickly and easily, with over 17m first and second dose appointments made in over four months.
“The system does not have any direct access to anyone’s medical record and people should not be fraudulently using the service – it should only be used by people booking their own vaccines or for someone who has knowingly provided their details for this purpose.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereComments are closed on this article