NHS Digital is reviewing the vaccine booking process against Covid after it was reported that medical data from the website could be leaked.
In accordance with The guardian, the website only requires basic personal information to reveal a person’s Covid vaccination status.
The National Data Guardian’s office for health and social care confirmed to Digital Health News that concerned people had contacted “the way the coronavirus reservation website works.”
To book an appointment through the website, people will need their NHS number or will need to provide basic identity information.
But it was reported that during this process a person’s vaccination status is revealed, which could allow anyone with basic personal information about a friend, family member or co-worker to access their medical information.
In theory, it could allow employers to find out if their staff has been vaccinated, for example.
The problem, first reported by The Guardian, is supposedly due to the different responses the website gives users based on their vaccine status. Those who have been punctured are taken directly to a screen asking for their vaccine reservation reference, while those who have not been punctured are taken to a selection page.
For those who have only had their first punch, the website allows them to book their second dose without any further verification.
Phil Booth, coordinator of the medConfidential privacy group, told Digital Health News that the potential for data leaks was “indefensible.”
He said that if the government wanted to use patient Covid-19 data in the future, it must first demonstrate “that they are competent and that they can be trusted.”
“Exposing people’s medical information in this way is indefensible. It’s an avoidable mistake that should have been detected in the design phase, ”he said.
A National Data Guardian spokeswoman for health and social care said: “Some people have contacted the National Data Guardian office for concerns about how the coronavirus booking website works.
“It is important that people make vaccine booking as simple and easy as possible and we understand that the website has been developed to support this goal.
“The National Data Guardian’s office has contacted the organizations that run the website to make sure they are aware of the concerns that have been raised and will discuss with them the two important goals of protecting confidentiality while maintaining at the same time easy access to vaccines for the public. “
NHS Digital told The Guardian it was working to review the pages, but assured that the website does not have direct access to medical records.
“The system does not have direct access to anyone’s medical history and people should not use the service fraudulently – it should only be used by people who reserve their own vaccines or someone who has provided their data with knowledge of cause to this effect, “they added. .
