UK NHS Covid jab booking site leaks people’s vaccine status

Stopspying

Level 14
Verified
Jan 21, 2018
635
"NHS Digital is revising its process for booking Covid vaccinations in England after the discovery of a “seriously shocking failure” that leaked medical data from the site.

The website lets users make appointments using their NHS number or, if they do not have it to hand, some basic identity information. But in the process, users’ vaccination status is disclosed, allowing anyone who possesses basic personal details of a friend, colleague or stranger to find out what should be confidential medical information.

Employers would therefore, in theory, be able to trivially find out which of their staff had been vaccinated, for instance, while others may feel under pressure not to get the vaccine for fear of criticism from anti-vaccination friends or colleagues...."

 

Stopspying

Level 14
Verified
Jan 21, 2018
635
This quote at the end of the linked article worries me "The system does not have any direct access to anyone’s medical record and people should not be fraudulently using the service – it should only be used by people booking their own vaccines or for someone who has knowingly provided their details for this purpose.”

If the whole world is extremely honest then that might not be a problem. But for a spokesperson representing NHS Digital, the body that deals with our national health services digital affairs, to say this in a world where data theft is extremely common is just plain ignorant and they should be fired from that role immediately.
 
Top