A woman has recently reported receiving the coronavirus test result of another unknown woman, reportedly sent in a text message by the NHS. Not only did the text reveal the negative test status of the unknown woman, it is understood that it also listed her full name, birth date and the result of her test. The recipient of the message has expressed concern that such a data breach was allowed to occur, particularly given that she took a coronavirus test in early January.
Concerns about data privacy have been linked to the Test and Trace system since its beginnings, with several data breach incidents linked to the scheme, including a major error by Public Health Wales. It is concerning that data privacy has fallen short on occasions in the effort to control the Covid-19 outbreak, especially given that mistakes such as misdirected texts can be so easily avoided.
The Test and Trace system may be designed to protect public health, but that does not mean data breaches like this can go unnoticed.
The cost of exposing a coronavirus test result
The woman who received the misdirected coronavirus test result was concerned about the implications of the message. She was worried that the NHS may be failing to protect personal details, and that the woman to whom the test result belonged would be anxiously waiting for a message. The incident also raises questions about how many times this error might have been made. Could it be a systemic problem rather than a one-off mistake?
Previous incidents associated with the Test and Trace system would suggest that there are more issues at hand. In August last year, Public Health Wales mistakenly uploaded the positive coronavirus test results of 18,105 Welsh residents to a public server, making them accessible to unauthorised users.
Test and Trace – the implications for personal privacy
Privacy campaigners have been strong in their criticism of the Test and Trace system. In fact, it seems that mistakes, including this message exposing a coronavirus test result, were bound to happen from the start.
In July, it was revealed that the government had reportedly bypassed an important data privacy step when designing and implementing the Test and Trace system, by failing to complete a data protection impact assessment. It seems the government saw fit to ignore their own legal requirements.
The negligence of data protection is also counter-intuitive to the purpose of Test and Trace. If results are being misdirected or possibly recorded incorrectly, it could prevent the system from accurately tracking and controlling the spread of coronavirus.
We know how important the work is when it comes to tackling this pandemic at the moment, and the health service has done an amazing job to protect us as best as they can. But these kinds of issues cannot be allowed to happen, and it could undermine trust in the very system that is there to help us and end this awful pandemic.
If you have received the coronavirus test result of another person, it is important that the NHS and the government are made aware of the issue.
Those who have been personally affected may be able to make an NHS breach of confidentiality compensation claim. Personal medical information should always be kept private under any circumstances, even where it is relevant to the management of public health.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Author on July 06, 2021
Posted in the following categories: Claims Cybersecurity Data GDPR Government Healthcare Latest Security and tagged with cybersecurity | data breach | data controllers | data leak | database security | gdpr | government | healthcare sector | medical data breach | medical records | nhs | personal data