Coronavirus test result data breach

A woman has recently reported receiving the coronavirus test result of another unknown woman, reportedly sent in a text message by the NHS. Not only did the text reveal the negative test status of the unknown woman, it is understood that it also listed her full name, birth date and the result of her test. The recipient of the message has expressed concern that such a data breach was allowed to occur, particularly given that she took a coronavirus test in early January.

Concerns about data privacy have been linked to the Test and Trace system since its beginnings, with several data breach incidents linked to the scheme, including a major error by Public Health Wales. It is concerning that data privacy has fallen short on occasions in the effort to control the Covid-19 outbreak, especially given that mistakes such as misdirected texts can be so easily avoided.

The Test and Trace system may be designed to protect public health, but that does not mean data breaches like this can go unnoticed.

The cost of exposing a coronavirus test result

The woman who received the misdirected coronavirus test result was concerned about the implications of the message. She was worried that the NHS may be failing to protect personal details, and that the woman to whom the test result belonged would be anxiously waiting for a message. The incident also raises questions about how many times this error might have been made. Could it be a systemic problem rather than a one-off mistake?

Previous incidents associated with the Test and Trace system would suggest that there are more issues at hand. In August last year, Public Health Wales mistakenly uploaded the positive coronavirus test results of 18,105 Welsh residents to a public server, making them accessible to unauthorised users.

Test and Trace – the implications for personal privacy

Privacy campaigners have been strong in their criticism of the Test and Trace system. In fact, it seems that mistakes, including this message exposing a coronavirus test result, were bound to happen from the start.

In July, it was revealed that the government had reportedly bypassed an important data privacy step when designing and implementing the Test and Trace system, by failing to complete a data protection impact assessment. It seems the government saw fit to ignore their own legal requirements.

The negligence of data protection is also counter-intuitive to the purpose of Test and Trace. If results are being misdirected or possibly recorded incorrectly, it could prevent the system from accurately tracking and controlling the spread of coronavirus.

We know how important the work is when it comes to tackling this pandemic at the moment, and the health service has done an amazing job to protect us as best as they can. But these kinds of issues cannot be allowed to happen, and it could undermine trust in the very system that is there to help us and end this awful pandemic.

Reporting issues

If you have received the coronavirus test result of another person, it is important that the NHS and the government are made aware of the issue.

Those who have been personally affected may be able to make an NHS breach of confidentiality compensation claim. Personal medical information should always be kept private under any circumstances, even where it is relevant to the management of public health.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.