NHS test and trace contact centres have been implicated in a security controversy, after concerns were raised that staff have been using their personal email addresses for sending private health data, according to Healthcare IT News.
The test and trace scheme has been subjected to data security criticisms since its beginnings. Some worries look to have been proven right, given that a number of data breaches have exposed coronavirus test results over the past year. With the medical sector already a prime target for hackers, it seems clear to us that more needs to be done.
While the Covid-19 pandemic has challenged NHS staff and resources, it is still unacceptable that data security has been allowed to slip, particularly given that the pandemic has seen a spike in the occurrence of cyberattacks. Where sensitive medical information is at stake, there can be no room for error.
The problem at NHS test and trace call centres
According to a whistle-blower, staff at NHS test and trace call centres have been using personal email accounts for communicating private health information. The person in question was previously employed by Sitel, a firm to which the NHS is outsourcing a large portion of the operations at the tests and trace call centres.
It was alleged that managers told staff to make use of their own email accounts for this purpose, as using internal systems was reportedly making it difficult to use the centres’ online platform to share information securely. The accounts have reportedly been used to send case details for review, with senders allegedly including names, phone numbers, dates of birth, and NHS numbers in their messages.
The ICO has since confirmed that the complaint is being addressed, which suggests that the use of personal email addresses could be in breach of the GDPR.
NHS data breach – 2020 in review
The call centres are not the only branch of the NHS test and trace programme to be associated with data privacy problems.
In September last year, it was revealed that Public Health Wales accidentally published the details of some 18,000 people who had tested positive for coronavirus, revealing initials, birth dates, geographical areas and sex in most cases.
The mistakes are unsurprising given that the government reportedly failed to fully review the privacy implications of the NHS test and trace programme before its rollout, which could constitute a breach of data protection law.
To add to this, Serco, a company that also plays a role in test and trace operations, suffered a ransomware attack in February this year. Though the NHS test and trace programme is understood to have not been impacted by this attack, it raises concerns about the cybersecurity of the systems involved in NHS operations nevertheless.
Healthcare data breach claims
Anyone who has suffered the effects of a healthcare data breach may be able to make a compensation claim. The healthcare sector continues to make unacceptable errors with regard to data protection, but making a claim could motivate services to make fundamental changes to their data security measures, and force the government to increase much-needed funding.
For free, no-obligation advice on a potential compensation claim, you can contact us today or register your details to sign up for a call-back.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.
First published by Author on August 17, 2021
Posted in the following categories: Claims Cybersecurity Data GDPR Government Healthcare Security Technology and tagged with compensation | cybersecurity | data breach | data controllers | gdpr | government | healthcare sector | medical data breach | medical records | nhs | personal data