Michael Maxwell, a practice manager in Manchester, told GP he had been referred by his GP for a hospital appointment via Choose and Book, and issued with an automatically-generated password and unique booking reference number.
He logged on to the patient portal of Choose and Book to book an appointment, and used the facility to change the password.
But he found he was able to see the password alongside his demographic details when he logged into the Choose and Book system from the practice where he works, which is not the practice where he is registered as a patient.
Mr Maxwell said: ‘I changed the password because I am security conscious, and changed it to something unique to me, which I use for other things.
‘My assumption was that the password is unique to the person who has it and is simply a way to authenticate me for the Choose and Book database. But anyone with a smartcard can see it.
‘For people like me who use the same password for other things like banking or email, someone else with a smartcard may be able to get into those.’
He said that someone in the practice where he is a patient would be able to see all the information they needed to log in as him on the Choose and Book patient interface and change his appointment bookings.
Dr Mark Davies, a West Yorkshire GP and primary care medical director for Connecting for Health’s national Choose and Book team, said smartcard holders could see all passwords but this was to authenticate users.
He admitted that Choose and Book was vulnerable to smartcard users posing as other patients, but said that was a problem across NHS IT.
He advised Choose and Book users to vary their passwords.