More security fears hit Choice system

Confidential passwords used by patients to book hospital appointments through Choose and Book can be viewed by NHS staff with smartcards anywhere in England, GP can reveal.

Michael Maxwell, a practice manager in Manchester, told GP he had been referred by his GP for a hospital appointment via Choose and Book, and issued with an automatically-generated password and unique booking reference number.  

He logged on to the patient portal of Choose and Book to book an appointment, and used the facility to change the password.  

But he found he was able to see the password alongside his demographic details when he logged into the Choose and Book system from the practice where he works, which is not the practice where he is registered as a patient.  

Mr Maxwell said: ‘I changed the password because I am security conscious, and changed it to something unique to me, which I use for other things.  

‘My assumption was that the password is unique to the person who has it and is simply a way to authenticate me for the Choose and Book database. But anyone with a smartcard can see it.  

‘For people like me who use the same password for other things like banking or email, someone else with a smartcard may be able to get into those.’  

He said that someone in the practice where he is a patient would be able to see all the information they needed to log in as him on the Choose and Book patient interface and change his appointment bookings.  

Dr Mark Davies, a West Yorkshire GP and primary care medical director for Connecting for Health’s national Choose and Book team, said smartcard holders could see all passwords but this was to authenticate users.  

He admitted that Choose and Book was vulnerable to smartcard users posing as other patients, but said that was a problem across NHS IT.  

He advised Choose and Book users to vary their passwords. 

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Register

Already registered?

Sign in

Follow Us:

Just published

BMA mourns 'dark death toll' as UK passes 100,000 COVID-19 deaths

BMA mourns 'dark death toll' as UK passes 100,000 COVID-19 deaths

More than 100,000 people have now died from COVID-19 in the UK, five times the death...

UK COVID-19 vaccination programme tracker

UK COVID-19 vaccination programme tracker

GPs across the UK are playing a leading role in the largest-ever NHS vaccination...

Viewpoint: End-of-life care in care homes goes well beyond COVID-19

Viewpoint: End-of-life care in care homes goes well beyond COVID-19

Best practice standards for GPs and teams caring for older people in care homes -...

Locum GPs left behind in patchy COVID-19 vaccine rollout

Locum GPs left behind in patchy COVID-19 vaccine rollout

COVID-19 vaccination for locum GPs has trailed behind the rollout to other doctors,...

Four in five over-80s have had first COVID-19 jab despite weekend slump in vaccinations

Four in five over-80s have had first COVID-19 jab despite weekend slump in vaccinations

Almost 80% of people aged over 80 in the UK have have had at least one dose of COVID-19...

Fitness to practise and revalidation to continue despite pandemic, GMC confirms

Fitness to practise and revalidation to continue despite pandemic, GMC confirms

Revalidation and ongoing fitness to practise cases will continue despite huge pressure...