More security fears hit Choice system

Confidential passwords used by patients to book hospital appointments through Choose and Book can be viewed by NHS staff with smartcards anywhere in England, GP can reveal.

Michael Maxwell, a practice manager in Manchester, told GP he had been referred by his GP for a hospital appointment via Choose and Book, and issued with an automatically-generated password and unique booking reference number.  

He logged on to the patient portal of Choose and Book to book an appointment, and used the facility to change the password.  

But he found he was able to see the password alongside his demographic details when he logged into the Choose and Book system from the practice where he works, which is not the practice where he is registered as a patient.  

Mr Maxwell said: ‘I changed the password because I am security conscious, and changed it to something unique to me, which I use for other things.  

‘My assumption was that the password is unique to the person who has it and is simply a way to authenticate me for the Choose and Book database. But anyone with a smartcard can see it.  

‘For people like me who use the same password for other things like banking or email, someone else with a smartcard may be able to get into those.’  

He said that someone in the practice where he is a patient would be able to see all the information they needed to log in as him on the Choose and Book patient interface and change his appointment bookings.  

Dr Mark Davies, a West Yorkshire GP and primary care medical director for Connecting for Health’s national Choose and Book team, said smartcard holders could see all passwords but this was to authenticate users.  

He admitted that Choose and Book was vulnerable to smartcard users posing as other patients, but said that was a problem across NHS IT.  

He advised Choose and Book users to vary their passwords. 

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Register

Already registered?

Sign in

Follow Us:

Just published

One in six doctors report COVID-19 vaccine sites disrupted by delivery failures

One in six doctors report COVID-19 vaccine sites disrupted by delivery failures

One in six doctors say local vaccination sites have been forced to rearrange sessions...

Planned 1% NHS pay rise threatens 'terrible impact on patient care', unions warn

Planned 1% NHS pay rise threatens 'terrible impact on patient care', unions warn

Government plans to increase NHS staff pay by just 1% for 2021/22 will damage patient...

What do we now know about the effectiveness of the COVID-19 vaccines?

What do we now know about the effectiveness of the COVID-19 vaccines?

As real world data about the impact of the Pfizer/BioNTech and Oxford/AstraZenca...

Unintentional weight loss - red flag symptoms

Unintentional weight loss - red flag symptoms

Dr Pipin Singh summarises the recognition and initial management of unintentional...

UK COVID-19 vaccination programme tracker

UK COVID-19 vaccination programme tracker

GPs across the UK are playing a leading role in the largest-ever NHS vaccination...

BMA suspends GP committee election to investigate potential rule breach

BMA suspends GP committee election to investigate potential rule breach

The BMA has suspended voting in part of its GP committee election as it investigates...