Health Minister Robin Swann is to be asked to explain how his department is improving security of a medical database after reports suggested the vaccination status of every Northern Ireland resident could potentially be accessed by “rogue elements”.
he SDLP’s health spokesperson, Colin McGrath, said he will be writing to Mr Swann to ask for answers after the Sunday Independent reported claims from two senior clinicians about a flaw in the system that could lead to unauthorised access.
They claimed the personal details of thousands of people — including senior politicians, members of the security forces, medical professionals and public figures — could be accessed “within seconds” by non-clinical staff, including temporary administrative staff working in healthcare settings.
These details include the home address, phone number, health care number and date of birth of everyone on the Vaccine Management System (VMS) — including deceased patients.
South Down MLA Mr McGrath said the news is “deeply worrying”. “The Department [of Health] must immediately seek to establish the potential threat posed by this system flaw and urgently work to address it,” he told the Belfast Telegraph.
“Reports also suggest that the Department was made aware of this over a month ago.
“ I shall be writing to the minister to find out exactly what and when interventions were made to address this matter.”
Well-placed sources say the alleged problems first came to light after the VMS was updated to include details on booster and winter vaccinations, which more than 10m people across the UK have received to date.
In a statement, the Department of Health said that “controlled access to patient information is essential to ensure clinical safety and quality data”.
Vaccination is being provided by different healthcare providers, including mass vaccination centres, GP surgeries and community pharmacies, noted the spokesperson, who added that “each provider must be able to cross check key details before dispensing vaccines”.
“Controlled access to patient information is not unique to the vaccination programme. It’s good practice in health care systems,” the department added.
It stated that “safeguards in VMS include an audit system which records user actions” and that access to these systems is restricted to registered users.
However, one of the most serious claims from the medical professionals who raised the alarm was that the new update did not contain an audit trail — meaning searches could have been going on without a trace.
“It has been apparent that the software needed an audit trail from the outset, so that anyone using the system could be tracked. But it became clear that there wasn’t. If there is one now, when did it become available?”
Asked how he can be sure there wasn’t an audit trail when this was raised weeks ago, he replied: “The Department told doctors.” The DoH said: “Access controls for VMS vaccine administration staff is governed by each HSC Trust, GP Practice and Pharmacy, all of whom have professional and legal responsibilities on data protection.”
Yesterday, a further four deaths of people who had previously tested positive for Covid-19 were reported in Northern Ireland. There were also another 1,035 positive cases of the virus confirmed in the previous 24 hours.
Credit: Source link
