Data Privacy Health

Health data must be private and secure by design, always

The recent revelation that the NHS Covid vaccination booking system was leaking medical data should serve as another reminder about the need to incorporate security and privacy as core fundamentals of any health service or app.

The issue, which has now been “revised”, was due to the booking service being centralised, without an accompanying secure log-on method which can be used by everyone. This meant anyone with a certain amount of basic identity information could check the vaccination status of anyone else. Clearly, this was problematic.

And the fact this risk wasn’t identified and designed out at a very early stage points to a wider issue of the very real problems that systems being constructed without due initial consideration of all privacy and security aspects can bring.

Of course, all data should be held securely and be private by default, but personal health data often contains the most intimate information about any of us, and even more care should be taken with it as a result.

Baking in privacy and security considerations right from the start, from the moment when other key aspects such as the app or service’s USP and usability requirements are being discussed, should be basic and universal design hygiene.

As well as being good practice, it would also normalise personal data privacy protection, in the best possible way, and firmly in the spirit intended by the GDPR and other similar legislation.

Innovation often moves at pace – the whole vaccine development process, as well as the booking and delivery elements are very impressive demonstrations of what can be possible when it does.

But there is always time to reflect on privacy and security, and design from the ground up accordingly. At, we practice what we preach, with privacy and security always core considerations for our health data capability as well as our Consentry health pass as they move forwards.

Designing with privacy and security is empowering people, not exposing them and their personal data to risk.

Data privacy standards matter, and we all need to take that responsibility very seriously.