Hospital managers are now trying to identify unvaccinated staff using their NHS numbers – a move criticised by experts as a “grotesque” and “gross” misuse of personal information.
The NHS is struggling to identify which staff have not received a Covid jab as a result of “gaping holes” in hospitals’ records, less than a week before the mandatory vaccine deadline, The Independent has learnt.
Every health service worker must have had their first vaccine dose by 3 February in order to have their second by the cut-off date of 1 April. Despite hinting at a delay, the government is yet to announce an extension to the looming deadline.
In an email on 21 January, leaked to The Independent, trust leaders were told by NHS Digital that previous methods of identifying unvaccinated staff through the national bodies were to be dropped.
NHS trust leaders have said that there are “gaping holes” in the national data collection, meaning that hospitals are still unaware of exactly how many staff remain unvaccinated.
Hospital leaders have now been asked to “trace” staff members’ personal NHS numbers through a national database, called the Personal Demographic Service, which holds all of the patient information across the country.
The email said: “The favoured national bulk data upload solution is no longer the quickest means for enabling trusts to access their data.” It said the preferred option in a “rapidly changing context” was for trusts to trace their workers’ NHS numbers, but added: “We are working hard to find a comprehensive longer-term solution that will avoid manual uploading of data.”
Within the guidance shared in the email on what data to include, options for hospitals to upload email and mobile numbers were mentioned. Although the document said that emails and mobile numbers did not have to be submitted, and would not be used for the vaccination report, it added: “We may look to include this in the future.”
One trust leader said that the new request was the “dodgiest I have seen in terms of data processing … staff are not our patients for us to identify their NHS numbers.” The leader questioned why the national database would need staff mobiles and emails.
Speaking to The Independent, Dr Neil Bhatia, a Caldicott guardian (a person responsible for ensuring that data protocol is followed in an NHS or other organisation) and an expert in data protection issues, said: “An NHS number is private information, and it’s confidential information, so employers accessing the national data set simply to find out their NHS number is very wrong. But then the whole thing has been concerning to us as Caldicott guardians. Your employer certainly shouldn’t have access to your NHS number, but of course, that’s the only way that they can reliably match this information.”
Dr Bhatia said that accessing the Personal Demographic Service for reasons other than clinical need was potentially “improper” and that legal justification would be needed. He said: “To start to look up people as a sort of telephone directory, simply to find out their NHS number, seems to me grossly disproportionate.”
NHS England has previously said that only Covid-19 vaccination status would be available to people’s employers. However, in the document, NHS Digital said that hospitals “can extract Covid (and flu) reports”, and that “these can be extracted from dashboard for use by provider”.
Phil Booth, chief executive of Medconfidential, a campaign group focused on data protection, warned: “Far from being a simple check of staff records, this has clearly been twisted into a broad surveillance exercise. NHS England clearly said this was about Covid, but now it looks like the same for flu as well.”
Last year, the Department of Health and Social Care issued new regulations which allow NHS England to disclose patient data that would otherwise be confidential to health and care organisations. The Control of Patient Information (COPI) notice, issued by the health secretary, allows NHS Digital to share confidential patient information with organisations for purposes relating to Covid-19.
Mr Booth said: “Using the COPI to mount this surveillance is bad enough. Trying to make it perpetual for things like flu is a grotesque misuse of powers.” He added: “When you set up a process like this, it’s very, very hard to get rid of it.”
Trust leaders have also raised concerns that next week’s deadline will mean they “overwhelmingly” loose Black and minority ethnic staff, with trusts in London and the West Midlands likely to be hit the hardest.
The Independent understands that around 84,000 or 95 per cent of frontline staff are unvaccinated. A senior NHS source has said that around 40 per cent of unvaccinated staff are Black and minority ethnic.
One trust director in the West Midlands warned: “Nobody has asked for the equalities assessment, and we are ‘overwhelmingly’ going to be sacking Black and minority ethnic colleagues, compared to white British, as a result of this exercise. Is that really what we want?
“No exception has been made and no detailed understanding has been sought of trusts who have services in urban areas with a large Black and minority ethnic staffing group, and I think we are going to have problems, and inequalities will be deepened.”
An NHS spokesperson said: “The process put in place to enable NHS trusts to collect data on staff vaccination status ahead of the new government legislation coming into force on 1 April is for Covid vaccination data only, and all appropriate data protocol and protection measures are being followed.”
