HQE explores the failed launch of the NHS Track and Trace app.
One of the main challenges for policymakers and health authorities in countries affected by the rapid spread of COVID-19 has been the implementation of contact tracing and symptom tracking technologies. An April 2020 briefing from the European Parliament said: “About half of EU member states have taken localization action in response to the spread of coronavirus disease, mainly by working with telecommunications companies to map population movements using anonymized and aggregated location data. and by developing applications (apps) to track people at risk. The European Commission has called for a common European approach to the use of mobile apps and mobile data to assess social distancing measures, support contact tracing efforts and help limit the spread of the virus.
Test, track and trace
The planned UK follow-up programs encountered a number of significant issues throughout development and implementation. The Isle of Wight served as the testing ground for the official’s beta phase NHS Track and Trace app; While the island’s relative isolation was theoretically beneficial from a data purity perspective, the researchers immediately encountered three key challenges:
- The Isle of Wight’s demographics are disproportionately older, meaning potential users were less likely to adopt the new technology, with many having no access to a smartphone at all;
- The trial app relied on bluetooth connectivity which resulted in a series of errors in data collection and analysis as the range of the app’s bluetooth connection caused it to report a contact. close between users in adjacent buildings; and
- The app was only really effective at registering the presence of mobile devices running Android, recognizing 75% of nearby Android headsets, compared to just 4% of Apple phones.
The £ 11.8million application was discontinued in June; and the government has agreed to partner with Apple and Google to develop new tracking and tracing software.
In a joint statement, NHSX CEO Matthew Gould and Test and Trace President Baroness Dido Harding said: “Our response to this virus has and will continue to be part of an international effort. This is why, as part of a collaborative approach, we have agreed to share our own innovative work on estimating the distance between app users with Google and Apple, a work that we hope will will benefit others, while using their solution to address some of the specific technical challenges identified. thanks to our rigorous testing.
“We will also draw on the invaluable knowledge of everyone who has tested the app on the Isle of Wight – and the brilliant teams who have worked on it to date – to create an app that can be part of the end-to-end solution. at the end. The NHS Test and Trace service and this information will be an integral part of the next phase of development. “
Data protection and confidentiality
Contact tracing technology as a whole has come under intense scrutiny from the healthcare and digital industries for data security concerns. An open letter published in late April by healthcare researchers and professors in 26 countries warned: “In some situations, so-called ‘contact tracing apps’ on people’s smartphones can improve efficiency. manual contact tracing technique. These apps would make it possible to notify people with whom an infected person has had a physical interaction, allowing them to enter quarantine. The applications would work using Bluetooth or geolocation data present in smartphones. While the effectiveness of contact tracing apps is controversial, we need to make sure that those implemented preserve the privacy of their users, thereby protecting many other issues, noting that these apps can otherwise be reused to allow discrimination and unwarranted surveillance.
The concern of health academics was reflected in a similar open letter a week later, signed by 177 UK-based privacy and cybersecurity experts and academics, which said: “It was reported that the NHSX was discussing an approach that centrally records de-anonymized information. IDs of an infected person and also the IDs of all people with whom the infected person has been in contact. This facility would allow (via mission creep) a form of surveillance. Echoing the letter signed by 300 leading international researchers, we note that it is vital that, after the current crisis, we have not created a tool to collect data on the population, or on targeted segments of society, for surveillance. Thus, the solutions allowing to reconstitute invasive information on the individuals must be fully justified. This invasive information can include the “social graph” of which[m] someone has physically met over a period of time. With access to the social graph, a bad actor (state, private sector or hacker) could spy on the real activities of citizens. We are particularly pissed off by a statement that such a social graphic is indeed targeted by the NHSX.
Centralized and decentralized data approaches
Concerns about the implications of the NHS enforcement on data privacy focused in particular on the developers’ decision to centralize data storage, keeping data collected from users on a remote central server that would perform data matching. contacts. The Apple / Google model, on the other hand, performed contact matching directly on the user’s mobile phone, thereby avoiding the risk of data collection, de-anonymization and reuse by authorities or malicious actors.
Speaking at the start of development of the NHS app, Gould said the centralized approach offered “profound benefits” for patients and healthcare providers, saying: “We strongly believe that our approach, although that it has some centralization to the extent that you download anonymized credentials, while preserving individual privacy in doing so … one of the concerns with contact tracing is the ability to detect malicious use. One of the ways to do this is to look for anomalous patterns, even if you don’t know who the individuals are… what the approach we’ve taken allows for it and we don’t know if a decentralized approach allows it.
No longer a priority
To date, the partnership between NHSX, Apple and Google has yet to result in working mobile technology capable of effectively tracking and assessing patient symptoms and contact history. The issues of connectivity, reliability and the overarching challenge posed by the need to protect patient data seem to have become essentially insurmountable; and Health and Social Affairs Minister for Innovation Lord Bethell told the Science and Technology Committee in June: ‘We are looking to get something before winter, but it is not not our priority at the moment.
This article is taken from issue 14 of Health Europe. Click on here to get your free subscription today.