Newly-released documents have cast doubt on claims that the NHS’s Covid-19 track and trace app will be ready to launch by the end of the month.
Earlier this week the business minister Nadhim Zahawi said he hoped the app, a central part of the contract tracing scheme, would be rolled out by the end of June.
But a contract between the Department for Health and Social Care and a security company suggests a penetration exercise may not be complete until the end of July.
A £75,000 deal with NCC Group, covering security testing, was signed at the end of April and came into effect on the 1 May, but does not conclude until 31 July, raising questions about why the government initially claimed that a nationwide rollout would be viable by mid-May. A second testing contract with HeleCloud, worth £135,000, does not conclude until 3 July.
The BBC reported on Friday that the app should be ready by early July, but that there is “no guarantee that the timetable won’t slip further”. A project insider told the BBC: “Downing Street’s attitude to risk has been dialled right down – they don’t want it to be released until it’s perfect.” Zahawi said it wouldn’t go live until “we think it is robust”.
But, unless NCC Group concludes its work ahead of schedule and NHSX is able to rapidly implement their recommendations, it’s possible the app, which is already being tested on the Isle of Wight, may not be ready until the end of of July.
The Health Service Journal revealed in early May, when a nationwide rollout was still slated for the middle of that month, that the app hadn’t passed the tests required for it to be included in the NHS’s own software library. It failed the cyber security, clinical safety and performance tests.
The government had initially marketed the app a key part of the government’s contact tracing scheme, but Dido Harding, the former TalkTalk CEO tasked with overseeing the scheme, has since said that it is only the “cherry on top”.
The people-led element of the contact tracing scheme has already gone live, but that too has raised security concerns, specifically around how fraudsters might seek to use the scheme as a guise to trick victims into handing over sensitive personal data.
Quizzed about the risks last month, the deputy chief medical officer drew criticism after stating: “I recognise that many of us will be very cautious, and quite rightly so, about interactions from external organisations, but individuals will make it very clear to you that they are calling for a particular reason.
“I think it will be very evident when somebody rings you these are professionally trained individuals and sitting over them are a group of senior clinical professionals.”
Other questions still loom over the project, including how the data generated through the app will be harnessed by the Covid-19 data store managed by Palantir, and whether it will even succeed in containing the spread of the illness.
The UK is forging its own path with the app, shunning a decentralised framework developed by Apple and Google in favour of a system that provides more data on the spread of the disease, but has fewer privacy safeguards.