The emergence of newly released contract has cast doubt on claims that the NHS’s Covid-19 track and trace app will be ready to launch nationally by the end of the month.
Earlier this week the business minister Nadhim Zahawi said he hoped the app, a central part of the contract tracing scheme, would be rolled out by the end of June.
But a contract between the Department for Health and Social Care and NCC Group suggests a security testing exercise may not be complete until the end of July.
The £75,000 deal came into effect on 1 May, but does not conclude until 31 July, raising questions about why the government initially claimed that a nationwide rollout would be viable by mid-May. A second testing contract with HeleCloud, worth £135,000, does not conclude until 3 July.
The BBC reported on Friday that the app should be ready by early July, but that there is “no guarantee that the timetable won’t slip further”. A project insider told the broadcaster: “Downing Street’s attitude to risk has been dialled right down – they don’t want it to be released until it’s perfect.” Zahawi said it wouldn’t go live until “we think it is robust”.
But unless NCC Group concludes its work ahead of schedule and NHSX is able to rapidly implement its recommendations, it’s possible the app, which is already being tested on the Isle of Wight, may not be ready until the end of of July.
The Health Service Journal revealed in early May, when a nationwide rollout was still slated for the middle of that month, that the app hadn’t passed the tests required for it to be included in the NHS’s own software library. It failed the cyber security, clinical safety and performance tests.
The government had initially marketed the app a key part of the government’s contact tracing scheme, but Dido Harding, the former TalkTalk CEO tasked with overseeing the scheme, has since played down its role, describing it as the “cherry on top”.
The people-led element of the contact tracing scheme has already gone live, but that too has raised security concerns, specifically around how fraudsters might seek to use it as a guise to trick victims into handing over sensitive personal data.
Quizzed about the risks last month, the deputy chief medical officer Jenny Harries drew criticism after stating: “I recognise that many of us will be very cautious, and quite rightly so, about interactions from external organisations, but individuals will make it very clear to you that they are calling for a particular reason.
“I think it will be very evident when somebody rings you these are professionally trained individuals and sitting over them are a group of senior clinical professionals.”
Other questions still loom over the project, including whether the data generated through the app will be harnessed by the Covid-19 data store managed by Palantir and Faculty.
The UK is forging its own path with the app, having shunned a decentralised framework developed by Apple and Google in favour of a system that provides more data on the spread of the disease, but has fewer privacy safeguards.
There is still uncertainty over the effectiveness of such apps in curbing the spread of the disease. Similar initiatives in Norway, India and South Korea have been hamstrung by low uptake.