NHS Digital to probe live-stream spillage of confidential patient info – after El Reg tipoff
Risk of app's vid demo falls under spotlight
Exclusive NHS Digital has opened an inquiry after patients' personal information was revealed during a live-streamed research session for a new app.
Yesterday, the UK's National Health Service showed off the software application to members of the public. However, those folks were potentially unaware that the demo session was being video streamed to a public YouTube channel, and were entering their medical or personal data in view of the internet.
The Register alerted NHS Digital to the blunder. David Hodnett, delivery lead for NHS Online, told us: "Thank you for bringing this to our attention. We have now taken down the link and will be informing the research participants. We will be conducting a thorough investigation with the supplier to understand how this happened."
The body pointed out that the video stream was only available to those who had a direct link to the video, and was not searchable via YouTube or accessible without the URL.
Health Secretary Jeremy Hunt last year said everyone should be able to use an app to access their medical records and book a GP appointment by the end of 2018.
However, NHS Digital has faced a number of problems over its use of apps.
Yesterday, the Health Service Journal revealed that two online private health providers have been dropped from NHS app library because NHS England decided it is no longer appropriate to promote non-NHS services.
The NHS Apps Library was relaunched last year and is in public beta. It is intended to be the the one-stop shop for "safe and effective digital tools".
It was shelved in 2015 after Imperial College London revealed serious problems with a number of the 79 apps sitting on the NHS-branded store.
These included software tools that provided diabetic users with inappropriate insulin doses, one that handed asthmatics shoddy peak flow calculators, and many apps with no security controls.
There are 42 apps in the library, with some marked "NHS Approved" meaning there is clinical evidence that it supports clinical outcomes, or "Being Tested in the NHS", which means they are part of an NHS programme that is monitoring and gathering evidence.
Others, not NHS Approved, have gone through a technical assessment seeking clarification from developers and vendors regarding compliance with the Data Protection Act, through to collecting personal data and other key areas.
We have asked the Information Commissioner's Office for a comment.
Updated An ICO spokesperson has made contact said: “Organisations have a duty to ensure personal data is protected and secured, particularly when it involves sensitive information such as medical data.”
He added: "The ICO has been made aware of an incident involving NHS Digital and will be looking into the details." ®
Sponsored: Becoming a Pragmatic Security Leader