NHS App: Medical Records Debate
Full Debate: Read Full DebateDepartment: Department of Health and Social Care
Lord Allan of Hallam
Main Page: Lord Allan of Hallam (Liberal Democrat - Life peer)Department Debates - View all Lord Allan of Hallam's debates with the Department of Health and Social Care
NHS App: Medical Records
Lord Allan of Hallam Excerpts(4 months, 3 weeks ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Allan of Hallam
To ask His Majesty’s Government what measures they have put in place to mitigate the risk of people being coerced into showing their confidential medical records to third parties as records become universally available through the NHS app.
The Parliamentary Under-Secretary of State, Department of Health and Social Care (Lord Markham) (Con)
The Government want people to have access to their own records. For most, online record access is beneficial but for a minority, having access could cause harm or distress. In many cases, practices can identify these patients and ensure that safeguarding processes are in place. Furthermore, to access the NHS app, users must prove their identity through the NHS log-in and, before entering their record, are advised what to do if they are being pressurised to share their information.
Lord Allan of Hallam (LD)
My Lords, the design goals for the NHS app should be to make it as easy and frictionless as possible for legitimate users to access the system, while making it as difficult and frictionful as possible for people trying to gain unauthorised access. But there is a natural tendency to focus on the first part of this equation as developers believe in the systems they build and find it hard to put themselves in the shoes of the cunning and resourceful attackers who will try to break them. Given this dynamic, can the Minister confirm that the NHS has a red team tasked with trying to identify all possible vectors of attack on the NHS app, and that the requisite resources will be put into mitigating any risks that they identify?
Lord Markham (Con)
The noble Lord is absolutely correct on getting that balance right between the two; that is why the NHS has a safeguarding reference group on exactly this, which has been putting in protections as well as messaging patients, telling them to be aware and that they have the opportunity to redact their records if they are concerned. There are other features, such as multi-factor authentication and making sure that, for log-in with facial ID, you cannot have anyone else in the picture, to ensure that people are not being coerced. So, there are a number of measures in place, but I completely agree that we need to keep them under review with user groups checking all the way.