Undisclosed companies are analysing facial data collected by the NHS app, which is used by more than 16 million English citizens, prompting fresh concern about the role of outsourcing to private businesses in the service.
Data security experts have previously criticised the lack of transparency around a contract with the NHS held by iProov, whose facial verification software is used to perform automated ID checks on people signing up for the NHS app.
The Guardian now understands that French company Teleperformance, which has attracted criticism in the UK over working conditions, uses an opaque chain of subcontractors to perform similar work under two contracts worth £35m.
The NHS app, which is separate from the Covid-19 app, can be used for anything from booking GP appointments to ordering repeat prescriptions. But one feature has driven rapid take up since travel restrictions were lifted in May: the app is the easiest means of accessing the NHS certificate proving an individual’s Covid-19 vaccination status.
The app requires users to go through an ID verification process to access these services, with some people directed to an automated process powered by iProov’s software.
When that process fails or is unavailable, the NHS app falls back on manual checks, in which users record a short video of themselves reading out a set of four numbers, as well as uploading an ID document.