How does the NHS COVID-19 app protect users' anonymity while tracking the cases?

How does the NHS COVID-19 app protect users' anonymity while tracking the cases?

The app uses complex cryptography to protect you and other app users' anonymity while enabling diagnosis keys to be matched with a relevant broadcast key when relevant. Where there are matches, you will get an alert that you've been in contact with someone who tested positive.

How does the National Health Service (NHS) app prevent re-identification?

Only those with access to the app will have details of the venues checked into. No details about which venues a user has checked into is included in the analytical data set or provided to the use.

How does the National Health Service (NHS) app protect user's privacy?

The technique used to provide app users with their correct result also ensure that the identity of the user is protected. When the app recommends a test for users it requests three separate tokens. These are generated by services outside of the app and are not recorded in the app. They are unique and anonymous and cannot be derived from each other or any other information.

These three tokens allow the correct information to be returned to the correct user whilst maintaining their privacy and ensuring that data cannot be linked. We dealt the tokens promptly once we’ve updated the relevant app.

Does the NHS COVID-19 app protect my privacy?

The system gives a high level of privacy protection, as the app does not collect or transfer any information that tells us who or where you are. This also means it cannot tell the NHS, people and organisations who have contributed to the development of the app, or any other app user, who or where you are.

How is my identity protected when using the NHS COVID-19 app?

The analytics data is collected and held in such a way that it cannot be used to identify the user.

• No data is collected which would allow us directly to identify an individual – we do not collect details of the user’s name, address, phone number, device IMEI or any other unique piece of identification;
• The data that we do collect is held so it cannot be put together (“linked”) to identify a user – specifically, we separate all technical data relating to the phone, used to ensure the app is functioning properly, from the public health data that we need to manage the pandemic.

This is done by using different environments to manage the data with additional controls around the public health data and broader analytical functions.

Does the NHS COVID-19 app track my location?

It does not record or track where you or other app users are (for example, at home or in a public space). The app does not identify you or your location to other app users (or, as noted above, the government).

What happens during a venue check-in on the NHS COVID-19 app?

Venue check-ins add a count of the venue check-ins during the 6-hour analytical period. Where the check-in fails or is abandoned this is counted as well. This data is used to ensure the QR venue check in is working as expected as well as give a sense of how app users are using the function and the potential impacts.

Will my data be deleted after uninstalling the NHS COVID-19 app?

If you choose to delete the app, you will not receive any notifications (alerts) from the app about coronavirus (COVID-19) and the data stored by the app on your phone will be deleted. If you decide to install the app again, you will need to provide the requested information again.

Can I delete the COVID-19 app?

Right to be forgotten. You can choose to delete the app and the data it contains.

Does the NHS COVID-19 app gather analytical data?

Each 6-hour period, the app collects a summary count of key information. This is called the analytical data set and helps us monitor the use, performance and information about the app and its use. The data is prepared and will be sent to central systems where it used for assurance of the app, technical checks and the public health functions. It does not include the data held on your app about specific venues or your close contacts.

Which company designed the NHS COVID-19 app to protect the privacy and identity of the users?

This system is designed by Apple and Google to protect the privacy and identity of app users, making their use of the app anonymous.

How often does the National Health Service (NHS) app update data?

The app is updated by the central systems (product environment), on average, every 2 hours. The central system provides all app users with three key sets of data. Every app user receives the same information, called reference material, which the app uses to determine if you need to receive an alert or advice. These are:

• the list of Diagnosis Keys from app users who have tested positive. This functionality keeps the identity of app users anonymous to other app users
• the list of all postcode districts and their current risk level
• the list of venues that could pose a risk, as determined by Health Protection Teams and the Joint Biosecurity Centre (JBC)

Does the COVID-19 app collect personal data?

• The app holds personal data, however, we do not collect personal data. For example, your app will hold details of the venues you have visited but this is not shared with us

Can personal data collected for NHS Test and Trace be used for other purposes?

Personal data that is collected for NHS Test and Trace, which you would not collect in your usual course of business, must be used only to share with NHS Test and Trace.

It must not be used for other purposes, including marketing, profiling, analysis or other purposes unrelated to contact tracing, or you will be in breach of GDPR. You should make your staff aware of what they should and shouldn't do with customer information.

What are public health and social measures (PHSMs)?

Public health and social measures (PHSMs) are measures or actions by individuals, institutions, communities, local and national governments and international bodies to slow or stop the spread of an infectious disease, such as COVID-19.

What are some of the common side effects of the COVID-19 vaccine?

Some recipients have reported chills, shivering (in some cases rigors), and increased body temperature possibly with sweating, headache (including migraine-like headaches), nausea, myalgia and malaise, starting within a day of vaccination. These effects usually lasted for a day or two.

Are you required to register for the COVID-19 testing program?

The test is completely voluntary. You can cancel the test that you’ve booked if you no longer need it. If you do decide to take a test, then you need to follow the instructions provided. As part of the registration process, we will send you a confirmation email with the details of your order or booking. If you are attending a test site, it is necessary to bring this with you.

Is it mandatory to get a COVID-19 vaccination in a care home?

From 11 November 2021 care homes must only allow individuals who are fully vaccinated against COVID-19 (or exempt) entry inside of a care home. This requirement will apply to those visiting a care home in a professional capacity unless exempt.

Who provides the digital contact-tracing technology used in the NHS COVID-19 app?

The digital contact-tracing technology used in the NHS COVID-19 app is provided by Apple and Google. This technology is known as the ‘Google Apple Exposure Notification system’ (or ‘GAEN’). GAEN, operating systems and data available from this system are constantly being refined.

These updates change the data that can be collected. They also make additional data items available which can help understand and manage public health.

GAEN can provide measurements around the interactions of users. For example, when you update your status in the app with a positive COVID-19 test result (and share your diagnosis keys), GAEN helps the app generate data to understand the level of risk of infection for other app users.

How long after having COVID-19 can I get the spring booster vaccine?

If you are unwell, wait until you have recovered to have your vaccine. If you have had confirmed COVID-19 you should ideally wait 4 weeks before having your spring booster.

What is a venue check-in on the NHS app?

Venue check-ins add a count of the venue check-ins during the 6-hour analytical period. Where the check-in fails or is abandoned this is counted as well. This data is used to ensure the QR venue check in is working as expected as well as give a sense of how app users are using the function and the potential impacts.

Do I have to follow the NHS COVID-19 pass when I go to a venue?

As part of the Living with COVID strategy, from 1 April it will no longer be advised for domestic venues and events to use the NHS COVID pass.

Do venues have to check COVID-19 status at events?

Updated to reflect the fact that it is no longer a legal requirement for venues or events to check the COVID-19 status of attendees as a condition of entry.

Why do I need to provide postcode district to the NHS COVID-19 app?

Providing your postcode district allows the app to:

• provide the most relevant local authorities for the user to select
• tell you about the current risk level in your local area
• detail advice or services specific to your postcode district or local authority, such as additional testing in the near vicinity

What is manual contact tracing in the context of the COVID-19 pandemic?

Manual contact tracing involves asking an infected person to remember who they have been in contact with; the person can only identify the people they know.