The NHS App is reportedly collecting and storing facial recognition data under a contract with a private tech company – sparking concern among privacy campaigners.

Biometric verification company iProov was awarded a contract by NHS Digital in 2019 to manage user verification on the app.

The company’s technology is used to ensure people are genuinely present when using NHS login to access the NHS App, done through a series of lights shined onto a user’s face. New users of the app are asked to prove who they are to gain access to its services.

But it has caused concern among privacy campaigners who have called for transparency on how data is used and stored, according to The Guardian.

NHS Digital told Digital Health News the company does not “receive, process or store” personally identifiable information on app users.

The contract between iProov and NHS Digital has not been published, which NHS Digital said was for “security reasons”.

Phil Booth, coordinator at privacy group medConfidential, told Digital Health News the decision not to publish the contract was “unnecessarily undermining trust”.

“The official assertion that a biometric of someone’s face is anything other than identifiable data, however, is as ludicrous as it is insulting to patients’ intelligence,” he said.

While privacy group Big Brother Watch said it was “deeply concerned” about the secrecy surrounding iProov’s use of data, but NHS Digital stressed all data was anonymous and access to data was subject to special panel reviews.

Jake Hurfurt, head of research and investigations at Big Brother Watch, said: “We’re deeply concerned by the secrecy surrounding facial verification and data flows in the NHS app, particularly given the involvement of a private company.

“It raises questions about how private and secure anyone’s information is when using facial verification and the NHS login. Anyone who sends personal information to a private company, at the encouragement of the NHS, has a right to know exactly what happens to their data.”

The NHS App reached more than 12 million downloads this year since Covid-19 passports were added to the service.

The NHS App allows users to access a range of NHS services on their smartphone or tablet. It was launched in 2018 and offers services including symptom checking and triage; appointment booking; repeat prescription ordering; access to patient records; national data opt-out; and organ donation preference.

The app already allowed users to check their vaccination record if permitted by their GP, but since May has also included Covid-19 vaccination status.

By default, the app asks some users for video facial verification. It involves new users recording a video of their face which is then sent to iProov to compare the facial data with anonymised photo IDs held by the government.

The app also asks users for their date of birth, postcode, phone number and photo of their passport or drivers license for verification during the sign-up process.

In cases where a user has submitted a photo to prove their identity the information is checked by the NHS login identity checking team or through the NHS login automated identity verification journey, NHS Digital said.

It is possible to opt out of providing video facial verification.

Cori Crider, director of tech justice firm Foxglove, told The Guardian: “So long as this system to log into the NHS app is optional then it may be fine but officials definitely shouldn’t be ‘nudging’ patients to log in with their faces to access healthcare.

“We should all also reflect on whether we’re heading towards a world where people have to use their faces just to walk into the supermarket or the pharmacy or the nightclub.”

A spokesperson from iProov told Digital Health News its technology is “highly secure” and uses encryption to protect patient data.

“This secure verification process helps the NHS to prevent a login being wrongfully set up using another person’s identity. iProov technology is highly secure, simple to use and deploys techniques such as a privacy firewall and strong encryption to protect user data.”

A spokesperson for NHS Digital added: “We use facial verification software when people decide to use the app to access their confidential patient data, as part of our NHS login identity verification process which is clearly explained to app users.

“This means people using the NHS App can trust that their data will be safe and secure.”

iProov has previously worked with HM Revenue & Customs and the Home Office, as well as providing its software to Eurostar, several banks and the US Department of Homeland Security, according to The Guardian.

The company is also linked to Tory donors through private equity group JRJ, which provided iProov with financial backing and had a seat on its board when it received its first NHS contract, according to The Guardian.

Two JRJ partners, Jeremy Isaacs and Roger Nagioff, have made a total of 41 donations to the Tory party and its MPs between 2004 and 2021.