Experts Raise Privacy Concerns Over NHS Alexa Tie-Up
Legal and security experts have raised concerns over a new NHS deal with Amazon which will allow patients to access health information through voice-assistant technology.
Announced on Wednesday, the tie-up is designed to help those who otherwise would find accessing the NHS website difficult, such as the elderly or blind.
In doing so, it could help to reduce the workload for GPs and pharmacists who have to take time out to field simple questions on common illnesses, the NHS argued.
“The public need to be able to get reliable information about their health easily and in ways they actually use,” claimed Matthew Gould, CEO of the new digital transformation unit NHSX. “By working closely with Amazon and other tech companies, big and small, we can ensure that the millions of users looking for health information every day can get simple, validated advice at the touch of a button or voice command.”
Marcus Vass, co-head of digital health at international law firm, Osborne Clarke, argued that the NHS website is already a popular source of info for patients, and enabling Alexa search is an extension of that.
Yet he added that patients and doctors will be keen to know whether any personal health data is being collected or used, and where it is stored.
“Details of any specific protections in place have not yet been disclosed – and in particular whether the NHS has agreed with Amazon any terms including enhanced security provisions over and beyond the obligations under GDPR and the Data Protection Act legislation,” he said.
“Any lack of clarity as to the use by Amazon of the personal data and health data would of course be subject to the valid consents of patients. Any concern from patients about the use of their health data would be corrosive to the trust in using voice assisted technology or other algorithms to access the NHS website.”
Kaspersky principal security researcher, David Emm, called for greater transparency from Amazon on the deal.
“We know that people are relying on these devices more and more, and their popularity is growing. They do have their benefits, and they are convenient, however, they are, at their core, smart listeners and have made headlines in recent times because of this – leaving a scepticism around them,” he argued.
“We also know that Amazon is storing and analyzing data that these devices collect, which also raises cybersecurity alarms when it comes to how this data will be used. They will be privy to sensitive health data, and so it must be made clear to the public how our data will be protected.”
Synopsys senior security engineer, Boris Cipot, warned that internet-connected services should always be treated with caution by users.
“If an insurance provider gains access to the user-specific data, they could potentially categorize users into risk categories based on the advice they sought which could also lead to increased insurance rates for those deemed high risk,” he added.
“Doctor-patient privacy could also be circumvented through this method of data collection since a doctor isn’t actually involved; therefore, nullifying patient privacy protection policies.”
Source: Information Security Magazine