A partnership which saw the UK’s National Health System (NHS) share the medical records of 1.6m patients with Google has been deemed inappropriate by the top data protection adviser to the NHS.
Dame Fiona Caldicott, the National data guardian at the Department of Health, has been investigating a deal made by Google’s artificial intelligence subsidiary, DeepMind, and the NHS to share patient data so that DeepMind could build an app, named Streams, to help hospital staff monitor and treat patients with kidney disease.
An investigation by the New Scientist last year demonstrated the full extent of the partnership, mainly that a private company, Google, had access to identifiable medical records for 1.6m people.
According to a letter obtained by Sky News, Caldicott wrote to Stephen Powis, the medical director of the Royal Free Hospital, London, which provided the patient records to DeepMind, to tell him she believed the legal basis for the transfer of information was “inappropriate”.
In the letter, Caldicott didn’t dispute that the DeepMind app would be valuable to patients, however, the “purpose for the transfer of 1.6m patient records to Google DeepMind was for the testing of the Streams application and not for the provision of direct care to patients.”
“My considered opinion therefore remains that it would not have been within the reasonable expectation of patients that their records would have been shared for this purpose,” she wrote.
Therefore, she did not believe that “when the patient data was shared with Google DeepMind, implied consent for direct care was an appropriate legal basis.”
Dame Caldicott’s take on the partnership is being taken into account by the Information Commissioner’s Office (ICO), the UK’s data watchdog, which is looking into whether the transfer was legal under the Data Protection Act.
Technology is revolutionising healthcare, whether that’s DeepMind’s Streams app or the artificial intelligence arm of IBM, Watson, which is being used to help diagnose and treat oncology patients around the world.
Whilst this is important to the continued study of health, the DeepMind partnership has raised questions about what it means when a national health service collaborates with private tech companies.
Ron Chrisley, director of the Centre for Cognitive Science at the University of Sussex, told Verdict:
“Information is hard to track. Once it gets out of a certain space, say leaves the NHS, it’s hard to tell where it might end up. Our laws need to catch up with these kinds of technologies.
“We need to re-think about what the possible reach of these things might be.”
The news came days after NHS England was hit by a far-reaching cyber attack that saw patient records held to ransom for Bitcoin in hospitals up and down the country.