A partnership which saw the UK’s National Health System (NHS) share the medical records of 1.6m patients with Google has been deemed inappropriate by the top data protection adviser to the NHS.

Dame Fiona Caldicott, the National data guardian at the Department of Health, has been investigating a deal made by Google’s artificial intelligence subsidiary, DeepMind, and the NHS to share patient data so that DeepMind could build an app, named Streams, to help hospital staff monitor and treat patients with kidney disease.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

Related Company Profiles

View all

An investigation by the New Scientist last year demonstrated the full extent of the partnership, mainly that a private company, Google, had access to identifiable medical records for 1.6m people.

According to a letter obtained by Sky News, Caldicott wrote to Stephen Powis, the medical director of the Royal Free Hospital, London, which provided the patient records to DeepMind, to tell him she believed the legal basis for the transfer of information was “inappropriate”.

In the letter, Caldicott didn’t dispute that the DeepMind app would be valuable to patients, however, the “purpose for the transfer of 1.6m patient records to Google DeepMind was for the testing of the Streams application and not for the provision of direct care to patients.”

“My considered opinion therefore remains that it would not have been within the reasonable expectation of patients that their records would have been shared for this purpose,” she wrote.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Therefore, she did not believe that “when the patient data was shared with Google DeepMind, implied consent for direct care was an appropriate legal basis.”

Dame Caldicott’s take on the partnership is being taken into account by the Information Commissioner’s Office (ICO), the UK’s data watchdog, which is looking into whether the transfer was legal under the Data Protection Act.

Technology is revolutionising healthcare, whether that’s DeepMind’s Streams app or the artificial intelligence arm of IBM, Watson, which is being used to help diagnose and treat oncology patients around the world.

Whilst this is important to the continued study of health, the DeepMind partnership has raised questions about what it means when a national health service collaborates with private tech companies.

Ron Chrisley, director of the Centre for Cognitive Science at the University of Sussex, told Verdict:

“Information is hard to track. Once it gets out of a certain space, say leaves the NHS, it’s hard to tell where it might end up. Our laws need to catch up with these kinds of technologies.

“We need to re-think about what the possible reach of these things might be.”

The news came days after NHS England was hit by a far-reaching cyber attack that saw patient records held to ransom for Bitcoin in hospitals up and down the country.