Not Much Deep Thinking Evident Behind NHS Trust’s Data Share with Google DeepMind

Not for the first time, the NHS has come under fire from patients, patient groups and the scrutiny of the UK’s National Data Guardian (NDG), Dame Fiona Caldicott – and the ICO’s chief Elizabeth Denham.

The Royal Free Hospital in London commissioned Google’s DeepMind division in 2015 to help develop a Streams app to detect acute kidney injury through a blood test to identify deterioration. They provided DeepMind with 1.6 million patient records in the process to enabling ‘real time’ testing.

• Patients at the Royal Free Hospital in London were mainly unaware that their details were being used by a third party, nor how it was being used.
• No details on the financial terms of the deal have been disclosed publicly.

To Dame Fiona Caldicott, whose letter to the Royal Free was recently leaked, laid out her  concern that the data had been transferred on a ‘legally inappropriate’ (read ‘unlawful’) basis.  The app being developed was not ‘central’ to patient clinical care.  Caldicott shared her concerns with the ICO.

Caldicott does not dispute the app’s ability to help clinicians save lives today, but added in her letter: “Given that Streams was going through testing and therefore could not be relied upon for patient care, any role the application may have played in supporting the provision of direct care would have been limited and secondary to the purpose of the data transfer.  My considered opinion therefore remains that it would not have been within this reasonable expectation of patients that their records would have been shared for this purpose.”

Google DeepMind’s clinical lead Dominic King, was swift to distance any cross-use of the patient data with other Google products or services, or use for commercial purposes.

The ICO’s Elizabeth Denham has yet to give her judgement on misuse under the Data Protection Act, but the issue underlines the importance of individual consent.  This will be evermore intensely examined with the forthcoming GDPR regulations in 2018.  As it stands though, the ICO nonetheless has powers to fine a company up to £500,000 for the misuse of personal data as well as seek individual criminal prosecution.

Irrespective of the worthiness and potential benefit to patients in the longer term from the app, Dominic King agrees: “I think one thing that we do recognise that we could have done better is make sure that the public are really informed about how their data is used.”

It may prove a costly oversight to the Royal Free at a time of increasing NHS budget constraints, as well as prompting an ignominious slap in the face to the Trust from its patient body through damage reputation.

Amicus ITS is continuing its series of thought leadership events, this time on GDPR through 2017 for its customers and invited guests.  Further information on the programme can be found by contact Marketing (email) or calling Lindsay Burden on 02380 429475.