Google AI gains access to 1.2m confidential NHS patient records

Deal with Royal Free London to slurp info surprises and shocks


Google has been given access to huge swathes of confidential patient information in the UK, raising fears yet again over how NHS managers view and handle data under their control.

In an agreement uncovered by the New Scientist, Google and its DeepMind artificial intelligence wing have been granted access to current and historic patient data at three London hospitals run by the Royal Free NHS Trust, covering 1.6 million individuals.

That would include any chronic illness people may be suffering from and the circumstances over why they were admitted – for example, if they have suffered a drug overdose. The agreement provides Google with access to data going back five years and is far more expansive than expected.

Google and DeepMind previously said they were working with the NHS on a product called "Streams" that would "present timely information that helps nurses and doctors detect cases of acute kidney injury."

The agreement however provides access to all patient data, covering issues far beyond just kidney functioning. Google reportedly claimed that since there is not a specific subset of information regarding kidneys, it needed access to everything.

The idea behind the data sharing is that Google's AI software may be able to identify patterns that can assist doctors and nurses in treating patients or in recognizing conditions earlier than normal.

The agreement includes a number of safeguards, including the fact that Google is not allowed to share the information beyond the specific project and must delete all data when the project ends in September 2017.

Never asked

However, critics have already pointed to the fact that the hospital trust has not been upfront about the use of confidential patient information, has not informed patients that their personal information is being provided to a commercial entity, and has not provided patients with a reasonable way to opt-out of the data sharing.

The revelations come just days after health data regulator, the Health & Social Care Information Centre (HSCIC), noted that more than a million patients had opted-out of its Care.data scheme.

Care.data was announced three years ago and has been mired in controversy over the fact that there was little or no discussion with patients over their personal data being shared with private sector bodies.

It seems little or nothing has changed as a result of that argument, with the Google contract signed just over six months ago on 29 September 2015.

A spokesperson for the Royal Free trust downplayed the breach of trust saying "no patient-identifiable data" would be shared and that the information is at least encrypted in transit. However, according to the agreement between DeepMind and the NHS, the information sharing may include identifying information – such as names, addresses, health service ID numbers, photographs and videos.

Patients can opt out by asking their physicians, in writing, to do so, they said. However even that approach would not prevent people's live data feed from being shared.

The UK has a long history of favoring opt-out agreements when it comes to sharing information, requiring individuals to actively refuse access, as opposed to a European norm of opt-in, where people have to agree before third parties can use their information.

Regardless, the provision of such highly personal and confidential information without proper consultation and with patients forced to relying on data protection methods drawn up behind closed doors and written into non-public contracts has already created a stir. ®

Broader topics


Other stories you might like

  • Minimal, systemd-free Alpine Linux releases version 3.16
    A widespread distro that many of its users don't even know they have

    Version 3.16.0 of Alpine Linux is out – one of the most significant of the many lightweight distros.

    Version 3.16.0 is worth a look, especially if you want to broaden your skills.

    Alpine is interesting because it's not just another me-too distro. It bucks a lot of the trends in modern Linux, and while it's not the easiest to set up, it's a great deal easier to get it working than it was a few releases ago.

    Continue reading
  • Verizon: Ransomware sees biggest jump in five years
    We're only here for DBIRs

    The cybersecurity landscape continues to expand and evolve rapidly, fueled in large part by the cat-and-mouse game between miscreants trying to get into corporate IT environments and those hired by enterprises and security vendors to keep them out.

    Despite all that, Verizon's annual security breach report is again showing that there are constants in the field, including that ransomware continues to be a fast-growing threat and that the "human element" still plays a central role in most security breaches, whether it's through social engineering, bad decisions, or similar.

    According to the US carrier's 2022 Data Breach Investigations Report (DBIR) released this week [PDF], ransomware accounted for 25 percent of the observed security incidents that occurred between November 1, 2020, and October 31, 2021, and was present in 70 percent of all malware infections. Ransomware outbreaks increased 13 percent year-over-year, a larger increase than the previous five years combined.

    Continue reading
  • Slack-for-engineers Mattermost on open source and data sovereignty
    Control and access are becoming a hot button for orgs

    Interview "It's our data, it's our intellectual property. Being able to migrate it out those systems is near impossible... It was a real frustration for us."

    These were the words of communication and collaboration platform Mattermost's founder and CTO, Corey Hulen, speaking to The Register about open source, sovereignty and audio bridges.

    "Some of the history of Mattermost is exactly that problem," says Hulen of the issue of closed source software. "We were using proprietary tools – we were not a collaboration platform before, we were a games company before – [and] we were extremely frustrated because we couldn't get our intellectual property out of those systems..."

    Continue reading

Biting the hand that feeds IT © 1998–2022