In a breach of patient trust, a British hospital shared the personal information of around 1.6 million patients with Google's DeepMind. This was reported by a British data protection watchdog - Information Commissioner's Office (ICO) yesterday, creating a stir. The deal between the Royal Free NHS Trust and Google’s DeepMind first became known to the public in February 2016.
Image Credit: Guschenkova / Shutterstock
Google is developing a new smart phone app to help diagnose and detect kidney injuries for which they assimilated this data from the patients. The Royal Free NHS Trust thus breached the Data Protection Act by complying with their request for the data.
Elizabeth Denham, head of the ICO said that no one would argue about the immense benefit this data could bring about in overall understanding, diagnosis and detection of the conditions and also improve clinical aspects, management and patient care. However the “price” of this innovation need not be “erosion of fundamental privacy rights” she said. The result of the medical trial that utilized the patient information was an app called Streams. It can help doctors detect patients who are at risk of acute kidney injury.
The data from these patients was provided in a clinical trial that began in November 2015, utilized the information from the systems and protocols used by the Royal Free NHS Trust to alert the physicians and healthcare personnel regarding the signs and symptoms of a potentially worsening patient with Acute Kidney Injury (AKI). This information was to be used to create the app that could help detect similar situations for other patients as well.
What was unacceptable was the fact that most patients were not aware that their personal information was part of the trial. The Trust has issued a statement that they accept the findings of the ICO and are doing everything in their power to address the areas where concerns and red flags have risen. As a first and most important step, the trust has signed an agreement to make changes in the handling of the data it has on its hands. The trust has agreed to find a legal basis for any future trials not only with DeepMind but also with other agencies and companies. The trust has outlined in the agreement how the patient confidence would be maintained in future clinical trials and also assess and audit this trial and its results to see what impact it has had on the privacy of the patients. All such details of the assessment and the audit would be shared with the ICO, the trust promised in the agreement. As of now it has not been fined for this transgression after the results of the investigation are out.
Google’s Deepmind – a part of the artificial intelligence arm has also accepted responsibility for the breach in privacy laws said the ICO officials. Google has agreed that there are complexities in the Britain’s state funded National Health Service and its data protection laws which they had not anticipated. Google DeepMind said in a statement that they were focused entirely on making tools for health care personnel and doctors and had not considered that the tools had to come from patients and had to be accountable to them, the public and the NHS as well. They admit they got it wrong and promise “to do better”. DeepMind, was founded in 2010.