Google's DeepMind Was Given 'Inappropriate' Access to NHS Medical Data

By Tom Pritchard on at

DeepMind, Google's British-based artificial intelligence wing, has come under fire after Sky News revealed the company had been given access to medical records of 1.6 million NHS patients. Records that came bundled with personally identifiable information.

Earlier this week Sky published a letter from the National Data Guardian (NDG) to Professor Stephen Powis, the medical director of London's Royal Free Hospital - the hospital that provided DeepMind with the records. The NDG—which is responsible for advising and challenging healthcare systems to ensure patients' data is safeguarded and utilised correctly—believes that it was 'inappropriate' for the hospital to provide DeepMind with this information without asking patients' permission first.

Normally that permission can be waived if the information is going to be used to provide direct care to the patient (or patients) in question. DeepMind has argued that this was the case here, but the NDG has countered by saying the information was actually being used to test a new app the company has been building for the NHS. As such, the data transfer is being investigated buy the Information Commissioner's Office to determine whether it violated the Data Protection Act.

The app itself, called Streams, is not being investigated as part of the ICO's investigation. Streams is designed to be used to help doctors and nurses identify patients at risk of acute kidney injury (AKI) which causes around 40,000 deaths every year - a quarter of which are preventable. It's currently being put to use inside the Royal Free Hospital, where feedback has been positive.

This development comes just days after several NHS computer systems were crippled by the WannaCrypt ransomware, raising more questions about just how secure patient data really is. That being said, a DeepMind spokesperson told The Verge that the data the company used "has never been used for commercial purposes or combined with Google products, services or ads - and never will be." So I suppose that's something. [Sky News via The Verge]

More Security Posts: