Instances of identifiable NHS patient information being shared without explicit consent have raised concerns about data access and privacy.
The Information Commissioner’s Office and the National Data Guardian for Health and Care are investigating the transfer of five years’ worth of patient data for 1.6 million people between the Royal Free London NHS Foundation Trust and Google artificial intelligence (AI) subsidiary DeepMind Health. While the intent behind the data-sharing agreement was altruistic, a recent academic paper described it as controversial and inexcusable.
The paper, by Cambridge University academic Julia Powles and New Scientist journalist Hal Hodson, claims that the terms of the partnership are misleading. Although the data was used to create Streams, a smartphone app that helps clinicians manage acute kidney injury (AKI), the agreement allowed for broader collection of unrelated patient data. Central to the agreement is the definition of “direct care” which carries “implied consent” to data-sharing.
Another key consideration is data value, in terms of bringing advances in healthcare that benefit individual patients and the wider community, and potential commercial benefits.
In this respect, the Royal Free deal is not unique. DeepMind Health is working with several NHS hospitals, including Imperial College, Moorfields and University College London Hospitals.
Nor is DeepMind the only technology company working with the NHS. IBM Watson is working with Alder Hey Children’s NHS Foundation Trust and a further 90 companies are using or proposing to use AI to support diagnostics and patient care. All these projects involve private companies accessing and utilising patient data.
Research into public attitudes about health data shows that people are generally happy for their data to be used for research, but become uncomfortable if a commercial organisation is involved.
A survey by the Wellcome Trust and Ipsos MORI found people were largely unaware of how their health data is already being used, and that the greatest objections arose around the possibility of insurance and marketing companies accessing personal data.
The NHS will only be able to make the most of the opportunities new technologies offer to improve healthcare if the public has confidence in how data is used
And much of the concern about DeepMind’s involvement with the NHS relates to its association with Google, notwithstanding DeepMind founder Mustafa Suleyman’s assurances. “The data that we access from the NHS will never be connected or associated in any way whatsoever with any Google data,” he told the BMJ.
These concerns were reflected in the recommendations by national data guardian Dame Fiona Caldicott, in a letter to the health secretary Jeremy Hunt, which included proposals for a new consent model for data-sharing in the NHS and social care. “There needs to be a much more extensive dialogue with the public about how their information will be used, and the benefits of data-sharing for their own care, for the health and social care system and for research,” she wrote.
Last month, Wellcome launched Understanding Patient Data, an independent patient data taskforce and website, to provide information about how and why patient data is used.
The initiative is led by Nicola Perrin, head of policy at the Wellcome Trust. “New data-driven technologies have the potential to transform healthcare,” she says. “The Royal Free’s Streams app has alerted clinicians to 11 patients a day who were at risk of AKI and is saving nurses two hours a day. But the NHS will only be able to make the most of the opportunities new technologies offer to improve healthcare if the public has confidence in how data is used.”
To maintain patients’ trust, the NHS needs to ensure they understand any use of their data beyond their own direct care. This also means establishing public confidence in partner organisations. “The DeepMind-Royal Free case is a reminder of how important it is to get the right governance frameworks in place when developing these partnerships, to ensure everyone can have confidence that data is being appropriately protected,” adds Ms Perrin.
The AXA PPP Health Tech & You Awards was dominated by tools predicated on leveraging patient data. And there was a sharp focus on patient information and consent. Winner of the Health & Care Professional’s Choice Award, uMotif, is a platform that captures patient-generated health data for NHS, academic and corporate research projects.
“Patients volunteer their data because they want to make a difference,” says founder and chief executive Bruce Hellman. “They know their data is used only for ethically approved projects, and that they can choose which research to participate in and which data to share.”
At DeepMind, Mr Suleyman is introducing the Verifiable Data Audit, a mechanism to enable partner hospitals to check in real time how their data is being processed.
Establishing trust means respecting the value and ownership of patient data, rather than its economic implications. Ms Perrin highlights “the economic value to UK plc” as a contributory factor to the spectacular failure of the NHS care.data initiative.
She says: “NHS Digital explicitly states that it does not charge for data. We need to have better conversations about the value of the data to the NHS, the role of companies and technology providers. Until the benefits are more clearly understood, there is probably a risk of damaging public confidence even further by talking about commercial value and patient data in the same breath.”
There is general recognition that NHS patient data can be used to improve healthcare and save lives. The underlying issue is trust. We need to be able to trust our healthcare providers to use patient data in a way that benefits the population’s health while respecting patient confidentiality and data privacy.