One of the most sensitive and private aspects of our personal lives is our medical records.
Until 2014 when we started to hear how drug and insurance companies would be able to buy information taken from them we had assumed that that a promise of confidentiality would never be broken. It should not come as absolute surprise therefore that other types of companies would be next in line, and a recent article in New Scientist has highlighted how tech giant Google has been granted access to 1.6 million NHS patient records. If you’re wondering how and why, read on.
A data sharing agreement between Google’s A.I. company DeepMind and the Royal Free NHS Trust means that Google has been granted access to the information of the patients for 5 years up to 2017 of 3 London Hospitals; Barnet, Chase Farm and the Royal Free Hospital.
The information is being used by Google for the specific purpose of developing an app called ‘Streams’ that is designed to alert doctors when a person is at risk of developing acute kidney injury (AKI). NHS figures have shown that kidney injuries cause 40,000 deaths a year in the UK.
AKI is also is a contributing factor to nearly 20% of emergency hospital admissions even though approximately 25% of those admissions are preventable. It is thought therefore that the app could help to save lives, transform outcomes for some patients, and relieve some of the pressure on the NHS.
It has been reported that the Royal Free Trust has stated that the patient data that Google has access to is encrypted, and that the Google DeepMind employees working on the project will not be able to identify any individuals from it. Reports indicate that it was Google who approached the Trust about developing the app rather than the other way around. As part of the access agreement Google’s DeepMind must also delete its copy of the data when the agreement expires at the end of September 2017.
The Royal Free NHS Trust has also publicly pointed out that information sharing agreements such as this are not unusual and that it is one of 1,500 agreements with third-party organisations that process NHS patient data.
If your organisation works in a medical field or develops products or services with medical applications or inputs, an agreement of this nature with the NHS or a private health company could represent an R&D opportunity.
This news story should also remind businesses of how significant and important the subject of data security is. Thinking about how we feel about having our medical data shared with 3rd party organisations should help us to understand how sensitive our customers are about their personal data, and how we have responsibility and an obligation to manage it well and in a compliant way.