The Royal Free NHS Trust has made a data sharing agreement deal with DeepMind which, as a document obtained by the New Scientist has revealed, gives them access to 1.6million patient records across three London hospitals1. DeepMind is branch of the Google empire which focuses on the development of artificial intelligence (you may recognise them as the developers of AlphaGo the computer who beat Lee Sodel 4-1 at Go)2. The patient data will be used to develop an algorithm to detect the kinds of kidney injuries which are responsible for over 40,000 deaths a year by identifying patterns and early warning signs that are too subtle or require too big of a picture for ordinary, human doctors to see. However, the data given to DeepMind is not kidney specific, nor does it only contain the records of patients with kidney related problems, in fact, it contains a lot of highly sensitive information, such as which patients are HIV positive, have had drug overdoses, or abortions.
As per the Data Protection Act of 1998, the NHS is required to inform users of how their data is being used or shared3, which is why the Conservative Government spent £1million on “informative” leaflets posted in junk mail bundles across the country4. Further, every patient has the ability to opt out of having their data shared for some reason other than a court order, a public health emergency, or their own personal medical needs. This is only a meaningful protection if individual patients have the ability to make an informed decision on whether or not they want their data shared with outside partners such as Google. Mustafa Suleyam, the co-founder of DeepMind, has released a statement explaining that Google has an excellent data protection infrastructure, that the patient records are anonymised, and that only a limited number of specifically trained individuals will have access to the patient records which will be kept at DeepMind HQ in London.5 The problem with this “reassurance” is that it in no way provides the information required to aid any patient of the NHS trust in their decision.
“Anonymised data” is data that, supposedly, cannot be linked to its data subjects, i.e. data that has had any personally identifying information (PII) removed. PII is data which can uniquely identify someone, for example, your name, national insurance number, potentially your address and gender, but also your medical history if it is specific and rare enough. I may feel confident that my data is anonymous if, in a data set, I am one of several thousand patients who have kidney stones, but significantly less so if I am one of a dozen patients and the only one who lives in Elephant and Castle. Without that contextual information, I cannot confirm how protected my identity is. But, this shouldn’t matter if I can trust the individuals who have access to the data, right? Let’s set aside the possibility that the data could be stolen or that DeepMind’s server could be hacked (this is because I probably agree with Mustafa Suleyam – Google will have better technology to encrypt, store, and protect this data8) and focus just on the possibility of an insider attack. Will the “limited number of individuals” in DeepMind’s office have access to all of the patient records? If so, who are these people? Because who they are is definitely a factor in my decision, as it may well be in the decision of the 1.6million patients. Potentially, I am happy for medical staff to view my medical records, but not an ex partner and, without knowing exactly who has access to what, I cannot consent to anyone having any access. When you give consent to have your data used in a specific way, that consent must be informed, which requires certain pieces of information currently being withheld from the NHS trust patients.
That issue aside, the recourse that the patients in question have is to request their data be removed from the data set. Legally, if they ask for their data to be deleted, DeepMind is required to do that. In order for this to be meaningful, the patients have to be able to trust that a private organisation which has already obtained their data without real consent has deleted that data upon request, something which is incredibly difficult to prove. Whilst having the data deleted will remove that patients risk of identity theft, I think this is only one harm of illegally storing data. There is the potential for emotional distress to the data subjects when they know that someone has access to that data. This distress exists if the subject thinks that their data is being stored, regardless of whether or not it actually is. This harm is now going to be irreversible for some patients, given the manner in which this deal has been struck and how the patients have been notified (i.e. through a document that had to be extracted by journalists as opposed to given openly and willingly prior to the agreement being made in the first place).
Given that the ability for patients to consent, or to have consented, is somewhat dubious we can still ask, is consent necessary? DeepMind is hoping to use these patient records to hugely improve on the diagnostic ability of doctors, equipping them with a tool (literally an app) to aid in early detection of kidney injuries and, hopefully in the future, a variety of other issues. This could dramatically improve patient care and the chances of many future patients surviving where they currently don’t. Hospitals, as institutions, have an ethos of using patients individually to improve the healthcare of all. Atul Gawande articulates this excellently in his book, Complications, which discusses asking consent from patients before they are seen by medical students or newly qualified doctors. He argues that, if put in that position, patients would request a more qualified doctor, thus preventing an opportunity for learning, further, if enough patients did this (which is likely) then it would be impossible to train doctors on living patients and, therefore, at all.6 The question of sharing patient data is, in my opinion, similar– individual patients may not want their data to be given to DeepMind but, without that, or any other, data, DeepMind will not be able to develop medically useful AI and, reducing the data set through consent forms, could have a negative impact on system performance. Hence, in the collective effort to improve medical care for all, the NHS may ask to override the rights of individuals when doing so does not cause them unreasonable harm.
It cannot be argued that the data given to DeepMind was given with the informed consent of the patients. However, in scenarios such as this one, I don’t think the discussion should be focusing on whether or not consent has been obtained but whether or not it should be required in the first place. Of course, DeepMind now has a much higher responsibility to not only prevent patient harm, either from data leaks or from their technology, but also use the data they have been given to meaningfully improve diagnosis practice in the NHS.
- https://www.newscientist.com/article/2086454-revealed-google-ai-has-access-to-huge-haul-of-nhs-patient-data/
- https://deepmind.com/
- https://www.royalfree.nhs.uk/patients-visitors/privacy-statement/
- http://arstechnica.co.uk/business/2016/05/google-deepmind-ai-nhs-data-sharing-controversy/
- https://www.theguardian.com/technology/2016/may/06/deepmind-best-privacy-infrastructure-handling-nhs-data-says-co-founder?CMP=twt_a-technology_b-gdntech
- http://atulgawande.com/book/complications/
- https://www.bigbrotherwatch.org.uk/wp-content/uploads/2014/11/EMBARGO-0001-FRIDAY-14-NOVEMBER-BBW-NHS-Data-Breaches-Report.pdf
thegreyareaweb 