There are concerns about a deal that sees Google extending its access to NHS patient data. DeepMind Health, a health and AI focused subsidiary of Google’s parent company, Alphabet, reported that it will be absorbed into Google Health, a newly formed subsidiary of Google.
In June, an independent ethics committee raised concerns over DeepMind’s independence from Google or Alphabet. In its 2018 Annual Report, the committee asked:
“To what extent can DeepMind Health insulate itself against Alphabet instructing them in the future to do something which it has promised not to do today?” It added: “We encourage DeepMind Health to look at ways of entrenching its separation from Alphabet and DeepMind more robustly, so that it can have enduring force to the commitments it makes […] The relationship with Google is a constant question that runs through many areas of DeepMind Health’s business.”
In response, DeepMind said it would ensure there is clarity around the binding legal framework that governs its relationship with NHS Trusts. It said that “Trusts remain in full control of the data at all times. We are legally and contractually bound to only using patient data under the instructions of our partners. We will continue to make our legal agreements with Trusts publicly available to allow scrutiny of this important point.”
Patient privacy under the GDPR
In light of the increased interconnectivity among healthcare providers and the growing pressure to ensure patient privacy, NHS Trusts need to understand who their data is shared with and the risks associated with sharing patient information.
Data flow mapping is not a new practice to many NHS organisations, although the introduction of the EU GDPR (General Data Protection Regulation) means data mapping is becoming more commonplace, and accountability for data protection is an ever-increasing priority.