An NHS hospital breached the Data Protection Act when it shared confidential data from 1.6 million patients with Google’s DeepMind division.
This is the ruling by the Information Commissioner’s Office (ICO), which found London’s Royal Free hospital did not properly inform patients about the use of their data.
The ruling is embarrassing for the hospital trust and DeepMind, but didn’t result in any confidential data being leaked.
Exposed in April by New Scientist, the agreement saw the hospital hand over personal data of 1.6 million patients to DeepMind, which uses artificial intelligence (AI) to improve the speed and accuracy of medical diagnoses.
The company’s Streams app aims to boost early intervention for acute kidney injury by providing doctors with alerts as soon as a patient’s health deteriorates.
The ICO was also not satisfied with the Trust’s belief that the clinical safety testing of the app amounted to direct care – only in this setting is there no need for patient consent.