The Information Commissioner's Office (ICO) has ruled that London's Royal Free Hospital failed to comply with the Data Protection Act when it provided Google with the patient data of 1.6 million NHS patients.
The patient data was originally transferred to Google's artificial intelligence arm DeepMind for use in developing an app called Streams that could detect acute kidney injuries (AKIs). However, the patients whose data was used by the company never consented to their private medical data be transferred.
The ICO has chosen not to levy a fine against Royal Free, and instead urged the NHS Trust to make the necessary changes to remedy the situation.
The Information Commissioner, Elizabeth Denham believes there is a great deal of potential in using patient data to develop new technologies but she noted that “the price of innovation does not need to be the erosion of fundamental privacy rights.”
Royal Free released a statement today where it explained its position on the ICO's ruling, saying:
“We have co-operated fully with the ICO’s investigation which began in May 2016 and it is helpful to receive some guidance on the issue about how patient information can be processed to test new technology. We also welcome the decision of the Department of Health to publish updated guidance for the wider NHS in the near future.”
“We have signed up to all of the ICO’s undertakings and accept their findings. We have already made good progress to address the areas where they have concerns. For example, we are now doing much more to keep our patients informed about how their data is used. We would like to reassure patients that their information has been in our control at all times and has never been used for anything other than delivering patient care or ensuring their safety.”
Image Credit: Asif Islam / Shutterstock