Questions raised over legality of Royal Free healthcare app

The Royal Free Hospital's unique data-sharing agreement with Google DeepMind has been challenged. Ph

The Royal Free Hospital's unique data-sharing agreement with Google DeepMind has been challenged. Photo: Daniel Leal-Olivas/PA Wire - Credit: PA WIRE

The Department of Health’s data sharing guardian believes the transfer of 1.6million patient records was not ‘legally appropriate’.

The Royal Free Hospital transferred 1.6 million patient records to Google DeepMind, an artificial intelligence company, in order for them to test a healthcare app.

The healthcare app, called Streams, is designed to diagnose acute kidney injuries in patients, and clinicians say it is already saving lives at the hospital.

A letter, originally leaked to Sky News, however, reveals that a leading legal health figure believes that 1.6 million patients’ data was shared on an “inappropriate legal basis”.

Dame Fiona Caldicott, the National Data Guardian at the Department of Health, told the hospital that she believes the legal basis for the transfer of information from Royal Free to DeepMind was “inappropriate”.

Under patient confidentiality laws, patients are “implied” to consent to have their data shared if it is shared for the purposes of direct care.

Dame Caldicott wrote in her letter to the medical director of the Royal Free: “As I know you also appreciate, wherever patient data is used, it is absolutely paramount that this is done in a transparent and secure manner, which helps to build public trust.”

Most Read

She added that she “did not believe that when the patient data was shared with Google DeepMind, implied consent for direct care was an appropriate legal basis”.

She argued that the data had not been transferred for “direct care” because it had been used to test the app.

As previously reported by the Ham&High, the Royal Free believes that the healthcare app, currently in use at the hospital, is helping them diagnose patients more quickly.

A Royal Free spokesman said: “We took a safety-first approach in testing Streams using real data. This was to check that the app was presenting patient information accurately and safely before being deployed in a live patient setting. Real patient data is routinely used in the NHS to check new systems are working properly before turning them fully live. No responsible hospital would ever deploy a system that hadn’t been thoroughly tested. The NHS remained in full control of all patient data throughout.

He added: “We take seriously the conclusions of the NDG [National Data Guardian], and are pleased that they have asked the Department of Health to look closely at the regulatory framework and guidance provided to organisations taking forward this type of innovation, which is essential to the future of the NHS.

“We are proud of the work we have done with DeepMind and will continue to be bold and brave for the benefit of our patients.”