back to article Google AI gains access to 1.2m confidential NHS patient records

Google has been given access to huge swathes of confidential patient information in the UK, raising fears yet again over how NHS managers view and handle data under their control. In an agreement uncovered by the New Scientist, Google and its DeepMind artificial intelligence wing have been granted access to current and …

  1. James 51

    Until the people doing things l this face serious jail time abuses on this and even larger scales will continue. Whatever the noble aims of the project might be Google has proven time and time again it can not be trusted with highly personal data.

    1. ACx

      So.... people should got to jail because other people dont trust google........

      What kind of moronic thinking is that?

      On top of that, what, a blanket ban on google using data from other organisations, even if it could be a benefit?

      Again, what kind of moronic thinking is that?

      This attitude is anti progress and rank stupid. All because internet wankers decide to hate. Weird. Very weird.

      1. heyrick Silver badge

        What kind of moronic thinking is that?

        There once was a thing called doctor patient privilege.

        There once was a thing called ethics.

        There once was an expectation that if you needed to go to hospital, the full details of why wouldn't be spewed to the highest bidder.

        It isn't about whether or not people trust Google, it's about a fundamental breach of trust by the medical profession itself. They "claim" that the details are anonymous yet the agreement would appear to say otherwise. Well, if this behaviour passes without any hindrance or jail time, how long before data is provided to other paying companies...like, oh I don't know, selling the results of routine blood tests to insurers? Such a thing is only a small mission creep away. And you'd be surprised what a blood test can reveal...

        The point here is the breach of trust and that the patients involved were never given a choice (probably because they knew any sane person would say NO). So, yes, jail time please. Because if a serious punitive penalty isn't handed down, it would be a de facto sanction of this sort of behaviour. Are you happy with what that might imply?

        To clarify, this isn't about what the data in question is, or even who it is being shared with, it's about the manner in which it was shared. If this isn't slapped down, well, what headlines will we be reading here in the future?

        1. David 164

          Re: What kind of moronic thinking is that?

          Ambulance driver missed signs of sepsis,

          Nurse missed signs of sepsis,

          Doctor missed signs of sepsis,

          consultant missed signs of sepsis,

          Google software didn't, another life save.

          Bet that headline doesn't meet your narrow view of the world does it?

          Every data protection form I have ever signed have included giving permission for my data to be analyse and process by third parties, this is no different. If people don't want to read them that their fault.

          1. Smooth Newt
            Unhappy

            Re: What kind of moronic thinking is that?

            Every data protection form I have ever signed have included giving permission for my data to be analyse and process by third parties, this is no different. If people don't want to read them that their fault.

            This is different because this is specifically about medical research. The cornerstone of the ethics of medical research on humans is the Helsinki Declaration, which states, amongst other things, that research subjects' participation in medical research must voluntary, which means that they must agree to it, and know what they are agreeing to. If they haven't read the form, then they haven't agreed to it.

            Why? Just look up the Tuskegee syphilis experiment.

            1. Yet Another Anonymous coward Silver badge

              Re: What kind of moronic thinking is that?

              The real tragedy is that this will kill people.

              Every time something like this happens it makes people less likely to assist in real medical trials, t makes the barriers to doing medical research harder, it means drugs and treatments will be delayed or never started.

            2. David 164

              Re: What kind of moronic thinking is that?

              Except that dealing with experiments on the patients directly with new drugs or surgical techniques, which at the moment Google isn't doing. What Google is doing with this set of data is training it neural network to recognise when a patient has kidney problems from their medical records. CQC, NICE and other organisation already does this on a regular base, NICE use patient records to confirm whether drugs are as good as they claim and whether they are worth the price we are paying for them. CQC use them to spot where parts of the NHS are failing.

              Helsinki Declaration will only come into effect once Google start to test its technology in a live clinical environment and are monitoring real patients, presumably in real time because that the moment when they are actually experimenting and using patients as guinea pigs.

              1. Smooth Newt
                Flame

                Re: What kind of moronic thinking is that?

                Helsinki Declaration will only come into effect once Google start to test its technology in a live clinical environment and are monitoring real patients,

                No - the Helsinki Declaration applies to all medical research involving human participants. This sounds like a worthwhile project, but that doesn't mean ethics can be ignored.

                And actually the last box in Section 5 suggests to me that this system is being used in clinical decision making, and so may affect the treatment that participants receive, or do not receive. I have bolded the relevant sentence.

                Identifiable data will be retained by the system for up to 5 years from the creation of the record, or until the End Date for the project, whichever comes first, in order to facilitate algorithms requiring historical data in order to correctly generate an alert. As this data is being held for direct care purposes, pseudonymization is not required. Should a pseudonomized copy be completed for non-direct care purposes, then it would be done in line with the HSIC guidelines.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: What kind of moronic thinking is that?

                  @ Smooth Newt

                  Thanks for spotting that (your bolded bit). I assume that this is a trial before adoption by all NHS hospitals.

                  So, in the same way that care.data has ensured I will never see a NHS GP ever again, now this little bit of data incontinence will ensure that I never see a NHS hospital ever again.

                  On my limited income, I can't afford private care. So I'd better not become ill!

          2. Anonymous Coward
            Anonymous Coward

            Re: What kind of moronic thinking is that?

            Ambulance driver missed signs of sepsis,

            Nurse missed signs of sepsis,

            Doctor missed signs of sepsis,

            consultant missed signs of sepsis,

            Google software didn't, another life save.

            Bet that headline doesn't meet your narrow view of the world does it?

            Sure. And now try this again where there's no signal - wouldn't you prefer to improve the chain of people who missed it so they won't next time?

            It is certainly possible to have Google mass-analyse data and come to better conclusions, but not before that process is anonymised to the point that back-tracing the data would lead to Obama himself instead of the patient in question, because otherwise you will only have provided yet another excuse for mass surveillance.

            F*ck that.

            1. David 164

              Re: What kind of moronic thinking is that?

              Actually it not about coming to better conclusions, it about using these medical records to train up a Deepmind Neural net so that it can spot a patient with kidney trouble or sepsis or any number of other conditions before they become life threatening and presumably before a human doctor could.

              1. razorfishsl

                Re: What kind of moronic thinking is that?

                yes ... so goolge can make a shit load of money of a system built on data , that the patient did not authorise to be accessed.

          3. anonymous boring coward Silver badge

            Re: What kind of moronic thinking is that?

            The total automated Nanny State isn't very far from "1984", FYI.

            1. MrTuK

              Re: What kind of moronic thinking is that?

              Agreed, not very far indeed and it seems so many people are oblivious to it !

          4. Mike Pellatt

            Re: What kind of moronic thinking is that?

            Ambulance driver missed signs of sepsis

            You are Jeremy Hunt and I Claim My Five Pounds.

            For your information, the people you are presumably referring to there, who are qualified to make certain diagnoses and carry out certain treatments, are professionals whose job title is Paramedic. They are not Ambulance Drivers, despite the Health Secretary's recent repeated attempts to down-classify them every time he mentions them in a speech. He's yet to change his language.

          5. jrchips

            Re: What kind of moronic thinking is that?

            Time to legislate universal 'opt-in' language for all third party use of personal data. One of the provisions would be that if you choose not to make the data available to third parties, the service cannot be refused. This would extend to data retrieved from personal computers by software programs, including browsers.

            We've currently got the equation backwards. It's time to put the consumer (not the service provider) first.

          6. F0rdPrefect
            Big Brother

            Re: What kind of moronic thinking is that?

            @David 164

            Here in the UK you are not asked to sign a data protection form before getting medical assistance.

            Or after.

          7. AndrewDu

            Re: What kind of moronic thinking is that?

            Well if you agreed, bully for you - I wouldn't, but each to his own. At least you had the choice.

            Maybe you missed where it said that the patients in this case were not consulted, and had no meaningful way to opt out?

            That's the issue, not the question of what they might or might not have done if given the option.

      2. Anonymous Coward
        Anonymous Coward

        Reply Icon

        So.... people should got to jail because other people dont trust google........

        What kind of moronic thinking is that?

        The same kind of moronic thinking that prevents 100 people from randomly being arrested because it may possibly catch one single shoplifter. There are laws for that, but for some reason, Google is always allowed to ignore them.

        On top of that, what, a blanket ban on google using data from other organisations, even if it could be a benefit?

        Yup. Onder NO CIRCUMSTANCES WHATSOEVER is Google ever to be given personal information without the EXPLICIT, OPT-IN AND INFORMED permission of the people it concerns. The EXPLICIT is simply because that is the law, OPT-IN because it concerns data considered sensitive and so we hit another aspect of the same law and INFORMED because Google is rather adept at "forgetting" to mention things or bury them deep down in Terms that make War & Peace shorter to read.

        So, in short, f*ck Google with a blunt and oversized stick for again grabbing data they have no business accessing, and I hope the people responsible will be taken to task by the UK Information Commissioner. Given that it's patient data I am personally disappointed that we have as yet no mandatory jail sentences for this because this sh*t really has to stop.

        And no, I'm not an Internet hater, but one of the people that has to clean up the mess and deal with the human misery when such data inevitably gets abused. What easily obtained isn't valued, and Google epitomises the abusers out there.

        If you're OK with Google accessing this I expect you to post your full medical record here, from DOB onwards.

      3. rometsch

        Not paying appropriate amout of taxes in UK and still exploiting citizen data.

        This is Google.

  2. Anonymous Coward
    Anonymous Coward

    How Slurprising...

    Google reportedly claimed ..... it needed access to everything!

  3. Anonymous Coward
    Anonymous Coward

    Google: Sorry NHS didn't find anything but thanks for sharing...

    Google HQ:

    ...Program Running....

    ......Analyzing... Computing... Sequencing....

    .........Patients:

    ............Larry Page,

    ............Sergey Brin,

    ............Eric Schmidt...

    .

    ............Immortality Program Complete....

    .

    ............Have a nice day!

    .

    .

    ............[Paging: Next patient: David Cameron....]

    1. Anonymous Coward
      Anonymous Coward

      Helpfully we can take solace in the fact...

      That even if they do find the secret to immortality, it will only be ready in time for their children's children... Otherwise hope everyone is looking forward to a 1000 year Google reign...

  4. ATeal

    Is there an opt out?

    How is this even allowed?!

    1. raving angry loony

      Re: Is there an opt out?

      Money. More money. And corrupt politicians with zero concept of ethics or morality. Oh, and money.

      I was going to say "corrupt corporate leaders and politicians" but the former is kind of a given.

    2. David 164

      Re: Is there an opt out?

      NHS patient records are already analyse by dozens of organisations.

      There a form you and everyone else would have signed somewhere in your life where you gave permission for information to be analyse and possessed by third parties, such as department of health, NICE, CQC. Signing up to the GP for example.

      1. Martin Gregorie Silver badge

        Re: Is there an opt out?

        @David 164: Where've you been sleeping so soundly for the last several years that you missed Care.data's attempt to sell everybody else's data?

        There a form you and everyone else would have signed somewhere

        Yes, except that its was an OPT-OUT that about a million of us signed. Twice, because the Care.data crew 'lost' the first set of opt-outs. It wasn't as simple as giving the opt-out to your GP either. As well as that copy, you also had to submit one to any hospital you'd ever been treated at, very evidently to make opting out as hard as possible.

        1. David 164

          Re: Is there an opt out?

          Which you can thank this tory government for as they are the ones which cancel the centralisation of medical records which would have allowed cross the board opt out much easier in the first place.

      2. raving angry loony

        Re: Is there an opt out?

        then there's people like me, who moved out of the country before this was implemented. Then, because I didn't have a UK address, weren't permitted to "opt out" no matter how we tried.

        So take your "you opted in" and shove it up your anti-privacy arse. I was never given the choice. I was never allowed to opt out, and I'm fucking annoyed about that.

    3. Anonymous Coward
      Anonymous Coward

      Re: Is there an opt out?

      Is there an opt out?

      How is this even allowed?!

      This is the thing - as far as I can tell this is not even legal. First of all, medical data is classed as "sensitive" under UK DPA rules, so you should not have to opt OUT, they will have to get you to opt IN, and explicitly (so it can't be part of the small print in a contract, there must be a separate, explicit question if you want to permit this).

      Secondly, it would be worth getting an opinion if sensitive data ought to be sharable without further consent - as far as I can tell there is a re-purposing involved here, which ought to have triggered a renewed request for your permission.

      Oh, and before I forget, such a request much be coercion-free, so none of this "if you don't say yes, we won't be giving you your blood results" style "encouragement" that I've seen in various parts of the NHS.

      1. Anonymous Coward
        Anonymous Coward

        Re: Is there an opt out?

        @ AC

        " as far as I can tell this is not even legal "

        I think that you will find they rely on the same legislative let out as made care.data legal. Neither should be legal but be aware that the government has the power to make exceptions and bend the rules in any way it chooses. And it uses that power to suit its own purposes. Our MPs don't care so long as they have their snouts well into the trough.

        This is that use of arbitrary dictatorial power that we previously believed was only used in East Germany, Soviet Russia, China, and North Korea. Well, our government also attended the classes and seems to have achieved some pretty good grades in the final exams.

    4. Halfmad Silver badge

      Re: Is there an opt out?

      Money, that's basically it. NHS England is increasingly commercialised although the public don't seem to notice, they also have far more relaxed attitudes to data protection than the likes of NHS Wales or NHS Scotland.

      Ironically it's the almost unchanged NHS in Scotland which is now handling information belonging to patients more sensibly whilst NHS England runs ahead full steam into the "future" where it can't control access to some incredibly sensitive information. I really with the public in England would wake up to the data being shared with commercial bodies, all the reassurances in the world should not allow patient information to be accessed by a commercial body like this without a opt in and notification being required.

  5. Anonymous Coward
    Anonymous Coward

    I'm bored of Google now. They're a corrupting influence in politics.

    1. Mark 85 Silver badge

      They have been for quite some time. Haven't you heard how buddy-buddy they are with leaders of quite a few countries? I'm more disheartened by the leaders than Google since they're not resisting.

      1. Anonymous Coward
        Anonymous Coward

        Why would they resist when they're still following Thatcherite supply-side economics.

    2. Planty Bronze badge
      FAIL

      To all the critics

      Think back to this moment you were brainwashed into hating Google when you have a friend or relative that died because a preventable disease wasn't caught early enough.

      Bid data analysis of medical history is a very good thing for preventable disease.

      1. Adair

        Re: To all the critics

        Planty, please tell us where you would draw the line on state intrusion into private life?

        BTW, we all die, happily this also includes the corrupt capitalist brigands who presume to own us.

  6. Smooth Newt
    WTF?

    So much for the Helsinki Declaration

    Patients can opt out by asking their physicians, in writing, to do so, they said. However even that approach would not prevent people's live data feed from being shared.

    Which sounds like patients can't completely opt out, even if they jump through this hoop, though this may be moot since someone cannot give informed consent or not to something of which they are ignorant.

    1. This post has been deleted by its author

    2. This post has been deleted by its author

    3. This post has been deleted by its author

      1. heyrick Silver badge
        Facepalm

        ...Google's Overton Window...

        I think saying it three times is only supposed to work for Beetlejuice and Bloody Mary.

  7. Frumious Bandersnatch Silver badge
    Trollface

    Welcome to the BRave new EXIT (of your personal information)

    One supposes that this is just the sort of deal (with default "opt-in" clauses) that British regulators would love to sign up to. They'd totally get away with it, too, if it weren't for that pesky EU.

    Closest icon I can find for a Scooby Snack (gurning counts, doesn't it?)--->

    1. Terry 6 Silver badge

      Re: Welcome to the BRave new EXIT (of your personal information)

      You got there before me.

      At least one motivation behind BREXIT is that, with no effective English or Welsh opposition, leaving the EU would let ideologically bound, free market, Devil take the hindmost, politicians and their big business backers do what they want. Stuff data protection for the ordinary folk, alongside independent protection for human rights, safe working practices, reduced roaming costs, controls on utility charges and so on. (aka "Red tape" hindering business).

  8. Anonymous Coward
    Anonymous Coward

    But....

    google says they don't do any (????) business in the UK. It is all done in Ireland.

    So are we right to assume that all the UK patient data has already gone offshore?

    Perhaps google might like send all theut UK Employees to Ireland and effing stay there.

    How they have changed from the days of 'Do No Evil'.

    And before anyone askes, I did have a google account when I was silly enough to buy an Android (HTC) phone. Does not use my real name or email address. Other than that I work in a google free zone.

    Long may it continue.

    1. David 164

      Re: But....

      They actually state they don't sale ads in the UK, given that where nearly all of it profits are made, there very little generation of revenue and thus profits being made in this country. I don't like this anymore than you do but the politicians could change the law tomorrow if they wanted, they won't because they themselves would be hit by such changes to the law.

  9. Anonymous Coward
    Flame

    revenge porn

    So... if any x-ray images or other technological images have been shared without my consent it is the same as revenge porn, right?

    Or do highly intimate images shared with a special person (and then given away without your consent) have to be some how erotic, to be illegal?

    1. iRadiate

      Re: revenge porn

      yes for revenge porn they would need to be erotic.

      1. Sgt_Oddball Silver badge

        Re: revenge porn

        Well a side shot of a woman's chest can show certain fatty tissues. So in the right light it's a possibility.

        (people have weirder fetishists and don't forget rule 34 after all)

      2. Anonymous Coward
        Anonymous Coward

        Re: revenge porn

        yes for revenge porn they would need to be erotic.

        I told you the Wikipedia entry for "boner" was wrong..

    2. David 164

      Re: revenge porn

      You have almost certainly gave you consent, which the NHS almost certainly stored at one of its storage sites or servers.

      1. DavCrav Silver badge

        Re: revenge porn

        "You have almost certainly gave you consent, which the NHS almost certainly stored at one of its storage sites or servers."

        Pretty sure people having photos taken of their breasts in a hospital didn't sign a consent form for them to be perved over at Google.

        1. Yet Another Anonymous coward Silver badge

          Re: revenge porn

          I wrote the module to do noise reduction on MRI and CT scans in one major bit of software.

          It is now very difficult to get sample data.

          The clinician can just annomize the patient data portion before they send it to us - if they know how,

          But a shopping mall scan clinic, who are the source of most of the bad scans, aren't going to go through the process of getting consent, forming an ethics board and having a human trials review and proving their HIPAA compliance for a $500 scan.

          There is official NIH test data, but it is all taken on perfectly calibrated, professionally operated laboratory grade scanners - not what you want to solve the problem of CT scans of hipsters with too many piercings.

    3. Aynon Yuser

      Re: revenge porn

      I don't think anyone beats off to x-rays. Though it wouldn't surprise me if someone has or will.

  10. gnufrontier

    The spotting of another iceberg tip

    Not to bring everybody down but we are already in the end game. All that is left is for the Privacy king to resign. He had a good run but nothing lasts forever. Technology is not neutral and privacy is a moving target. The roots of privacy are in shame avoidance and not a political right that acts as an antidote to totalitarianism. Just to make the whole stew even more foul tasting let's throw in some political utilitarianism (the greatest good for the greatest number - a ridiculous notion but one held by many an apparatchik I'm sure) and top it off with the ever present promotion of "big data" as somehow being the new mechanism that will hasten the utopian future (forever chased and always receding) that gives purpose to the starry eyed technologists raised on science fiction and the notion that somehow our the past accomplishments have been something more than dumb luck, the right time, right place events that make up the contingencies of all history. Privacy will be one of those values that is still given lip service but in effect is already being moved to the the shelf to take its place among those other concepts that have become little more than sentimental artifacts like self sufficiency and rugged independence. We can dig in our heels but eventually our shoes will wear out.

    1. Anonymous Coward
      Anonymous Coward

      Re: The spotting of another iceberg tip

      Hey! Gnufrontier! Looks like you've caught Amanfrommars1itis. I'll bet the Royal Free can't cure that.

      1. Nixinkome

        Re: The spotting of another iceberg tip

        Work makes one free.

        1. Anonymous Coward
          Anonymous Coward

          Re: The spotting of another iceberg tip

          Work makes one free.

          You are Ken Livingstone, and I claim my £5.

      2. Anonymous Coward
        Anonymous Coward

        Re: The spotting of another iceberg tip

        Hey! Gnufrontier! Looks like you've caught Amanfrommars1itis. I'll bet the Royal Free can't cure that.

        I've always wondered what happened that they had to come up with a Royal Free Hospital? Why did a hospital have to be made free of Royals?

        :)

    2. Rich 11 Silver badge

      Re: The spotting of another iceberg tip

      Just to make the whole stew even more foul tasting let's throw in some political utilitarianism (the greatest good for the greatest number - a ridiculous notion but one held by many an apparatchik I'm sure)

      I think you must hold a very shallow understanding of utilitarianism. Following that with a bare assertion denoted in such terms suggests you have a hobby horse you are desperate to ride.

    3. Anonymous Coward
      Anonymous Coward

      Re: The spotting of another iceberg tip

      Not to bring everybody down but we are already in the end game. All that is left is for the Privacy king to resign. He had a good run but nothing lasts forever. Technology is not neutral and privacy is a moving target.

      Actually, it isn't. Another two..three months and the world of privacy will look remarkably different, trust me on this (and yes, I *AM* an expert).

      1. moiety

        Re: The spotting of another iceberg tip

        Would that be a good different or a bad different?

        1. Anonymous Coward
          Anonymous Coward

          Re: The spotting of another iceberg tip

          Would that be a good different or a bad different?

          That depends on your perspective. Good for end users and the typical man-in-the-street.

          Keep reading El Reg.

          1. moiety

            Re: The spotting of another iceberg tip

            It's a whatsapp clone that isn't run by facebook

  11. 2+2=5 Silver badge

    This has health privacy implications far beyond just the affected patients...

    I read the story and wondered why the RFL had done a deal with Google rather than British researchers who, presumably, would be able to analyse the data perfectly well? A moment's thought and the answer becomes perfectly clear: the reason Google were chosen is because they fully intend to identify the individual patients and match them with the 'lifestyle' (aka browsing and online purchasing history) that they have for these people.

    So welcome to the future: where Google and its advertisers know you're ill before you do. The next time you come to insure your car and find that you can't get a quote for anything less than a thousand times the value of the car, make a note to go and see your doctor. :-(

    1. Androgynous Cupboard Silver badge

      Re: This has health privacy implications far beyond just the affected patients...

      Jeez, you people. At risk of sounding out-of-step with the groupthink here I'm not sure I see the problem.

      First, what difference does it make if the researchers are British or not? Second, provided the safeguards on the data are adhered to, then all the big-brother-doom-and-gloom scenarios in the comments just don't happen. The fact Aunty Mabel has a fondness for heroin is not going to wind up in a search engine, because there are specific contractual safeguards on the data to prevent this. If the safeguards are adhered to, it's fine.

      If they're not, then there's a data leak then heads will be on spikes, and I will personally help put them there. But that would apply to any firm with any private data for any one of the hundred NHS projects that are running, not just this one. And there's no particular reason to believe it will happen.

      There is a lot of data. Properly processed it may help diagnosis, which will keep people alive. This is a good thing. The NHS doesn't have the expertise for this in house so hires in outside consultants with expertise in managing large datasets. This is OK, provided the data is properly safeguarded. You might well object to your data being used like this, fine, but I don't see why this project gets your hackles up any more than any other.

      If this article were rewritten with Fujitsu or HP instead of Google, would there be as much outrage? I doubt it. If anything Google are less likely to run five times over budget and not finish the job, which is what you'd expect from a normal NHS IT project.

      1. Yet Another Anonymous coward Silver badge

        Re: This has health privacy implications far beyond just the affected patients...

        > if the researchers are British or not

        I don't care if the researchers are British or not, I care if they are working for an ad agency that is the world's largest collector and seller of personal data.

        I would be similarly miffed if the data had been sold to British researchers working for the Sun.

      2. Anonymous Coward
        Anonymous Coward

        Re: This has health privacy implications far beyond just the affected patients...

        Second, provided the safeguards on the data are adhered to, then all the big-brother-doom-and-gloom scenarios in the comments just don't happen.

        Really? I have news for you. You ought to *really* examine US law, and you'll find that there are no real barriers for any random agency to get hold of that data once Google las gotten its hands on it - that's what they're trying to hide with Privacy Shield. THAT is why Google shouldn't get its hands on non-anonymised data, and at that point I haven't even mentioned Eric "You have no privacy, get over it" Schmidt yet.

        1. Androgynous Cupboard Silver badge

          Re: This has health privacy implications far beyond just the affected patients...

          Really? I have news for you. You ought to *really* examine US law, and you'll find that there are no real barriers for any random agency to get hold of that data once Google las gotten its hands on it

          Before you go off the deep end, try actually reading the agreement from the original article.

          Data will not be transferred outside the EEA. The NSA do not have free access to european data centres. If you believe that they do, then the data would be unsafe regardless of whether it was google or not.

          Way, way too much hyperbole in these comments.

      3. anonymous boring coward Silver badge

        Re: This has health privacy implications far beyond just the affected patients...

        " Second, provided the safeguards on the data are adhered to, then all the big-brother-doom-and-gloom scenarios in the comments just don't happen. "

        Let's use the slowly boiled frog analogy here -even if it's totally incorrect.

        You get the idea. You are the frog, if that's not obvious.

        Also, the more such presumably safe, fine, and dandy allowances of access to massive databases of private data are allowed, the bigger the risk that errors will expose this data. It's like all systems: Mundanity breeds carelessness. (And that's even if ignoring the simple fact that repetition increases the chance of an unlikely outcome occurring.)

      4. Esme

        Re: This has health privacy implications far beyond just the affected patients...

        The issue is lack of informed consent on the part of those whose data has been shared, pure and simple. Whether or not the data has been supposedly anonymised or not is irrelevant. There isn't supposed to be ANY sharing of data without the consent of the patients involved. This is not a hard concept to grasp.

        'Data anonymisation' processes have been shown to be unreliable; Google has proven itself many times over to be lacking in ethics in the way it goes about its business, and it's a foreign business at that. There is no way that anyone's data should have been given to Google without their explicit consent.

        Seems a clear cut case of a crime having been committed to me, and yes, jail sentences are entirely appropriate, under the circumstances.

      5. Bilious
        Thumb Up

        Re: This has health privacy implications far beyond just the affected patients...

        If I read the article right, acute kidney injury was the primary target. Acute injury predisposes for chronic renal failure which is a personal disaster for those struck by it. Chronic haemodialysis or renal transplantation are life saving, but are nonetheless a heavy burden healthwise and practically.

        So the project of finding early warnings - and hints of why some seem to be protected - in seemingly irrelevant observations - is a laudable one. Early and effective intervention in risk groups would be a great improvement compared to the present-day situation.

        Getting rid of the need for kidney transplants would be great. Someone has to start with data gathering to find clues for a work hypothesis. Google did.

      6. Anonymous Coward
        Anonymous Coward

        Re: This has health privacy implications far beyond just the affected patients...

        This is all well and good if you trust any of the people involved. I sure don't!

        I don't trust Google not to profit outside of this "controlled AI training" test. I don't trust they wont ship the data outside of the UK or restrict access to it from outside the UK.

        I don't trust the NHS management and civil servants/MPs who brokered this deal to be working in the interest of the people. They just want something fancy to put on their CV or to get that nice private sector job after kissing enough ass as a public sector employee.

        The only people i have any respect for are the front line doctors and nurses who actually provide real benefit to society, the juniors of which are currently trying to be broken by Mr Hunt.

        Google and their acolytes can F right off!

    2. David 164

      Re: This has health privacy implications far beyond just the affected patients...

      Deepmind are British researchers.

  12. SVV Silver badge

    I think I've worked it out

    Cameron and Osbourne make no secret of the fact that they meet regularly with Google execs.

    Putting the National Pupil database up for sale to all with deep pockets a week or so ago was just a first test case. Unfortunately it succeeded, as there was little attention paid to it by the press and therefore no public outcry.

    Mass data collection bill now sailing through parliament with Tory majority.

    "Well Eric and Larry, perhaps we could let you help us analyze this data with your amazing AI tech, here is a copy of it all, do what you like with it"

    "I'm sure we could do great thiings with this, how about a nice well paid directorship once you leave Downing Street?"

    1. wolfetone

      Re: I think I've worked it out

      "Unfortunately it succeeded, as there was little attention paid to it by the press and therefore no public outcry."

      If someone had said that Hitler was in favour of doing such a thing, you wouldn't have been able to move without seeing it plastered on a newspaper.

    2. Anonymous Coward
      Anonymous Coward

      Re: I think I've worked it out

      Selling the database makes sense in the context of privatising the entire school system.

  13. DougS Silver badge

    "Anonymous" data

    Haven't we seen enough research that demonstrates anonymous data isn't really that anonymous, and with enough other data it is possible to de-anonymize it? If anyone has access to enough other data to make that happen, it is Google. They're the last ones I'd trust to have access to data like that!

    I wonder exactly what data it is? If they had the date of a GP visit and a few metrics like height, weight, BP, cholesterol, etc. you might think that's harmless, but if they have purchase data for shopping they'll know what size you wear which can be loosely correlated to height/weight. Not enough to de-anonymize. Let's say you were hospitalized for a few days, if they then correlate that height/weight vs clothing size information against when you were absent from the internet (easy for them to tell since Google Analytics has trackers on every major web site) and they can narrow it down quite a bit. If the "anonymous" information also includes the region of the UK in which you live and they might be able to identify you as an individual.

    Anyone who thinks "Google wouldn't do that, they have no desire to unmask the anonymity" hasn't been paying attention to Google's whole business strategy. If they did this in the US and I had a heart attack, if I lifted my ad blocker I'd probably start seeing a bunch of ads for Lipitor and friends the day I got home. There's just too much money in that for them not to stick their snouts in the trough.

  14. wolfetone

    Damn it, all those times I've been in A&E and not read the small print where it says "We may share your information with selected 3rd parties. To opt out of this, please tick this box".

    1. Anonymous Coward
      Anonymous Coward

      Damn it, all those times I've been in A&E and not read the small print where it says "We may share your information with selected 3rd parties. To opt out of this, please tick this box".

      Yes, sure. The only problem is that that would not have been valid under DPA. You are not allowed to default to opt in and ask people to opt OUT if the data is classed as "sensitive, which health data is.

      It would be rather amusing if that is how they have been gathering permission because it would create a huge mess - it would effectively declare the data given to Google as illegally acquired. Uh oh..

  15. BurnT'offering

    This will be fun

    Having seen what Deep Mind makes of a simple kitten GIF, imagine the surrealist poetry it will generate from your health records. This is going to be like Carry On Matron meets The Elephant Man

  16. David 164

    A million patients out of 70 million people, only a tiny bit over 1% opted out.

    It going to be interesting to see what Deepmind can do with this data over the next year, Sepsis is another condition they are going to investigate.

    It a shame Deepmind didn't stay a British company through.

    1. Anonymous Coward
      Anonymous Coward

      Considering this issue wasn't mentioned in the media until after the event, that there was no mention of it in hospitals or GP surgeries, and that there was no official form to use to opt out, I'd say that one million was a fair number. I suspect it would have been higher had the government not backed down when it did all hit the fan - no doubt they're working on getting what they want in other ways.

  17. IT Hack

    Soveriegnty

    So...the rest of Europe people need to opt in. In the UK we require people to opt out if they want their data shared.

    Can someone tell me how Europe is telling us what to do again?

  18. Boris the Cockroach Silver badge
    Big Brother

    Its

    the sharing of information that bothers me rather than the noble cause of identifying people with kidney failure

    How long before the data is sold on by google dispite the 'assurances' and who would want their future employers know they had a overwork stress induced breakdown 15 years ago while applying for a job....

    Thin end of the wedge and all that....

    1. Terry 6 Silver badge
      Big Brother

      Re: Its

      Data grabbing Sledgehammer to smash hypothetical nut?

      Do we have even a hint of how many kidney problems are missed, that could be found by blanket data mining? Or even any evidence that it would work at all?

      Or is this just an excuse grabbed out of the air?

  19. Anonymous Coward
    Anonymous Coward

    Just like they did books

    Google has this way of waltzing in with a supposedly innocuous little project that later grows to be a fait accompli of slurping up most of the worlds copyrighted books.

    Now they have set their sights on you medical records.

    Nothing could go wrong here.

    1. Hollerithevo Silver badge

      Re: Just like they did books

      And if you've ever got a Google-scanned book, you'll realise how sloppily they did the scanning -- pages missing, lines dropped, etc. Hastily did a bad job to lay claim on the book, without actually rendering the book properly digitable, because they don't care about books, but about owning everything.

  20. scrubber

    Anonymous my arse

    Your google search history for symptoms matches your anonymous medical history in the same timeframe, but they'd never be able to put those two things together, would they?

    Let alone the illegal, sorry, accidental, data slurp their street view cars were doing.

    Fucktards.

  21. This post has been deleted by its author

  22. Anonymous Coward
    Anonymous Coward

    They appear to be in breach of their own privacy statement

    https://www.royalfree.nhs.uk/patients-visitors/privacy-statement/

    1. Anonymous Coward
      Anonymous Coward

      Re: They appear to be in breach of their own privacy statement

      @ AC re "breach of their own privacy statement"

      They seem to have given themselves sufficiently leeway:

      "However, in exceptional situations we may need to share information without your permission if:

      * it is in the public interest – for example, there is a risk of death or serious harm"

      It just depends on how they define "exceptional", "risk of death" or "serious harm". I am sure those definitions are all sufficiently elastic that there will be no need to change anything.

  23. harmjschoonhoven
    Unhappy

    This

    makes me sick, even from the other side of the herring pond. I can feel my kidneys already.

  24. ryanp

    Holy Macrel

    Leaving aside the ethics of the NHS, it doesn't seem like a anyone here read the linked articles or documents. Everyone is making up their supporting information as they go along to suit their outage, on both sides of the argument. It helps to read before forming your opinion.

  25. x 7

    funny thing is.........I think that group of hospitals use Lorenzo as their clinical system........which would mean the data is incomplete and probably incorrect anyway

  26. Anonymous Coward
    Anonymous Coward

    There's always the good reason...

    And then there's the real reason.

  27. Anonymous Coward
    Anonymous Coward

    Don't worry the Privacy Commissioner has it covered.

    I sure he'll impose the maximum possible fine on those responsible.

    So the tax payer can foot the bill :/

  28. Anonymous Coward
    Anonymous Coward

    As always

    Jeremy Hunt has the best interests of patients, and doctors for that matter, at heart. The world needs more people like him.

    /sarcasm off.

  29. x 7

    as for giving consent............

    a couple of years ago I was taken to hospital with a burst, abscessed appendix. They wheeled me into the pre-op room, ready for the op and then made me sign the consent form. By that stage I was so freaked by the pain, urgency and fear of impending death if something didn't happen quickly that I would have signed ANYTHING to make the problem go away. In a situation like that you can hardly say that "consent was considered". It was more like "sign this or you're going to die". And no I had neither time, ability or inclination (I was on morphine) to read the details

  30. nichomach

    Well...

    ...they're not confidential records any more, are they?

  31. Anonymous Coward
    Anonymous Coward

    This kind of data analysis happens all the time.

    I've worked in NHS IT and emailed data that I thought contained unnecessary information.

    1. Anonymous Coward
      Anonymous Coward

      If this happens all the time in NHS IT, is there some capability in house? Or is it always oursourced?

      Also, *you've emailed data* ???

      1. Anonymous Coward
        Anonymous Coward

        I should really have said it _happened_ all the time. Quite some time ago now. Was internal IT at the time. To be fair, I don't know if there has been a radical shift. Quite frankly, I'd expect _more_ of it, given the additional processing power available.

  32. Anonymous Coward
    Anonymous Coward

    Who's worried about Google...

    ...most patient facing IT in the NHS is done by ATOS, Google are pussy cats by comparison...

  33. Anonymous Coward
    Anonymous Coward

    Data high-jack.

    We have seen it all before, when PJ allowed OSRM, in 2004, to use the data collected by Grokline, the UNIX/Linux Ownership History Timeline, OSRM first put their own copyright notice on the web site. Then when PJ left employment with OSRM and tried to reinstate Grokline it was found that it could not be done. Grokline was never seen again. Effectively the data was gone for community use. Of course Google have said that the data will be deleted when they have finished with it, so that is all right then.

    Be careful government, when you sup with the devil you should use a long spoon.

  34. Aynon Yuser

    All so the people can be bombarded with "ads by Google" analytics based on your chronic condition(s). Then the information can be sold to Mark Suckerusallburgs so it can be sold to marketing companies for $60 billion.

    Sure why not.

  35. Anonymous Coward
    Anonymous Coward

    Anyone know why I'm getting google ads for coffins the past few days? I only have a sprained ankle.

  36. 0laf Silver badge
    Stop

    With the way Westminster works right now you can expect a severe kick in the nads if you don't shift your data to 'murican cloud based operators. It's cloud by default, doesn't matter how appropriate it is or even if it will really save money.

    I'd have expected something like this to have had a pretty serious PIA carried out and been given the nod by the ICO before it happened.

    It's not impossibly to do things like this but it is difficult and if patients weren't informed or consent sought then it would imply that no PIA was done.

    1. KeithR

      "and been given the nod by the ICO before it happened."

      Very unlikely that ICO will have had ANY say on this: the ICO actively discourages requests for it to rubber-stamp (in particular) iffy projects, in case - if/when said project crashes and burns - the ICO's "approval" is cited in defence.

      The ICO is FAR more likely to say "you're the data controller - it's for you to assess the risks against the benefits..."

  37. Medical Cynic

    Anonymous?

    Not by the time Google has compared the medical data with the vast amount of data it holds on individuals from searches, gmail, social media etc.

    It'll have your name, address, phone number and more attached to the medical record in the shake of a lamb's tail.

  38. Anonymous Coward
    Anonymous Coward

    On A Similiar Note...

    ...schools play equally fast and loose with pupil data.

    My son's school is claiming they don't need permission - despite asking for it - to send identifiable information (name/address/DOB) and senstitive information (ethnicity) to *dozens* of external companies, none of which they are legally obliged to send data to.

    They admitted to carrying out no due diligence on any of the external data processors, nor to having a data retention policy, both in clear violation of their DPA obligations.

    Once data leaves the building you have no idea where it is stored, who has/will access it or what they will do with it, no matter what the contract says.

    Good to know that health data and school pupil data is being treated equally well...

    1. 0laf Silver badge
      Facepalm

      Re: On A Similiar Note...

      I've heard some real horror stories about academy schools. IT being set up and run by a pupil, parents running email systems, all sorts of stuff going out on public cloud services.

      I'm sure everyone will be happy to know that a 14 year old has full admin rights to the servers holding confidential child protection information and payroll.

    2. x 7

      Re: On A Similiar Note...

      "My son's school is claiming they don't need permission - despite asking for it - to send identifiable information (name/address/DOB) and senstitive information (ethnicity) to *dozens* of external companies, none of which they are legally obliged to send data to.

      They admitted to carrying out no due diligence on any of the external data processors, nor to having a data retention policy, both in clear violation of their DPA obligations."

      REPORT THEM!

  39. KeithR

    "This is different because this is specifically about medical research. The cornerstone of the ethics of medical research "

    The word RESEARCH is key here.

    Section 33 of the DPA refers.

    Despite all the (typically) ill-advised, indignant, uninformed caterwauling on here, what's happening is almost certainly legitimised by s.33 DPA...

  40. Daggerchild Silver badge

    Fearblind

    Yeah, okay, so, while everyone is screaming and frothing about this potential threat, I'll just leave this here:

    http://www-05.ibm.com/innovation/uk/watson/watson_in_healthcare.shtml

    which was reported here:

    http://www.theregister.co.uk/2016/02/18/ibm_watson_in_26bn_grab_to_completely_own_300m_patient_lives_data/

    getting a whole 5 comments..

    Google are simply making the mistake of going in the front door, while IBM are swallowing entire Heathcare data processors whole, then digesting their data and assimilating their pre-approved data access privileges.

  41. RISC OS

    I wonder how long it will be before google

    ...matches patients to search results.

    A guy goes to the doctor to complain about itchy nob in derbyshire on 13th of january... how many people in derbyshire were googling "what causes itchy nob" on the 10th-12th of january?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020