Google's DeepMind Health independent review panel shares first annual report, raises concerns with data privacy and security

By Heather Mack
Share

Overhauling the technological capabilities of the UK’s National Health Service is no easy feat. For Google DeepMind Health – which has positioned itself to handle much of the heavy lifting – an internal review panel has found plenty of room for improvement both on the company’s end as well as the clinicians who practice within the system. 

“The digital revolution has largely bypassed the NHS, which, in 2017, still retains the dubious title of being the worlds largest purchaser of fax machines,” members of the Independent Review Panel wrote in the organization’s first annual report on DeepMind Health’s performance. 

The panel, which was established alongside DeepMind Health in 2016, is independent of the company and had some sharp complaints with the NHS’s current data systems. On average, an NHS trust has 160 different computer systems in operation, leading clinicians to devise their own methods of modernizing their workflow. In one troubling observation, the panel found clinicians reduced to using decidedly non-medical apps to share patient information.

“Seeing the difference that technology makes in their own lives, clinicians are already manufacturing their own technical fixes. They may use SnapChat to send scans from one clinician to another or camera apps to record particular details of patient information in a convenient format,” the report states.
While the panel gave clinicians some latitude because the apps were helpful in getting the job done, they pointed out the obvious drawback in using such digital hacks.

“…this is clearly an insecure, risky and non-auditable way of operating, and cannot continue,” they wrote.

In its aim, DeepMind Health is just what NHS needs to contend with its “complex, unwieldy and insecure” paper-based hospital data systems.  The company’s projects include data transfer and storage upgrades, and machine learning tools for clinical decision support, such as apps, retinal imaging and radiotherapy research. But while attempting to deliver on those goals, privacy and security has remained a chief concern.

“’Good enough’ is not good enough for a company linked so closely to Google, a company that already reaches into every corner of our lives,” the report states. “We believe that it is right that DeepMind Health should be held to higher standards, even if that means they are singled out as a lightning rod for public concerns.”

As we’ve reported earlier, one of those major public concerns was the Streams app, which was developed in collaboration with kidney experts at the Royal Free  Hospital London. DeepMind has been under fire in the press and from the UK government over the past year after an investigative report by the New Scientist revealed that Google would have access to a huge trove of patient data without the patients' express consent, a potential violation of NHS information governance principles. While a ruling from the Information Commissioner’s Office (ICO), found the Royal Free hospital was ultimately responsible for failure to comply with the Data Protection App, DeepMind Health still took heat for a lack of clarity in its information sharing agreement with the hospital.

Along with the Streams App, known as the “front door” in the report, the panel points out three other areas of concern: APIs, which serve as the borders for DeepMind Health’s applications as well as those of others like the NHS, data storage, and security of apps and other processes during the development stage.

“These are magnified if a commercial organization is involved,” the panel wrote. “There may be additional worries given how much Google is already perceived to know about us. At what stage does an organization like Alphabet become simply too powerful?”