DeepMind Health and data
Hospitals rely on data to get patients from test to treatment. Each test result or scan contains data that can tell a nurse or doctor whether a patient is at serious risk. Analysing that data, and getting it to the right clinician as quickly as possible, is essential to making sure that each patient gets the treatment they need in time.
The NHS uses IT providers like DeepMind Health, Cerner, TPP and many others to help analyse, store and process this data, under strict rules and regulations. In data terms, the hospital is the “data controller”, meaning that they are in charge at all times of what happens with patient information. The "data processor" - such as DeepMind Health - must only process this data in strict accordance with the instructions of the data controller and the law. You can read more about data processors and data controllers on the Information Commissioner's Office website.
Health data is hugely important and sensitive, and keeping it secure is our top priority.
We commit to:
- Only using patient data to help improve care, under the instructions of our NHS partners, who will continue to act as our data controllers at all times. Each of our NHS partnerships have strict rules about how data can be used. We will never use patient data outside of these rules. That means data will never be connected to Google accounts or services, or used for any commercial purposes like advertising or insurance.
- Holding data to world-leading standards of security and encryption. Our systems have been built by some of the world’s leading security experts. Data is fully encrypted, and stored in a high-security facility in England, separated at all times from any other systems. Only those who need to access the data are able to, and all data is deleted entirely from our systems when it is no longer being worked on.
- Enabling rigorous audit of how data is used. All data use is logged, and can be reviewed by our partners, regulators, and our Independent Reviewers. We’re also working on an unprecedented, even stronger set of audit tools, called Verifiable Data Audit. This will give our partner hospitals an additional real-time and fully proven mechanism to check how we’re processing data, showing when a piece of data has been used and for what purpose.
DeepMind Health and transparency
The different types of data we process
Different hospitals ask us to process different types of data, depending on what they need.
Hospitals use our secure clinical app, Streams, to process personally identifiable patient data. This is because hospitals use the app to help nurses and doctors deliver urgent care, and these clinicians need to know which specific patient needs their help. You can read more about how personally identifiable patient data is processed and protected here.
In contrast, our AI research projects currently process de-personalised data. This is because the researchers are exploring whether AI tools can be used effectively and safely to support nurses and doctors. To carry out this research they don't need to know the details of any specific patient. You can read more about how de-personalised data is processed and protected here.
The team at Understanding Patient Data, an independent task force, has published more information about how different types of data are used in the NHS. You can read more on their website, here.
Patient consent and opt-outs
Hospitals are the "data controllers" with a direct relationship with their patients, and they are in charge of decisions about patient consent and opt-outs. DeepMind Health, as a "data processor", strictly adheres to the instructions we're given by the hospital.
In general, hospitals don't ask for explicit consent from patients before using a "data processor", because the NHS remains in control of the patient information throughout.
However, the precise policy may vary depending on the hospital.
If you are a patient of a particular hospital and would like to understand their policies around consent and opt-outs, we'd encourage you to discuss this with the hospital directly. All hospitals have a data protection officer who can answer questions about patient data, and many also have a Patient Advice and Liaison Service (PALS) too.
You can also read more about your personal data choices on the NHS website here.
We hold patient data at the very highest levels of security, and ensure that all data is encrypted, logged and strictly governed. Our security systems and processes have undergone and passed multiple NHS audits.
When we process data from our partner hospitals, we first copy it from the Trust’s systems to our NHS Digital approved data centre located in the UK. This is done over an end-to-end encrypted link.
Once in our data centre, the data is stored in an encrypted database and only decrypted when it is needed for processing. The decrypted data, and data derived from it, is never stored on disk without first being re-encrypted. Data transmitted between machines is also end-to-end encrypted, and all equipment is physically secured within a locked cage. All backups within our systems are also conducted over secure, encrypted links.
All data access is logged and available for audit, and once data is no longer required, we permanently delete it from our systems. Where applicable, we also destroy any encryption keys associated with that data. Any storage device that is retired from service in our data centre is physically destroyed to ensure there is no possibility of data leakage or recovery.
Building unprecedented Verifiable Data Audit
In early 2017 we announced a ground-breaking project called Verifiable Data Audit, with the express objective of increasing transparency and trust in how we process data.
Right now, any time our systems receive or touch that data, we create a log of that interaction that can be audited later if needed. With Verifiable Data Audit, we’ll build on this further.
Each time there’s any interaction with data, our systems will add an entry to a special digital ledger, which is cryptographically secure and cannot be tampered with. Our plan is to build a dedicated online interface that authorised staff at our partner hospitals can use to examine the audit trail of DeepMind Health’s data use in real-time.
This will allow continuous verification that our systems are working as they should, and enable our partners to easily query the ledger to check data usage is consistent with the policies they have put in place. We’d also like to enable our partners to run automated queries, effectively setting alarms that would be triggered if anything unusual took place. And, in time, we could even give our partners the option of allowing others to check our data processing, such as individual patients or patient groups.
You can read more about our plans for Verifiable Data Audit here.