DeepMind Health and personally identifiable data
Personally identifiable data means information that can attributed to an individual person, including patient name, address, post code, date of birth, NHS number, or other identifying features.
This information is held by the NHS so it can provide you with safe and effective care. The NHS also routinely asks third-party IT providers to provide services needed to help manage this data on its behalf. This includes the software behind patient record databases or x-ray imaging, as well as DeepMind Health and our secure clinical app Streams.
When this happens, the hospital is the “data controller”, meaning that they are in charge at all times of what happens with patient information. The "data processor" - for example, DeepMind Health - must only process this data in strict accordance with the instructions of the data controller and the law.
The security of this patient data is our top priority. Patient data remains under the full control and direction of the NHS. All data is stored securely, encrypted to the highest standards, and will never be connected to Google accounts or services, or used for any commercial purposes like advertising or insurance.
How Streams processes data
The amount and type of data Streams processes is determined by our partner hospitals.
For example, the Royal Free currently uses Streams to detect whether patients are at risk of acute kidney injury (AKI). To make this possible, the Royal Free asks us to process patient information relevant to an AKI diagnosis.
The primary way to detect possible AKI is via a blood test, which can show whether the kidneys are operating normally. But because other medical factors affect how the kidneys operate, those results differ from person to person.
For example, pregnancy alters kidney function. That means pregnant women have different test results, so a blood test result that’s healthy for one woman could be dangerously high for another. Including that information in the app means that doctors and nurses can take the most accurate decisions.
Historical information is also vitally important for doctors and nurses when they're deciding the best treatment. AKI can be challenging to treat, because the blood test result that is used to detect it has to be compared to earlier results when the kidneys were operating normally. Without that extra context, it’s impossible for clinicians to tell if a result reflects normal kidney function or is dangerously higher.
Other historical data is also relevant. Patients who have had kidney problems in the past, for example, are much more likely to develop very serious forms of AKI, so it’s important that clinicians are made aware of this as quickly as possible so they can give patients the most appropriate treatment. The same is true for whether a patient has recently had emergency surgery, or if they’ve had heart disease.
To deliver fast and reliable alerts to clinicians through mobile devices, this relevant patient information must be stored in advance, ready to be sent to a doctor or nurse at the first sign of a problem.
Our work is governed by a wide set of laws and regulations, including the NHS Act 2006, the Health and Social Care Act 2012, the Data Protection legislation (General Data Protection Regulation and the Data Protection Act 2018), and the Human Rights Act 1998. You can also read more about data processors and data controllers on the Information Commissioner's Office website.