Google’s artificial intelligence (AI) arm DeepMind has allegedly received legally inappropriate access to medical records of 1.6 million National Health Service (NHS) patients from the Royal Free Hospital in London, UK.
DeepMind is reported to have no legal basis to copy five years of patient data.
In May last year, the New Scientist reported that the access did not have any appropriate approvals.
Later in July, the Medicines and Healthcare products Regulatory Agency (MHRA) in the UK, had confirmed the allegations stating that DeepMind did not obtain any approvals for a trial.
NHS provided the data to DeepMind as part of a five-year landmark agreement between the firms, to develop and study a mobile clinical application called Stream, which was designed to improve outcomes by providing the right data to the appropriate clinician.
Sky News obtained and published a letter written by National Data Guardian (NDG) Dame Fiona Caldicott to NHS Royal Free Trust medical director Stephen Powis.
The letter reportedly said: “1.6 million identifiable patient records were transferred to Google DeepMind.
“Streams was going through testing and therefore could not be relied upon for patient care.
“It would not have been within the reasonable expectation of patients that their records would have been shared for this purpose.”
Due to the non-establishment of a legal basis, DeepMind will have to delete the data.
Privacy campaign group medConfidential coordinator Phil Booth said: "This letter shows that Google DeepMind must know it had to delete the 1.6 million patient medical records it should never have had in the first place.
“There were legitimate ways for DeepMind to develop the app they wanted to sell. Instead, they broke the law and then lied to the public about it.
“Every flow of patient data in and around the NHS must be safe, consensual and transparent. Patients should know how their data is used, including for possible improvements to care using new digital tools.”