Birmingham NHS trust passes medical data to Telefonica without patient consent
The data was anonymised and used to train Telefonica's mental health predicting AI
Another NHS trust has apparently handed over medical data to a tech company without first asking patients.
According to a report in the Times, Birmingham and Solihull Mental Health NHS Foundation Trust gave Telefonica access to five years of medical records. The data was anonymised, with names and addresses removed, but patient consent was not sought.
The aim of the Telefonica project is to use an algorithm to spot when patients need mental health interventions, predicting if they will go into crisis in the next four weeks.
The report said initial trials on 25 users showed it "adding value to clinical care" but also returning many false positives, adding to doctors' workloads unnecessarily.
So far, the Spanish tech giant has only used historical data, presumably for training its algorithm before it was used to make predictions on the 25 users for the test.
Your guide to overcoming Brexit's data management challenges
Understand Brexit and the data law modifications it may causeDownload now
"The healthcare data does not leave NHS servers and is not used by Telefonica for any reason outside of the pilot," it said in a statement to the Times.
The project is in early stages, and for the second stage there are plans to incorporate phone data, such as location and message records, according to a Health Services Journal report from last year.
For the second stage of the project, the trust will be asking the Information Commissioner's Office for advice before moving forward — it's unclear why the trust did not check in with the data watchdog before the initial trial. Patients will be able to opt-out of future work, but again, it's unclear why they weren't notified and asked for consent for the first stage of the project.
The ICO has been approached for comment but has yet to respond.
AI is increasingly being used in healthcare, with algorithms trained to spot different types of cancer from radiology images but also beginning to shift towards supporting diagnosis. However, the AI needs to be trained on data, hence such companies turning to the NHS.
Back in 2016, Google-owned DeepMind sparked a scandal with a kidney illness prediction app it developed using data from the Royal Free Hospital Trust. Patient consent wasn't sought, which the ICO subsequently deemed broke data protection laws.
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download