England's NHS is embracing 'big data'. But who’s really benefiting?

As the new NHS app launches this week, huge questions remain about what happens to our private health data - now a key focus of Big Tech and US trade negotiators.

Phil Booth
3 July 2019, 10.12am
NHS symptom checker app.
Create Health (CC BY 2.0).

The general public may have been rudely awakened by Donald Trump’s recent vacillations about whether the NHS is “on the table” in trade talks, but a perfect storm around the NHS and NHS patients’ data in particular has been building for some time.

As OurNHS Editor Caroline Molloy and Philip Aldrick, Economics Editor of The Times, have both laid out, simplistic notions of privatisation in service delivery fail to attend to the really juicy NHS trade targets – which are patients’ data, drugs, and devices (the latter including much of what’s currently referred to as ‘apps’ and ‘AI’).

The “negotiating objectives” for a UK trade deal, published by the White House in February 2019, make it abundantly clear what the US is seeking: “...[patients’] data access, powers to use that data under its own laws, full intellectual property protection for its algorithms and an unrestricted market in which to sell the final product.”

Such ambitions sit neatly alongside the Government’s post-Brexit intentions, about which it has been explicit for years. One of the top “Strategic Goals” of the Government’s 2017 Life Sciences Industrial Strategy, written by Professor Sir John Bell, is to “create 2-3 entirely new industries over the next 10 years”, using: “...data stored centrally to create a unique, secure and appropriately consented dataset of more than a million whole genomes alongside rich clinical datasets.” (p16)

Help us uncover the truth about Covid-19

The Covid-19 public inquiry is a historic chance to find out what really happened.

In other words, using the mass collection, linkage and commercial exploitation of NHS patients’ data to drive economic activity. If this all sounds in the realm of fantasy, unclear until the Office of Life Sciences have industry write the rules (page 2), then check Principle 10 of DHSC’s ‘Code of conduct for data-driven health and care technology’, updated in February: When the basis of the commercial arrangement is NHS data, it must adhere to the new guiding principles described in the Life Sciences Sector Deal 2.”

The last time we heard this sort of language, the focus was on GP records and care.data. This time there is clear intent to include genomic data (i.e. data derived from your DNA) as well.

The ‘Big (Health) Data’ held by the NHS is so valuable precisely because it is so much richer in detail and wider in scope than anything the private sector – in the UK or elsewhere, with the possible exception of Israel – could hope to accumulate in their own right.

As Rosie Collington correctly identifies, while patients’ data held by NHS bodies may be “decentralised and messy in parts” (i.e. the data quality can be low, as care.data and other initiatives have revealed) even so, it is mostly far more structured, comprehensive and directly clinically relevant than the sort of ‘lifestyle’ health data amassed by private sector companies. This is, of course, particularly true of the linked genomic data generated by and within the new NHS Genomic Medicine Service.

Medical histories

Value is not solely limited to genomic data. Our medical histories are just as valuable and as highly sought after by the Big Tech “AI” companies, as demonstrated by deals such as the unlawful one between Google DeepMind and the Royal Free Hospital in 2015. This was an arrangement – largely secret, until it blew up – entered into by a single NHS Trust, in which the Trust agreed to assign Google exclusive rights to any Intellectual Property (IP) developed from half a decade’s-worth of 1.6 million NHS patients’ medical histories.

This, in exchange for just five years’ free use of an app (snapped back into Google US last November, for global “scaling up” and monetisation). And how ground-breaking is this reward? DeepMind’s own lawyers described it thus, in 2018: “Without intending any disrespect to DeepMind, we do not think the concepts underpinning Streams are particularly ground-breaking. It does not, by any measure, involve artificial intelligence or machine learning or other advanced technology.”

The ‘Streams’ app was used to treat just a handful of NHS patients with particular kidney conditions that never affected the vast majority who attended the hospital, none of whom were properly informed as to what was being done with their data, but whose medical histories Google DeepMind fully intended to feed to its AI...

Intellectual property

While other deals Google DeepMind has made with various NHS Trusts have not been found illegal, they do all share a common characteristic: Intellectual Property Right exclusivity clauses – see here, and here, and here.

The Department of Health and Social Care’s recently announced ban on NHS Trusts making “exclusive data deals” may have been prompted by DeepMind’s and similar arrangements (of which more later), but the real issue is Intellectual Property Rights, about which the ban on data exclusivity says nothing.

Elsewhere, the Secretary of State’s favourite, Babylon Health (whose investors include the founders of Google’s DeepMind) has ongoing NHS deals to provide 111 and ‘remote’ GP services, including AI chatbot ‘advice’ via app. What is perhaps less obvious to those using Babylon’s apps is what’s buried in its ‘privacy policy’ – that, with the flip of a single ‘consent switch’, the company uses your medical information to “improve the performance of our artificial intelligence” that then underpins its commercial offerings to the NHS, to UK and other health insurance companies, and around the world. “...medical information (de-identified in the way described above) may include your medical record (both records received and created by us), transcripts and recordings of your consultations, and your interactions with our artificial intelligence services...”

“Pseudonymity” and NHSX

To be clear, “de-identified in the way described above” means merely removing or replacing the most obvious identifiers like your name, address and contact details – leaving all the rich linked data in your medical history to feed to its AI, and to package up and pass on to others.

Meanwhile, the ‘new’ NHS app – launched nationally this week – is, according to the new head of the new department now responsible for it, NHSX, to become a “platform for innovation”.

NHSX CEO Matthew Gould has a somewhat different vision for the NHS app than his tech-enthusiastic boss’ bloated ‘one app to rule them all’ ambitions – an approach several British health IT suppliers said threatened the online GP services they are already providing to 14 million patients. Mr Gould would instead prefer the NHS app to be a “thin” platform, for “other app developers to plug into and use in their products” – passing around patients’ data and NHS numbers, that could then be linked to other online identifiers by third party commercial providers competing to provide functionality on top.

There are a whole range of commercial ‘Skype your GP’-type apps, but none of these work with NHS111. If video consultations are genuinely clinically useful, why would such functionality not be part of the main NHS app? And, in paring back its ‘new’ app, is DHSC (NHSX being one of its arm’s-length bodies) moving us all into a future where live ‘chat agents’ linked to commercially-hosted Electronic Health Records serve NHS patients’ data up in real-time to companies based overseas – and subject to very different data protection regimes?

Despite Matt Hancock’s bold protestations in response to President Trump’s “on the table” remarks, few appear to have registered that under Schedule 1, Chapter 5 of EU Exit Regulations quietly passed in February it won’t be Mr Hancock, but rather the Secretary of State for DCMS who defines what is and is not on the table for data trade deals – whether wholesale or retail, including NHS patients’ data. Once the UK has left the EU, whoever's in charge of the Department of Culture, Media and Sport will have sole authority to grant ‘adequacy status’ for the transfer of citizens’ data outside the UK.

Fair exchange?

A blurring of the line between ‘research’ and ‘commercial exploitation’ will be all too familiar to those who remember the care.data programme. And as research published recently by Future Care Capital shows, demand for data controlled by the NHS is unceasing – and the ultimate beneficiaries are far from clear. As with Google DeepMind, patients’ data is often merely the raw material; the ‘crude oil’, if you will – though such ‘data-is-the-new-oil’ analogies fall apart in other ways. The real value lies in ‘refined end products’: the tools, services and Intellectual Property derived from people’s private lives, from their DNA and their medical histories.

With so much at stake, don’t we – the people whose data could be up for sale – have a right to know?

And let’s be clear: it’s not just the US and Silicon Valley BigTech we need to be watching. In the furore following President Trump’s recent comments, Lord Drayson’s ‘ethical AI’ poster child Sensyne Health used a survey it had commissioned back in March, attempting to draw a distinction between what ‘naughty multinational companies that don’t pay UK tax’ do versus its own patriotic use of NHS patients’ data.

At first glance, offering 4% of future royalties back to the NHS might seem ‘generous’, until you realise this 4% must be split between every Trust that signs on – the NHS providing more and more patients’ data over time, for an ever-diminishing morsel of a small slice of pie.

And of course, ‘information intermediaries’ like Sensyne – a predominantly privately-owned publicly-traded company – can always be bought out. So who’s to say it won’t be acquired by a giant multinational with a hankering for data? Data that is “pseudonymised” – and can therefore be de-anonymised, as the law now recognises and as medConfidential has been arguing for years.

So, will it be Google’s Streams app, hoovering up your hospital histories? Or the NHS’ new ‘App-as-a-Platform’ spitting out your NHS number and GP records, with or without Babylon’s AI chatbot or remote consultations? Maybe it’ll be through Sensyne’s ‘data trust’ approach to servicing industry, or NHS England refilling its Data Lake with your individual level data as part of its Long Term Plan? Frankly, it could be all of these – and a million and one other eager ‘innovators’ currently circling the NHS – who’ll end up funnelling your medical records into their bottom lines.

If you think this is all about old-fashioned ‘privatisation’, you’re missing a trick. Privatisation happens to organisations; exploitation happens to people. If you really want to know what’s going on, you can’t just follow the money, you must follow the value – and for that, you must follow the data.

Had enough of ‘alternative facts’? openDemocracy is different Join the conversation: get our weekly email


We encourage anyone to comment, please consult the oD commenting guidelines if you have any questions.
Audio available Bookmark Check Language Close Comments Download Facebook Link Email Newsletter Newsletter Play Print Share Twitter Youtube Search Instagram WhatsApp yourData