If your child is being treated by Great Ormond Street, you’d be forgiven for having missed the announcement by press release a couple of weeks ago that GOSH has just signed a deal with an AI (‘Artificial Intelligence’) company called Sensyne Health.
You likely won’t have heard of Sensyne, run by former Minister of State for Science and Innovation and Labour peer, Lord Drayson. And on first appearances, more research into childhood diseases is a good thing – who would argue with that?
Look a bit closer, though, and many questions are left unanswered – not least who stands to profit most from this and other deals: Sensyne, its founder, its commercial partners and its majority shareholders, the NHS or patients?
Sensyne loves to boast about its ‘unique selling point’, which is that it “gives something back” to the NHS; a minor shareholding (typically £2.5m-worth of shares) and maybe a few hundred thousand pounds a year that each NHS Trust can apply for.
In return, Sensyne gets LOTS of data – NHS patients’ data – which it claims is “anonymised”, but which turns out not to be anonymous at all.
Doctors asking about existing contracts just before the pandemic were given a list of the items (“fields”) of data about each patient that NHS Trusts are required to provide to Sensyne under the terms of the deal:
This list clearly includes what is known as a ‘pseudonym’ – a unique ID for each patient – which allows Sensyne to link together every episode, every diagnosis and visit to hospital for each individual.
That is not anonymous data!
In fact, the law is quite clear; data linked with pseudonyms like this, which is often referred to as ‘pseudonymised data’, is deemed to be identifiable data and thus personal data under UK law. And you have rights regarding your personal data – especially your health data, around which there are additional ‘special category’ protections.
The second and third questions (after who profits?) must therefore be, were you even notified that this was happening? And was your permission sought?
Every use of personal data must be lawful, fair and transparent – the very opposite of a company trying to hide its business behind self-serving, legally incorrect mis-definitions of anonymous data, not telling you what it is doing with your or your children’s most sensitive data, and not giving you a choice!
Other questions which need answering include:
Exactly what data is being passed to Sensyne Health plc?
- Is it everything in your child’s Electronic Health Record (EHR)?
- What level of detail is being taken, e.g. heart rate every 30 seconds?
- Will it include treatments, and doctors’ notes?
How much and whose data is being passed to Sensyne?
- The press release says “320,000” Great Ormond Street patients’ data. Is that the upper limit, or will that number grow over time?
- [N.B. Sensyne states its ambition is to have “c.12.5m [NHS patient] records by the end of December 2022”.]
For what purposes will children’s data be used?
- Is this to allow children to be tested alongside adults in developing and validating new algorithms, etc?
- [N.B. This is not necessarily a bad thing, but who will know what data trials they are in?]
- Who determines what Sensyne’s commercial partners get to do? Are patients told? Do they have a choice?
What about notification, what if people have questions – and what about consent?
- Why haven’t parents and children been told, much less consulted? When will their permission be asked?
- Who wrote the contract? Are NHS Trusts simply signing whatever Sensyne’s lawyers tell them is fine?
- Who decided the data was sufficiently “anonymous” to set aside patients’ legal rights?
Plus who knew what, and when?
- Did Great Ormond Street’s Caldicott Guardian know about this deal with Sensyne health plc, and did they sign it off?
- And how many other commercial data deals has GOSH made?
Not every data or AI contract that hospital Trusts sign will go as badly as Google DeepMind’s with the Royal Free, of course. But should NHS hospitals really be negotiating to hand their patients’ data (not to mention a reputational boost) to profit-seeking commercial interests, even for a notional stake? And should a world-leading specialist children’s hospital be doing anything – anything at all – that could compromise trust?
David Cameron (remember him?) may have said a few years back that every NHS patient should be a “research patient”, with their medical details “opened up” to private healthcare firms.
As this summer has shown for people’s GP data, not everyone necessarily agrees.