Information Commissioner’s Office (ICO) investigation

Update September 2019: In November 2016, the Royal Free London entered into a five-year partnership with the British technology company DeepMind. In November 2018, it was announced that Streams, and the team behind it, would move to Google Health UK so that the app can grow and support more doctors to deliver faster, better care to patients. In September 2019, after careful consideration, we have now replaced our partnership agreements to continue our work with Google Health UK.

In July 2019, The Information Commissioner’s Office recognised that the Royal Free had completed all actions required in the undertaking and that there were “no further outstanding concerns regarding the current processing of personal data within Streams”.

What the investigation was about

The Information Commissioner (ICO) has been looking at the way patient data was used to test Streams for safety. This process was first governed by a partnership agreement signed between DeepMind and the Royal Free NHS Foundation Trust in September 2015, which has since been superseded by an agreement signed in November 2016.

The focus of the investigation has been on the Royal Free London as the data controller and the ICO raised concerns about whether we could have done more to inform patients that their information was being processed to test the safety of the Streams app and the amount of information that was processed.

The ICO concluded that we had not done enough to inform patients that their information was being processed by DeepMind during the testing phase of the app.

The ICO said there was a lack of transparency about how we were using patient information to test the new app and therefore patients could not exercise their statutory right to object to the processing of their information.

The ICO asked us to give undertakings to take certain steps, including commissioning an independent third party audit, which we have now done (see below). We continue to be of the opinion that the use of live data during the testing phase of the app was critical to ensuring it could safely be deployed on our wards. We have asked for greater clarity about how trusts like ours can test new technology to ensure it is safe without using real data.

What we’ve learnt

We take seriously the findings of the ICO and have signed up to deliver all of the undertakings - continuing to be open and transparent about how we use patient information and conducting a third party audit of our current processing arrangements with DeepMind.

This project is one of the first of its kind in the NHS and we recognise that there are clearly lessons which can be learnt from our experience during the testing phase of the Streams app. These lessons will be applicable to the whole of the NHS and we would welcome new guidance from the ICO and the Department of Health about how hospitals like ours can test new technology which is being delivered in partnership with third parties.

One lesson is to provide greater transparency. We are now doing more than any other hospital trust in the country to tell our patients and the public how we use their information. This includes a detailed section, with a Q&A on our website and an animation film which explains what happens to their information when patients come to our hospitals. We have also displayed guidance about how patients can opt out if they do not want their information to be shared with third parties. We have produced patient information leaflets which answer common questions about how we use and share information which have been distributed across our hospitals and posters which have been displayed in high footfall areas of our hospitals and banners for main reception areas.

We have also entered into a new agreement with DeepMind which came into effect in November 2016 and with which the ICO has not expressed any concerns.

The National Data Guardian has acknowledged that there is a need for further guidance about how hospitals and other organisations should develop and test new technologies where that work might require the use of identifiable patient data at some stages.

We do not believe it would be possible for the Royal Free London to ever sign off a product like Streams as clinically safe had it not been tested using real patient information. We believe that the five-year period of data which we used to develop the app was absolutely crucial to demonstrate its safety before it was made available for use on the wards.

Q&A

What is Streams?

Streams is a secure instant alert app which delivers improved care for patients by getting the right data to the right clinician at the right time. Similar to a breaking news alert on a mobile phone, the technology notifies nurses and doctors immediately when test results show a patient is at risk of becoming seriously ill, and provides all the information they need to take action. Each year, many thousands of people in UK hospitals die preventably from conditions like sepsis and acute kidney injury, because the warning signs aren't picked up and acted on in time.

Streams integrates different types of data and test results from a range of existing IT systems used by the hospital.

Because patient information is contained in one place – on a mobile application – it reduces the administrative burden on staff and means they can dedicate more time to delivering direct patient care.

The Streams app was built in close collaboration with clinicians at the Royal Free London and it is already helping them to provide better, safer and faster care to our patients. Nurses report it is saving them around two hours each day – time which would previously have been spent looking through paper patient notes.

Is it being used to help treat patients?

Yes, it is currently being used by clinicians at the Royal Free London to help identify patients at risk of acute kidney injury. We hope it will be developed to help improve care for patients with conditions like sepsis in the future.

We took a safety-first approach by testing Streams using real data in accordance with standards issued under the Health and Social Care Act. This was to check that the app was presenting patient information accurately and safely before being deployed in a live patient setting. Real patient data is routinely used in the NHS to check new systems are working properly before turning them fully live.

The app has been through a rigorous user testing process and has been registered with the Medicines and Healthcare products Regulatory Agency (MHRA) as a medical device.

Here is the story of just one of the many patients Streams is now helping https://www.royalfree.nhs.uk/news-media/news/new-app-helping-to-improve-patient-care/

Will you continue working with DeepMind?

Yes. We are proud of our partnership with DeepMind. We have learnt lessons from the testing phase of the app and will be signing up to the undertakings issued by the ICO.

We are committed to the partnership with DeepMind which we entered into in November 2016, which incorporated much of our learning from the early stages of the project.

We are determined to get this right to ensure that the NHS has the opportunity to benefit from the technology we all use in our everyday lives. We must embrace the opportunities which come from working with a world-leading company such as DeepMind to ensure the NHS does not get left behind.

I’m a patient at the Royal Free Hospital, has my information been shared with DeepMind?

The Royal Free London is the ‘data controller’ and has been in control of all patient data at all times. Patient data can only be used on the instruction of the hospital.

The partnership means that the Royal Free London has allowed DeepMind to process the data only on its behalf and only for the provision of Streams, and this is similar to the way we work with many other external IT companies.

It has always been held to the very highest standards of security and encryption. There has been no “data mining” or AI research on this data. The data used to provide the app has always been strictly controlled by the Royal Free and has never been used for commercial purposes or combined with other Google products, services or ads – and never will be. It can and will only ever be used to help improve hospital care, under the control of the Royal Free.

Our patients have the right to withdraw and refuse consent to information sharing at any time, but note that not sharing information may affect the quality and safety of the care they receive. Click here for more information.

What were the results of the independent audit?

The undertakings given to the Information Commissioner included commissioning an independent third party audit into Streams. The audit was carried out by Linklaters LLP. Their conclusion is that our use of Streams is lawful and complies with data protection laws. While the audit identified areas in which further improvement could be made, it contains the important conclusions set out below.

DeepMind only uses patient information for the purpose of providing Streams. It does so under the direction of the Royal Free London and in strictly controlled conditions. DeepMind is not permitted to use patient information for any other purpose.
Streams does not use artificial intelligence. Instead, it implements a simple decision tree used across the whole of the NHS.
The audit revealed nothing that casts doubt on the safety and security of the patient information used in Streams. The audit confirmed appropriate systems and controls are in place to protect patient information.

You can download the audit report here.