Information Commissioner’s Office (ICO) investigation

What the investigation was about

The ICO has been looking at the way patient data was used to test Streams for safety. This process was first governed by a partnership agreement signed between DeepMind and the Royal Free NHS Foundation Trust in September 2015, which has since been superseded by an agreement signed in November 2016. The ICO have not been investigating the live clinical use of Streams which is being carried out under the existing agreement between the Royal Free London and DeepMind and is delivering improved outcomes for patients with acute kidney injury.

The focus of the investigation has been on the Royal Free London as the data controller and the ICO raised concerns about whether we could have done more to inform patients that their information was being processed to test the safety of Streams app and the amount of information that was processed.

The ICO concluded that we had not done enough to inform patients that their information was being processed by DeepMind during the testing phase of the app.

The ICO said there was a lack of transparency about how we were using patient information to test the new app and therefore patients could not exercise their statutory right to object to the processing of their information.

They have asked us to deliver five undertakings (we have not received an enforcement notice or a fine) and we have agreed to address all of them and will be reporting back to the ICO soon. However we are of the opinion that the use of five years of data during the testing phase of the app was critical to ensuring it could safely be deployed on our wards. We have asked for greater clarity about how trusts like ours can test new technology to ensure it is safe without using real data.

 

What we’ve learnt

We take seriously the findings of the ICO and have signed up to deliver all of the undertakings – including delivering a third privacy impact assessment of our work with DeepMind, continuing to be open and transparent about how we use patient information and conducting a third party audit of our current processing arrangements with DeepMind.

This project is one of the first of its kind in the NHS and we recognise that there are clearly lessons which can be learnt from our experience during the testing phase of the Streams app. These lessons will be applicable to the whole of the NHS and we would welcome new guidance from the ICO and the Department of Health about how hospitals like ours can test new technology which is being delivered in partnership with third parties. 

We have already started working on the undertakings. For example we are now doing more than any other hospital trust in the country to tell our patients and the public how we use their information. This includes a detailed section, with a Q&A on our website and an animation film which explains what happens to their information when patients come to our hospitals. We have also displayed guidance about how patients can opt out if they do not want their information to be shared with third parties. We have produced patient information leaflets which answer common questions about how we use and share information which have been distributed across our hospitals and posters which have been displayed in high footfall areas of our hospitals and banners for main reception areas.

We have also entered into a new agreement with DeepMind which came into effect in November 2016 and with which the ICO has not expressed any concerns.

The National Data Guardian has acknowledged that there is a need for further guidance about how hospitals and other organisations should develop and test new technologies where that work might require the use of identifiable patient data at some stages.

We do not believe it would be possible for the Royal Free London to ever sign off a product like Streams as clinically safe had it not been tested using real patient information. We believe that the five-year period of data which we used to develop the app was absolutely crucial to demonstrate its safety before it was made available for use on the wards.

 

Q&A

What is Streams?

Streams is a secure instant alert app which delivers improved care for patients by getting the right data to the right clinician at the right time. Similar to a breaking news alert on a mobile phone, the technology notifies nurses and doctors immediately when test results show a patient is at risk of becoming seriously ill, and provides all the information they need to take action.Each year, many thousands of people in UK hospitals die preventably from conditions like sepsis and acute kidney injury, because the warning signs aren't picked up and acted on in time.

Streams integrates different types of data and test results from a range of existing IT systems used by the hospital.

Because patient information is contained in one place – on a mobile application – it reduces the administrative burden on staff and means they can dedicate more time to delivering direct patient care.

The Streams app was built in close collaboration with clinicians at the Royal Free London and it is already helping them to provide better, safer and faster care to our patients. Nurses report it is saving them around two hours each day – time which would previously have been spent looking through paper patient notes.

 

Is it being used to help treat patients?

Yes, it is currently being used by clinicians at the Royal Free London to help identify patients at risk of acute kidney injury. We hope it will be developed to help improve care for patients with conditions like sepsis in the coming months.

We took a safety-first approach by testing Streams using real data in accordance with standards issued under the Health and Social Care Act. This was to check that the app was presenting patient information accurately and safely before being deployed in a live patient setting. Real patient data is routinely used in the NHS to check new systems are working properly before turning them fully live.

The app has been through a rigorous user testing process and has been registered with the Medicines and Healthcare products Regulatory Agency (MHRA) as a medical device

Here is the story of just one of the many patients Streams is now helping https://www.royalfree.nhs.uk/news-media/news/new-app-helping-to-improve-patient-care/

 

Will you continue working with DeepMind?

Yes. We are proud of our partnership with DeepMind. We have learnt lessons from the testing phase of the app and will be signing up to the undertakings issued by the ICO.

We are committed to the partnership with DeepMind which we entered into in November 2016, which incorporated much of our learning from the early stages of the project.

We are determined to get this right to ensure that the NHS has the opportunity to benefit from the technology we all use in our everyday lives. We must embrace the opportunities which come from working with a world-leading company such as DeepMind to ensure the NHS does not get left behind.

 

I’m a patient at the Royal Free Hospital, has my information been shared with DeepMind?

The Royal Free London is the ‘data controller’ and has been in control of all patient data at all times. Patient data can only be used on the instruction of the hospital.

The partnership means that the Royal Free London has allowed DeepMind to process the data on its behalf, and this is similar to the way we work with many other external IT companies.

It has always been held to the very highest standards of security and encryption. There has been no “data mining” or AI research on this data. The data used to provide the app has always been strictly controlled by the Royal Free and has never been used for commercial purposes or combined with Google products, services or ads – and never will be. It can and will only ever be used to help improve hospital care, under the control of the Royal Free.  

Our patients have the right to withdraw and refuse consent to information sharing at any time, but note that not sharing information may affect the quality and safety of the care they receive. Click here for more information.