The legal justification used for sharing patient data from a London NHS hospital with Google-owned DeepMind wasn't valid, according to the UK's National Data Guardian.
Health data watchdog Dame Fiona Caldicott expressed her legal opinion of the controversial DeepMind data sharing deal in a letter to the head of the Royal Free NHS trust, after being asked for advice from Information Commissioner Elizabeth Denham.
The NHS trust teamed up with the deep-learning firm to trial a kidney app called Streams, which is designed to predict organ failure and avoid patient illness.
As part of the arrangement, the trust shared 1.6 million patient records with the Google-owned British start-up, a move that was called "inexcusable" by academics who examined the deal.
The National Data Guardian has seconded the criticism, arguing the Royal Free NHS Trust had implied the trial was for patient care, when it was actually intended to test the Streams application.
"It is my view and that of my panel that the purpose for the transfer of 1.6 million identifiable patient records to Google DeepMind was for the testing of the Streams application, and not for the provision of direct care to patients," Caldicott said in the letter.
"Given that Streams was going through testing and therefore could not be relied upon for patient care, any role the application might have played in supporting the provision of direct care would have been limited and secondary to the purpose of the data transfer.
"My considered opinion therefore remains that it would not have been within the reasonable expectation of patients that their records would have been shared for this purpose."
Caldicott has shared that opinion with the Information Commissioner.
She said guidance would be "useful" to organisations looking to test such technologies with patient data.
Caldicott stressed that she "keenly appreciate[s] the great benefits that new technologies such as Streams can offer to patients", but said misusing patient data could delay the use of such technologies.
"Wherever patient data is used, it is absolutely paramount that this is done in a transparent and secure manner, which helps to build public trust, otherwise the full benefits of such developments will not be realised, and indeed harm may be done."
DeepMind altered its data-sharing setup with the NHS after the initial round of complaints, and has since set up more trials.
