The news last week that Google had made a start on a data sharing scheme using National Health Service records will have surprised no-one. The manner in which the issue has been handled will, however, have stunned everyone. As this report from the BBC confirms, the tech giant appears first to have experimented with the data and only afterwards to engage with the patients whose data it was.
Contractually this may have been acceptable. There has been no suggestion of legal wrongdoing by anybody, although the Information Commissioner’s Office is checking. Morally and as a PR gambit it is insanity regardless of the law. The idea that patients would acquiesce on discovering that a company the size of Google had used their information without getting their express permission is ridiculous. For all of the rationalisation about how it will improve the country’s health overall, the emotional reaction is to protect health data from big business.
Curiously, this is nothing new.
Microsoft as a player
It may be as long as ten years ago that I had a briefing with Microsoft on the notion of the Microsoft Healthvault, This was fully operational in America at the time. The idea was that someone would have an online “vault” of health information to which they as well as the health professionals would have access any time. It would be possible to check and correct information: the idea was to empower the patient as well as the health services.
It launched in the UK in 2010 without a huge fanfare. At the time the head of the operation in the UK was savvy enough to appreciate the emotive difficulty people might have in trusting a private for-profit company with so much of their personal information.
This was before the various tax scandals engulfed big businesses from America with HQs in Europe which have been so much in the news over the last 24 months or so. Many businesses, including Google, are less trusted than they were before as this article from the New Statesman in February will attest.
The principle of the technology, however, addresses a very real problem.
Here’s an incident that happened to me a couple of years ago. Due a risk of hereditary glaucoma I attend an eye clinic once a year. Between appointments I found a small lump on one of my eyes so I went to the local hospital and ended up in their A and E for eye treatment.
I saw a doctor and immediately, due to my age, she set about screening me for glaucoma. I told her I was already being monitored by that very department for the same condition and therefore in the system; I offered to point out the cabinet in which my records were kept.
She insisted that in spite of the proximity of the departments, hers was a separate department and could not look at my existing records no matter what permission I gave. She then spent an hour ignoring the reason I’d attended the clinic and testing me for a condition for which I was already being monitored, and on which there were about 15 years worth of records on my progress. Eventually she had a look at the eye and decided the new lump was a minor abrasion and nothing to worry about. The process took about 90 minutes; add that up in terms of redundant tests for, say, a few thousand patients nationwide and the evidence is compelling. Something has to be done.
The vault principle
So the idea of a health vault of some description, whether through Google’s Deepmind project, Microsoft’s aforementioned Healthvault scheme or someone else’s technology entirely, should be a logical step. There has never been a better time to monitor people’s health with technology, in an age in which a smart watch can check pulse rates and activity levels and beam them to an app on a phone, which could then presumably communicate with a central database as long as the right permissions are granted. Patients could, presumably, authorise related health professionals to check each other’s information where relevant.
Unfortunately this has to happen in the real world. In this real world, Google has settled its tax affairs in the UK but left a sour taste in a number of mouths, as the previously-mentioned New Statesman article confirms. Companies as long established and as large as Yahoo! are capable of suffering security breaches. And of course, Google has started mining data without explaining what it was doing in advance,
Linking data is a great idea rationally and certainly it could improve the health of the nation. It’s just that a few more emotional bridges have to be built and reinforced before it’s seen as acceptable.