Google’s DeepMind Has a Plan for Protecting Private Health Data—From Itself
It's next problem is how to assure hospitals, and the public at large, that patient confidentiality isn’t compromised.
As part of its projects with Britain’s National Health Service, Google’s artificial intelligence unit DeepMind announced last week it’s developing a new way to protect confidential health data—from itself. Its problem: How to assure hospitals, and the public at large, that patient confidentiality isn’t compromised as it processes the sensitive medical health records entrusted to it.
DeepMind’s proposed solution is to create an indelible data log that can’t be tampered with. It would show when a piece of data was used, and for what purpose. Importantly, DeepMind itself wouldn’t be able to modify logs to use the data nefariously. The solution bears resemblance to the “distributed ledger technologies” or “private blockchains” that the financial world has been trying to create in recent years. While loathe to call it “blockchain”—DeepMind prefers the term “verifiable append-only ledger” to describe its health data system—it is interested in one property that the technology can confer upon its users: trust.
While the banks want blockchains to slash back-office costs while staying compliant, DeepMind needs blockchains to shore up public trust. Last year, DeepMind’s work with the UK’s health service was dragged into the public by a New Scientist investigation. The publication found that 1.6 million patient names, addresses, and other information from three London hospitals had been shared with Google’s artificial intelligence subsidiary. It triggered an investigation by the UK’s privacy regulator that is ongoing. DeepMind and the hospitals say they followed the rules.
Huge data sets are what make artificial intelligence work. For DeepMind, access to a trove of national heath data could give it a significant advantage in the race to develop AI techniques for healthcare (although it says the Streams app that it’s devising with the three London hospitals doesn’t involve AI). Nonetheless, DeepMind needs to assure the hospitals—and the public—that it’s handling sensitive medical data safely. “We hope that by building tools like this in the open, we’ll improve the level of trust that patients have with respect to this data access,” DeepMind co-founder Mustafa Suleyman says.
But for all its talk of transparency, letting patients access their own data logs isn’t part of DeepMind’s plan. Suleyman says it might happen one day, but that his firm’s obligation is to the hospitals. DeepMind is the data processor to the hospitals, which are the data controllers. “Our job is to help them do a better job of their own governance. In the long term, you can see the potential patient benefit … but it’s a bit early,” Suleyman says. This is a crucial distinction because under European data protection laws controllers bear heavier responsibilities.
So who owns what, when it comes to DeepMind’s health blockchain? The underlying data belongs to the hospitals, while the software belongs to DeepMind, says Suleyman. The data logs, created when the software processes the patient data, also remain under the hospitals’ control, DeepMind says.
And what happens if there’s an error in logging the data, since the records can’t be changed? The hospitals will have to figure that out, says Suleyman. “We provide that [data] set to the controller, namely the hospital. They already have a whole host of processes to deal with various degrees of error that may or may not have been made,” he says.
DeepMind says the system will be used sometime this year. It will be built on a foundation devised by Ben Laurie, its head of security and privacy. While at DeepMind’s parent company, Google, Laurie created a similar system to ensure security certificates issued by websites haven’t been tampered with, called the Certificate Transparency scheme.
For watchers of financial blockchains, DeepMind’s entry to the space indicates progress for the technology powering these private blockchains. “It’s interesting, whatever it is,” says Simon Taylor, a co-founder of fintech consultancy 11:FS. “And in my opinion, a sign of where the market will move.” Not every business sector will need the sort of global, public, agreement on a ledger’s entries that cryptocurrencies like bitcoin requires, he points out.
Wall Street now has well-qualified company in the attempt to graft blockchain technology to existing industries.