UK: Hospital failed to comply with Data Protection Act

Patient data shared without permission.

The UK’s Information Commissioner’s Office (ICO) has ruled that the London Royal Free Hospital failed to comply with legislation when it shared patient data with Google’s AI division DeepMind. 

The data was to be used in developing a health app.  However, the patients whose data was shared had never agreed that their private medical data could be used in this way. 

The Information Commissioner acknowledged the potential of using patient data but stated “the price of innovation does not need to be the erosion of fundamental privacy rights.”

The ICO published additional lessons learned for other organisations. These include the importance of understanding – and complying with – information legislation.

The Hospital was not fined, but has committed to changing the way it handles patient data.

Source ITProPortal