If you were miffed about Britain's National Health Service (NHS) giving your sensitive data away to Google's DeepMind, how you respond to today's news is probably a crapshoot. The NHS has announced that it will begin anonymizing said data that's been used to analyze blood test results and to detect risk of acute kidney injuries and other ailments. To be clear, these are separate events (the data use and today's announcement), but one led to the other. In 2016, the NHS and DeepMind caught their fair share of criticism over how data was shared with implied -- not explicit -- consent from 1.6 million patients.
"The new de-identification process (known as De-ID) will protect patient privacy by de-identifying a person's records in a consistent way," according to a statement from the NHS. "This will mean that when the right legal basis, controls and safeguards are in place, data can be linked across different care settings and geographic boundaries."
Now the NHS is partnering with Privitar on the De-ID work, a firm apparently so concerned with privacy, it put half the word in its name. NHS data director Tom Denwood said his organization already anonymizes data, but De-ID is different than previous methods because it follows a standardized way of doing so, with "one, consistent" method. At its simplest, the data is anonymized in bulk, automatically, "across all data collections."
Last year, the debate over the way DeepMind and the NHS used data hit a fever pitch. The UK's data watchdog, the Information Commissioner's Office (ICO), ruled that an NHS Trust broke the law by sharing sensitive patient records with Google's DeepMind division. Doing so violated the Data Protection Act 1998 because patients weren't informed that their data was being used.
There was also another violation concerning the amount of records that DeepMind had access to. The ICO ruled that 1.6 million sets of patient data weren't "necessary and proportionate" to test the NHS' Streams mobile app.