"The new de-identification process (known as De-ID) will protect patient privacy by de-identifying a person's records in a consistent way," according to a statement from the NHS. "This will mean that when the right legal basis, controls and safeguards are in place, data can be linked across different care settings and geographic boundaries."
Now the NHS is partnering with Privitar on the De-ID work, a firm apparently so concerned with privacy, it put half the word in its name. NHS data director Tom Denwood said his organization already anonymizes data, but De-ID is different than previous methods because it follows a standardized way of doing so, with "one, consistent" method. At its simplest, the data is anonymized in bulk, automatically, "across all data collections."
Last year, the debate over the way DeepMind and the NHS used data hit a fever pitch. The UK's data watchdog, the Information Commissioner's Office (ICO), ruled that an NHS Trust broke the law by sharing sensitive patient records with Google's DeepMind division. Doing so violated the Data Protection Act 1998 because patients weren't informed that their data was being used.
There was also another violation concerning the amount of records that DeepMind had access to. The ICO ruled that 1.6 million sets of patient data weren't "necessary and proportionate" to test the NHS' Streams mobile app.