Google's AI-powered health tech subsidiary, DeepMind Health, is planning to use a new technology loosely based on bitcoin to let hospitals, the NHS and eventually even patients track what happens to personal data in real-time.
Dubbed "Verifiable Data Audit", the plan is to create a special digital ledger that automatically records every interaction with patient data in a cryptographically verifiable manner. This means any changes to, or access of, the data would be visible.
DeepMind has been working in partnership with London's Royal Free Hospital to develop kidney monitoring software called Streams and has faced criticism from patient groups for what they claim are overly broad data sharing agreements.
Critics fear that the data sharing has the potential to give DeepMind, and thus Google, too much power over the NHS.
In a blogpost, DeepMind co-founder, Mustafa Suleyman, and head of security and transparency, Ben Laurie, used an example relating to the Royal Free Hospital partnership to explain how the system will work.
"[An] entry will record the fact that a particular piece of data has been used, and also the reason why, for example, that blood test data was checked against the NHS national algorithm to detect possible acute kidney injury," they write.
DeepMind argues that health data, unlike a cryptocurrency, doesn't need to be decentralised - Laurie says at most it needs to be "federated" between a small group of healthcare providers and data processors - so the wasteful elements of blockchain technology need not be imported over.
Instead, the data audit system uses a mathematical function called a Merkle tree, which allows the entire history of the data to be represented by a relatively small record, yet one which instantly shows any attempt to rewrite history.
Although not technologically complete yet, DeepMind already has high hopes for the proposal, which it would like to see form the basis of a new model for data storage and logging in the NHS overall, and potentially even outside healthcare altogether.
Right now, says Suleyman, "It's really difficult for people to know where data has moved, when, and under which authorised policy. Introducing a light of transparency under this process I think will be very useful to data controllers, so they can verify where their processes have used or moved or accessed data.
In the long-run, Suleyman says, the audit system could be expanded so that patients can have direct oversight over how and where their data has been used. But such a system would come a long time in the future, once concerns over how to secure access have been solved.
Source:
The Guardian