Birmingham NHS trust passes medical data to Telefonica without patient consent

Stethoscope next to keyboard and coffee cup

Another NHS trust has apparently handed over medical data to a tech company without first asking patients.

According to a report in the Times, Birmingham and Solihull Mental Health NHS Foundation Trust gave Telefonica access to five years of medical records. The data was anonymised, with names and addresses removed, but patient consent was not sought.

The aim of the Telefonica project is to use an algorithm to spot when patients need mental health interventions, predicting if they will go into crisis in the next four weeks.

The report said initial trials on 25 users showed it "adding value to clinical care" but also returning many false positives, adding to doctors' workloads unnecessarily.

So far, the Spanish tech giant has only used historical data, presumably for training its algorithm before it was used to make predictions on the 25 users for the test.


Your guide to overcoming Brexit's data management challenges

Understand Brexit and the data law modifications it may cause


"The healthcare data does not leave NHS servers and is not used by Telefonica for any reason outside of the pilot," it said in a statement to the Times.

The project is in early stages, and for the second stage there are plans to incorporate phone data, such as location and message records, according to a Health Services Journal report from last year.

For the second stage of the project, the trust will be asking the Information Commissioner's Office for advice before moving forward — it's unclear why the trust did not check in with the data watchdog before the initial trial. Patients will be able to opt-out of future work, but again, it's unclear why they weren't notified and asked for consent for the first stage of the project.

The ICO has been approached for comment but has yet to respond.

AI is increasingly being used in healthcare, with algorithms trained to spot different types of cancer from radiology images but also beginning to shift towards supporting diagnosis. However, the AI needs to be trained on data, hence such companies turning to the NHS.

Back in 2016, Google-owned DeepMind sparked a scandal with a kidney illness prediction app it developed using data from the Royal Free Hospital Trust. Patient consent wasn't sought, which the ICO subsequently deemed broke data protection laws.