Australian authorities released "anonymised" data into the public domain for research. It didn't take long for the ever-amazing Dr. Vanessa Teague et al. to deanonymise it.
To be more specific she de-anonymised 7 individuals in the data set and claimed she could do more (if you used someone's semi-personal information).
The risk with good de-identification is generally not that they can find everyone but that given enough knowledge they can find one individual. Or in other words, that your friend find you in the data set with enough effort. It's also why you're supposed to remove famous people from such data sets.
Because their personal information is public thus everyone has it which makes re-identification much easier. Although nowadays there's so much information out there that "famous" covers a lot of the population.
That said, a public data where you can re-identify your friends should not have been released in the first place.
Because the average "famous" individual has far more personally identifiable data out for public digest than you or I,
It's not about special treatment, just understanding the realities.
Sure, but the publicly available data is huge for lots of people. I don't see why you'd make an exemption for celebrities. If you can deanonymize people in sensitive data sets, don't release them. Saying "we'll protect the VIPs, the rest can go deal with the fallout of their employers looking at their personal health issues" isn't an option to me.
But the famous have to deal with paparazzi! Peons are only exposed to insurance companies digging for pre-existing conditions, stalkers, violent exes, potential employers, ...
I had an "of course they did" moment when the article stated:
> In 2016, the Government proposed making the re-identification of government data an offence.
That's such a typical and idiotic response that it makes my blood boil. That someone can utter such mind-boggling bullshit in 2016. It highlights how the authorities, while having ostensibly good intentions, are absolutely and near-criminally clueless to the realities of modern technology. And I use the word "modern" loosely.
Post 2000, anyone who is in a position of power and proposes to fix a data-leak (and I believe this is a data-leak) by making it illegal to analyse said data leak, should be sent to a course on cyber-security, because they are apparently clueless and their decision making presents an acute risk.
That's such a typical and idiotic response that it makes my blood boil. That someone can utter such mind-boggling bullshit in 2016. It highlights how the authorities, while having ostensibly good intentions, are absolutely and near-criminally clueless to the realities of modern technology. And I use the word "modern" loosely.
It reminds me of Theresa May's desire when she was UK Home Secretary of making it illegal to use non-Government-approved encryption algorithms. AFAIK, there are still plenty among UK Conservatives who believe it should be so.
More infuriating, it's often seen as something to be proud about for them. They're compensating for their own inadequacy - they don't understand how something as basic as a smart phone works, so act as if that's a virtue.
This lack of knowledge clearly extends to policy too:
"The UK came 34th out of the 34 members of the Organisation for Economic Cooperation & Development (OECD) for spending on transport equipment.
Illustrating the meagre spending in recent years on the latest technology and industrial kit by UK firms, the study also found Britain ranks near the bottom – 20th out of 21 countries for which data is available – in spending on IT systems and 23rd out of 27 countries for investment in other types of machinery.
The UK is better at constructing new homes and office blocks, but even in these sectors, the UK is still well below the OECD average.
The only area where the UK is ahead of the OECD average is in intellectual property, ranking 13th of 34 countries.
In total, UK capital investment was 16.6% of GDP in 2014, matching Italy’s spending as a proportion of national incomes, while the average across all OECD countries was 20.8%. Germany fell just below the average with a figure of 20%, but France edged higher to register spending equal to 21.8% of GDP.
Only Greece and Portugal invested less than the UK, leaving it to rank 33rd out of 35 countries." [0]
Just wait a few minutes. On HN I bet the number is closer to 60/40 in favor.
As for the 13%, my guess is that they think "Important people say that it will help us to apply computers to NHS data, so they should have at it and advance civilization. Even better that it will be based on UK data, because they might pay us directly and they might be able to find current NHS inefficiencies, which may counter the austerity cuts that lengthened wait times and made our cancer statistics worse than US statistics. Finally, the UK will be thought of as the leading edge of this tech advance, and that might bring investments, employment, and tax receipts."
There could also be the realistic/fatalistic perspective that public opinion has little or no effect on government decision-making so you might as well think positively about it, because it's happening whenever they can sneak it through.
Older family members of mine, who are conservative, have this knee-jerk response that it's valuable but there's no downside. As they lack critical thinking skills when they are challenged to suggest the value of this data to bad actors they will brush it off with an, "I can't think of any." Then if pushed they will really not be able to think of the possible consequences.
They all have the vote. They believe what they are told by people like them. They're uneducatable. I think they may be more that 13%!
The NHS has had data leaks in the past and their IT is supposedly fairly outdated (if our tabloid press is to be believed) so perhaps they genuinely believe that a specialised company would be able to do a better job?
This data point is not useful or usable. People should of course not trust anyone with their data, not even the NHS. The question is what tradeoffs they are willing to take considering the possible benefits for science and medicine. That's where researchers , universities and the industry could open a debate and inform the public about how to proceed in the future.
The NHS. Sure, you can pay privately, but that's way more expensive from what I understand.
If you need medical services, you have to give them some data. If there were similarly priced alternatives, trust would be a factor in the decision where to go. If there's only one, it's not - unless you count not seeking medical attention as an alternative.
Well, the NHS is literally "free at the point of delivery" so of course private sector healthcare is more expensive - although it is fairly common for employers to provide private health coverage.
What I would be worried about is how on earth anyone could actually evaluate the actual privacy of multiple competing suppliers - of course they will all claim that privacy is important.
And what about emergencies - where even if you have private healthcare you will be taken to an NHS hospital.
NHS Improvement (now NHS England and NHS Improvement until they get a new name) provide support around information governance: https://www.england.nhs.uk/ig/
All trusts should have non-executive directors, and part of their role is to hold the trust to account around information governance. In a Foundation Trust the NEDs will be jointly and corporately responsible for those decisions.
> Respecting patients’ rights to consent, privacy and confidentiality, and access to information, while enabling the legitimate sharing of information between care teams and professionals for the purposes of a patient’s direct care
My private medical insurance is £1200 per year for my wife and I, FWIW. Includes various add-ons including "advanced cancer cover". Also many big employers are providing health insurance as part of their benefits package these days.
I have nothing against the NHS, in fact I'm very much for it, but for non-essential items they can keep you waiting and I can't afford to have a lot of time away from my business.
Not that I'd trust my insurance company or health provider any more or less with my data than the NHS or their contractors, of course. It's not really something I've ever considered.
I had health insurance and when I was unable to work for a long period, they duly paid out but far less than I was expecting.
They broadcats vibes of warm-and-snuggly, puppies and kittens and smiling children but when the time comes they are predatory because it's they exist only for $$$. It becomes very clear at the end that they literally don't care about you.
In my case I accept that I was naive, but it's possible you may run into something similar. I imagine cancer can be expensive to treat and it's not rare - do you think £1200 amortised over a period would cover the cost?
"Hi, I've got cancer, and I've come to claim"
"Oh yes, here's your insurance policy! It says Advanced Cancer Cover"
"Quite"
"So do you have Advanced Cancer?"
"Well no but-"
"Then you're not covered. Have some of our FREE paracetamol for £12.50"
I'm being facetious but do check your small print.
You can chose your GP based on the software they use and the governance procedures they have in place to handle your data.
When you're referred on for elective care you can chose the hospital based on the same criteria.
You don't get much choice over emergency treatment, nor over mental health treatment.
I get the impression that people here think that you have one medical record that is available across all the NHS, but that's not correct. You have a bunch of different records in different places and they're not available to each other.
Anyone got a link to the actual poll and/or the precise questions that were asked? As far as I can tell the original source for this article is a press release from a UK digital healthcare company [1]. There is a fairly obvious conflict of interest there, since big tech firms here means "our competition". It could very well be leading questions, results cherry-picking, etc.
If you're in the US then the tech giants can already easily get your de-identified billing data. Billing data would contain what was done, by whom, when (probably only at a year level), where and why. It costs money but a drop in the bucket for them.
So the question is I feel, given that this has already been done, has this caused real-life problems for anyone? Known re-identification would be a HIPAA violation I believe so more likely to be reported.
There has been a very poor record of NHS and IT, at least for the last two decades i.e. the previous Labour government wasted £10bn+ and failed to provide any solutions. In the process, they alienated a range of medical professionals by creating a culture of mistrust towards the digital strategy[1]. In 2016, the 'WannaCry' ransomware attack, exposed the gaping holes in the system[2]. The current trend of rushing to give access to parts of the silo/NHS Spine to other providers like Babylon health et al., without due consideration or a debate, is another can of worms best left unopened.[3]
In the absence of any robust measures to safeguard data, it is right for the patients to be diligent and have a high degree of control over who gets access to their health data and opt-out while they still have a choice, as no explicit promises are provided by the NHS to keep your data confidential: use anonymised data whenever possible[4]
I was a software dev working in the NHS at the time of the National Programme for IT. They couldn't decide how they wanted authorisation to work, whether it was role based or whatever else.
We put a config flag in to switch between the two models they were going back and forth between and just twiddled it every week for months. There was some set charge every time they did it. They had the opposite problem with anything that actually mattered where they couldn't make a decision at all. Some of that software is still running in hospitals 10+ years later with apparently little change since the the NPfIT died.
I moved out of the healthcare domain shortly after that. A few years ago I tried to sell some software for next to nothing to the NHS for a team my wife worked for. A simple webapp backed by a DB instead of spreadsheets on a shared drive. They took the idea and gave it to an in house employee who was running it as a side project (charging more for it than I was) and never finished building it.
Speaking to someone in charge of innovation for a large part of the country recently, he said he couldn't even take some software I'd offered for a free trial. As he saw it the system was so broken he was warning everyone off. And his job was innovation.
The NHS is ripe for improvement. I suspect its management haven't got a clue what they're doing though and fear the lure of big tech firms will be the only thing they can't resist.
Now living in Sweden which has what seem like very sophisticated e-health systems by comparison (at least on the user-facing side), I wonder why the UK couldn't have purchased and adapted an existing system that worked elsewhere.
NIH combined with the optics of paying 'foreign' developers.
Which is silly given who actually owns large parts of British infrastructure but... We have a confluence of shitty corrupt middle managers masquerading as politicians and a terrible press.
I honestly have come to the conclusion that the UK is pretty fucked in the mid to long term.
You've reminded me of someone I know who also worked for an NHS body related to innovation/improvement who went to Amsterdam I think for an international healthcare conference.
I said it must have been interesting, lots to learn about. She replied that the NHS was the best in the world and there was nothing to learn about from anyone else in any respect.
Sadly, although I remain convinced many people must be slogging against the system, I suspect she isn't alone in that view.
It's not "the NHS". It's a bunch of GPs, hospital trusts, mental health trusts, community care trusts, and they're all independent competing non-profit businesses.
The current Secretary of State at the Department of Health and Social Care is pushing open standards and interoperability, but has an idealogical attachment to private companies providing software after competitive tender.
Essentially, different healthcare systems have different needs which are reflected in how their electronic health record systems are architected. For example, EHRs in the US are optimized for billing, and if you're moving an US-centric EHR, like Epic, to a country like Denmark with universal healthcare, all that functionality becomes superfluous. Not to mention the language differences, as well, which are touched upon in the article. It's possible that similar concerns played into the NHS's decision to build their own system. Some NHS trusts are moving forward with their own Epic implementations, however. For example: https://www.digitalhealth.net/2018/06/royal-devon-exeter-nhs...
> The current trend of rushing to give access to parts of the silo/NHS Spine to other providers like Babylon health et al., without due consideration or a debate, is another can of worms best left unopened.[3]
I don't get it. Babylon is just another provider. There's not much difference between Babylon and other GP providers - they get your data if you're their patient and not otherwise. They're subjected to the same rules as other GPs.
There isn't some huge database somewhere of "all the NHS data" that providers can dip into. Each provider has it's own data, with little bits fed-back into the gp system or the spine.
>I don't get it. Babylon is just another provider. There's not much difference between Babylon and other GP providers - they get your data if you're their patient and not otherwise. They're subjected to the same rules as other GPs.
Babylon is unlike any other providers; it is an AI & Data first, app-based subscription model with a mix of state funded services. It's aim is to acquire more data in order to train models. The overwhelming majority of traditional GP's are primarily focused on patient first policy ─ they are usually non-profit with scant resources and a poor to non-existent IT strategy. To normalise these new models by trivialising differences between traditional services (as flawed, as they might be) would only serve to marginalise existing practices and it is the first step towards introducing scope-creep by politicians, who have an unhealthy obsession with statistics, quick fixes and making Faustian pacts with the private sector.
Babylon claims to go beyond any GP by being on par with human doctors and boasts of it's partnerships with Samsung and Tencent and counts DeepMind as one of it's investors. Just like any startup looking to disrupt, the platform is cloud-based and hosted on AWS[1]. It records every interaction, including video ─ which is retained for later review. It is growing at an exponential rate, despite a limited presence in London. The patient database reveals that it caters to a very specific demographic across varied and different parts of the city i.e. 83% of patients are aged between 20 to 39 years.
While it is still in it's infancy, it has already been involved in legal tussles and has been accused of dubious practices[2][3]. There is no visibility on algorithms, models and related datasets nor is there any indication of AI ethics being in place. There is also the issue of the CEO being linked to a white elephant project before his current fast-tracked foray into digital healthcare, which was probably rubber-stamped by officials in Whitehall. Although, it is undeniable that the NHS is overburdened and could do with some help to ease the pressure, but Babylon seems to be doing the exact opposite by applying the 'moving fast-breaking things' ethos inside an institution, which is already broken and moving slow.
I have already linked the Wired article, which discusses some of the topics above in-depth, other facts are supported by the FT article (paywall) and Forbes, which are reasonably reputable sources in my opinion.
This stance seems a bit silly to be honest. In my experience, smaller companies have much less structure in how they handle data access internally, as well as for security in general. Thus privacy seems actually better protected through control mechanisms there, perhaps a bit counter-intuitively though. Of course it depends a lot on the particular company.
A few years back I did a penetration test for a hospital, in which a mainframe was in scope (I have some mainframe training from Y2K / tech bubble era, so I almost know what I'm doing in that camp). Because medical students were also working on that mainframe, ample anonymized records were lying around for their studies.
All things said, in my final report were several examples of said anonymized records paired with the actual patient real-life info, obscured only enough that they could verify the result without my report contributing to the problem.
What stood out was how vocal and even cynical they were when I brought up what I had found initially. That is, until I finished the testing and report, complete with a batch script that would automate what I had done manually.
So, I commend these UK adults for recognizing the risks. Everything might be safe as described, but a policy of transparency might help alleviate the trust issue. Allow the public, or at least an expert not connected to the success of the system to know exactly what information is in the records being shared, because sometimes 2 or more disparate data sets can be combined to tell a much bigger story.
50 comments
[ 59.5 ms ] story [ 244 ms ] threadhttps://www.abc.net.au/news/science/2017-12-18/anonymous-med...
The risk with good de-identification is generally not that they can find everyone but that given enough knowledge they can find one individual. Or in other words, that your friend find you in the data set with enough effort. It's also why you're supposed to remove famous people from such data sets.
Because they deserve special protection the mere mortals don't?
That said, a public data where you can re-identify your friends should not have been released in the first place.
That's a very Boomer/Gen X thought pattern, Gen Y, Z and Alpha may not be famous yet but will be included in the data set.
I foresee an article - top 10 signs you shouldn't trust a dataset is sufficiently anonymised.
> In 2016, the Government proposed making the re-identification of government data an offence.
That's such a typical and idiotic response that it makes my blood boil. That someone can utter such mind-boggling bullshit in 2016. It highlights how the authorities, while having ostensibly good intentions, are absolutely and near-criminally clueless to the realities of modern technology. And I use the word "modern" loosely.
Post 2000, anyone who is in a position of power and proposes to fix a data-leak (and I believe this is a data-leak) by making it illegal to analyse said data leak, should be sent to a course on cyber-security, because they are apparently clueless and their decision making presents an acute risk.
It reminds me of Theresa May's desire when she was UK Home Secretary of making it illegal to use non-Government-approved encryption algorithms. AFAIK, there are still plenty among UK Conservatives who believe it should be so.
This lack of knowledge clearly extends to policy too:
"The UK came 34th out of the 34 members of the Organisation for Economic Cooperation & Development (OECD) for spending on transport equipment.
Illustrating the meagre spending in recent years on the latest technology and industrial kit by UK firms, the study also found Britain ranks near the bottom – 20th out of 21 countries for which data is available – in spending on IT systems and 23rd out of 27 countries for investment in other types of machinery.
The UK is better at constructing new homes and office blocks, but even in these sectors, the UK is still well below the OECD average.
The only area where the UK is ahead of the OECD average is in intellectual property, ranking 13th of 34 countries.
In total, UK capital investment was 16.6% of GDP in 2014, matching Italy’s spending as a proportion of national incomes, while the average across all OECD countries was 20.8%. Germany fell just below the average with a figure of 20%, but France edged higher to register spending equal to 21.8% of GDP.
Only Greece and Portugal invested less than the UK, leaving it to rank 33rd out of 35 countries." [0]
It's an absolute embarrassment.
[0] https://www.theguardian.com/business/2016/nov/16/uk-investme...
My guess is "I don't care" but it may be more nuanced than that, or something entirely else. I'd like to know if anyone can comment.
As for the 13%, my guess is that they think "Important people say that it will help us to apply computers to NHS data, so they should have at it and advance civilization. Even better that it will be based on UK data, because they might pay us directly and they might be able to find current NHS inefficiencies, which may counter the austerity cuts that lengthened wait times and made our cancer statistics worse than US statistics. Finally, the UK will be thought of as the leading edge of this tech advance, and that might bring investments, employment, and tax receipts."
There could also be the realistic/fatalistic perspective that public opinion has little or no effect on government decision-making so you might as well think positively about it, because it's happening whenever they can sneak it through.
They all have the vote. They believe what they are told by people like them. They're uneducatable. I think they may be more that 13%!
How do you even use the NHS without trusting them with your medical data?
If you need medical services, you have to give them some data. If there were similarly priced alternatives, trust would be a factor in the decision where to go. If there's only one, it's not - unless you count not seeking medical attention as an alternative.
What I would be worried about is how on earth anyone could actually evaluate the actual privacy of multiple competing suppliers - of course they will all claim that privacy is important.
And what about emergencies - where even if you have private healthcare you will be taken to an NHS hospital.
NHS Improvement (now NHS England and NHS Improvement until they get a new name) provide support around information governance: https://www.england.nhs.uk/ig/
NHS Digital provide support about data security and governance: https://digital.nhs.uk/data-and-information/looking-after-in...
Every health organisation has to have a Caldicott Guardian - this is a senior manager with responsibility for keeping data confidential: https://www.gov.uk/government/groups/uk-caldicott-guardian-c...
All trusts should have non-executive directors, and part of their role is to hold the trust to account around information governance. In a Foundation Trust the NEDs will be jointly and corporately responsible for those decisions.
NHS Staff who want to become leaders can get leadership training with the NHS Leadership academy. That will include information governance as part of an NHS board. https://www.leadershipacademy.nhs.uk/wp-content/uploads/2012...
The Professional Standards Organisation's "standards for members of NHS boards and clinical commissioning group governing bodies in England" mentions confidentiality, albeit only briefly: https://www.professionalstandards.org.uk/docs/default-source...
> Respecting patients’ rights to consent, privacy and confidentiality, and access to information, while enabling the legitimate sharing of information between care teams and professionals for the purposes of a patient’s direct care
I have nothing against the NHS, in fact I'm very much for it, but for non-essential items they can keep you waiting and I can't afford to have a lot of time away from my business.
Not that I'd trust my insurance company or health provider any more or less with my data than the NHS or their contractors, of course. It's not really something I've ever considered.
They broadcats vibes of warm-and-snuggly, puppies and kittens and smiling children but when the time comes they are predatory because it's they exist only for $$$. It becomes very clear at the end that they literally don't care about you.
In my case I accept that I was naive, but it's possible you may run into something similar. I imagine cancer can be expensive to treat and it's not rare - do you think £1200 amortised over a period would cover the cost?
"Hi, I've got cancer, and I've come to claim"
"Oh yes, here's your insurance policy! It says Advanced Cancer Cover"
"Quite"
"So do you have Advanced Cancer?"
"Well no but-"
"Then you're not covered. Have some of our FREE paracetamol for £12.50"
I'm being facetious but do check your small print.
That's partly because they don't really do primary care, and anything difficult or complicated will be sent straight back to the public system.
There is not only one place to go.
NHS Trusts are independent, competing, businesses. They use different software; they have different governance procedures.
When you're referred on for elective care you can chose the hospital based on the same criteria.
You don't get much choice over emergency treatment, nor over mental health treatment.
I get the impression that people here think that you have one medical record that is available across all the NHS, but that's not correct. You have a bunch of different records in different places and they're not available to each other.
[1] https://www.sensynehealth.com/insights/yougov-survey-shows-u...
Disclaimer: I work at Google, not on anything related to health or AI or ML.
So the question is I feel, given that this has already been done, has this caused real-life problems for anyone? Known re-identification would be a HIPAA violation I believe so more likely to be reported.
Q: Do you trust big tech with your data?
A: No, of course not!
Real world:
Q: If you trust us with your data, you will get access to X, and you will get discount on Y and free Z. Will you trust us?
A: Yes, sign me up!
A:. It's already free (at the point of use). Thanks anyway.
Q: Want access to X, and you will get discount on Y and free Z? You just have to tru-
A: OKAY!
In the absence of any robust measures to safeguard data, it is right for the patients to be diligent and have a high degree of control over who gets access to their health data and opt-out while they still have a choice, as no explicit promises are provided by the NHS to keep your data confidential: use anonymised data whenever possible[4]
[1] https://www.theguardian.com/society/2013/sep/18/nhs-records-...
[2] https://www.bbc.co.uk/news/technology-41753022
[3] https://www.wired.co.uk/article/babylon-health-nhs
[4] https://www.nhs.uk/your-nhs-data-matters/where-confidential-...
We put a config flag in to switch between the two models they were going back and forth between and just twiddled it every week for months. There was some set charge every time they did it. They had the opposite problem with anything that actually mattered where they couldn't make a decision at all. Some of that software is still running in hospitals 10+ years later with apparently little change since the the NPfIT died.
I moved out of the healthcare domain shortly after that. A few years ago I tried to sell some software for next to nothing to the NHS for a team my wife worked for. A simple webapp backed by a DB instead of spreadsheets on a shared drive. They took the idea and gave it to an in house employee who was running it as a side project (charging more for it than I was) and never finished building it.
Speaking to someone in charge of innovation for a large part of the country recently, he said he couldn't even take some software I'd offered for a free trial. As he saw it the system was so broken he was warning everyone off. And his job was innovation.
The NHS is ripe for improvement. I suspect its management haven't got a clue what they're doing though and fear the lure of big tech firms will be the only thing they can't resist.
Which is silly given who actually owns large parts of British infrastructure but... We have a confluence of shitty corrupt middle managers masquerading as politicians and a terrible press.
I honestly have come to the conclusion that the UK is pretty fucked in the mid to long term.
I said it must have been interesting, lots to learn about. She replied that the NHS was the best in the world and there was nothing to learn about from anyone else in any respect.
Sadly, although I remain convinced many people must be slogging against the system, I suspect she isn't alone in that view.
The current Secretary of State at the Department of Health and Social Care is pushing open standards and interoperability, but has an idealogical attachment to private companies providing software after competitive tender.
Essentially, different healthcare systems have different needs which are reflected in how their electronic health record systems are architected. For example, EHRs in the US are optimized for billing, and if you're moving an US-centric EHR, like Epic, to a country like Denmark with universal healthcare, all that functionality becomes superfluous. Not to mention the language differences, as well, which are touched upon in the article. It's possible that similar concerns played into the NHS's decision to build their own system. Some NHS trusts are moving forward with their own Epic implementations, however. For example: https://www.digitalhealth.net/2018/06/royal-devon-exeter-nhs...
I don't get it. Babylon is just another provider. There's not much difference between Babylon and other GP providers - they get your data if you're their patient and not otherwise. They're subjected to the same rules as other GPs.
There isn't some huge database somewhere of "all the NHS data" that providers can dip into. Each provider has it's own data, with little bits fed-back into the gp system or the spine.
Babylon is unlike any other providers; it is an AI & Data first, app-based subscription model with a mix of state funded services. It's aim is to acquire more data in order to train models. The overwhelming majority of traditional GP's are primarily focused on patient first policy ─ they are usually non-profit with scant resources and a poor to non-existent IT strategy. To normalise these new models by trivialising differences between traditional services (as flawed, as they might be) would only serve to marginalise existing practices and it is the first step towards introducing scope-creep by politicians, who have an unhealthy obsession with statistics, quick fixes and making Faustian pacts with the private sector.
Babylon claims to go beyond any GP by being on par with human doctors and boasts of it's partnerships with Samsung and Tencent and counts DeepMind as one of it's investors. Just like any startup looking to disrupt, the platform is cloud-based and hosted on AWS[1]. It records every interaction, including video ─ which is retained for later review. It is growing at an exponential rate, despite a limited presence in London. The patient database reveals that it caters to a very specific demographic across varied and different parts of the city i.e. 83% of patients are aged between 20 to 39 years.
While it is still in it's infancy, it has already been involved in legal tussles and has been accused of dubious practices[2][3]. There is no visibility on algorithms, models and related datasets nor is there any indication of AI ethics being in place. There is also the issue of the CEO being linked to a white elephant project before his current fast-tracked foray into digital healthcare, which was probably rubber-stamped by officials in Whitehall. Although, it is undeniable that the NHS is overburdened and could do with some help to ease the pressure, but Babylon seems to be doing the exact opposite by applying the 'moving fast-breaking things' ethos inside an institution, which is already broken and moving slow.
I have already linked the Wired article, which discusses some of the topics above in-depth, other facts are supported by the FT article (paywall) and Forbes, which are reasonably reputable sources in my opinion.
https://www.ft.com/content/19dc6b7e-8529-11e8-96dd-fa565ec55...
https://www.forbes.com/sites/parmyolson/2018/12/17/this-heal...
[1] https://aws.amazon.com/blogs/startups/how-babylon-health-bui...
[2] https://www.digitalhealth.net/2017/12/babylon-healthcare-cqc...
[3] https://www.artificialintelligence-news.com/2019/04/12/babyl...
FTFY.
All things said, in my final report were several examples of said anonymized records paired with the actual patient real-life info, obscured only enough that they could verify the result without my report contributing to the problem.
What stood out was how vocal and even cynical they were when I brought up what I had found initially. That is, until I finished the testing and report, complete with a batch script that would automate what I had done manually.
So, I commend these UK adults for recognizing the risks. Everything might be safe as described, but a policy of transparency might help alleviate the trust issue. Allow the public, or at least an expert not connected to the success of the system to know exactly what information is in the records being shared, because sometimes 2 or more disparate data sets can be combined to tell a much bigger story.