Category Archives: Press releases

medConfidential press releases

medConfidential response to “technology company DeepMind” Press Release

For immediate release – Tuesday 28 February 2017

One year after first telling the public that “technology company DeepMind” [1] was going to help the NHS, it is still unclear whether Google’s duplicitous offer still includes forcing the NHS to hand over the medical history of every patient who has visited the hospital. [2]

It is no surprise that digital tools help patients, but is Google still forcing the NHS to pay with its patients’ most private data?

As the NHS reorganises itself again with the Secret Transformation Plans, [3] NHS England plans a ‘National Data Lake’ for all patient data. [4] Of which this is one. In defending giving data on all its patients to Google, Royal Free’s Chief Executive, David Sloman, said “it is quite normal to have data lying in storage”. [5]

Tomorrow the Government announces the UK’s new digital strategy, [6] including new money for the Artificial Intelligence in which DeepMind specialises. Is copying of data on a whim what the future holds?

Clause 31 of the Digital Economy Bill suggests precisely that [7] – data can be ‘shared’ (copied) to anyone associated with a public or NHS body [8] who can justify it as “quite normal to have data lying in storage”.

As Downing Street takes the Trump approach to health data, [9] does Google now say the ends justify the means?

Phil Booth, coordinator of medConfidential said:

“So toxic is the project, the latest press release doesn’t even use the word “Google”.

“It is good that 11 patients a day get faster care due to this tool; but Google will still not say why they wanted data on thousands of patients who visit the hospital daily.

“Until patients can see where their medical records have gone, companies will continue to predate upon the NHS to extract its most important resources.”

Notes to Editors

1) This is how Google’s wholly-owned subsidiary, DeepMind – based in the Google offices in London – was misleadingly described in this press release published by the Royal Free:

2) ‘Google handed patients’ files without permission: Up to 1.6 million records – including names and medical history – passed on in NHS deal with web giant’, Daily Mail, 3/5/16:

3) Hospital cuts planned in most of England:

4) medConfidential comments on NHS England’s National Data Lake:

5) The Government confirms that the bulk data copied by DeepMind, i.e. SUS, “are maintained for secondary uses” and not direct care:

6) Due to launch on Wednesday, being now pre-briefed by the Minister:

7) Clause 31 of the Digital Economy Bill as currently drafted would allow any provider of a service to a public body (such as Google to the NHS) to share data with (i.e. provide a copy to) any other provider.

8) While the Draft Regulations for Clause 31 state that Department of Health bodies are excluded from the Clause, medConfidential has received confirmation that such bodies will be included in the final regulations after Parliament has considered the Clause without health included.

9) The NHS is being forced to release the names and addresses of vulnerable patients to the Home Office:

Questions that remain unanswered from May 2016 include:

  • What was the basis for Google to get 5 years of secondary uses data on every patient who visits the hospital? Google is getting thousands of people’s data per day, yet the hospital admits it is helping only a small fraction of them.
  • Why did the app not simply access the data it could clinically justify, when it needed to display it? That would have provided all the benefits of the app to patients and clinicians, and not given Google the medical records of patients which it had no justification for receiving. Did Google even talk to the hospital’s IT provider about access to only the data it needed before demanding all the data the hospital held?

medConfidential made a complaint to the ICO and National Data Guardian about the project in June 2016. Google and the Royal Free Hospital have failed to yet provide satisfactory answers and we understand the investigation remains ongoing.


medConfidential statement on continued sale of hospital records

During the failed Care.Data project, NHS England and the Department of Health said “patients have a choice” about how their data is used – they could opt out if they wished.

NHS Digital, the bit of the Department of Health that sells data to companies, has gone back on the Secretary of State’s word on a critical detail, and Jeremy Hunt has given up. To the Information Commissioner, they now say: there is no choice about whether your hospital data is sold. NHS Digital admit and demonstrate that it continues to be sold.

The opt out was the gift of the Secretary of State, and he has taken part of it away again. Merry Christmas everyone.

On that basis, other legal options remain open to patients. This is not the end, but it is the end of the beginning.

The opt out has begun to be implemented – it does do some things – but the main purpose of opting out of your hospital data being sold, is that your hospital data doesn’t get sold. That is the part that continues to happen in spite of the NHS promise to you as a patient.

We are obviously disappointed that Jeremy Hunt has chosen to go back on his word, and continue selling the nation’s private hospital history to anyone who fills in a form correctly, after he offered patients a choice to opt out of that.

The ICO has ruled that it was the Secretary of State’s choice, and he was entitled to make it. This does not affect rights available to patients under the Data Protection Act.

If patients are concerned, we suggest they join our newsletter at, and we will provide a detailed update shortly – it is likely to involve a trip to the post box.

We will have a more detailed analysis of the contradictory parts of the ICO response in due course.


Notes to Editors

    1. was the extension of GP data to link it with Hospital data, and continue the practices used in ongoing releases of hospital data. The Government was very clear that if patients didn’t want their hospital data used, they could opt out:
      NHS England: 
    2. NHS Digital’s convoluted policy statement is the 5th bullet point here: 
    3. For alternate approaches, we note s10 of the Data Protection Act allows a person to dissent from processing, and purposes beyond direct care are subject to legal dissent. The opt out was supposed to be the convenient way of expressing dissent; it is not the only way. 
    4. This decision is about data flows as they exist today. Looking forwards to future changes, NHS Digital argue that this implementation is entirely consistent with the future Caldicott Consent Choice under review by the Government following a public consultation. That is in the hands of the Government. 
    5. The NHS Digital Privacy Impact Assessment for the Hospital Episode Statistics shows that reidentification from this data could happen:
    6. The recipients of data releases, which includes releases containing data on patients who had opted out, can be seen here:
    7. For what patients can do about this change, see: 


Deepmind try again – November 2016

DeepMind this morning reannounced their partnership with the Royal Free Hospital. Updates are at the bottom – details are in the 9:50 and 10:10 updates.

There’s apparently a new legal agreement to copy exactly the same data that caused so much controversy over the summer. We have not yet seen the new legal agreement, so can’t comment on what it permits or disallows.

Responding to the press release, Phil Booth, Coordinator of medConfidential said:

“Our concern is that Google gets data on every patient who has attended the hospital in the last 5 years and they’re getting a monthly report of data on every patient who was in the hospital, but may now have left, never to return.

“What your Doctor needs to be able to see is the up to date medical history of the patient currently in front of them.

“The Deepmind gap, because the patient history is up to a month old, makes the entire process unreliable and makes the fog of unhelpful data potentially even worse.

As Deepmind publish the legal agreements and PIA, we will read them and update comments here.

8:50am update. The Deepmind legal agreement was expected to be published at midnight. As far as we can tell, it wasn’t. Updated below.

TechCrunch have published a news article, and helpfully included the DeepMind talking points in a list. The two that are of interest (emphasis added):

  • An intention to develop what they describe as “an unprecedented new infrastructure that will enable ongoing audit by the Royal Free, allowing administrators to easily and continually verify exactly when, where, by whom and for what purpose patient information is accessed.” This is being built by Ben Laurie, co-founder of the OpenSSL project.
  • A commitment that the infrastructure that powers Streams is being built on “state-of-the-art open and interoperable standards,” which they specify will enable the Royal Free to have other developers build new services that integrate more easily with their systems. “This will dramatically reduce the barrier to entry for developers who want to build for the NHS, opening up a wave of innovation — including the potential for the first artificial intelligence-enabled tools, whether developed by DeepMind or others,” they add.

Public statements about streams (an iPhone app for doctors) don’t seem to explain what that is. What is it?

9:30 update: The Deepmind website has now been updated. We’re reading.

The contracts are no longer part of the FAQ, they’re now linked from the last paragraph of text. (mirrored here)

9:40 update: MedConfidential is greatly helped in its work by donations from people like you.

9:50 update: Interesting what is covered by what…



10:10 update: What data does the DeepMind FIHR API cover? What is the Governance of that API? Is it contractually, legally, and operationally independent of the Streams app?

(it’s clearly none of those things, as the above screenshots say).

Deepmind have made great play of their agreement being safe, but consent is determined in a google meeting room, and the arrangements for the “FIHR API” are secretive and far from transparent.

There is likely to only be one more update today around 1pm. Unless Google make an announcement that undermines their contractual agreements.

1pm update: The original information sharing agreement was missing Schedule 1, and has been updated.

3:30 update: DeepMind have given some additional press briefings to Wired (emphasis added):

“Suleyman said the company was holding itself to “an unprecedented level of oversight”. The government of Google’s home nation is conducting a similar experiment…

““Approval wasn’t actually needed previously because we were really only in testing and development, we didn’t actually ship a product,” which is what they said last time, and MHRA told them otherwise.

Apparently “negative headlines surrounding his company’s data-sharing deal with the NHS are being “driven by a group with a particular view to pedal”.”. The headlines are being driven by the massive PR push they have done since 2:30pm on Monday when they put out a press release which talked only about the app, and mentioned data as an aside only in the last sentence of the first note to editors. – Beware of the leopard.

As to our view, MedConfidential is an independent non-partisan organisation campaigning for confidentiality and consent in health and social care, which seeks to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Does Google Inc disagree with that goal? 

“NHS England is closing the much criticised programme”.

According to the Health Service Journal, “NHS England is closing the much criticised programme”.

(Update: A written ministerial statement has now appeared on Parliament’s site)

Responding to the news, Phil Booth, Coordinator of medConfidential said:

Responding to the news, Phil Booth, Coordinator of medConfidential said:

“One toxic brand may have ended, but Government policy continues to be the widest sharing of every patient’s most private data.

“Launched this morning, the Government’s consultation on consent asks the public to comment on how Government should go about ignoring the opt outs that patients requested.

“The programme did exist, and whatever data the Government may wish to continue to sell to their commercial friends, patients dissented from data about them being shared. Their wishes must be honoured.

Notes to editors

q15 of the Consultation on New data security standards for health and social care puts the onus on consultation respondents to work out how Government could implement the policy they wish to follow, irrespective of the consultation:


[Press Release] The National Data Guardian for Health and Care Review of Data Security, Consent and Opt-Outs was published this morning.

“The NHS has not yet won the public’s trust in an area that is vital for the future of patient care” — Secretary of State Jeremy Hunt quoted in paragraph 1.5

From the report:

“4.2.1 This has been a report about trust. It is hard for people to trust what they do not understand, and the Review found that people do not generally understand how their information is used by health and social care organisations.”

About the existing opt outs that patients have expressed:

“the Review recommends that, in due course, the opt-out should not apply to any flows of information into the HSCIC. ”  (p31, 3.2.31 second column)

About the 25+ years of hospital data that continues to be sold:

“The Review recognises that the new opt-out should not cover HSCIC’s already mandated data collections, such as Hospital Episode Statistics (HES) data. The Review believes it is important that there is consistency and therefore where there is a mandatory legal requirement for data in place, opt-outs would not apply.” (p34, 3.2.41, bottom right)


We entirely agree with the Association of Medical Research Charities when they say:

“People need to feel that they can trust the system to handle their information with care and competence, and respect their wishes. If the public do not trust the system, they will be unwilling to share health information for medical research and this will seriously hinder progress on new treatments and cures of diseases such as cancer, dementia, rare conditions and many more.”


Phil Booth, coordinator of medConfidential said:

“Patient trust is vital. The NHS should win the publics trust by being seen to follow each patient’s wishes. However, yet again, the existing commercial entities demand leadership from others so they can continue feeding on patient data, despite the wishes of patients.

“The last data release register from HSCIC contains continued release to commercial companies. One, Beacon Consulting, on their homepage, advertise “we help our pharmaceutical clients solve difficult commercial problems”. Their commerical access was renewed in the most recent HSCIC data release register.”

“It seems the Department of Health is trying to have it both ways – tell patients one thing and commercial entities the other. When the consultation comes out, the public can have their say and the Department of Health will have to finally decide.”

There has to be a better way to find out how your data has been used than reading google’s press releases.”


The Hospital episode statistics now contain 1.5 billion patient hospital events, linked to each patient across a lifetime. According to the review, the 1.2 million patients who have opted out of their data being included in the hospital episode statistics, continue to have their data included in the hospital episode statistics – their choice has been ignored.


MedConfidential comment on Friday’s New Scientist revelations about Google Deepmind


Extraordinarily, the New Scientist has quoted Google as having used as part of an unregulated algorithm in the direct care of patients[1].

This follows up on previous news that Google Deepmind had acquired millions of detailed patient histories for unclear purposes[2]. Google Deepmind’s response was to focus that they were keeping the data safely[3], and to ignore questions over what they were doing with it, and whether they should have had it in the first place[4].

MedConfidential has long argued that every patient should be able to know how data about them has been used. If there had been a Ministerial commitment to do that, this mess of unanswered questions would not have happened.[5]

Announced yesterday, it is Government policy to “encourage and support data-driven techniques in policy and service delivery”. Innovation is welcome and vital, but it should be grounded in medical ethics and a clinical relationship, and not ride roughshod over processes in place to protect all involved.[6]

Responding to the latest information, MedConfidential coordinator Phil Booth said:

“Deepmind has spent a fortnight hiding behind the NHS. It’s now clear that this was a unregulated “development” project for deepmind, but a patient care project for the NHS.

“These algorithms evolve: errors get fixed, improvements get made. What approvals did Deepmind have from the medical regulators at the early stages? As the provider of a tool used in direct care, they are responsible for ensuring it meets all safety standards.

“Training doctors to make safe decisions takes years, and requires many exams to be passed. Have Google shown that each version used in direct care met all relevant grades, standards, and regulations?


For immediate or future interview, please email 

Notes to editors:


  1. See does-not-have-regulatory-approval/  “We [Deepmind] and our partners at the Royal Free are in touch with MHRA regarding our development work.”


  1. See to-huge-haul-of-nhs-patient-data/ and raised-over-broad-scope-of-deepmind-nhs-health-data-sharing-deal/


  1. Google’s self-defence may/06/deepmind-best-privacy-infrastructure-handling-nhs-data-says-co-founder refers to their self-reported scores in the IG Toolkit . Those scores have not yet been audited by the HSCIC.


  1. The question of why Google Deepmind had the histories of people who never had a blood test at the relevant hospital, and who may never return to the hospital, remains unanswered.


  1. Much like a bank statement, every patient should be able to see a data usage report, which tells them where data about them has been used, and why, and what the benefits of that usage were. A commitment to investigate implementation was made in late 2014, but remains delayed by the Caldicott Review of Consent. For more, see


  1. MHRA rules require medical devices to have appropriate pre-approved procedures in place to confirm they’re working as expected, and to ensure any conceivable failures have mitigations considered in advance. The New Scientist article confirms they do not have those approvals as algorithms in their software develop.

MedConfidential comment welcoming the Wellcome Trust’s “One Way Mirror” Report

Today, the Wellcome Trust publish a new report on data sharing.

The name says everything data sharing shouldn’t be – and the report shows why.

We welcome another confirmation that organisations can maintain trust via transparency and shared knowledge.Data projects, including commercial data projects, can be handled safely, if the people in charge choose to do so. When they don’t patients and citizens get nervous and trust collapses. and others tried the “One Way Mirror” approach, and this report names “context collapse” as the point of public concern. Patients care what happens to their data and are wary about how it could be used beyond the context of their own healthcare, and so simple, complete, accessible and truthful explanations to patients are necessary. Otherwise, context collapse is certain, and like, confidence collapse is sure to follow.


(MedConfidential Coordinator Sam Smith sat on the advisory group for this study)

[Press Release] MedConfidential comments on today’s #IPBill Report

EMBARGOED – SAME AS JOINT COMMITTEE REPORT: 09:30 on 11 Feb 2016. Copies will appear at after that time


MedConfidential Comments on Medical Records and the Report of the Joint Committee on the Draft Investigatory Powers Bill.

The more scrutinisation the Bill receives, the less it stands up.

Individuals and information snared within Bulk Personal Datasets[1] “…may include, but is not limited to, personal information such as an individual’s religion, racial or ethnic origin, political views, medical condition, ***, sexual orientation, or any legally privileged, journalistic or otherwise confidential information [2]

Recommendation YY.e of the 2015 ISC report[2] said the bill should contain “Specific safeguards for certain individuals or categories of information – for example, UK nationals, legally privileged information, medical information etc”

It didn’t.

When asked whether medical records should be disavowed, The Home Office responded[3]

“this may provide those that wish to do us harm greater insight as to the limits of the agencies’ capabilities”.

Without a publicly made case, the Joint Committee report states “the lack of that detail makes it hard for Parliament to give the power sufficient scrutiny.”[4]

In contrast, the Intelligence and Security Committee of Parliament, which may read any classified information they require to provide sufficient scrutiny, recommended:[5]
“B. Where additional protection is provided for sensitive professions, these safeguards must be applied consistently, no matter which investigatory power is used to obtain the information. The new legislation should be amended to rectify this inconsistency.
“F… The Committee considers that the acquisition, retention and examination of any Bulk Personal Dataset is sufficiently intrusive that it should require a specific warrant. We therefore recommend that Class Bulk Personal Dataset warrants are removed from the new legislation.”
To meet their recommendations from 2015, the ISC’s first recommendation from 2016 of a “single additional Part that addresses privacy safeguards and clearly sets out universal privacy protections which apply across the full range of investigatory powers” must also protect medical records. A discussion the Home Office has refused to have, and the Department of Health have so far ignored[6].


Phil Booth, coordinator of medConfidential said:

“The Home Office’s bluff has been called by Parliament. The Intelligence and Security Committee of Parliament said in 2015 that there should be security safeguards for medical records, yet Theresa May just ignored them, and let the agencies make up their own rules.

“The ISC has said that if Theresa May wants to grab the entire nation’s medical history, she has to have specific grounds.

“It’s not enough to simply fear those who may wish harm, it is necessary to defend the values of our country. It seems Parliament has had to explain this to the Agencies and the Home Office yet again.

“Theresa May wants secret copies of everything because she’s afraid; Parliament wants privacy and transparency because we are a democracy. Privacy and security don’t have to be opposites, but we’ll see how David Cameron’s Government responds when it comes to the most private of NHS data.


  1. Bulk personal datasets are the Government’s term for large databases of personal information, such as medical records.
  1. Intelligence and Security Committee of Parliament Report ‘Privacy and Security: A modern and transparent legal framework‘. March 2015 para 163(ii), p58.
  1. paragraph 403, Report of the Joint Committee on the Draft Investigatory Powers Bill
  1. Intelligence and Security Committee of Parliament Report on draft Investigatory Powers Bill.
  1. “The Department [of Health] was asked to comment on the Draft Investigatory Powers Bill presented to Parliament in November 2015 and, at that time, did not consider that this would create any new powers that would require or permit the disclosure of confidential personal information by health and care bodies (on the basis that this is consolidating security agencies’ existing powers).”

medConfidential campaigns for confidentiality and consent in health and social care, seeking to ensure that every flow of data into, across and out of the NHS and care system is consensual, safe and transparent. Founded in January 2013, medConfidential is an independent, non-partisan organisation working with patients and medics, service users and care professionals.

For further information or for immediate or future interview, please contact Sam Smith or Phil Booth, coordinators of medConfidential –

Pharmacy2U kept no records of whose data they sold

Addendum to press release

Pharmacy2U kept no records or audit trail of whose data they sold, stating “we are unable to contact individual patients.”  EMIS Group, a minority shareholder in Pharmacy2U Ltd, stated yesterday, “The decision to sell data was made by the executive day-to-day management team at Pharmacy2U”, while claiming the “highest standards of patient confidentiality and data security”.

The ICO’s judgement states:

49. It is possible that some customers, who received marketing material from Woods Supplements, after being prescribed medication by a doctor, may have stopped taking their prescribed medication and spent money on products that were subject to the ASA adjudication in relation to misleading advertising and unauthorised health claims.

The choice of Pharmacy2U to sell names and addresses of patients to quacks and charlatans must be addressed. “As a responsible company, we undertook due diligence to check that the organisations intending to use the data were reputable”, say Pharmacy2U, but they still sold data to “spammy” companies that may have encouraged patients not to take medicines prescribed to them (and which they had paid Pharmacy2U for).

medConfidential received the following statement from Pharmacy2U’s media and PR representatives, ‘Intelligent Conversation’ – the new name for the same PR firm that contacted us previously, see the Update from April this year.

We publish Pharmacy2U’s statement in full:

Daniel Lee, Managing Director of Pharmacy2U, said: “This is a regrettable incident for which we sincerely apologise.  

“While we are grateful that the ICO recognise that our breach was not deliberate, we appreciate this was a serious matter. As soon as the issue was brought to our attention, we stopped the trial selling of customer data and made sure that the information that had been passed on was securely destroyed.

“We have also confirmed that we will no longer sell customer data.

“We take our responsibilities to the public very seriously and want to reassure our customers that no medical information, email addresses or telephone numbers were sold. Only names and postal addresses were given, for one-time use.

“As a responsible company, we undertook due diligence to check that the organisations intending to use the data were reputable. There was no publicly available information at the time to suggest that the lottery company was suspected of any wrongdoing and we have confirmed with the relevant authorities that they were validly licensed.  There was no publicly available information at the time that there had been a complaint to the ASA about Healthy Marketing Ltd.

“Following this incident, we have changed our privacy policy to highlight that we will no longer sell customer data and have implemented a prior consent model for our own marketing. We have also worked with the Plain English Campaign to make our policies as clear as possible to our customers.

“We hope that this substantial remedial action will reassure our customers that we have learned from this incident and will continue to do all we can to ensure that their data is protected to the highest level.”

The ICO’s judgement shows, while the data transferred may have been a list of names and addresses, the information received by the companies and charity was far more than that. For example, in the case of the Australian lottery scammers, they would have known that each name and address on that list was of a man (i.e. gender), aged 70 or over (i.e. age), who had made a purchase (financially active) from an online pharmacy in the past 6 months (with certain conditions)

Pharmacy2U’s “substantial remedial action” does not include informing any of the 21,500 patients and customers whose names and address was sold – as for example, the Government did when it lost two CDs containing HMRC Child Benefit data.

So we asked them about it.

This was the response:

A Pharmacy2u spokesman said: “As soon as the issue was brought to our attention, we ordered the certificated destruction of all the names and addresses that had been sold. [Our emphasis] For that reason, we are unable to contact individual patients.

“Anyone with concerns should contact us on 0113 265 0222 or via email,

We are pleased that Pharmacy2U has (finally) provided contact details for patients and customers who may have been affected by them selling their details, though these seem not to have been published in a way concerned members of the public can easily find them. We got them in an email, and P2U’s online statement directs people to their standard customer feedback form.

However, we are astonished to hear that the company retained no record of the people whose details were sold, and is incapable of regenerating those lists from the records it is supposed to keep according to Pharmaceutical Regulators.

This is a serious failure of information governance, which only compounds their original decision to sell people’s details. Pharmacy2U have not confirmed that all the recipients of the data destroyed all of the details.

Once again, predatory quacks and charlatans have targeted those who are most vulnerable. Pharmacies and charities are likely to know who is most at risk, and selling their names and addresses is complicity in the sort of abuse that has cost lives.

Only a criminal ban on marketing to patients will prevent crooks preying on patients.