Dubbed “Verifiable Data Audit”, the plan is to create a special digital ledger that automatically records every interaction with patient data in a cryptographically verifiable manner. This means any changes to, or access of, the data would be visible.
DeepMind has been working in partnership with London’s Royal Free Hospital to develop kidney monitoring software called Streams and has faced criticism from patient groups for what they claim are overly broad data sharing agreements. Critics fear that the data sharing has the potential to give DeepMind, and thus Google, too much power over the NHS.
Suleyman says that development on the data audit proposal began long before the launch of Streams, when Laurie, the co-creator of the widely-used Apache server software, was hired by DeepMind. “This project has been brewing since before we started DeepMind Health,” he told the Guardian, “but it does add another layer of transparency.
“Our mission is absolutely central, and a core part of that is figuring out how we can do a better job of building trust. Transparency and better control of data is what will build trust in the long term.” Suleyman pointed to a number of efforts DeepMind has already undertaken in an attempt to build that trust, from its founding membership of the industry group Partnership on AI to its creation of a board of independent reviewers for DeepMind Health, but argued the technical methods being proposed by the firm provide the “other half” of the equation.
Perrin said the approach could help address DeepMind’s challenge of winning over the public. “One of the main criticisms about DeepMind’s collaboration with the Royal Free was the difficulty of distinguishing between uses of data for care and for research. This type of approach could help address that challenge, and suggests they are trying to respond to the concerns.
“Technological solutions won’t be the only answer, but I think will form an important part of developing trustworthy systems that give people more confidence about how data is used.”
The systems at work are loosely related to the cryptocurrency bitcoin, and the blockchain technology that underpins it. DeepMind says: “Like blockchain, the ledger will be append-only, so once a record of data use is added, it can’t later be erased. And like blockchain, the ledger will make it possible for third parties to verify that nobody has tampered with any of the entries.”
Laurie downplays the similarities. “I can’t stop people from calling it blockchain related,” he said, but he described blockchains in general as “incredibly wasteful” in the way they go about ensuring data integrity: the technology involves blockchain participants burning astronomical amounts of energy – by some estimates as much as the nation of Cyprus – in an effort to ensure that a decentralised ledger can’t be monopolised by any one group.
DeepMind argues that health data, unlike a cryptocurrency, doesn’t need to be decentralised – Laurie says at most it needs to be “federated” between a small group of healthcare providers and data processors – so the wasteful elements of blockchain technology need not be imported over. Instead, the data audit system uses a mathematical function called a Merkle tree, which allows the entire history of the data to be represented by a relatively small record, yet one which instantly shows any attempt to rewrite history.
“That’s going to add technical proof to the governance transparency that’s already in place. The point is to turn that regulation into a technical proof.”
In the long-run, Suleyman says, the audit system could be expanded so that patients can have direct oversight over how and where their data has been used. But such a system would come a long time in the future, once concerns over how to secure access have been solved.