DeepMind Uses Blockchain To Track Health Data

Uploaded on 2017-04-03 in TECHNOLOGY-Key Areas-Blockchain, NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Health & Welfare, TECHNOLOGY--Developments

Google’s AI-powered health tech subsidiary, DeepMind Health, is planning to use a new technology loosely based on Bitcoin to let hospitals, the NHS and eventually even patients track what happens to personal data in real-time.

Dubbed “Verifiable Data Audit”, the plan is to create a special digital ledger that automatically records every interaction with patient data in a cryptographically verifiable manner. This means any changes to, or access of, the data would be visible.

DeepMind has been working in partnership with London’s Royal Free Hospital to develop kidney monitoring software called Streams and has faced criticism from patient groups for what they claim are overly broad data sharing agreements. Critics fear that the data sharing has the potential to give DeepMind, and thus Google, too much power over the NHS.

In a blogpost, DeepMind co-founder, Mustafa Suleyman, and head of security and transparency, Ben Laurie, use an example relating to the Royal Free Hospital partnership to explain how the system will work. “An entry will record the fact that a particular piece of data has been used, and also the reason why, for example, that blood test data was checked against the NHS national algorithm to detect possible acute kidney injury,” they write.

Suleyman says that development on the data audit proposal began long before the launch of Streams, when Laurie, the co-creator of the widely-used Apache server software, was hired by DeepMind. “This project has been brewing since before we started DeepMind Health,” he told the Guardian, “but it does add another layer of transparency.

“Our mission is absolutely central, and a core part of that is figuring out how we can do a better job of building trust. Transparency and better control of data is what will build trust in the long term.” 

Suleyman pointed to a number of efforts DeepMind has already undertaken in an attempt to build that trust, from its founding membership of the industry group Partnership on AI to its creation of a board of independent reviewers for DeepMind Health, but argued the technical methods being proposed by the firm provide the “other half” of the equation.

Nicola Perrin, the head of the Wellcome Trust’s “Understanding Patient Data” taskforce, welcomed the verifiable data audit concept. 

“There are a lot of calls for a robust audit trail to be able to track exactly what happens to personal data, and particularly to be able to check how data is used once it leaves a hospital or NHS Digital. DeepMind are suggesting using technology to help deliver that audit trail, in a way that should be much more secure than anything we have seen before,” she said.

Perrin also said the approach could help address DeepMind’s challenge of winning over the public. “One of the main criticisms about DeepMind’s collaboration with the Royal Free was the difficulty of distinguishing between uses of data for care and for research. This type of approach could help address that challenge, and suggests they are trying to respond to the concerns.

“Technological solutions won’t be the only answer, but I think will form an important part of developing trustworthy systems that give people more confidence about how data is used.”

The systems at work are loosely related to the crypto-currency Bitcoin, and the Blockchain technology that underpins it. DeepMind says: “Like Blockchain, the ledger will be append-only, so once a record of data use is added, it can’t later be erased. And like Blockchain, the ledger will make it possible for third parties to verify that nobody has tampered with any of the entries.”

Laurie downplays the similarities. “I can’t stop people from calling it blockchain related,” he said, but he described Blockchains in general as “incredibly wasteful” in the way they go about ensuring data integrity: the technology involves blockchain participants burning astronomical amounts of energy, by some estimates as much as the nation of Cyprus, in an effort to ensure that a decentralised ledger can’t be monopolised by any one group.

DeepMind argues that health data, unlike a cryptocurrency, doesn’t need to be decentralised, Laurie says at most it needs to be “federated” between a small group of healthcare providers and data processors, so the wasteful elements of blockchain technology need not be imported over. 

Instead, the data audit system uses a mathematical function called a Merkle tree, which allows the entire history of the data to be represented by a relatively small record, yet one which instantly shows any attempt to rewrite history.

Although not technologically complete yet, DeepMind already has high hopes for the proposal, which it would like to see form the basis of a new model for data storage and logging in the NHS overall, and potentially even outside healthcare altogether. 

Right now, says Suleyman, “It’s really difficult for people to know where data has moved, when, and under which authorised policy. Introducing a light of transparency under this process I think will be very useful to data controllers, so they can verify where their processes have used or moved or accessed data.

“That’s going to add technical proof to the governance transparency that’s already in place. The point is to turn that regulation into a technical proof.”

In the long-run, Suleyman says, the audit system could be expanded so that patients can have direct oversight over how and where their data has been used. But such a system would come a long time in the future, once concerns over how to secure access have been solved.

Guardian

Artificial Intelligence Has Finally Emerged Into Real Life:

Google Wants Your Medical Records:

What Happened To The Blockchain Revolution?:

 

« Cyber Insurance: 7 Questions To Ask
Wikileaks Vault 7 And The CIA Hacking Arsenal »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Endace

Endace

Endace is a leader in network visibility, network recording and packet capture solutions for security, network and application performance monitoring.

Merlin Cyber

Merlin Cyber

Merlin is a premier cybersecurity platform that leverages security technologies, trusted relationships, and capital to develop and deliver groundbreaking security solutions.

CyberProof

CyberProof

CyberProof aims to give clarity and confidence to businesses worldwide using a new risk-based approach to cyber security services.

Cyber Security Jobs

Cyber Security Jobs

Cyber Security Jobs was formed to help job seekers find jobs and recruiters fill cyber security job vacancies.

A3Sec

A3Sec

A3Sec provides professional solutions in the areas of Cybersecurity, Device Monitoring, Business Intelligence and Big Data.

BAI Security

BAI Security

BAI Security is a Nationally Recognized Leader in IT Security. Keeping your data safe and your business compliant is our singular focus.

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers is a multinational professional services network of firms headquartered in London, United Kingdom and operating in 157 countries.

Symmetry Systems

Symmetry Systems

Symmetry Systems is a provider of data store and object-level security (DSOS) solutions that give organizations visibility into, and unified access control of, their most valuable data assets.

Talion

Talion

Talion aim to reduce the complexity involved in securing your organisation and to give security teams unrivalled visibility into their security operations, so they can make optimal decisions, fast.

ESC - Enterprise Security Center

ESC - Enterprise Security Center

ESC is a system house specializing exclusively in IT security - Security Implementation & Optimization, Operations, Managed Security Services.

Auriga Consulting

Auriga Consulting

Auriga is a center of excellence in Cyber Security, Assurance and Monitoring Services, with a renowned track record of succeeding where others have failed.

iVision

iVision

iVision is a technology integration and management firm that engineers success for clients through objective recommendations, process and technology expertise and best-of-breed guidance.

Serbus

Serbus

Serbus Secure is a fully managed suite of secure communication, enterprise mobility and mobile device security tools.

AWARE7

AWARE7

IT security for human and machine. With the help of our products and services, we work with you to increase the IT security level of your organization.

Bastion Technologies

Bastion Technologies

All your cyber defense. One platform. Keep your business assets and employees safe under one roof. Manage your cyber defense quickly, easily & efficiently.

Technology Mindz

Technology Mindz

Technology Mindz is a leading provider of cybersecurity services. We offer a wide range of services to help businesses. Our services are Identity and access management, Governance risk and compliance.