Logo Header Menu

The rise of big tech monetising healthcare data

Nathalie Moreno, partner at Lewis Silkin, discusses the disruption and monetisation of healthcare data by big tech The rise of big tech monetising healthcare data image

Healthcare data has become big tech’s last frontier for innovation, competition and disruption. However, such recent strategic moves into the healthcare industry have not come without concerns from both a competition and privacy law perspective in the eyes of the regulators, healthcare professionals and patients alike.

Clearly, data-driven technologies can provide unprecedented opportunities to offer critical benefits to patients, the healthcare industry and society in general. The prospect of innovative new healthcare services assisted by data analytics legitimises big tech and its contributions to improving individual care, national health services and public health. Not only does it advance medical research and capacity for innovation but it could also be credited with lowering the cost of healthcare across the board.

In the European Union, safeguard rules governing the secondary use of patient data have been bolstered by the implementation of the General Data Protection Regulation (GDPR) on 25 May 2018. However, the lack of clarity, weak guidance and enforcement from the regulators in sector areas like adtech may also hinder health data privacy.

GDPR infringement: What can tech leaders do to reduce breaches?

A study by DLA Piper has found that regulators within the EU have imposed fines for GDPR infringement adding up to €114 million. Read here

The question is, what is the price to pay for reaping the real health benefits when big tech is given the key to access massive troves of patient data collected by the NHS in the UK or by large healthcare networks and other players in the United States or elsewhere?

There are a number of cases flourishing on both sides of the Atlantic demonstrating the discrepancies of the privacy regulations applying to healthcare data and the need for consistency and clarity in the context of new trading relationships, for instance between the United Kingdom and the United States after Brexit.

In spite of the GDPR being fully in force, big tech advertising like Google, Amazon, Facebook and Oracle were found by the end of 2019 to have been dropping cookies and collecting clearly sensitive data from website users of a number of popular health websites in the UK, allowing them to track and serve them targeted ads without their explicit consent.

Understandably in this context, the flurry of acquisitions and push of big tech into the healthcare sector have raised serious privacy concerns and highlighted the dilemma between privacy risks on the one hand, and health benefits and innovation on the other.

Amazon has made a couple of digital health acquisitions, first in 2018, with the purchase of an online pharmacy PillPack, followed by another one in 2019, Health Navigator, a start-up that provides online symptom checking and triage tools to help companies direct patients to the right facilities. Such moves into the sector may not have raised alarms until the Department of Health and Social Care in the UK disclosed in July 2019 that it had entered into a Master Content License Agreement with Amazon to make verified NHS health data available through its AI-powered voice assistant Alexa. At the heart of the concerns lie the lack of transparency around the use of NHS patient data in the data sharing terms and the lack of disclosure of the commercial terms under which Amazon is effectively able to use NHS data free of charge.

Equally representative of the tension between the protection of patient data and the benefits of big data, the acquisitions by Google of Deepmind finalised in September 2019 and of Fitbit announced in November 2019 – and still pending a green light from the Department of Justice – shed a light on the emblematic impact of big tech entering the new healthcare data market.

Google revealed to have acquired the most AI startups since 2009

Research by RS Components using Crunchbase data has found that Google has acquired the most AI startups since 2009. Read here

The takeover of Deepmind by Google Health UK remains controversial on two accounts. Firstly, the UK Information Commissioner (ICO) pinned the Royal Free NHS Foundation Trust in 2017 for failing to establish a proper legal base when sharing the personal data of around 1.6 million patients with Deepmind as part of a trial to test an alert, diagnosis and detection system for acute kidney injury.

Further concerns were raised in relation to Deepmind’s takeover by Google, which may potentially gain free access to patient data through inherited partnership agreements entered into with a number of NHS trusts. As a result, the NHS Trust, keen to ensure full compliance with UK data protection laws, entered into carefully crafted partnership agreements with Google Health UK where they remain the data controller of patient data at all times and incorporated GDPR compliant data processing clauses.

Google Health UK also sought to re-establish public trust by providing assurances that Google would commit to not linking or associating, patient data with Google accounts, products or services at any stage. Indeed, from a data protection law point of view, DeepMind acts only as the Trusts’ data processor, yet it somewhat contradicts the findings of the ICO guidance published in March 2017 on big data, artificial intelligence (AI), machine learning and data protection.

What’s the biggest barrier to AI adoption in healthcare?

Lauren Maffeo, associate principal analyst at GetApp, explores the biggest barrier to AI adoption in healthcare. Read here

The ICO highlights three specific features of big data analytics that may have data protection implications:

(i) the use of algorithms in a new way,

(ii) the opacity of the data processing, and

(iii) the practice of collecting “all the data”, often for new purposes.

In this respect, would an AI service provider more likely be acting as a data controller, and as such be subject to enhanced GDPR compliance obligations?

Similarly, Google’s acquisition of Fitbit resurrected fears that Google would combine all users’ health and fitness data along with related data collected through other Google services, without any legal base to do so, and certainly not users’ consent. In this case, the main concern is that Google may not only be able to access and use all combined data for targeted advertising but also become a major feed for Google ads.

Setting aside ongoing regulatory probes, fines and lawsuits both in the EU and in the US, Google’s strategy seems to be to push ahead to ensure its leadership in the health data industry.

Clearly, the use of patient data and the emerging models of commercialising innovation raise specific questions: who owns the data, who gets access to it and, now, who gets to share the benefits when the data gets monetised? The key, as ever, is that these innovative tech companies proceed with their healthcare plans in full accordance with data protection rules and with an appreciation of the sensitivity of patient data.

Written by Nathalie Moreno, partner at Lewis Silkin LLP

Sign up for Information Age Newsletters

Latest news

divider
Digital Transformation
How HSBC has helped its customers through the pandemic in the UK

How HSBC has helped its customers through the pandemic in the UK

9 July 2020 / Like many businesses, HSBC UK and its customers have had to adapt its operations in [...]

divider
Major Contracts
TISA rolls out digital marketplace for financial institutions and Fintechs

TISA rolls out digital marketplace for financial institutions and Fintechs

9 July 2020 / The next generation digital marketplace from TISA, named TISAtech, will encourage greater collaboration across the [...]

divider
Major Contracts
Google Cloud and Renault partner to accelerate Industry 4.0

Google Cloud and Renault partner to accelerate Industry 4.0

9 July 2020 / Groupe Renault are set to leverage AI and ML capabilities from Google Cloud, combining this [...]

divider
People Moves
All chief executive and CEO appointments covered in 2020

All chief executive and CEO appointments covered in 2020

8 July 2020 / Imperva appoints Pam Murphy as CEO Cyber security company Imperva has appointed former Infor and [...]

divider
People Moves
All CIO appointments covered in 2020

All CIO appointments covered in 2020

8 July 2020 / Standard Chartered appoints Rene W. Keller as CIO Standard Chartered has announced the appointment of [...]

divider
People Moves
All COO appointments covered in 2020

All COO appointments covered in 2020

8 July 2020 / Exscientia appoints Dr. David Hallett as Chief Operating Officer AI drug discovery company Exscientia has [...]

divider
Tech and society
Tech industry reacts to summer mini-budget

Tech industry reacts to summer mini-budget

8 July 2020 / Tech companies were bound to have been keeping eyes and ears out for today’s summer [...]

divider
People Moves
All CTO appointments covered in 2020

All CTO appointments covered in 2020

8 July 2020 / Veeam promote from within to appoint Danny Allan as CTO Cloud data management firm Veeam [...]

divider
People Moves
TransferGo appoints Edgardo Savoy as chief technology officer

TransferGo appoints Edgardo Savoy as chief technology officer

8 July 2020 / New TransferGo CTO Savoy will be responsible for overseeing the London-based money transfer platform’s innovation [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest