Big data is fast revolutionising healthcare, but the NHS and industry are only just waking up to the accompanying threats to patients’ privacy.
Within a few years databases of millions of patients’ DNA data or clinical information are expected to play a much bigger role in helping clinicians diagnose disease.
Last week a firm at the heart of this push, Swiss-based Sophia Genetics, completed a $30m (£22.6m) fundraising to fuel growth from a database of 125,000 genomes today to one million by 2020.
Its partner hospitals across Europe, of which nine of the 330 are in the UK, share patients’ DNA data in return for access to Sophia’s data mining systems, which can identify the genetic patterns behind hereditary diseases such as cystic fibrosis and certain types of cancer and heart conditions.
High profile UK backers in Sophia’s latest funding round included tech entrepreneur Mike Lynch and venture capital giant Balderton.
For the tech gurus, scientists and investors leading the charge into big data, Sophia – which stresses the data supplied to it are anonymised – is part of an overdue sea change in the way we fight illness, as we move from a reliance on chaotic paper records stuffed in doctors’ filing cabinets to powerful, searchable global information systems. However, for privacy campaigners it’s part of a “Big Brother” moment for healthcare, where patients’ sacrosanct information becomes a commodity traded between healthcare providers and commercial entities.
It was a fear crystallised in July when the NHS was found to have illegally handed 1.6 million patient records – including information such as HIV status, mental health history and abortions – to Google’s artificial intelligence company DeepMind.
The UK’s information commissioner reprimanded the London NHS Trust involved and the Silicon Valley tech giant for failing to comply with data protection rules.
“This is not just some sort of generic privacy concern,” says Phil Booth of campaign group MedConfidential.
“It’s about confidentiality. There’s a necessity for it. It’s at the heart of the doctor-patient relationship and the whole health system relies on it. We need a frank debate about these issues.”
UK drug makers have been most keen to emphasise the upside of big data. The industry has been shouting about its potential since at least 2013, when in a paper entitled the “Big data road map”, trade body the Association of the British Pharmaceutical Industry (ABPI) outlined potential benefits including “improved patient health” and reduced costs for the NHS.
The government arguably cottoned on even earlier, with David Cameron, the prime minister at the time, launching the 100,000 Genomes Project at the end of 2012. Already 30,000 people’s DNA has been tested, providing invaluable data for the NHS and select commercial partners.
In the intervening years British biotechs have been springing up in the fertile space between drug development and big data, including genomics data specialists Congencia and Eagle, while firms like E-Therapeutics use artificial intelligence to help discover new medicines.
Not to be outdone, FTSE 100 behemoth AstraZeneca has plans to map 2m genomes within a decade.
Dr Jurgi Camblong, founder and chief executive of Sophia, says his firm could ultimately map the genomes of 50m cancer patients alone a year, helping identify the genetic traits that contribute to the disease.
He hopes more data sharing will lead to positive behavioural change in healthcare provision.
“My father was sick and for my mother it was a nightmare,” he says. “He had repeated MRI scans in different hospitals because they each couldn’t access the data. That’s a terrible use of healthcare funds.
“We need to break down these silos. It’s not a tech problem, it’s a mentality concern.”
It’s not just pharmaceutical firms joining the data rush. Big tech companies have also made clear their intention to move into healthcare, including Google and Apple.
As well as DeepMind’s work with the NHS, Google’s sister life sciences company, Verily, is ploughing money into European health ventures, including a bioelectronic medicine tie-up with Britain’s biggest drugs firm GSK.
Apple said it is now working with Stanford University and US medicines agencies to develop iWatch tests for heart arrhythmias.
Reports on both sides of the pond have already credited the product with no less than saving lives, with cases of people being alerted to dangerous jumps in their heart rate and seeking vital medical help in the nick of time.
The popularity of Fitbit wristbands further demonstrates the blurring between wearable wellness technology and medical devices, although a bona fide move into the latter field by tech firms would mean clearing much more strict regulatory hurdles.
Amid all the excitement, MedConfidential’s Booth sounds a warning: “There’s a big rush towards big data. But let’s not forget these are some of the most sensitive data about people’s lives. It’s not something health providers should siphon off or look to turn a buck on.” Richard Dickinson, a partner in data privacy at law firm APKS, points out more onerous EU data protection regulations will come into force next year, requiring more explicit consent for a range of data sharing practices.
He warns even anonymised clinical data can be problematic under data protection law if it “can be reverse engineered” to identify the person who supplied it.
While he is positive about the potential applications for data for healthcare, he also warns of a range of dystopian-sounding scenarios if health data are ever misplaced.
“If people learn I have certain genetic traits and perhaps am more prone to illness, it might be that my insurance liabilities go up, I may miss out on company health cover, my wife may no longer want to have kids with me or I might be barred from entering certain countries,” he says.
He suggests tech firms that are not as used to dealing with sensitive health information as their counterparts in pharmaceuticals might be more likely to fall foul of data protection law.
Despite the assurances of safeguards from companies, the potential risks were exposed by the Petya cyberattack in June, with US drugmaking giant Merck one of the victims of the hack.
While there was no suggestion patient data had been compromised, the $10bn revenue firm admitted a month later that shipping of some products had been delayed and was forced to cut its profits outlook.
Dr Camblong says that because the data supplied to Sophia are anonymised the legal responsibility for obtaining consent lies with the hospitals that supply it data. But he does not shy away from the industry’s responsibility for privacy.
“We always knew trust would be super important,” he says. “As an industry we need to talk about moral and ethical issues when we consider these projects.”
Dr Camblong urges health service providers to develop more sophisticated consent processes, adding that “all patients should have full access to all their records”.
He adds that Sophia is ready and able to limit the genomic data it processes to disease-specific genetic traits if this is requested by a patient, but he says hospitals are not currently geared up to facilitating this kind of consent.
Despite the concerns, analysts say there is no getting away from the fact that big data will help unlock big money medical breakthroughs.
“Genomics is very, very complex, there are thousands of genes involved with different diseases,” says Mick Cooper of Trinity Delta. “It is nigh-on impossible to work out which are relevant without big data sets.”
The case for greater use of big data in healthcare is abundantly clear, but the checks and balances needed to protect patient privacy will need to catch up fast.