Question to the Department of Health and Social Care:

To ask His Majesty's Government what assessment they have made of artificial intelligence technology being trained on real patient data, and whether they intend to introduce regulation around the use of health records in training artificial intelligence

There are strict safeguards in place throughout the National Health Service to protect data. All providers of services which handle patient data must protect that data in line with the UK General Data Protection Regulation (UK GDPR), and the Data Protection Act 2018, and every health organisation is required to appoint a Caldicott Guardian to advise on the protection of people’s health and care data, and ensure it is used properly. This includes where artificial intelligence (AI) is used in relation to patient records.

The NHS AI Lab and Sciencewise, part of UK Research and Innovation, held a public dialogue on how the public feels decisions should be made about access to their personal health data for AI purposes. The AI Lab conducted a discovery exercise to design approaches based on insights from the public, which is now informing broader data stewardship initiatives, for example, as part of the Secure Data Environments.

To mitigate the likelihood and severity of any potential harm to individuals arising from the use of data in AI, the Information Commissioners Office has developed detailed AI guidance which provides an overarching view of data protection, including Data Protection Impact Assessments and UK GDPR. They have also produced an AI toolkit to support organisations auditing compliance of their AI-based technologies. NHS bodies are expected to make use of this guidance and toolkit.