Exploitation of sensitive personal medical data by commercial entities
By Thomas Vink, 2nd September 2022
medConfidential is examining possible legal action in relation to the unlawful processing of patients’ medical data by Sensyne Health plc, a private company, which has data sharing agreements with several NHS Hospital Trusts.
medConfidential has gathered evidence indicating that personal data is being transferred from the NHS to Sensyne without patients’ knowledge or consent, thereby placing the confidentiality and privacy rights of over 12 million NHS patients at risk. The company and Trusts claim that the data transferred is anonymous and therefore not covered by GDPR –medConfidential has evidence that at least some of the data is merely pseudonymised. This means it is still personal data under the law and in practice, and that it exposes patients to privacy risks and potential data protection infringements.
Between 2021 and 2022, medConfidential received legal advice from Bindmans LLP on the potential remedy or remedies to seek in proceedings, the best choice of claimants, and the viability of and evidence required to pursue a legal claim on this issue.
In April 2022, Sensyne confirmed it needed to refinance and that it would delist from the AIM stock exchange. medConfidential sent a letter to all relevant NHS Trusts, advising them to terminate their contracts, and to ensure that Sensyne deletes all of the patient data that it has already received from them.
Exploitation of sensitive personal medical data by commercial entities
Organisation Name
medConfidential
Country/Jurisdiction
United Kingdom
Amount Granted
EUR 12,000
Current Status
Research complete
Grant type
Pre-litigation Research Support
Description
medConfidential is examining possible legal action in relation to the unlawful processing of patients’ medical data by Sensyne Health plc, a private company, which has data sharing agreements with several NHS Hospital Trusts.
medConfidential has gathered evidence indicating that personal data is being transferred from the NHS to Sensyne without patients’ knowledge or consent, thereby placing the confidentiality and privacy rights of over 12 million NHS patients at risk. The company and Trusts claim that the data transferred is anonymous and therefore not covered by GDPR –medConfidential has evidence that at least some of the data is merely pseudonymised. This means it is still personal data under the law and in practice, and that it exposes patients to privacy risks and potential data protection infringements.
Between 2021 and 2022, medConfidential received legal advice from Bindmans LLP on the potential remedy or remedies to seek in proceedings, the best choice of claimants, and the viability of and evidence required to pursue a legal claim on this issue.
In April 2022, Sensyne confirmed it needed to refinance and that it would delist from the AIM stock exchange. medConfidential sent a letter to all relevant NHS Trusts, advising them to terminate their contracts, and to ensure that Sensyne deletes all of the patient data that it has already received from them.
"medConfidential has gathered evidence indicating that personal data is being transferred from the NHS to Sensyne without patients’ knowledge or consent, thereby placing the confidentiality and privacy rights of over 12 million NHS patients at risk"
Strategic Goal
To prevent the exploitation of sensitive personal data by commercial entities without robust safeguards for medical confidentiality and the privacy of individual patients.
Media and related links
» medConfidential letter to NHS Trusts and others (medConfidential)
» “Sensyne boss Lord Drayson ousted in bid for survival” (The Times)
» “UK hospitals lose millions after AI startup valuation collapses” (The Register)
» “NHS Trusts advised to cut ties with clinical data platform Sensyne Health” (Tech Monitor)