Story Highlight
– AI may transform NHS with improved diagnosis and care.
– Data control is crucial for NHS knowledge generation.
– Risk of losing data control to external platforms.
– Sovereignty strategy needed to retain NHS data ownership.
– Loss of data sovereignty could harm innovation and trust.
Full Story
Artificial Intelligence (AI) is being heralded as a transformative force for the National Health Service (NHS), promising to alleviate administrative workloads, enhance diagnostic accuracy, and facilitate care on a population level. However, amidst this optimism lies a critical question: Who will hold the reins of the data that AI systems learn from, thus determining the ultimate control over the knowledge produced by NHS healthcare.
The NHS possesses one of the most valuable longitudinal health data repositories globally. A review undertaken by the Boston Consulting Group for NHSX indicated that optimising NHS data could potentially yield up to £10 billion annually by improving healthcare and driving innovation in the life sciences sector.
While AI presents a pathway to tapping into this potential value, it simultaneously raises significant concerns regarding the shift in control over data processing and analysis, potentially moving it away from the NHS itself. Traditionally, the NHS operated under a clearly defined model for data stewardship; clinical data generated from patient interactions is managed within a publicly governed framework, even if commercial entities provide software and infrastructure.
However, AI disrupts this long-standing relationship. AI systems go beyond mere data storage—they structure, interpret, and synthesize information, creating new datasets and insights. Federated data platforms that combine datasets from various organisations can enhance operational decision-making, resulting not just in raw data but actionable intelligence.
In the realm of AI, value exists at three levels: compute power, coding, and data. While health systems need not own every technological asset or develop every algorithm, relinquishing control over the data layer translates to losing the ability to harness the insights derived from clinical activities. If external entities dominate the platforms that structure and operationalise NHS data, the health service risks transitioning from being the steward of a premier dataset to merely serving as a data vendor for systems it does not govern.
This context is crucial to the discourse surrounding the NHS Federated Data Platform (FDP). The FDP has the potential to significantly enhance service planning, minimise waiting times, and bolster population health initiatives. However, it transcends the realm of an ordinary IT system—acting as the critical intelligence layer of the NHS. The entity controlling this platform will wield substantial power over service development and delivery methods.
It is important to clarify that this isn’t a rejection of collaboration with private enterprises; instead, it underscores the need for careful selection of partnerships. Several nations in Europe are currently investing in domestic health data infrastructures and cloud services to mitigates long-term reliance on foreign-owned platforms.
Such dependencies do not emerge abruptly; rather, they develop gradually through protracted contracts, workflow integration, increasing costs of switching providers, and a decline in internal capabilities. Over time, this progression can lead to a detrimental shift in power from entities creating data to those controlling the platforms that house it.
The resilience of healthcare data should be regarded as a vital component of national infrastructure under UK governance. Companies are bound by the legal stipulations of the countries they are based in, regardless of where the data itself is stored. For instance, under the US CLOUD Act, American firms can be compelled to furnish data to US authorities even if that information resides in the UK or Europe.
As international geopolitical tensions escalate, reliance on infrastructures governed by foreign legal systems creates strategic vulnerabilities. In extreme scenarios, essential infrastructure could be restricted or seized under legal or political pressures, jeopardising the nation’s digital framework.
The compelling question at hand is not merely who constructs the platform, but who ultimately dictates what the platform learns. AI has the potential to create entirely new datasets from everyday clinical activities. Should AI systems capture and structure clinical discussions, amalgamate extensive datasets, and derive operational intelligence from NHS functions, the NHS could cultivate one of the most influential health data assets globally.
The critical consideration is whether this asset maintains NHS stewardship, or whether the organisation transitions to a mere provider of data to external platforms. While the aggregation, anonymisation, and ethical utilisation of substantial datasets should be encouraged—evidenced by platforms like OpenSAFELY during the COVID-19 crisis—extensive control undertaken by non-local entities risks exporting the significant economic and strategic value of these datasets.
To mitigate such risks, it is imperative to establish a comprehensive strategy centred on data sovereignty. Data generated through NHS care, particularly that which is structured or derived from AI systems, must remain under NHS governance. Platforms should embrace open, interoperable standards that facilitate portability and counteract vendor lock-in. Furthermore, investment in domestic analytical capabilities is essential for the UK to maintain oversight over its health data ecosystem.
AI could stand as a pivotal advancement within contemporary healthcare. However, if the NHS relinquishes command over its data while embracing AI technologies, it may forfeit control over the wealth of knowledge generated by its patients and healthcare practitioners.
The ramifications of losing data sovereignty are profound, encompassing economic implications, innovative capacity, clinical decision-making, national durability, and public trust. Therefore, data sovereignty emerges not merely as a technical concern in the digital transformation journey but as the fundamental issue that will dictate the future governance of the NHS.
The NHS was founded as a publicly accountable healthcare entity and must not evolve into a publicly funded data generator for privately operated intelligence platforms.
*Professor David Strain, Chair of the British Medical Association’s Board of Science.*
Our Thoughts
The article highlights significant risks associated with the integration of AI in NHS data management, particularly concerning data sovereignty. To mitigate these risks, several proactive measures could have been implemented.
Firstly, ensuring compliance with the UK General Data Protection Regulation (GDPR) is imperative, as it mandates data protection and privacy. A clear data governance framework should have been established, dictating that all data — including AI-structured datasets — remains under NHS control to prevent unauthorized access and exploitation.
Moreover, establishing stringent partnership criteria for collaborations with private organizations could have safeguarded NHS data stewardship. The NHS must prioritize contracts that retain data ownership and prevent dependence on foreign platforms, aligning with the Health and Safety at Work Act (1974) which stresses management responsibilities to protect employees’ interests, including data security.
Critical infrastructure must also be robust. Developing indigenous cloud capabilities would enhance resilience against external pressures while complying with the IT regulations set out in the UK Health and Social Care Act 2012.
Ultimately, prioritizing NHS stewardship over data and fortifying partnerships with a clear strategy for data sovereignty would significantly reduce the risk of losing control over valuable health datasets.
