UK Citizens Wary of NHS AI Use, Citing Privacy Concerns

Written by

Over half (56%) of UK citizens do not trust the NHS to use AI to analyze patient data due to security and privacy concerns, according to research by VMware.

In addition, a quarter (25%) of the more than 2000 respondents to the VMware survey said they are completely against the NHS using AI to process their patient data.

The growing use of AI, placed firmly into public consciousness following the release of OpenAI’s ChatGPT tool in November 2022, has raised a number of data privacy concerns. These include the role of AI in creating inferential data.

In addition, the data used to create and train large language models such as ChatGPT has come under scrutiny from data protection experts.

Dr Will Venters, Associate Professor of Information Systems, London School of Economics, told Infosecurity that the findings show that social as well as technical and legal barriers to the use of AI in the NHS must be overcome before the healthcare benefits of these technologies can be fully realized.

“We need patients to accept its use. Back in 2016 there was considerable controversy from Google’s DeepMind relationship and the Royal Free London NHS Trust’s sharing of data from 1.6 million patients. Avoiding such controversy and political backlash should be part of the overall security and privacy strategy for sustainable AI,” he explained.

Guy Bartram, Cloud Evangelist EMEA, VMware, added that education and transparency around how AI is used and its benefits should be a priority.

“People need educating in what new technologies like AI will be doing with their data and the NHS could go far by openly discussing and advertising their solutions and how they ensure national citizen data security is maintained, not doing so leaves room for doubt and will not gain trust,” he commented.

Image credit: Piotr Swat /
Image credit: Piotr Swat /

Despite the concerns, 45% of the respondents to the VMware research said they were open to the NHS using AI to improve services, and 44% were happy with these technologies to be used in processing patient data if it helped to process diagnostic tests faster.

Data Sovereignty Concerns

The study also found that 87% of UK consumers believe it is important their NHS patient data is stored in the UK. Of these respondents, 39% think that this data being held within the country’s national borders will ensure it complies with UK data privacy regulations.

Over a fifth (22%) said they do not trust other countries to safeguard their data as well as the UK does, while 21% believe this information will be less likely to be exposed to foreign cyber threats or accessed by foreign entities.

In the report, VMware highlighted that many UK NHS and social care providers use public cloud services, which means that patient data is currently hosted either within the UK, the European Economic Area (EEA) or a country deemed adequate by the UK.

Overall, the majority (59%) of consumers expressed confidence in the NHS’s ability to safeguard their sensitive information.

Venters expressed surprise at the strength of opposition to NHS data leaving the UK, but acknowledged that the strength of feeling around UK sovereignty should be reflected in the institution’s data practices.

He said: “As Nigel Lawson once said ‘the National Health Service is the closest thing the English have to a religion’ – people tend to trust it. Maintaining that trust over the decades to come requires robust and patient centric approaches to data management and security.”

Bartram commented that the findings show the importance of the NHS and other critical sectors demonstrating data sovereignty to build consumer trust with patient data. He said this can be achieved by ensuring more data is stored in a sovereign cloud, which ensures all data, including metadata, is held within the local jurisdiction.

“The NHS, and any other verticalized industry, needs to make careful choices about where their data is resident, under whose jurisdiction, how and particularly what is processed. Processing or storing any data that is confidential or has privacy legislation regarding the data and meta data, should be subject only to the jurisdictional laws of which its owner pertains,” he told Infosecurity.

The research was published on July 5, 2023, the 75th anniversary of the UK’s National Health Service (NHS).

What’s hot on Infosecurity Magazine?