From my daily work supporting Caldicott Guardians, it is clear that Artificial intelligence is increasingly embedded in NHS systems, under labels such as “decision support”, “productivity tools” or “safety analytics”.

While much attention has focused on where patient data flows, the Information Commissioner’s Office (ICO) has highlighted a different and growing risk: processing that generates new data about individuals without their active awareness or understanding.

The ICO refers to this as “invisible processing” and AI systems are particularly capable of it.

For Caldicott Guardians, this matters because invisible processing is not just a transparency issue. It raises fundamental questions about confidentiality, proportionality, and whether new information created about patients is genuinely in their best interests.

Invisible processing: not hidden data, but newly created data

The ICO uses the term invisible processing to describe personal data use that individuals do not reasonably expect, cannot easily observe, or would struggle to understand.

Importantly, this is not limited to data being secretly shared or stored. Invisible processing often arises when systems infer, predict or generate new information about people, information they did not explicitly provide, and may not know exists.

Examples include:

• risk scores

• priority or vulnerability indicators

• behavioural or clinical profiles

• likelihood or probability assessments

• 
  

Once generated, this inferred data can influence decisions, shape care pathways, or trigger interventions, even though the individual may never see it.

Why AI significantly increases the risk

Traditional health records are largely declarative: clinicians record what is observed, reported or decided. AI systems behave differently.

AI tools can:

• analyse patterns across large volumes of data

• combine information from multiple sources

• infer characteristics, risks or future outcomes

• generate outputs that appear objective or authoritative

Crucially, these outputs are new personal data. They are not simply reflections of what the patient has said or what a clinician has recorded.

Because these inferences are generated automatically and embedded into workflows, patients, and sometimes clinicians, may be unaware that new data about the individual has been created at all.

Where inferred data is already appearing in NHS contexts

Inferred or generated data is increasingly present in everyday systems, for example:

• Risk stratification tools that assign patients to categories or scores

• Triage and prioritisation systems that infer urgency or likelihood of deterioration

• Clinical documentation tools that summarise or interpret records, shaping how information is presented

• Population health and safety analytics that generate indicators beyond direct care

In each case, the issue is not that the system uses data, but that it creates additional data about the person, which may:

• feel unexpected from a patient perspective

• be difficult to explain clearly

• influence decisions without being visible

  
  

Lessons from the ICO: the Easylife case

The ICO’s enforcement action against Easylife Ltd illustrates this risk clearly.

Easylife sold everyday assistive products such as shoe horns and jar openers.

Using analytics, the company inferred health conditions and disabilities about customers based on their purchasing behaviour and then used those inferences for targeted marketing.

Customers were not told that such inferences were being made.

The ICO found that Easylife had unlawfully processed inferred special category data, and that the creation of new, sensitive information about individuals without their awareness constituted unfair and non-transparent processing.

The relevance for health and care is obvious: it is the act of inference, the creation of new data, that creates risk, even when the original data was lawfully obtained.

Inferred data through a Caldicott lens

AI-generated data challenges several Caldicott Principles in subtle but important ways:

• Justify the purpose(s) New data must have a clearly articulated purpose, not just an assumed benefit.

• Use the minimum necessary Inference often involves analysing more data than is strictly needed to generate an output.

• Access on a strict need-to-know basis While human access may be controlled, systems may generate insights far beyond any individual user’s remit.

• Inform patients and service users Patients may be unaware that new risk scores, profiles or indicators exist at all.

  
  

For Caldicott Guardians, the challenge is ensuring that inferred data is necessary, proportionate, and defensible, not simply technologically possible.

Why general transparency statements are not sufficient

Many organisations rely on broad privacy notices that reference “AI”, “analytics” or “decision support”. However, the ICO has been clear that transparency must support real understanding.

From a Guardian perspective, the key test is not whether inference is mentioned somewhere, but whether:

• a patient would reasonably expect this new data to be created

• the organisation could explain what it means and how it is used

• the inference could be challenged or corrected

If not, the processing risks being invisible in practice, even if technically disclosed.

Practical steps for Caldicott Guardians: working with DPOs and DPIAs

Caldicott Guardians are not expected to design AI systems or conduct DPIAs themselves. However, they play a vital role in assuring that inferred and generated data is handled appropriately.

When engaging with DPOs on DPIAs for AI-enabled systems, Guardians may wish to:

1. Ask explicitly about inferred or generated data

Ensure the DPIA clearly identifies:

• what new data the system creates

• whether it constitutes personal or special category data

• how long it exists and where it is stored

  
  

2. Focus on patient expectation and fairness

Explore with the DPO:

• whether patients would reasonably expect these inferences

• how they could be explained in plain language

• whether any inference could feel intrusive or stigmatising

  
  

3. Test necessity and proportionality

Challenge whether:

• the inferred data is genuinely required for the stated purpose

• less intrusive approaches could achieve the same outcome

  
  

4. Clarify influence on decisions

Ask how inferred data:

• influences clinical or operational decisions

• can be overridden, corrected or ignored

• is monitored for bias or error

  
  

5. Agree thresholds for Guardian oversight

Work with the DPO to define:

• which types of inference require Caldicott Guardian review

• what documentation is needed for assurance

• what would trigger escalation or reassessment

  
  

My advice to customers is that AI’s ability to generate new information about people is both its strength and its risk. In health and care, inferred data can support earlier intervention and better outcomes, but only if it is used transparently, proportionately and in a way that maintains trust.

If new data is being created about patients, Guardians must be able to see it, understand it, and justify it, especially if the patient never directly provided it.