The internet giant was given the data by one of the largest NHS trusts to develop an app to monitor possible kidney failure.
The encrypted information includes the names and medical histories of every patient who had stayed in hospital overnight or attended A&E in the past five years.
None of the patients was told beforehand and the revelation has exposed the ease with which private companies can obtain highly sensitive medical information without consent.
The data given to the internet giant would include patients' complete medical histories, including whether they had been diagnosed with HIV, depression, suffered from drug or alcohol addiction, or had an abortion.
But neither Google nor the Royal Free could explain why the data of so many patients was needed for the software to be developed.