“Technology providers derive significant value from the NHS beyond access to unique data sets.”
The UK Department of Health has published an AI code of conduct for data-driven health applications and artificial intelligence technologies, as enterprise interest grows in the NHS’s vast data trove.
The codes of conduct consists of ten principles that outline how the NHS should work with technology companies that are developing AI systems and algorithms for use in healthcare.
The NHS currently works with several technology companies to deliver AI based medical services, such as UK-based AI developers Ultromics, which helps increase detection of lung cancer and heart disease via AI systems. The NHS also works with Imperial College London, which has designed an AI system that predicts the survival rates for patients with ovarian cancer.
The ten principles laid out in the code aim to foster innovation and tech company engagement with the NHS, while also ensuring that patients are protected from data abuse.
The first two principles deal with what the patient’s needs are, and whether the tech being developed fits into the context of those needs. This requires enterprises to clearly outline what their product is and how it will bring about the desired medical outcome.
Data Protection Requirements
The need to adhere to data protection regulations is established in the third and fourth principles which stipulate that companies and the NHS can only use the data for the reasons stated when it is first collected from patients, who are required to give express permission for their data to be used.
The NHS AI Code of conduct states that its “responsibility as an internationally trusted health and care system is to use all the tools at our disposal to improve the quality and safety of care, including data-driven technologies, in a safe, ethical, evidenced and transparent way.”
Several principles detail how the NHS will require companies to be transparent about not only how their algorithms work, but they must accurately state the limitations of what can actually be achieved from the deployment of AI on medical datasets.
Andrew Grant, Business Development Director at Imagination Technologies told Computer Business Review that “The principles of the code are clear and well-written and understandable to all.”
“They identify potential pitfalls such as the need for diversity to be reflected in the data. For example, if an issue affects a specific part of the populace for genetic or sociological reasons then this should be accounted for in the training and validation datasets so that bias does not occur in prediction. This is fundamental, and it is imperative that what is, and what is not in the data is fully understood.”
NHS AI Code of Conduct: Concerns About the Value of Data
The codes come nearly two years after the Information Commissioner’s Office slammed the Royal NHS Foundation Trust for failing to comply with GDPR’s predecessor, the Data Protection Act, when it provided patient details to Google’s Deepmind.
A key issue highlighted by the ICO was that patients were not adequately informed how their data was going to be used.
“Our investigation found a number of shortcomings in the way patient records were shared for this trial. Patients would not have reasonably expected their information to have been used in this way, and the Trust could and should have been far more transparent with patients as to what was happening,” the ICO stated in 2017.
The third and fourth principles in the AI codes of conduct specifically address the concerns the ICO raised. However, principle ten goes a step further with regards the further commercialisation of patient data and acknowledges that access to this data has extended value to technology companies.
“Technology providers derive significant value from the NHS beyond access to unique data sets – through medical and clinical involvement, test beds and pilots – and this value should be captured within the commercial arrangement,” the NHS states in the codes.
David Biden CEO at human+, a robotic process automation partner working with government and non-profits, told Computer Business Review: “This is absolutely a step in the right direction for the UK government and the NHS.”
However he told us that Principle 10, which defines the commercial strategy is a ‘little vague’ and he would like to see it fleshed out with further detail over time.
“Speciality data legal advice isn’t something that is easy to access and readily available for most project teams, so this will likely affect delivery of solutions. It will be interesting to see how these first few programmes, products and solutions are monitored and advised through the new code of conduct,” he commented.
The NHS Code of Conduct for Data-Driven Health and Care Technology is intend to function as a living document which will be continually assessed and updated as they increases the digitalisation of the Health service.