+44 (0) 121 582 0192 [email protected]

Confidentiality is a mandatory legal and ethical duty in the UK health sector especially when it comes to artificial intelligence and privacy in the use of medical devices. Using artificial intelligence to improve patient care has raised data privacy concerns about how data is secured between devices, smartphones, and the transfer of data over the internet back to the manufacturer or cloud. Confidentiality has always been an essential legal and ethical duty among medical practitioners.

The importance of maintaining patient confidentiality

Medical device organizations want to protect the confidential health information of patients and their families who entrust their data to them. Patients don’t like unauthorized access to their medical history, which intensifies when the processing concerns –  those with learning disabilities or mental health conditions.  Wearables are now the norm in life; whether they record the number of daily steps, heart rate, or glucose levels, many of which are bought across the counter at stores.

The potential for artificial intelligence to improve patient care

It is clear. The legal and ethical issues arising from using artificial intelligence in the medical sector are already being discussed. This discussion prompted leading ethicist Professor Jonathan Zittrain to call for a “Re-Robotsquatting” debate, as the technology is being developed to make clinical decisions that medical practitioners would otherwise be in a position to make. The recent case of the unidentified patient in Texas whose Viagra was increased without his knowledge is another example of the privacy concerns that the use of artificial intelligence can address. These concerns the ethical treatment of sensitive patient data, for example, an individual’s personal, health-related data.

The data privacy implications of AI-powered medical devices

There is some uncertainty regarding the benefits of anonymizing datasets. There is concern that this could result in collecting sensitive information without consent, resulting in new ‘treatment’ based on data that was never intended for patient use. There is also a fear that a system could become insensitive to context and respond disproportionately to human preferences, undermining trust in the health industry. Anonymizing data protects patients from surveillance and treatment based on unethical or unsafe means. Researchers may need to rethink the ethics of anonymizing clinical data to justify it in research and healthcare applications.

How does the law currently protect patient confidentiality?

It is difficult to argue that our country’s current laws comprehensively tackle medical data privacy breaches or ensure compliance with these laws in general. This is partly because the legislation does not explicitly address medical devices, software, medical records, or clinical trials. Instead, it is up to the individual institutions that hold data and are involved in medical research and treatment to act. Nevertheless, it would be a brave medical or research institution that would risk legal action by taking risk when it comes to patient confidentiality or the lack of it.

Automated Processing

Medical professionals must keep themselves informed about privacy risks associated with the processing, sharing, and retaining of patient data. As medical devices rely on automated processing

‘Profiling’ involves (a) automated processing of Personal Data; and (b) using that Personal Data to evaluate certain personal aspects relating to a natural person; in other words, making automated decisions that impact individuals. Automated processing implies the exclusion of any human intervention in any decisions which may be taken about such profiling.

If this applies to your organization, ensure all processing activities described in data processing legislation are backed up by automated decision-making and assessment.

Conclusion

Medical professionals must keep themselves informed about privacy risks associated with the processing, sharing, and retaining of patient data. As medical devices rely on automated processing, creating a structured privacy framework is invaluable for medical device companies of all sizes. Recovery from a medical device security breach is More expensive than preventing one.