Regulating algorithms in healthcare

12 January 2018

What is the legal framework for the use of algorithms in healthcare? How well equipped are clinicians and technology developers to understand their rights and responsibilities when it comes to developing or using algorithms that deliver clinical decisions? And what are the consequences for patients?

Why it matters

As the fundamental basis of all computerised tasks, algorithms are increasingly integral to healthcare. They perform functions at every level, from the research laboratory to the clinic; in rudimentary operating system processes to highly advanced analytical systems. Despite their prevalence, the precise definition of an algorithm is increasingly contentious, and this lack of clarity has ramifications for how algorithms in healthcare are developed and regulated.

Determining the ownership of an algorithm, who is liable if it fails, how patient data is handled and the patient’s right to explanation when looking at black box techniques are all major concerns, with unclear answers.

Providing awareness of the regulatory issues of algorithms is important work, and connecting developers with users and regulators will help provoke further discussion of the regulatory issues and contribute to the foundations of a network of regulators and developers to help address these problems within the sector.


Johan Ordish talking about the project

Our objectives

To understand how algorithms are regulated in healthcare

  • Consider how legislation such as the GDPR, MDR, and IVDR affect algorithm applications
  • Work with regulators, academics and developers to better understand the regulatory landscape that algorithms fit into in healthcare



What we are doing

Working with the Cambridge Centre for Law, Medicine and the Life Sciences, we will convene two  stakeholder workshops.

Workshop 1 – Regulating algorithms in healthcare – the GDPR and IVDR
in practice

For our first workshop, academics and regulators considered the following issues:

  • Does the GDPR contain a right to explanation?
  • Might counterfactual explanation satisfy a right to explanation?
  • How does the IVDR (and MDR) intended purpose test for the definition of IVD compare with the FDA’s risk-based strategy?
  • Is the intended purpose text flexible enough to adequately regulate mHealth and other algorithms that might be used for human health?
  • The difficulties of validation of software under the MDR/IVDR.
  • The difficulties of surveillance of software under the MDR/IVDR.

Workshop 2 – Regulating algorithms in healthcare – liability and
intellectual property

Our second workshop brought together developers and other industry stakeholders to focus on issues of liability and intellectual property that impact on algorithms for healthcare.

We will produce a number of briefing notes and blogs throughout the project to stimulate discussion and inform understanding of the nature and legal & regulatory position of algorithms in healthcare.

Following each workshop, outputs summarising areas of consensus and disagreement will be made available.

For more information about this project please contact Johan Ordish.