Regulating algorithms in healthcare

12 January 2018

What is the legal framework for the use of algorithms in healthcare? How well equipped are clinicians and technology developers to understand their rights and responsibilities when it comes to developing or using algorithms that deliver clinical decisions? And what are the consequences for patients?

Why it matters

As the fundamental basis of all computerised tasks, algorithms are increasingly integral to healthcare. They perform functions at every level, from the research laboratory to the clinic; in rudimentary operating system processes to highly advanced analytical systems. Despite their prevalence, the precise definition of an algorithm is increasingly contentious, and this lack of clarity has ramifications for how algorithms in healthcare are developed and regulated.

Determining the ownership of an algorithm, who is liable if it fails, how patient data is handled and the patient’s right to explanation when looking at black box techniques are all major concerns, with unclear answers.

Providing awareness of the regulatory issues of algorithms is important work, and connecting developers with users and regulators will help provoke further discussion of the regulatory issues and contribute to the foundations of a network of regulators and developers to help address these problems within the sector.

 

Johan Ordish talking about the project

Our objectives

To understand how algorithms are regulated in healthcare

  • Consider how legislation such as the GDPR, MDR, and IVDR affect algorithm applications
  • Work with regulators, academics and developers to better understand the regulatory landscape that algorithms fit into in healthcare

Timeline

What we are doing

Working with the Cambridge Centre for Law, Medicine and the Life Sciences, we will convene two  stakeholder workshops.

Workshop 1 – Regulating algorithms in healthcare – the GDPR and IVDR
in practice

For our first workshop, academics and regulators will come together to consider the following key issues:

  • Does the GDPR contain a right to explanation?
  • Might counterfactual explanation satisfy a right to explanation?
  • How does the IVDR (and MDR) intended purpose test for the definition of IVD compare with the FDA’s risk-based strategy?
  • Is the intended purpose text flexible enough to adequately regulate mHealth and other algorithms that might be used for human health?
  • Consider the difficulties of validation of software under the MDR/IVDR.
  • Consider the difficulties of surveillance of software under the MDR/IVDR.

Workshop 2 – Regulating algorithms in healthcare – liability and
intellectual property

We aim to convene our second workshop later in the year, which will bring together developers and other industry stakeholders. This workshop will focus on issues of liability and intellectual property that impact on algorithms for healthcare.

We will produce a number of briefing notes and blogs throughout the project to stimulate discussion and inform understanding of the nature and legal & regulatory position of algorithms in healthcare.

Following each workshop, outputs summarising areas of consensus and disagreement will be made available.

 

For more information about this project please contact Johan Ordish.