Regulating algorithms in healthcare

12 January 2018

What is the legal framework for the use of algorithms in healthcare? How well equipped are clinicians and technology developers to understand their rights and responsibilities when it comes to developing or using algorithms that deliver clinical decisions? And what are the consequences for patients?

Why it matters

As the fundamental basis of all computerised tasks, algorithms are increasingly integral to healthcare. They perform functions at every level, from the research laboratory to the clinic; in rudimentary operating system processes to highly advanced analytical systems. Despite their prevalence, the precise definition of an algorithm is increasingly contentious, and this lack of clarity has ramifications for how algorithms in healthcare are developed and regulated.

Determining the ownership of an algorithm, who is liable if it fails, how patient data is handled and the patient’s right to explanation when looking at black box techniques are all major concerns, with unclear answers.

Providing awareness of the regulatory issues of algorithms is important work, and connecting developers with users and regulators will help provoke further discussion of the regulatory issues and contribute to the foundations of a network of regulators and developers to help address these problems within the sector.


Johan Ordish talking about the project

Our objectives

To understand how algorithms are regulated in healthcare

  • Consider how legislation such as the GDPR, MDR, and IVDR affect algorithm applications
  • Work with regulators, academics and developers to better understand the regulatory landscape that algorithms fit into in healthcare


  • January 2018

    Briefing note - What is an algorithm?

  • Febuary 2018

    Briefing note - What is the GDPR?

  • Febuary 2018

    Briefing note - What is the IVDR?

  • March 2018

    Stakeholder workshop 1

  • October 2018

    Stakeholder workshop 2

What we are doing

Working with the Cambridge Centre for Law, Medicine and the Life Sciences, we will convene two stakeholder workshops, the first, with academics and regulators, to consider how algorithms and the data they manipulate are regulated by the EU’s General Data Protection Regulation (GDPR) and In Vitro Devices Regulation (IVDR).

Our second workshop, will work with algorithm developers to consider issues of liability and intellectual property, and concerns of ownership of data and the responsibilities of developers and users.

We will be publishing briefing notes and blogs to stimulate discussion and inform understanding of the nature and legal & regulatory position of algorithms in healthcare.