24 September 2018

Government launches Code of Conduct for AI and data-driven technology in the healthcare sector.

The Department of Health and Social Care has recently issued a draft version of a Code of Conduct for Artificial Intelligence (AI) and data-driven technologies in healthcare, with the aim of providing clear guidance on how personal data is protected whilst at the same time promoting innovation and the introduction of technologies into the healthcare system.

The publication of the Code follows the publication of the Data Ethics Framework earlier in the summer by the Department for Digital, Culture, Media and Sport, which guides the design of appropriate data use in the public sector. The Code of Conduct is designed to build on the Framework and outline the government’s expectations of companies engaging with the NHS, and what support they can expect from the NHS and the government in return.

Drivers for the new Code

AI and data-driven technologies and algorithms have great potential and are increasingly being deployed across the healthcare system. These technologies are already being used across the NHS to improve the diagnosis of heart disease and certain cancers, and to better match patients to clinical trials, to name but a few applications.  They are also increasingly used in social care, for example in telemedicine and e-health.  However, these technologies are often heavily reliant on sensitive personal data, and so special care is needed to ensure that data is shared and protected appropriately within the existing legal framework.

Another driver for the introduction of the Code is to provide clarity concerning the regulatory pathway for the market entry of rapidly developing and evolving innovation.  New and emerging technology often straddles the remit of multiple regulators across its lifecycle, and so it has been recognised that there is a need to provide clarity and structured guidance.

The Code, which is in an initial consultation phase, is intended to encourage companies to meet what the government describes as “a gold-standard set of principles that will protect patient data and make sure only the best technologies are used by the NHS, to bring real benefits to patients.” The key privacy principles reflect those mandated by the General Data Protection Regulation (GDPR) which came into force in May 2018, and the Data Protection Act 2018, which should both be considered alongside the Code.

The ten principles

The draft Code contains the following 10 key principles outlined below:

  • Define the user:  understand how the proposed technological solution can benefit the user and what co-morbidities may be present.
  • Define the value proposition: understand the business case and performance indicators.
  • Be fair, transparent and accountable about what data is being used: utilise privacy-by-design principles with data-sharing agreements and data protection assessments. Ensure compliance with the GDPR.
  • Use data that is proportionate to the identified user need: ensuring compliance with the data minimisation principle of the GDPR.
  • Make use of open standards: utilise current data and interoperability standards.
  • Be transparent to the limitations of the data used and algorithms deployed: consider strengths and limitations of any algorithms used.
  • Make security integral to the design: ensure appropriate levels of security and safeguarding of data.
  • Define the commercial strategy: demonstrate how the commercial terms of the partnership benefit both the technology company and the healthcare provider.
  • Show evidence of effectiveness for the intended use: or outline a plan that addresses the minimum level of evidence required given the functions performed.
  • Show what type of algorithm is being built, the evidence for choosing that algorithm, and how its performance will be monitored on an ongoing basis.

The government’s commitment

The Code also sets out the government’s commitments to companies working in the sector.  These include: simplifying the regulatory and funding landscape and creating an environment that enables experimentation and innovation but does not risk patient safety; encouraging the adoption of innovation; improving interoperability, and listening to users.

The government intends that the final Code will clarify what it will do to support and encourage innovators in healthcare, including the eventual development of trusted approval systems and a pathway for suppliers of digital technology to enter the market on terms which benefit technology companies and healthcare providers alike.

Next steps

Although the Code is not compulsory, the Department of Health is encouraging high-technology companies operating in this sector to voluntarily sign-up and adhere to the Code and to provide feedback in the form of a questionnaire. The Department of Health has also announced that it is conducting a formal review of the regulatory framework and the commercial models used in technology partnerships with the NHS.

An updated Code is be published later in December 2018, taking into account both the review of the regulatory framework and feedback of the Code received from innovators and healthcare professionals. At this point the Code will become a collaboratively agreed standard for technology partnerships in the NHS.

In the more long term, the government is considering how to best develop the Code and is considering the introduction of a partnership support service and ‘Kitemark’ scheme, underpinned by a robust application and evaluation process.

Venner Shipley’s legal team advises on all aspects of data protection and commercial transactions in the healthcare sector.  Please contact us if you have questions concerning the government’s announcement and the new Code.

More information about the Code of Conduct can be viewed here.