Home Dates & Deadlines Application Forms & Templates Amendment Forms & Reports Contact Us
AI

 

Artificial Intelligence

This committee is starting to see submissions which involve the use of artificial intelligence. To date these studies have involved:

  • developing algorithms, and inputting healthcare data into algorithms with a view to training these algorithms to recognise patterns and to make decisions based on data.
    (This subset of artificial intelligence is called 'machine learning.' Machine learning models train on large amounts of data to gradually learn and improve their accuracy rates over time.)

  • developing AI healthcare software.
    (AI healthcare software uses machine learning and data analytics to analyse data, predict outcomes, and make decisions e.g. assessment, diagnosis, treatment.)

  • using licenced AI healthcare software.
    (Licensed AI healthcare software is CE Marked as a Medical Device in the European Union)


Concepts from the European General Data Protection Regulations (GDPR) which can apply in the context of artificial intelligence include: -

  1. Automated Processing, simply explained in the context of AI, is processing data about a person using AI.
  2. Profiling, simply explained in the context of AI, is making inferences, predictions, drawing conclusions etc. about a person using AI.
  3. Automated Decision Making, simply explained in the context of AI, means making an assessment which results in a decision affecting a person using AI.
  4. Decision Made Solely Based on Automated Decision Making, simply explained in the context of AI, means making an assessment which results in a decision affecting a person using AI and there is no human input into this decision.
  5. Decision Made solely Based on Automated Decision Making which produces legal or similarly significant effects, simply explained in the context of AI, means making an assessment which results in a decision affecting a person using AI which significantly impacts the person and there is no human input into this decision.

The interplay between and the application of the above concepts is complex.

Data Subjects (research participants) have the right to object to profiling (Point 2) and to automated decision making (Point 3)

Where Point 5 applies, researchers need to consider relying on 'consent' as an art 6 legal basis, and explicit consent as an art 9 condition under GDPR. This presents difficulties where the hospital is the data controller as 'public bodies' are generally not permitted to rely on consent / explicit consent due to the fact that a power imbalance exists and consent cannot be freely given.