New government code of conduct for data-driven technologies in the health and care industries

The Department of Health and Social Care (DHSC) has published an initial Code of Conduct for the use of data-driven technology in the health and care sectors (the "Code"). The Code, authored by Health Minister Lord O'Shaughnessy, is aimed at creating a standardised regulatory and commercial environment in which innovators can flourish, while maintaining data safety and public trust. Described as an initial "working document", to be developed over the coming months and years, the Code is a step forwards in addressing the opportunities and issues presented by advances in technologies such as AI and machine-learning, and their applications in the health and care industries.

The utilisation of data has tremendous potential in the health and care industries. The sheer amount of available data is a significant resource, and the importance of accurate and rapid observation and analysis represents an opportunity for technology to enhance capabilities. Machine learning technologies can produce quicker and often more accurate diagnoses, and images and data sets can be analysed faster and with a higher success rate. With an overstretched and under-resourced service, these are tempting propositions.

Many innovators are already successfully exploiting the potential of data-driven technology in the health sector. Oxford-based Brainomix analyses brain scan images with AI algorithms to aid in diagnosing strokes. iRhythm Technologies, based in San Francisco, produces monitors which combine with AI technologies to detect and diagnose cardiac arrhythmia. At a more general level, Health Navigator produce an app which acts as a "triage symptom checker", using natural language processing to feed patient-dictated symptoms into a machine-learning algorithm to provide an initial diagnosis. The possible applications of AI and machine learning are numerous, and their potential continues to grow as the technologies develop.

However, there remain significant issues with the use of big data, issues which are compounded when applied to such sensitive data as personal information and medical records. Public trust in AI and big data is low, especially given recent high-profile cyber-security breaches. The accuracy of AI and machine-learning is also a cause for concern. Without robust safeguards in place, there is potential for "bad" data to be fed into algorithms, producing poor results and undermining the overall efficacy of the product.

The balance between responsible stewardship of data and the creation of a suitable environment which will allow data-driven technology to flourish is delicate. This is illustrated by the 2015 data-sharing deal between the Royal Free Hospital and Google's DeepMind. In this case, insufficient contractual safeguards were in place and, as a result, large amounts of data outside the remit of the programme, including personal information and medical records, were shared with Google. The issue stemmed from the fact that a template NHS contract was used, which was insufficiently tailored to the unique circumstances of the DeepMind arrangement. Adopting the principles of the Code and applying them to future collaborations between private industry and the health sector would go some way to preventing failures such as this in the future.

The Code makes some progress in alleviating these concerns, and aims to create an operating framework in which the potential benefits can be realised while maintaining safety and trust. It sets out 10 principles for organisations to follow which focus on matters of openness, clarity, security and practicality. Consideration is given to concepts underpinning the GDPR, but also to more commercial elements such as interoperability of systems and market compatibility. Requirements to define the value proposition and the business strategy demonstrate that the government's approach is concerned with the commercial prospects of proposed technologies, just as much as their safe and secure implementation.

Following on from its Life Sciences Industrial Strategy, the government is also making a clear effort to demonstrate that the responsibilities are two-way by setting out five commitments that it will adhere to. Crucially, there is a commitment to simplify the regulatory and funding landscape, which currently represents a significant barrier to entry for many businesses. There are also commitments to improving the interoperability of current systems and the encouragement of innovation.

The Code demonstrates the government's recognition of the growing importance of data-driven technologies and shows an encouraging attitude towards the significant opportunities for growth in the sector. The government's approach is a collaborative one, recognising the need for reform of national systems and regulatory infrastructure as well as responsible cooperation from business. For now, the Code is not compulsory and organisations can voluntarily sign up. However, early engagement could provide opportunities to help shape the conversation and benefit from discussion on developments in future policy. Feedback is also encouraged ahead of the proposed adoption of the Code as standard in December.