Proceedingsofthe2019HealthITWorkshopon

EmergingTechnologiesinHealthcare:

Legal,Ethical&SocialAspects

7th&8thNovember2019

MiddlesexUniversity,London,UK

1

Proceedingsofthe2019HealthITWorkshop

on

EmergingTechnologiesinHealthcare:

Legal,Ethical&SocialAspects

7th&8thNovember2019MiddlesexUniversity,London,UK

Editors:

CarlisleGEORGE(MiddlesexUniversity,UK),DianeWHITEHOUSE(TheCastlegateConsultancy,UK),

PennyDUQUENOY(MiddlesexUniversity,UK).

ISBN978-1-64713-330-6

2

Foreword

This sixth health IT workshop signals the growing importance of ethics, law and governance ofemergingtechnologiesandofthepowerofsustainedinternationalcollaborations.Thestakescouldnotbehigher.Fromtheevolutionof learninghealthcaresystemsandever-newandtricky privacy challenges, to identification of appropriate uses and users of intelligentmachines, theneedtoensurethatwegetitrightisofthehighestimportance.Peoplecannot“getitright”withoutthekindofresearchandscholarshipbroughttobearinforumslikethisone.This year’s programme is thematically andprofessionallydiverse. It addresses the development andapplications of extraordinarilypowerfulmachines, and features speakerswho havemade ethics andhealth information technology their focus. The speakers’ contributions document the breadth andcreativityoftheemergenceofoneoftheworld’sleadingforumsforaddressingethicalandlegalissuesraisedbyahealthtechnologywithunprecedentedglobalreachandeffect.Itissaidthatscienceandtechnologyoftenoutstripethicsandthelaw,andthatpeople’sabilitytodesignnewtoolsissuperiorto,oratleastmorerapidthan,theircapacitytoensurethatthesetoolsareusedwisely.Thisworkshopand itsantecedentsare importantcounterexamples tosuchaposition.Withspeakersfrom academia, government and industry, theworkshop continues a decade-long initiative. Itmakesplainacollectivecommitmentto thekindofvaluesandgovernance thatbothadvancethebenefitsofnewtechnology,andprotecthumanrightsandhonouruniversalvalues.This transcontinental partnership, linking the University of Miami with Middlesex University, TheCastlegateConsultancyandTheEuropeanCentreforEthics,LawandGovernanceinHealthInformationTechnology, is perhaps unique in its topics and foci. It has simultaneously fostered innovativescholarship and provided rare opportunities for students to participate in an exciting new area ofinquiryandpractice.Itseemsclearthatthisisnotsolelyavaluablepartnership,itmightevenbeafundamentallynecessaryone.Theflowofbothdataanddiscoveryhasbeenenoughtorendertheworldaverydifferentplaceinaveryshorttime.Asthatworldistoooftenaplaceofconflictanddiscord,thesekindsofcollaborationspointthewaytodoingthingsbetter.This,precisely,ishowwewillgetitright.ProfKennethW.GoodmanProfessorofMedicineandjointlyofPhilosophyDirector,UniversityofMiamiMillerSchoolofMedicineInstituteforBioethicsandHealthPolicyDirector,WHOCollaboratingCentreinEthicsandGlobalHealthPolicyChair-EthicsCommitteeoftheAmericanMedicalInformaticsAssociation

3

ContentsWelcomefromtheInterimVice-Chancellor...................................................................................................4

WelcomefromthePro-ViceChancellorandExecutiveDean.....................................................................5

WorkshopIntroduction........................................................................................................................................6

WorkshopProgramme..........................................................................................................................................7

Patient-GeneratedHealthDataandHealthcareInformationFiduciariesDrPaulR.DeMuroandDrHannahK.Galvin..........................................................................................................9

Privacy-respectingApproachtoDataAnalyticsforHealthCarePurposesMrMarcvanLieshoutandDrAndréBoorsma.....................................................................................................13

DataGovernanceinInternationalNeuroscienceResearchMrGeorgeOgoh,ProfBerndStahl,DrDamienOkaibediEke,DrSimisolaAkintoye,DrWilliamKnightandDrIngaUlnicane......................................................................................................................................................15

DataProtection,PrivacyandDataSharingforHealth:EthicsandLegalFrameworkDrJoanaNamorado................................................................................................................................................19

DigitalHealthEurope:CollaboratingwithPeopleandPatientsThroughPlatformsandSpacesMsDianeWhitehouse..............................................................................................................................................22

DigitalisationinMaternity:ImprovingthepatientexperienceDrJasmineLeonceandMsJanetHarris................................................................................................................25

ExploringTheSocietalImpactsofEmergingeHealthTechnologieswithHigh-SchoolStudentsMrRichardTaylorandMsSandraStark..............................................................................................................27

DigitalHealthcareandtheEthicalPrincipleofDualEffectAppliedtoDigitalHealthcareProfHaroldThimbleby............................................................................................................................................29

BigData,AnalyticsandAIforHealth:BenefitsandRisksMrJohnCrawford....................................................................................................................................................32

ArtificialIntelligenceforHealthandCareintheEU:DevelopingethicalandlegalframeworksDrCarlisleGeorge....................................................................................................................................................34

StandardsfortheEthicsofAIMrBrianTranter.....................................................................................................................................................37

HowData-drivenAIcanBenefitfromFormalizedKnowledgetoBecomeMore“Explainable”:AnExperiencefromMedicalProcessMiningProfStefaniaMontani.............................................................................................................................................38

TheLanguageofAutomatedMedicineMrChrisZielinski.....................................................................................................................................................40

QualityAuditswithBlockchainforHealthcareintheUKDrIanMitchellandMsSukvhinderHara..............................................................................................................42

ANovelPrivacyFrameworkformHealthwhenManagingChronicDiseasesMrFaradJusob,DrCarlisleGeorgeandDrGlenfordMapp................................................................................44

AComprehensiveInformationSecurityFrameworkformHealthandPrototypeDevelopmentMsNattaruedeeVithanwattana,DrGlenfordMappandDrCarlisleGeorge....................................................47

SecuringeHealthandmHealth:MovingfromFrameworkstoPrototypesDrGlenfordMapp,DrCarlisleGeorge,MsSukhvinderHara,MsNattaruedeeVithanwattana,MrFaradJusobandMsAnnSamuels.....................................................................................................................................50

ListofParticipants...............................................................................................................................................52

4

WelcomefromtheInterimVice-ChancellorTechnology has incredible power to transform healthcare. Inmy own timewith anNHSAmbulanceService, I sawthe introductionof triagesystems,vehicle tracking,electronicpatientcarerecords,on-line trainingaswellas technologydeployeddirectly togivecliniciansnewoptions inprovidingcare.However, technology can alsobe associatedwith a seductivebelief thatdeployment is easyand thatbenefits, be they clinical or operational, outweigh the risks or costs. It is easy to see when poortechnologyisacauseofproblems;butgoodtechnologydeployedwithoutthoughtfortheconsequencescarriesjustasmanyrisks.Technologyreliesonpeopleandpeoplearefallible;whetherthisismakingmistakesorbeingunwillingtorecognisethecauseofproblems.The law provides a framework to resolve some of these challenges. Ethics provides a potentiallystrongeropportunitytoavoidorsidestepproblems.Anyhealthcaresystemmustoperatewithinasocialcontext.These three complimentary lensesprovide a framework to ensure that technologymeets itspromisetotransform.At Middlesex University we are proud of our world-class team of people who improve healthcareoutcomes by educating the healthcare professionals of tomorrow in an environment in which weadvancetechnologyandclinicalpractice.AsaUniversity,wehaveanimportantroletoplayinprovidingtheopportunitytoshareknowledgeandchallengeideasinordertoadvanceunderstanding.ThetopicofeHealthisonewhichwillmodifyclinicaloutcomesandthereforetransformlives.IamverygratefultoDrCarlisleGeorge,MsDianeWhitehouse,ProfKennethGoodmanandDrPennyDuquenoyfororganisingthisworkshopandassemblingthisgroupofexpertanddistinguishedspeakersfortwodays.I welcome you to Middlesex University. I also hope that you leave challenged, having shared andlistenedtonewanddifferentperspectivesthatyoucanthencarryforwardintoyourimportantworkinthisfield!MrJamesKennedyInterimVice-Chancellor,MiddlesexUniversity,UK

5

WelcomefromthePro-ViceChancellorandExecutiveDean

Technologicaldevelopmentsinhealthcarehavesavedcountlesslivesandimprovedourqualityoflife;however,complexchallengesarisewhenconsidering the legal,ethicalandsocialaspectsofemergingtechnologies.Therapiddevelopmentoftechnologies,suchasartificialintelligenceandblockchain,havethepotentialtodeliverbetterpatientoutcomes.Yettheyneedcarefulconsiderationinlightofconcernsaboutprivacy,cybersecurity,patientrights,politicaldecisionsonnationalandinternationalregulatoryframeworks,andquestionsofequityinaccesstocareandinformation.Universitieshavean important role toplayamid this complexity, since they can createplatforms fordiscussionandexchange thatbring togetherdifferentdisciplinary insights,nationaland internationalperspectives,theoryandpractice,andknowledgeofthelatestandlikelyfuturedevelopmentsinbothhealthcareandinformationtechnology.MiddlesexUniversity,withourreputationforeducatingthehealthcarepractitionersofthefutureandfor innovating in computer anddata science, is an ideal venue forbringing together thought leaderswhoaregrapplingwiththesechallenges.I wish to thank Dr Carlisle George, Ms Diane Whitehouse, Prof Kenneth Goodman and Dr PennyDuquenoy,fororganisingsuchanimportantevent.Ihopethatyouhaveanenjoyableandstimulatingeventinoneoftheworld’smostexcitingcitiesandatoneoftheUK’smostprogressiveandinternationaluniversities.ProfSeanWellingtonProVice-ChancellorandExecutiveDeanFacultyofScienceandTechnology,MiddlesexUniversity,UK

6

WorkshopIntroduction

Emergingtechnologiesinhealthcarecontinuetoplayanimportantroleinimprovingtheprovisionofservicesforpatients;however,theyraisemanyconcernsthatrequirecarefulanalysisanddiscussion.

Thisworkshopwillprimarilyfocusonlegal,ethicalandsocialaspectsofnewandemergingtechnologiesinhealthcareaswellasdevelopmentsregardingregulatoryandethicalframeworksincluding:

• AI(Machinelearning)anddatascienceinhealthcare• Blockchaintechnologiesinhealthcare• MobileHealthApps–developmentofguidelinesandregulatoryframework• AdvancesineHealth,mHealth,Telemedicine,TelecareandTelehealth• PrivacyandDataProtection• DataSharing• Wideraccessto(personal)healthdata(e.g.intermsofpersonalisedhealth;populationhealth)• ThreatstohealthcareITinfrastructure(e.g.cybersecurity,networksecurity)

WorkshopOrganisingCommittee

• DrCarlisleGeorge:AssociateProfessorandBarrister,MiddlesexUniversity,UK.• MsDianeWhitehouse:eHealthConsultant,TheCastlegateConsultancy,UK.• ProfKennethGoodman:Director,InstituteforBioethicsandHealthPolicy,UniversityofMiami,

USA.• DrPennyDuquenoy:Chair-BCSICTEthicsSpecialistGroup,VisitingResearcher,Middlesex

University,UK.WorkshopSponsors• FacultyofScienceandTechnology,MiddlesexUniversity,UK.http://www.mdx.ac.uk/about-us/our-faculties/faculty-of-science-and-technology• InstituteforBioethicsandHealthPolicy,MillarSchoolofMedicine,UniversityofMiami,USA.https://bioethics.miami.edu• TheCastlegateConsultancy,UK.• TheEuropeanCentrefortheStudyofEthics,LawandGovernanceinHealthInformationTechnology(ECELGHIT),Online.

http://ecelghit.org

7

WorkshopProgrammeTown Hall - Committee Room 3

Day1–Thursday,7thNovember2019

TIME

SESSION PageNumber

13.00–13.15 Registration,mix-and-mingle 13.15–13.20 Welcome,MiddlesexUniversity KEYNOTE-1 13.20-13.50

Patient-GeneratedHealthDataandHealthcareInformationFiduciariesDrPaulR.DeMuro,Attorney-NelsonMullinsRileyandScarborough,Florida,USA.

09

Theme1-Data,GovernanceandPrivacy 13.50-14.10 Privacy-respectingApproachtoDataAnalyticsforHealthCare

PurposesMrMarcvanLieshoutandDrAndréBoorsma,SeniorResearchers- NetherlandsOrganisationforAppliedScientificResearch(TNO),TheNetherlands.

13

14.10–14.30 DataGovernanceinInternationalNeuroscienceResearchMrGeorgeOgoh,ResearchFellow-CentreforComputingandSocialResponsibility,DeMontfortUniversity,UK.

15

14.30–14.50 DataProtection,PrivacyandDataSharingforHealth:EthicsandLegalFrameworkDrJoanaNamorado,MedicalDoctorandProjectManager-FraunhoferInstituteforBiomedicalEngineering,Germany.

19

14.50–15.05 CoffeeBreak(15mins) Theme2-DigitalHealthandCommunities 15.05-15.25 DigitalHealthEurope:CollaboratingwithPeopleandPatients

ThroughPlatformsandSpacesMsDianeWhitehouse,Director-TheCastlegateConsultancy,UK.

22

15.25-15.45 DigitalisationinMaternity:ImprovingthepatientexperienceDrJasmineLeonce,ConsultantObstetrician,ClinicalDirector(Obstetrics)-ListerHospital,UK.

25

15.45-16.05 ExploringTheSocietalImpactsofEmergingeHealthTechnologieswithHigh-SchoolStudentsMrRichardTaylor,SubjectManager-InternationalBaccalaureateOrganisation,UK.

27

16.05-16.45 Discussion/PanelSession(40mins) 16.45-17.00 Roundupoftheday 19.30 Dinner

8

Day2–Friday,8thNovember2019

TIME

SESSION PageNumber

9.30-9.40 Welcomeandintroductiontotheday KEYNOTE-2 09.40–10.10

DigitalHealthcareandtheEthicalPrincipleofDualEffectAppliedtoDigitalHealthcareProfHaroldThimbleby,ProfessorofComputerScience–SwanseaUniversity,UK.

29

Theme3-AIinHealthcare 10.10–10.30 BigData,AnalyticsandAIforHealth–BenefitsandRisks:AShort

HistoryMrJohnCrawford,ManagingDirectorandHealthITconsultant–CrawfordWorks,UK.

32

10.30–10.50 ArtificialIntelligenceforHealthandCareintheEUDrCarlisleGeorge,AssociateProfessorandBarrister–MiddlesexUniversity,UK.

34

10.50–11.10 StandardsfortheEthicsofAIMrBrianTranter,ANECrepresentativeonIEC,UK.

37

11.10–11.30 CoffeeBreak(20mins) 11.30–11.50 HowData-drivenAIcanBenefitfromFormalizedKnowledgeto

BecomeMore“Explainable”:AnExperiencefromMedicalProcessMiningProfStefaniaMontani,ProfessorofComputerScience,UniversityofPiemonteOrientaleAlessandriaArea,Italy.

38

11.50–12.10 TheLanguageofAutomatedMedicineMrChrisZielinski,VisitingFellow–UniversityofWinchester,UK.

40

12.10–12.50 Discussion/PanelSession1(40mins) 12.50–14.00 LUNCH Theme4-EmergingTechnologiesinHealthcare–Blockchainand

mHealth

14.00–14.20 QualityAuditswithBlockchainforHealthcareintheUKDrIanMitchell,AssociateProfessorandMsSukvhinderHara,SeniorLecturer–MiddlesexUniversity,UK.

42

14.20–14.40 ANovelPrivacyFrameworkformHealthwhenManagingChronicDiseasesMrFaradJusob,PhDStudent-MiddlesexUniversity,UK.

44

14.40–15.00 AComprehensiveInformationSecurityFrameworkformHealthandPrototypeDevelopmentMsNattaruedeeVitanwattana,PhDStudent–MiddlesexUniversity,UK.

47

15.00–15.20 SecuringeHealthandmHealth:MovingfromFrameworkstoPrototypesDrGlenfordMapp,AssociateProfessor–MiddlesexUniversity,UK.

50

15.20–16.00 WorkshopOverview,Discussion,NextSteps,Farewell(40mins)

9

Patient-GeneratedHealthDataandHealthcareInformationFiduciariesDrPaulR.DeMuroaandDrHannahK.Galvinb

aAttorney-NelsonMullinsRileyandScarborough,Florida,USA.

(paul.demuro@nelsonmullins.com)

bMedicalDirectorofInformatics-LaheyHealth,Massachusetts,USA.(hannah.galvin@lahey.org)

AbstractPatient-GeneratedHealthDataisproliferatingalongwiththecommercializationofsuchdata.Giventheproclivitytore-identifyde-identifiedorpseudonymizeddata, it isbecomingincreasinglyimportanttoprotect theprivacyof individualswhohave such patient-generatedhealthdata.The authors suggestsomeguidelinesforholdersofthesekindsofPatient-GeneratedHealthDatatobetreatedashealthcareinformationfiduciaries.IntroductionPatient-Generated Health Data are health-related data created, recorded, or gathered by or frompatients or caregivers. [1] They can include “health history, symptoms, biometric data, treatmenthistory, lifestyle choices, and other information—created, recorded, gathered, or inferred by or frompatientsortheirdesignees...tohelpaddressahealthconcern.”[2]Patient-GeneratedHealthDatacanbe transmitted electronically to a patient’s care team or to clinical researchers; in the process, thecompanyhostingthedata,e.g.,thevendorofthedatatrackingdeviceorthird-partytracker,mayalsohaveaccess.[3]Ownershipofthesedataareacomplexandoftenpoorlyunderstoodconceptandregulatedbydifferentlawsindifferentjurisdictions.Manydifferentstakeholdersmayclaimownership, includingapatient’sphysician,medicalinstitution,orathirdparty.[4]Incertaincases,datacanbeownedbyoneentityandcontrolledbyanother.[5]CommercializationofhealthcaredataProtectedhealth information(PHI), includingPatient-GeneratedHealthData, isbeingcommercializedbybigdatabrokers [6], soldtopharmaceuticalcompanies,andused forclinical research.Companies,suchasFacebook,makebillionsofAmericandollarsasaresultoftheuseandmonetizationofpeople’sdata.[7][3]Trustandprivacyareimportantforhealthcareandtheuseofpersonalhealthservices.[8]ThecurrenteCommercerulescannotreallybeappropriatelyappliedinthisarea.[8]Asmallnumberoforganizationsholdmassiveamountsofdatarelatingtocountlessindividuals,withlittlepolicyorlegaloversighttoregulatetheirutilization.[9]Thelawhasnotkeptupwiththetechnologicaladvancesandonewonderswhetheritevencan.[10]Although the General Data Protection Regulation [11] appears to be the most comprehensive andstringent protectionmeasure, it leaves ambiguity in certain areas, e.g. the terms “dataprotection bydesignanddefault”canbeambiguousastotheirfullimplications.[12]Itissometimesthoughtthatthede-identificationorpseudonymizationofaperson’sdatamightprotectan individual’s privacy. The United States Department of Health and Human Services even providesGuidanceRegardingMethodsforDe-IdentificationofProtectedHealthInformationinAccordancewiththeHealthInformationPortabilityandAccountabilityAct(HIPAA)PrivacyRule.[13]Reidentificationofdata is not just theoretical but has been demonstrated in several contexts. [14] [15] [16] Machinelearning can utilize physical activity data to improve reidentification schemes of both adults andchildren.[14]Asdatasetsincreaseinvolumeandnumber,itshouldbecomeeasiertore-identifydata.[17]Sayingthatdataareanonymousdoesnotmakeitso.[18]

10

Privacyalsohasatime-dependentelement.[19]Thatis,overtime,moredataaboutanindividualmightbe compiled and aggregated, and thus, data that might not be possible to identify today may beidentifiedinthefuture,especiallythroughoutthelife-courseofindividuals.Althougheachpersonmayhaveadifferentopiniononwhatheorshedeemstobesensitiveabouthisorherhealthinformation,most appear to lack awareness of the privacy risks. [19] [20] However, the privacy risks should beassessed in some form and in the context of any patient consents. In addition, certain regulatoryschemes treat certain sensitive healthcare information such as mental health, genetics, sexual data,biometrics,anddisabilityinaspecialorprotectedmanner.Althoughanindividualmaytechnicallyconsenttosharethesedata,thatconsentisoftennotknowingand informed. Ina2015studyof600ofthemostcommonmobilehealth(mHealth)apps, fewerthanone-thirdhadprivacypoliciesandtwo-thirdsofthese(orapproximately20percentofthetotal)didnotspecificallyaddresstheappitself,andthosethatdid,oftenrequiredcollege-levelliteracytounderstand.[21]OfmHealthappsthatdohaveappropriate“TermsandConditions”attachedtothem,mostaresoonerousthatfewpeoplereadthembeforedownloadingtheapp.[22]UsersofmHealthappsarealmostalwaysobligedtoagreetothetermsofusethattheunderregulatedcommercialentitiessupplyingtheservices require. [23]However, the General Data Protection Regulation prohibitsmaking consent todataprocessingapreconditionofserviceunlesstheserviceisdependentonit.[11]HealthcareInformationFiduciariesAsaresult,theholderoftheindividual’sdatastandsinaspecialposition-arguablyoneoftrust-withrespecttothatindividual.Theholderofthedataortheentitythatcontrolsitcanseektomonetizeorprofit fromthat individual’sdatabysharing thedata to thedetrimentof the individual.ArielDobkinsuggests “thatmanyonlineserviceprovidersandcloudcompanieswhocollect,analyze,use, sell,anddistributepersonalinformationshouldbeseenasinformationfiduciariesthroughtheircustomersandend-users.”[24]Afiduciaryhasalegalobligationtoactinthebestinterestofitsclient.[25]Onemightconsideranentitythat holds personal health data such as Patient-Generated Health Data as a healthcare informationfiduciary. [3] As such, a detailed analysis of which entities might be considered to be a healthcareinformationfiduciarymightbeinstructive.Inmakingsuchadetermination,onemightconsiderthetypeofinformationthatthewould-behealthcareinformationfiduciarymightpossess,howtheinformationwasgenerated,whoweretheintendedrecipients,towhomwastheinformationtransmitted,andwhatwasthepurposeofthetransmittal.[3]Ownershipofthedatacanbeacomplicatedquestion.Inhealthcare,differentpartsofamedicalrecordmightarguablybeownedbydifferentindividualsand/orentities,anddifferentjurisdictionsmayhavedifferent laws on the subject: for example, the ownership of Patient-Generated Health Datamay beviewed differently from notes a provider entered directly into amedical record. [4] More pertinentquestionsmightbe:Whoorwhatentity(ies)control(s)thePatient-GeneratedHealthData?Arethedataconsidered to be de-identified or pseudonymized, and if so, what are the prospects for their re-identification?Whattypeofconsent(s)havebeenprovidedbytheindividualwhogeneratedthedata?Further inquiries as to whether a person or entity might be considered a healthcare informationfiduciarymight include:Whatbenefitsmight theholderof thedataderive fromthedata,particularlyfromapecuniaryperspective?Whatotherbenefitsmightinurefromthatdata,e.g.forthepublicgood?Isthecompanybenefitingfromtheuseofthedatacommercialinnature?Whatisthevalueofthedataeconomically,socially,and/ortosociety?Assuming theholderand/oruserof thedatashouldbe treatedasahealthcare information fiduciary,should the traditional fiduciary standards apply? Should the standards be adapted to the healthcarecontext? Shouldpolicy-makers, regulatorsandlegislatorsseek todevelop lawsand/orguidance thatcodifies these fiduciary standards and provide for enforcement mechanisms, if such standards areviolated?Howshouldsuchstandardsbedevelopedandenforced?Howdo legislatorsaccount for the

11

globalcommercialenvironmentandcross-bordertransactions?Shouldtherebeprivaterightsofaction?Ifso,what?ConclusionTheuseofPatient-GeneratedHealthDataforcommercialpurposesbyentitieswhichholdsuchdataisbecomingincreasinglycommonplace.Effortsatre-identifyingde-identifiedorpseudonymizeddataareincreasinglysuccessful.Patientconsentsoftenappearmeaningless.Asaresult,itmaybetimetostarttreatingentitieswhichholdPatient-GeneratedHealthDataorcontrolsuch data, such as vendors, online service providers, cloud companies, medical device and trackingdevicemanufacturers,apphostingentitiesandsmartphonemanufacturersashealthcare informationfiduciaries. These healthcare information fiduciaries might provide the attendant protections to theindividualswhosedataisbeingused.Endnotes[1] PatientGeneratedHealthData.TheOfficeoftheNationalCoordinatorforHealthInformation

Technology(ONC)[Internet].Availableat:https://www.healthit.gov/topic/scientific-initiatives/patient-generated-health-data.Accessed:12Sept2019.

[2] ShapiroM,JohnstonD,WaldJ,MonD.Patient-GeneratedHealthData.WhitePaper.OfficeofPolicyandPlanningOfficeoftheNationalCoordinatorforHealthInformationTechnology.RTIInternational.2012Apr.

[3] DeMuroPR,PetersenC.ManagingPrivacyandDataSharingThroughtheUseofHealthCareInformationFiduciaries.StudHealthTechnolInform.2019Aug9;265:157-162.doi:10.3233/SHTI190156.

[4] SharmaR.WhoReallyOwnsYourHealthData?ForbesTechnologyCouncil.2018Apr23.[5] SinghR.OwnershipofHealthcareDataintheIOTEra,Part2.ComplianceToday,2019Jul.[6] LeetaruK.HowDataBrokersandPharmaciesCommercializeOurMedicalData.A1andBig

Data.Forbes.2Apr2018.[7] HillS.ShouldBigTechOwnOurPersonalData?Opinion.WIRED.2019Feb13.[8] RuotsalainenP,BlobelB.TrustModelforProtectionofPersonalHealthDatainaGlobal

Environment.MedInfo2017.EdInfo2017:PrecisionHealthcareThroughInformatics.InternationalMedicalInformaticsAssociation(IMIA)andIOSPress.2017.

[9] KostkovaP,BrewerH,deLusignanS,FottrellE,GoldacreB,HartG,KoczanP,KnightP,MarsolierC,McKendryRA,RossE,SasseA,SullivanR,ChaytorS,StevensonO,VelhoR,TookeJ.WhoOwnstheData?OpenDataforHealthcare.FrontiersinPublicHealth.Perspective.2016;4(Art.7).

[10] BrousE.LegalConsiderationsinTelehealthandTelemedicine.AmericanJournalofNursing.2016;116(No.9).

[11] Regulations: Regulation(EU)2016/679oftheEuropeanParliamentandoftheCouncil.Ontheprotectionof

naturalpersonswithregardtotheprocessingofpersonaldataandonthefreemovementofsuchdata.RepealingDirective95/46/EC(GeneralDataProtectionRegulation).2016Apr27.

[12] FlaumenhaftY,Ben-AssuliOfir.Personalhealthrecords,globalpolicyandregulationreview.Elsevier,B.V.HealthPolicy.2018May7.

[13] Rule: GuidanceRegardingMethodsforDe-identificationofProtectedHealthInformationin

AccordancewiththeHealthInsurancePortabilityandAccountabilityAct(HIPAA)PrivacyRule.U.S.DepartmentofHealthandHumanServices.2012Nov26.

[14] NaL,YangC,LoC,ZhaoF,FukuokaY,AswaniA.FeasibilityofReidentifyingIndividualsinLargeNationalPhysicalActivityDataSetsfromwhichProtectedHealthInformationhasbeenRemovedwithUseofMachineLearning.JAMANetwork/OPEN/HealthPolicy.2018;1(8):e186040.Doi:10.1001/jamanetworkopen.2018.6040.

[15] SweeneyL.SimpleDemographicsOftenIdentifyPeopleUniquely.CarnegieMellonUniversity,DataPrivacyWorkingPaper3.Pittsburgh2000.

12

[16] RocherL,HendrickxJM,anddeMontjoyeY-A.Estimatingthesuccessofre-identificationsinincompletedatasetsusinggenerativemodels.NatureCommunications.2019;10(1):3069.Availableat:https://doi.org/10.1038/s41467-019-10933-3

[17] McCoyJr.TH,HughesMC.PreservingPatientConfidentialityasDataGrowImplicationoftheAbilitytoReidentifyPhysicalActivityData.JAMANetworkOPEN.2018;1(8):e186040.Doi:10.1001/jamanetworkopen.2018.6040.

[18] SweeneyL,vonLoewenfeldtM,PerryM.SayingIt’sAnonymousDoesn’tMakeitSo:Re-identificationsof“Anonymized”LawSchoolData.JOTSTechnologyScience.2018Nov13.

[19] SanchezD,ViejoA.PersonalizedPrivacyinOpenDataSharingScenarios.Abstract.UniversitatRoviraIVirgili,DepartmentofComputerEngineeringandMathematics,UNESCOChairinDataPrivacy.ISSN:1468-4527.2017Jun12.

[20] YoungSD.SocialMediaasaNewVitalSign:Commentary.JMedInternetRes.2018Apr30;20(4):e161.

[21] SunyaevA,DehlingT,TaylorPL,MandlKD.Availabilityandqualityofmobilehealthappprivacypolicies.JAmMedInformAssoc.2015Apr;22(e1):e28-33.

[22] SharpM,O’SullivanD.MobileMedicalAppsandmHealthDevices:AFrameworktoBuildMedicalAppsandmHealthDevicesinanEthicalMannertoPromoteSaferUse–ALiteratureReview.2017EuropeanFederalforMedicalInformatics(EFMI)andIOSPress.2017.

[23] SchairerCE,KseniyaRubanovichC,BlossCS.HowCouldCommercialTermsofUseandPrivacyPoliciesUndermineInformedConsentintheAgeofMobileHealth?AMAJEthics.2018;20(9):E864-872.doi:10.1001/amajethics.2018.864.

[24] DobkinA.InformationFiduciariesinPractice:DataPrivacyandUserExpectations.BerkeleyTechnologyLawJournal.Vol.33:1:2018.Availableat:https://doi.org/10.15779/Z38G44HQ81.

[25] BalkinJM.InformationFiduciariesandtheFirstAmendment.UCDavisLawReview.Vol.49,No.4.2016Apr.

13

Privacy-respectingApproachtoDataAnalyticsforHealthCarePurposesMrMarcvanLieshoutaandDrAndréBoorsmab

aSeniorResearcher/Advisor-MolecularandSystemsBiology,

NetherlandsOrganisationforAppliedScientificResearch(TNO),TheNetherlands(Marc.vanlieshout@tno.nl)

bSeniorResearcher/Consultant-StrategyandPolicy

NetherlandsOrganisationforAppliedScientificResearch(TNO),TheNetherlands(andre.boorsma@tno.nl)

BackgroundPeopletendtocollectevermorehealthrelateddataontheirsmartphones.A2018surveyindicatesthatsevenoutoftensmartphoneusershaveatleastonehealthappinstalled(Lieshoutetal.,2018)(p.19).Thiscanbeanappthatkeeps trackoftheperson’sdailynumberofsteps,nutritionalintakeduringaday,orglucoselevels–thusenablinggranulardosingofinsulin.Theseexamplescanbemultipliedbysome250,000otherexamplesofavailablehealthrelatedapps.Thedata from these apps canbe combinedwithhealthdata collectedby care giversor in electronicpatient records. Making these data available through personal healthcare environments enablesindividualstokeeptrackoftheirdata.Oneoftheissuesofrelevancetopeoplethatbringalltheirhealthand lifestyle data together in such a personal healthcare environment is in what way, and to whatdegree,datasubjectsshouldbeabletoexercisesomekindofcontrolovertheprocessingofthesedata.1ThefivePsWithinTNO,researchisorientedtowardsmakingthesedataavailableforresearchpurposes.Giventhechangingroleof individuals in thehealthcareprocess, theavailabilityof largedatasets, theon-goingpersonalisationofhealthcare,thepowerofpredictiveanalytics,andtheabilitytonotonlyfocusoncurebutespeciallytopromotehealthylifestylesinordertopreventdiseases,TNOisfocusingonpromotingfivePs:howtopromotePersonalisedhealthcare,thatenactsParticipationbyindividuals,changingtheperspectivefromcuretoPrevention,usingavailabletechnologytoPredicthealthoutcomesanddoingthisallinaPrivacy-respectingmanner.FocusingonthefivePsisnotaneasyendeavour.Alargesetofproblemsneedtoovercome.TNOhastakenupthechallengetohelpdevelopingadatasharingecosystemthatfulfilstherequirementsposedbythesePs.First,TNOsees largepotential inhaving individualscontributeactively tohandling theirhealthdata.ThisisParticipationinPersonalisedhealthcare.Healthdatacooperatives,suchasPatientslikeme(TempiniandTeira,2019)maypresentoneofthewaystomoveforwardincombiningthefivePsthatweembrace.Datacooperativesmayofferinroadsintoanumberofstubbornchallengesthatarevisiblein the long-standing tradition of clinical trials and medical-scientific research. We are focusing onseeking the engagement of the data subjects in combination with data analytics to promote thepersonalisationofhealth,includingahealthylifestyle.Thiswouldthenbecomeameanstosupportanefficientuseofresourcesinhealthcaresettings.Second, we focus on prevention rather than on cure. Healthy lifestyles prolong healthy lifecircumstances, and – in particular situations – can even help to reduce the symptoms of specificdiseases,suchasdiabetes.2Thisimpliesthatalargersetofdataneedstobeaggregatedandanalysed,withallthepotentialprivacyissuesthatmayarisefromthis. 1 TheGeneralDataProtectionRegulationuses theconcept ‘datasubject’ to identify thepersonwhosepersonaldataareprocessed.2https://www.aafp.org/news/health-of-the-public/20131024diabetesintervene.html,accessed2-10-2019.

14

Thatisourthirdpoint:healthdatabelongtothespecialcategoriesofdataidentifiedintheGeneralDataProtectionRegulation(GDPR)(2018).3Processingofthesedataisprohibitedunlessaspecialgroundforexemption can be invoked. Healthcare research and scientific research both offer exceptions to theprohibitiontoprocesshealthdata.TNOhasmadeanin-depthanalysisoftherequirementsthattheGDPRposesinthisrespect.Weusetheoutcomesofthisanalysistodevelopanapproachinwhichlegal,technical,organisationalandsocietalimplications of processing personal data are brought together and build up a trust framework thatguidestheapproach.ThistrustframeworkislabelledRESPECT4U4(LieshoutandEmmert,2018).RESPECT4UframeworkRESPECT4U is a generic framework developed by TNO. It offers an encompassing approach to theresponsibleprocessingofpersonaldata.Seven guiding principles form the cornerstones of the RESPECT4U framework: they underpin theacronymoftheframeworkitself–Responsibleprocessingofdata,whileEmpoweringdatasubjectsinwaysthatarecompatiblewiththeirrights,offeringaSecuredataprocessingenvironment,adoptingaPro-activeattitudeinwhichprivacybydefaultanddesignaresystematicallyunpacked,beingawareoftheEthical issues that comewithnewdataanalytics, havingan eye forCosts andbenefits that comealongwithnewdataprocessingpractices,andoptingforanapproachthatpromotesTransparencyonthesideoftheorganisationresponsiblefortheprocessingofthedata.Each of the guiding principle enables a specific set of measures that can be adopted to develop aprivacy-respectingdataprocessing ecosystem.The ecosystembuildson state-of-the-art technologicalsolutionsthatbecomeavailableforthesecureprocessingofhealthdata.ItisinlinewiththeGDPR,sinceittakesintoaccountthevariousobligationsthattheGDPRimposesondatacontrollers.OverviewofthepresentationInourcontribution,wewillpresentanoutlineoftheapproachweareelaboratingtodayfororganisingresearch activities which make use of Real World Data, i.e. data that are collected bymeans ofcommercially available tools and applications, combined with data from electronic health recordswherepossible.Weengagedatasubjectsinameaningfulmanner.Forpartsoftheprocessingactivities,patientconsentisnotneededandevennotadvised.Wehavecomeupwithanalternativesolutionthatavoidsresorting toinformedconsent (whenthisshouldnotbe invoked)whilestillguaranteeingdatasubjects’participationandengagement.Inordertopreventthecirculationofdatathatarecollectedindifferentplaces,wearelookingforwaystoimplementthePersonalHealthTrain(Soestetal.,2018),anewconceptualapproach.The trainenables federatedlearning that isinherentlysecureandhelps toorganiseprivacyprinciples.ReferencesLieshout,M.v.,Chen,M.,Karanikoloava,K.,Timan,T.,Bolchi,M.,Costenco,P.,...Alberti,S.(2018).StudyonSafetyofnon-embeddedsoftware;Service,dataaccess,andlegalissuesofadvancedrobots,autonomous,connected,andAI-basedvehiclesandsystems-FinalStudyReportregardingSafetyofhealth,lifestyleandwellbeingapps(TNO2019R10103).Brussels:EuropeanCommission

Lieshout,M.v.,andEmmert,S.(2018).PrivacyasInnovationOpportunity.PaperpresentedattheAnnualPrivacyForum,Barcelona.

Soest,J.v.,Sun,C.,Mussmann,O.,Puts,M.,Berg,B.v.d.,Malic,A.,....(2018).UsingthePersonalHealthTrainforAutomatedandPrivacy-PreservingAnalyticsonVerticallyPartitionedData.EuropeanFederationforMedicalInformatics(EFMI)andIOSPress,5.doi:10.3233/978-1-61499-852-5-581

Tempini,N.,andTeira,D.(2019).Isthegenieoutofthebottle?Digitalplatformsandthefutureofclinicaltrials.EconomyandSociety,48(1),77-106.doi:10.1080/03085147.2018.1547496

3See GDPR, art 9, that addresses the general prohibition to process special categories of personal data unlessspecificexemptionscanbeinvoked.4Seehttps://pilab.nl/what%20the%20pi.lab%20can%20do%20for%20you/respect4u.html

15

DataGovernanceinInternationalNeuroscienceResearch1MrGeorgeOgoha,ProfBerndStahla,DrDamianOkaibediEkea,DrSimisolaAkintoyeb,DrWilliamKnightaandDrIngaUlnicanea

aCentreforComputingandSocialResponsibility,DeMontfortUniversity,UK(george.ogoh@dmu.ac.uk;bstahl@dmu.ac.uk;damian.eke@dmu.ac.uk;

william.knight@dmu.ac.uk;inga.ulicane@dmu.ac.uk)

bLeicesterDeMontfortLawSchool,DeMontfortUniversity,UK(simi.akimtoye@dmu.ac.uk)

IntroductionMedical research is governed by a number of universal principles like those laid out in the 1964Declaration of Helsinki1 which stipulates them as ‘ethical principles for medical research involvinghumansubjects, includingresearchonidentifiablehumanmaterialanddata’2.However,thedetailsofits implementationvary fromcountry tocountry.Onereason for this isdifferences in legislationandagency policy which have an impact on the conduct of research and level of protection accordedresearchsubjects.Forexample,since2008theU.S.FoodandDrugAdministration(FDA)3onlyabidesbythe1989versionoftheDeclarationratherthanthemorerecent2013versionandsomehavesuggestedthisallowsU.Scompaniestocutethicalcornerswhenworkingabroad4,5. Inthearenaofinternationalcollaborationinmedicalresearch,suchdifferencesraiseissuesfordatagovernancebecausetheyaffecthowdataissharedandused,whatdataisshared,andwithwhomdatacanbeshared.Withanever-growingappetiteforcollaborativeresearch,oneoftheareaswhereissuesrelatingtodatagovernancecaneasilyariseisinthefieldofneuroscience.Neuroscientistshavecometorealisethatthecomplexityofthehumanbrainandnervoussystemmeanthat,onlybyworkingcollaborativelytogether,they can in good time hope to successfully unravel the mysteries of the brain for the benefit ofhumankind.However, it isnotyetclearwhatruleswillgovernneuroscientificresearchcollaborationsparticularlywhen it spans across national borders andwhat level of protectionwill be in place forresearch subjects when their data is shared across multiple geographic regions. In this era of bigneurosciencedata6andlargebrainprojects7–13,thistypeofcollaborationraisesseriousconcernsastheprinciplesgoverningdatacollection,sharing,andusevaryfromcountrytocountry.Thispositionpapertherefore highlights how growing collaborations in neuroscience projects may raise importantquestionsfordatagovernancethatneedstobeaddressed.

TheevolvinglandscapeofneuroscientificcollaborationIn the lastdecade, thecall forneuroscientificcollaborationshasbecomemoreurgentdue togrowingalarmatsocieties’inabilitytodealwithneurologicalandpsychiatricdisordersandtheincreasingcostsof these conditions14–16. For example, Ivinson17 pointed out that more collaboration between basic,translationalandclinicalneurosciencewillimproveeffectiveness,productivity,andefficiency.Similarly,Belin and Rolls18 maintained that multi-disciplinary and multi-systems collaborations offer uniqueopportunities for knowledge expansion and open up new ways of thinking. As researchers in thisscientific environment come to the realisation that much benefit can be derived from collaborationbetweenthedifferentbranchesofneuroscience,whilecloselyworkingwithotherrelevantdisciplines,anoverwhelmingvolumeofdata19isbeinggeneratedandshared.

1Thisproject/researchhasreceivedfundingfromtheEuropeanUnion’sHorizon2020FrameworkProgrammeforResearchandInnovationundertheSpecificGrantAgreementNo.785907(HumanBrainProjectSGA2).

16

Amarkedincreaseincollaborationsbetweeninstitutions,bothatthenationalandinternationallevels,withaviewtosharingdataandresourcesisalsobeingwitnessed.Twoexamplesthatareparticularlyrelevantare:

• TheEuropeanUnion-ledHumanBrainProject(HBP),whichseeksto‘createICTbasedscientificresearch infrastructure for brain research, cognitive neuroscience, and brain-inspiredcomputing’20, ismade up of over 100partner institutions in 19 countries21. Aswell as beinginternational,itisalsointerdisciplinaryasitincludessuchdisciplinesascognitiveneuroscience,neuro-informatics, medical informatics, brain simulation and neurorobotics; andtransdisciplinarycoveringcomputing,informatics,mathematics,aswellasphilosophy22.

• TheInternationalBrainInitiative(IBI),aninternationalbrainresearchcollaborativeprojectthatisstillattheproposalstage23.It isaconsortiumofsevenlargebrain24researchinitiativesthatincludesthealreadyinternational(European)HumanBrainProject.ThesixotherbrainprojectsthatmakeuptheIBIaretheAustralianBrainInitiative,theCanadianBrainResearchStrategy,the China Brain Project, the Korean Brain Initiative, Japan’s Brain/MINDS, and the U.S. BrainInitiative.

ThevisionoftheIBIto‘catalyseandadvanceethicalneuroscience’23indicatesthatliketheHBP25,ethicsis at the core of the project. Yet, differences in ethical principles and legislation (in terms of dataprotection,generation,sharing,use,andmaintenance)thateachoftheselargebrainprojectsconformto, may have ramifications on their ability to collaborate effectively. These differences are not wellknown and the significance for ‘ethical neuroscience’within the IBI remains a relatively unexploredarena.It isimportanttherefore,tounderstandtheconsequencesofsuchcollaborationfromanethicalperspectiveandtoanticipatethepotentialforunintendedconsequences.

MethodologyFor this paper, a narrative review26–28 has been done to provide a synthesis of collaboration inneuroscience research and how data governance issues might arise. The paper has provided abackground understanding of the nature of collaborations in this area and how it raises interestingquestionsfordatagovernanceintheinternationalarena.Oneimportantissuethathasbeenpointedoutherepertainstodifferencesinlegislationandpoliciesgoverningscientificresearchanddataprotectionin the various jurisdictions where the largest brain initiatives24 are based and how thismight haveconsequencesfordatagovernanceinneuroscientificcollaboration.This outcomewill form thebasis foramore systematic review thatwill includedoctrinalanalysis oflegal literature and scoping review of peer-reviewed literature. Hutchinson29 describes doctrinalanalysisasa‘criticalconceptualanalysisofallrelevantlegislationandcaselawtorevealastatementofthelawrelevanttothematterunderinvestigation.Itwillbecentredonlegislationonscientificresearchanddatagovernancepoliciesrelevantto thesevenbrainresearchprojects thatmakeupthe IBI.Thiswillbedonetohighlightimportantpiecesoflegislationandpolicythathaveanimpactoninternationalresearch collaboration. The scoping review on the other hand, will focus on two popular academicdatabases i.e. Scopus30 and PubMed31. These are widely available databases that index a variety ofsubject areas and research themes. The objective will be to highlight current practices in terms ofscientificresearchanddatagovernanceandtheproblemsarisingfromsuchpractices.

ConclusionThecomplexitiesofneuroscientificresearchmeanthat,atdifferentlevels,internationalcollaborationsare bound to grow. Even so, the prospect for collaborations between big brain initiatives raiseinteresting questions and dilemmas for data governance (which need to be addressed because ofdifferences in national legislations and agency regulations). This assessment will help to limit thepotentialfornegativeoutputofsuchlargeinternationalprojectsastheIBIandfortheiroutputstohaveunintended societal implications. It will also propose a set of policy recommendations for datagovernance to enable ‘ethical’ international neuroscience collaborations. At the heart of such datagovernancewillbeclearethicalprinciplesthatwillenablethemaximisationofthesocietalbenefitsofbigbrainprojects.Thisoutputwillhelpresolvepotentialambiguitiesandaddressproceduralconcernsaboutinternationaldatatransferswithintheproposedinitiative.

17

References1. WorldMedicalAssociation.WorldMedicalAssociationDeclarationofHelsinki:EthicalPrinciplesforMedicalResearchInvolvingHumanSubjects.JAMA.2013;310(20):2191.doi:10.1001/jama.2013.2810532. LargentEA.Recentlyproposedchangestolegalandethicalguidelinesgoverninghumansubjectsresearch.JLawBiosci.2016;3(1):206-216.doi:10.1093/jlb/lsw0013. FoodandDrugAdministration.AcceptanceofForeignClinicalStudies.U.S.FoodandDrugAdministration.http://www.fda.gov/regulatory-information/search-fda-guidance-documents/acceptance-foreign-clinical-studies.PublishedApril20,2019.AccessedSeptember30,2019.4. NormileD.ClinicalTrialsGuidelinesatOddswithU.S.Policy.Science.2008;322(5901):516-516.doi:10.1126/science.322.5901.5165. GoodyearMDE,LemmensT,SprumontD,TangwaG.DoestheFDAhavetheauthoritytotrumptheDeclarationofHelsinki?BMJ.2009;338(apr211):b1559-b1559.doi:10.1136/bmj.b15596. FothergillT,Knight,StahlB,UlnicaneI.ResponsibleDataGovernanceofNeuroscienceBigData.FrontNeuroinform.https://www.frontiersin.org/articles/10.3389/fninf.2019.00028/full.7. AmuntsK,KnollAC,LippertT,etal.TheHumanBrainProject—Synergybetweenneuroscience,computing,informatics,andbrain-inspiredtechnologies.PLOSBiol.2019;17(7):e3000344.doi:10.1371/journal.pbio.30003448. JeongS-J,LeeH,HurE-M,etal.KoreaBrainInitiative:IntegrationandControlofBrainFunctions.Neuron.2016;92(3):607-611.doi:10.1016/j.neuron.2016.10.0559. RichardsLR,MichiePT,BadcockDR,etal.AustralianBrainAlliance.Neuron.2016;92(3):597-600.doi:10.1016/j.neuron.2016.10.03810. OkanoH,MitraP.Brain-mappingprojectsusingthecommonmarmoset.NeurosciRes.2015;93:3-7.doi:10.1016/j.neures.2014.08.01411. PooM,DuJ,IpNY,XiongZ-Q,ZuB,TanT.ChinaBrainProject:BasicNeuroscience,BraindiseaseandBrain-Inspiredcomputing.Neuronview.2016;92(3):591-596.12. MartinCL,ChunM.TheBRAINInitiative:Building,Strengthening,andSustaining.Neuron.2016;92(3):570-573.doi:10.1016/j.neuron.2016.10.03913. IllesJ,WeissS,BainsJ,etal.ANeuroethicsBackbonefortheEvolvingCanadianBrainResearchStrategy.Neuron.2019;101(3):370-374.doi:10.1016/j.neuron.2018.12.02114. FinebergNA,HaddadPM,CarpenterL,etal.Thesize,burdenandcostofdisordersofthebrainintheUK.JPsychopharmacolOxfEngl.2013;27(9):761-770.doi:10.1177/026988111349511815. ThakurKT,AlbaneseE,GiannakopoulosP,etal.NeurologicalDisorders.In:PatelV,ChisholmD,DuaT,LaxminarayanR,Medina-MoraME,eds.Mental,Neurological,andSubstanceUseDisorders:DiseaseControlPriorities,ThirdEdition(Volume4).Washington(DC):TheInternationalBankforReconstructionandDevelopment/TheWorldBank;2016.http://www.ncbi.nlm.nih.gov/books/NBK361950/.AccessedOctober1,2019.16. WorldHealthOrganization,ed.NeurologicalDisorders:PublicHealthChallenges.Geneva:WorldHealthOrganization;2006.https://www.who.int/mental_health/neurology/neurological_disorders_report_web.pdf.17. IvinsonAJ.CollaborationinTranslationalNeuroscience:ACalltoArms.Neuron.2014;84(3):521-525.doi:10.1016/j.neuron.2014.10.03618. BelinD,RollsA.Collaborationinneuroscience:theyoungPIperspective.EuropeanJournalofNeuroscience.2016;43(9):1123-1127.doi:10.1111/ejn.1322619. FergusonAR,NielsonJL,CraginMH,BandrowskiAE,MartoneME.Bigdatafromsmalldata:data-sharinginthe‘longtail’ofneuroscience.NatNeurosci.2014;17(11):1442-1447.doi:10.1038/nn.383820. AicardiC,ReinsboroughM,RoseN.TheintegratedethicsandsocietyprogrammeoftheHumanBrainProject:reflectingonanongoingexperience.JResponsibleInnov.2018;5(1):13-37.doi:10.1080/23299460.2017.133110121. AmuntsK,EbellC,MullerJ,TelefontM,KnollA,LippertT.TheHumanBrainProject:CreatingaEuropeanResearchInfrastructuretoDecodetheHumanBrain.Neuron.2016;92(3):574-581.doi:10.1016/j.neuron.2016.10.046

18

22. AmuntsK,KnollAC,LippertT,etal.TheHumanBrainProject—Synergybetweenneuroscience,computing,informatics,andbrain-inspiredtechnologies.PLOSBiol.2019;17(7):e3000344.doi:10.1371/journal.pbio.300034423. InternationalBrainInitiative.Aboutus.https://www.internationalbraininitiative.org/about-us.Published2019.AccessedAugust8,2019.24. RommelfangerKS,JeongS-J,EmaA,etal.NeuroethicsQuestionstoGuideEthicalResearchintheInternationalBrainInitiatives.Neuron.2018;100(1):19-36.doi:10.1016/j.neuron.2018.09.02125. HumanBrainProject.EthicsandSociety.SocialEthicalReflective.https://www.humanbrainproject.eu/en/social-ethical-reflective/.Published2019.26. NobleH,SmithJ.Reviewingtheliterature:choosingareviewdesign.EvidBasedNurs.2018;21(2):39-41.doi:10.1136/eb-2018-10289527. CroninP,RyanF,CoughlanM.Step-By-StepApproach.BrJNurs.2008;17:38-43.doi:10.4135/9781446213971.n628. MitchisonD,MondJ.Epidemiologyofeatingdisorders,eatingdisorderedbehaviour,andbodyimagedisturbanceinmales:anarrativereview.JEatDisord.2015;3(1):20.doi:10.1186/s40337-015-0058-y29. HutchinsonT.TheDoctrinalMethod:IncorporatingInterdisciplinaryMethodsinReformingtheLaw.TaekemaS,ed.ErasmusLawRev.2016;3.doi:10.5553/ELR.00005530. Scopus.Scopus-Documentsearch.https://www2.scopus.com/search/form.uri?display=basic.Published2019.AccessedOctober2,2019.31. PubMed.USNationalLibraryofMedicineNationalInstitutesofHealth.https://www.ncbi.nlm.nih.gov/pubmed/.Published2019.AccessedOctober2,2019.

19

DataProtection,PrivacyandDataSharingforHealth:EthicsandLegalFramework

DrJoanaNamorado

MedicalDoctorandConsultant-FraunhoferInstituteforBiomedicalEngineering,Germany(joananamorado1@gmail.com)

IntroductionThere isnodenying that thepublic trusts companies and socialmediawithpersonaldata.We sharedata we don’t even know we are sharing. We believe that the data we provide is as “consumers”.Preference of one brand of a sweet drink over another isn’t a big deal. We don’t mind being“bombarded”by advertisements in exchange for a service;whatwedon’t realize is thatweARE theserviceortheproduct.Inaway,we“trust”companiesbecauseweseethemasfrivolous.Commonperception,possiblylimitedto some cultures, tends to show we distrust administrations. Perhaps our attitude towards publicadministrationsisameasureoftherespectandimportanceweconferonthem.So,wehesitatetoshareas citizens.After all, thepublicadministrations actually can force theirwill onus, track, and enforcebehaviours.Imprisonandinwellknowncases,intern,persecuteandkill.Anexampleofthisisthedatacollectedbyhealthservicesofalltypes.Somepeopletakeitforgrantedthatthehealthinformationgatheredonthemisshared.Insomecases,even,weareoutragedifwelearnthat it isn’t. There are countrieswhere people assume that, for example, biopsies are taken andarepubliclyowned.Orrather,thattheinformationgarneredfromthesebiopsiesisforthecommonbenefit.Othercountriesrefusetoparticipateinthesocialeffort.Thisconflict,though,onlybecomesacutewhenthere are different attitudes prevalent in one and the same jurisdiction. The case in point is theownershipofHeLa1, thewomanversus thesombrehistoryofhercells.Butwhat isclear is thatbothclinicalmedicineandpopulationhealthsciences:

1. Havealwaysbeeninformation-intensive(observe-compare).2. Assumedconsentofitsusers.3. Areutilitarianinnature–Presumedtobeforthegeneralbenefit.

Privacyorscience?Privacy and confidentiality have never been seen as barriers to sharing and analysis. Biomedicalresearchreliesontheworkoftrustedentities,betheypersonsorinstitutions–tocollectverypersonalinformation.Sowhyhasitbecomeanissuenow?Howdowefindasolution?Perhapswecanstartwithatransparentresponsibleattitudeonthepartoftheresearchersandcollectorsofthisinformation?Thismeansthatthepurposeofthecollectionmustbeclearlystated,andadeclarationandexplanationof the purpose, and how the data are protected. In otherwords – an inbuilt ethics code of conduct,intrinsic to the system of collection and use of data, and the defence of the original owners againstintrusion.Thatistheresponsibilityofthecollectorandoftheresearcher.Ethics in recording and banking of information must be intrinsic and systemic. Security, de-identification, anonymization, and pseudonymization are not always possible. For example, smartcollectionofelectricityusagedatacanbeusablefortrackingofpeople,theirhabits,ordemographics.Thatmeansalsothatthecollectorsofdatashouldbetrustedgatekeeperstoaccessit.Istherea“techreply” to this conundrum? Sharing data (and more than any other, health data) is a citizenshipobligation,whatcanweofferassecurity,soastobuildtrust.Consent, privacy, confidentiality, stigma, etc. arenot abstract concerns.Quite theopposite, theyhavepractical and real results. Data in Health Systems, properly handled, helps humanity to face real

1 Skloot,Rebecca(2010),The ImmortalLifeofHenriettaLacks,NewYorkCity:RandomHouse,p.2,ISBN978-1-4000-5217-2

20

challenges. The only barrier is perception and trust. Exception made for cases of extreme unsocialbehaviour, ormisunderstanding ofwhat is their role as social apes,mostpeoplewillwillingly sharedata.Butinreturn,researchersanddatacollectorsneedtoacknowledgethat:

1. Demonstratingcomplianceisanimportantfactorfortrust.So,complywithcommonlegislation-localsanctionsthroughlocalauthorities.

2. Compliance sets the stage for data ethics in science, whichmeans one should be: Proactive,preventive,thoughtful.

Aboutpersonaldata?Personaldataisanyinformationrelatingtoanidentifiedoridentifiablenaturalperson(“datasubject”).Art.4(1)GDPR)2–Butcantechnologyprovideananswer?Canwefindalockandkeymechanism,orasafedepositforoursecrets,canwemirrorthe“RoomofRequirements”withtechnologicalmagic?

Another issue isthatweusevery imprecisenomenclature.Whatdowemeanwhenwesaywhat it isthatwedo?Welookforimagesandmetaphorstoexplainwhatwedo.Andthenthemetaphorbecomesthereality.Wearepoorlyservedbyimpreciseterminology.

1. “Cloud”isnotalwayswatervapour.2. “Data”isusedvariously;isit“information”or“knowledge”or“classification”ormore?3. Meta-dataandmergeddatabasesmakeidentificationsimpleorirrelevant.4. Algorithmsdiagnosepatternsandopenthedoortomanipulation.5. “Share”what?Nameanddateofbirthorabstractsigns,symptoms,labparameters,genes?6. “BigData”isimpreciseandisover-usedasaterm.

Let’sbepreciseWecanintroduceprecisionandmeticulousattentiontoresponsibleresearch.Wecandefinetermsandwhatourresponsibilitiesare.Thiscanaffectone’sresearch;sohowandwhotakescareofit?Atalentedamateuroraseasonedprofessional?Whatistheroleofethics?It illuminatestheforce,thescopeandlimitationsofrights.Andit identifiesandbalancesconflictingdutiesandcorrespondingrights; it identifiesand justifiesdutiesto theotherandtoone’ssurroundings.Privacyisnotanabsoluteright,butitmustbebalancedagainstotherrightsandtherightsofothers(includinga“righttobenefitfromscience”).Rightscanbeerroneouslyinvokedbyindividuals,whowillbequicktoinvoketheoppositewhenitsuitsthem.Tobalancehealthandprivacy,somepremisesmustbetakencareof.Thepopulationmusttrustsmartlawsand policies, and there has to be recognition of social duty. Itmust become clear that learninghealthcaresystemsareapublichealthanalogueof“dutytotreat”.Trust is generated by management and governance, by people and systems taking care to balancequalityofdata,consent,privacy,andanexantereviewoftheethicsofprojectsandofentities.Withintheresearchcommunity,wehavetobuildtheconsultationcapacityforriskcommunication,decisionsunderuncertainty.Andwehavetobeconsciousandopenaboutpatients’dutiestoshare,andbeopentoconsiderconceptsof“tacit”and“non-explicit”consent.Also,tobequiteexplicitthatallpeople–notjustinvestigators–havedutiestoshare.Thecounter-balanceistocontinuouslyimprovethesecurityofone’sowndatacollections.Toearntrustisacontinuoustask.Healthofall“e”typesareindeed–challengeandopportunity.Butanethicsoversight fordata inresearchalsoconstitutesachallenge.Becauseprocessingdata iscomplexandnew,anonymizationtechniquesarecomplex,sometimesunavailableandpoorlyunderstood.Technicalinnovationisfraughtwithpromise,butincludespitfallsanddangers.Thatiswhyitisexciting.Thatiswhywehaveadutytodefendit.Ethicsisagreattooltodothis.Ethicsisn’tgrindingteethand

2 TheGeneralDataProtectionRegulation2016/679isaregulationinEUlawondataprotectionandprivacyforallindividualcitizensoftheEuropeanUnionandtheEuropeanEconomicArea.ItalsoaddressesthetransferofpersonaldataoutsidetheEUandEEA

21

hand-waving.It isasystematicsmartattentiontodetailandbalance.Butthereturnishuge,asethicsprotectsgoodresearchandsupportsresearchers.Providestraceability,ownership.Ethics, from the start, will permit a confident use of new mining algorithms, ensure ownership,safeguard principles, standards and regulations, and create conditions, or even, a new context,opportunitiesforscienceandnewproductstoshare.Sciencerequiresimaginativesolutionstofacilitateuseofdataforhealthcare.Transformingethicsintoanhonestbroker.Unromantic?Perhaps,butessential.

22

DigitalHealthEurope:CollaboratingwithPeopleandPatientsThroughPlatformsandSpaces1

MsDianeWhitehouse

aDirector-TheCastlegateConsultancy,UK.bPrincipaleHealthPolicyConsultant–EHTEL,Belgium

(adiane.whitehouse[@]thecastlegateconsultancy.com,bdiane.whitehouse[@]ehtel.eu)

IntroductionIn just a fewweeks from today, a new European Commission is due to start its work: it contains anumberofhigh-profileareasofactivityrelatingtotheDigitalAge,Health,andtheInternalMarket.AkeyactivityinthefieldofdigitalhealthwillbethecreationofaEuropeanHealthDataSpace.Itsrolewillbe“topromotehealth-dataexchangeandsupportresearchonnewpreventivestrategies,aswellasontreatments,medicines,medical devices andoutcomes.As part of this, [...] citizens [should]have controlovertheirownpersonaldata”[1].Bysharingdataandexchangingdata,improvedresearchcouldtakeplaceinawidevarietyofhealth-related and care-related fields. Purely as examples, one could envisage improvement in knowledge–whichmight serve policy-makers and health decision-makers – about how health and care systemsfunction together with how they face growing public health challenges such as chronic conditions,infectiousdiseases,ortheeffectsofageingthroughoutthelife-course.Associatedwiththisdata-sharingareimplicationswithregardtogoodpersonalcontrolofindividualcitizens’ownhealthdata[2].Clearly,thefuturefocusistobeondataexchangeforthepurposesofprevention,cure,andcare.Yet,ifthisistobeoneoftomorrow’sfuturescenarios, it impliesatthesametimeagreaterresponsibility,awareness,andultimatelycontrolonthepartofEuropeancitizenswithregardtotheusestobemadeoftheirhealthandcaredata.This Middlesex University eHealth workshop includes, at its core, questions about buildingresponsibility,awareness,andcontrol.Severalcolleagues’presentationsconcentrateonthecontrolofdata.Morepertinenttothispresentationarethechallengesimplicitinwiderangesofpeople,includingpatients,collaboratingtogethertobetterunderstandEuropeanhealth,care,andtechnologypolicydirections,contributetothem,andgenerallybecomemoreinvolvedintheirown,andothers’,decisionsaboutdata-sharinganddata-exchangeinthefieldsofhealthandcare.ThedigitisationofhealthandcareandDigitalHealthEuropeThedigitisationofhealthandcare–aswellasofmanyotherservices,bothpublicandprivate–istakingoff throughout the European Union. Fundamentally, it is about encouraging digital health and careinnovationintheDigitalSingleMarket.TheCommunicationondigital transformation inhealthandcare [3],was issuedby theEuropeanCommission in April 2018. It focuses on the digital transformation of health and care in the DigitalSingleMarket,empoweringcitizens,andbuildingahealthiersociety.TheCommunicationisespeciallyinfluentialindrawingattentiontothreeimportantfutureprioritiesinhealthandcare:

1 TheDigitalHealthEuropeprojecthasreceivedfundingfromtheEuropeanUnion’sHorizon2020researchandinnovationprogrammeundergrantagreementno.826353.

23

• Citizens’secureaccesstoandsharingofhealthdataacrossborders.• Betterdatatoadvanceresearch,diseasepreventionandpersonalisedhealthandcare.• Digitaltoolsforcitizenempowermentandperson-centredcare.

InJanuary2019,theDigitalHealthEuropecoordinationandsupportaction[4]waslaunchedtoprovidecoordination and support for the future priorities identified in the Communication. Among otheractivities it focuses on getting more people informed about and involved in these priorities. It hasformed three multi-stakeholder communities in order to support digital innovation andtransformation in health and care. Each community focuses on one of the three priorities of theCommunication.Threemulti-stakeholdercommunities,tools,andcoverageincludingtwinningThese three communities act as fora for discussion: they generate the creation of even largercommunities. They are based on an electronicplatform [5]. However, they also use awide range ofotherinstrumentsinordertospreadthenewsabouttheprogressofdigitalhealthandcareinEurope.These include activities and events atworkshops and conferences, and others such as focus groups,electronicmeetings and conference calls, surveys, and the sharing of documents for the purposes ofcommenting.TheiractivitiesoftenfollowaWorldCaféstyleapproach[6].Thetoolsandtechniquesthatthecommunitiesuseintheirgatheringsarevaried.TheycoveractivitiesthatareintendedtoobtainthehighestpossibleimpactforthedigitaltransformationofhealthandcareinEurope.ExampletoolsincludetheSCIROCCO(digital)maturitytoolonscaling-upintegratedcare[7];the MOMENTUM tool for telemedicine [8]; personas [9] and user scenarios [9]; and co-productiontechniques[10].Theway inwhichdigitaltechnologiescansupporthealthandcareconcerns rangeswidelyacross,for example, community support, civic participation, healthy homes and buildings, healthy outdoorspacesandbuiltenvironments,social inclusion,transportation,andwork–expressedintheso-called“WHO flower” [11] and similar sector-spanning work covering the social determinants of health byDahlgrenandWhitehead[12].Ofkey importance is thepolicydirections tobe taken inanyof thesedomains,andtheinvolvementandengagementofEuropeancitizensinthesediscussions.Allthreeofthecommunitiesaresupportingeffortstowards:

• Thecreationofpartnershipsforlarge-scaledeploymentofdigitalsolutionsforperson-centredintegratedcare.

• Theanalysisofhigh-impactscenariosforthedigitaltransformationofhealthandcare.• Twinningtopromotesuccessfullargescaleinnovationsthatcanactasessentialfoundations

(“buildingblocks”)forscaling-updigitalinitiativesinhealthandcare.The last of these three efforts – twinning schemes– is amongoneof themost currently emphasisedinitiatives in theEuropeanUnionat thepresent time.Twinningwithother sitesandorganisations isseen as a collaborative, yet concrete, way of improving the expansion of the use of digitaltechnologies inhealthand careorganisationsaroundEurope [13]. In this sense, patients, citizens,andbothhealthandcaresystemsandorganisationscanallbenefit.TowardsasummaryandconclusionsFifteenyearsaftertheconceptwasfirstdeveloped,todayitfeelsasiftheEuropeane-Healtharea iscomingtofruition[14].Itisdoingsoinamannerthatbringstogetherpeople,patients,andalsohealthandcareorganisationsinapro-activeandcollaborativespirit.Thediscussionspacesandcollaborationplatformsbeingcreatedarenotonlydigitalandelectronic,asbefitstheendoftheseconddecadeofthe21stcentury.Theyalsoseektomaintainthehumanityandsocial interactiongivenspecial importancewhen speaking of fora for discussion anddiscussion spaces. In overview, an evenwider variety oftoolsand techniques for communicatingand collaborating is foreseen. In thisway, humaneness, careandsensitivityarealllikelytobemaintained,atthesametimeaspeopleandpatientsaroundtheglobebenefitfromevermorewidespreaddigitaltechnologiesandcommunities.

24

Referencesandusefullinks[1]MissionlettertoStellaKyriakides,Commissioner-designateforHealth:https://ec.europa.eu/commission/sites/beta-political/files/mission-letter-stella-kyriakides_en.pdf,Brussels,10September2019.[2]Thistextdrawsona13September2019newsitempublishedbyEHTEL:https://www.ehtel.eu/media-room/latest-news/62-forging-ahead-on-the-digital-age-in-europe-the-importance-of-digital-health-data-health-and-care.html[3]COM(2018)233final.CommunicationfromtheCommissiontotheEuropeanParliament,theCouncilandtheCommitteeoftheRegionsonenablingthedigitaltransformationofhealthandcareintheDigitalSingleMarket;empoweringcitizensandbuildingahealthiersociety.2018.https://ec.europa.eu/digital-single-market/en/news/communication-enabling-digital-transformation-health-and-care-digital-single-market-empoweringBrussels.(25.04.2018)[4]DigitalHealthEuropecoordinationandsupportaction:https://digitalhealtheurope.eu[5]DigitalHealthEuropemulti-stakeholdercommunities:https://digitalhealtheurope.eu/communities.html[6]BrownJ.,Isaacs,D.andtheWorldCaféCommunity.2005.TheWorldCafé:ShapingourFuturethroughConversationsthatMatter.[7]SCIROCCO/theSCIROCCOtool:www.scirocco-project.euandhttps://www.scirocco-project.eu/scirocco-tool/[8]MOMENTUM/theMOMENTUMtool,including18criticalsuccessfactors:http://www.telemedicine-momentum.eu/wp-content/uploads/2015/07/MomentumLeaflet2015-BlueprintInANutshell.pdf[9]Blueprintpersonasanduserscenarios:https://ec.europa.eu/eip/ageing/blueprint_en[10]Guidelinesforuserco-productioninstandards.https://progressivestandards.org/wp-content/uploads/2019/01/Guidelines-for-user-co-production-in-standardisation-PROGRESSIVE-D9.1_20181210.pdf[11]WorldHealthOrganization(WHO).2007.GlobalAge-friendlyCities:AGuide.WHO:Genevahttp://www.who.int/ageing/age_friendly_cities_guide/en/[12]DahlgrenG,WhiteheadM.1991.PoliciesandStrategiestoPromoteSocialEquityinHealth.Stockholm,Sweden:InstituteforFuturesStudies.[13]Fourteencurrenttwinningschemesrangingfromfulltopartialadoptionofdigitalhealthandcaresolutionscanbeseenat:https://digitalhealtheurope.eu/twinnings.html[14]COM(2004)356 final (2004) e-Health–makinghealthcarebetter forEuropeancitizens:AnactionplanforaEuropeane-Healtharea.Luxembourg:EuropeanCommission(30.4.2004)

25

DigitalisationinMaternity:Improvingthepatientexperience

DrJasmineLeonceaandMsJanetHarrisb

aConsultantObstetrician,ClinicalDirectorObstetrics-EastandNorthHertsNHSTrust(jasmine.leonce@nhs.net)

bAuditMidwife-EastandNorthHertsNHSTrust

The National Maternity Review, Better Births, (NHS England, 2016) emphasised the importance ofcoordinated care across thewhole systemdeliveringmaternity care. Introductionof LocalMaternitySystems (LMSs) aspart of Better Births (NHS England, 2019a) initiated localmaternity providers towork togethertoshareideasandbestpracticeaswellas formulateaLMSdigitalstrategy thatwouldenableseamlessaccesstodata.Asaconsequence,womenhaveachoiceinwhatcaretheyaccessandwhere, across the localmaternity system inwhich they live. The data detailing theirmaternity careshould be accessible without the need for the woman to repeat her pregnancy history or requireduplication of data entry. Better Births advocates empowering women by allowing them access toelectronichealthrecordstailoredtotheirownneeds(Carter,2018).TheNHSLongTermPlanassertsthat“by2023/24allwomenwillbeabletoaccesstheirmaternitynotesandinformationthroughtheirsmartphonesorhandhelddevices”(NHS,2019b).There is a vast amount of pregnancy-related information available digitally, but women are unsurewhether the information is accurate or if it reflects UKmaternity health care. This lack of certaintyimpacts safety and experience (NHS England, 2016). Evidence suggests thatmaternity services haveinvested in ‘work arounds’ as themarket has failed tomeet their digital information needs (HealthTechnology Newspaper, 2019). Also, it has been suggested anecdotally that maternity services arestartingtomoveawayfromappsinsearchofothermoreinnovativedigitalsolutionssuchaswebsites,textmessaging,onlinegroupsupport,socialmedia,andtelehealth.TheHealthSystemsSupportFramework(NHSEngland,2019b)givesaccesstoaccreditedsuppliersofinformationtechnologyattheleadingedgeofhealthandcaresystemreform;howeverthefocusisonEnterprise-wide Electronic Patient Record (EPR) Systems which do not meet the needs of somespecialistareassuchasmaternitycare.TheWachterreport(2016)highlightedtheimportantrolethatcliniciansmust play inmakingnew digital initiatives a success. Challengeswithin digitalworking inmaternity include: workforce readiness, resources, infrastructure, equipment, interoperability,technology,andenablingmobileworking.In2018,NHSDigitalconductedaMaternityDigitalMaturityAssessment(DMA)whichindicatedawidevariation across England in terms of howwell maternity services are using digital technology (NHSDigital, 2018). The focus of anymaternity digital strategymust consider the ‘perspective of the endusers’andanyrecommendationsmustsupportsolutionswhichareco-producedbyserviceusersandclinicians.Digital solutionsmustprovide a joined-upexperience forwomenand families,where theyonly have to tell their story once and feel confident that up-to-date information is flowing safelybetweencaresettingsandchronologicalstagesofdevelopmentorpathwaysofcare.Whilst digital innovation is recommended by Better Births, the human factors elements, lack ofconnectivity,and lackofdedicatedbudgets continue topose a challenge toUK-wide implementation.Digitalinnovationisbynomeansthesolitarytooltoimprovingwomen’sexperienceofpregnancyandchildbirth.Thefuture,however,remainsbrightastheappetitefordigitaladvancementiseverpresentamongmedicalandmidwiferystaff,andwomen.

26

ReferencesCarter,R.(2018).ElectronicMaternityCareRecords-whatwomenwant?https://digital.nhs.uk/blog/transformation-blog/2018/electronic-maternity-care-recordsHealthTechNewspaper(HTN)(2019),BasildonHospitallaunchesmaternityapphttps://www.thehtn.co.uk/2019/08/08/basildon-hospital-launches-maternity-app/NHSDigital(2018)MaternityDMAReport–DigitalMaturityAssessmentofMaternityServicesinEngland(2018)https://www.england.nhs.uk/publication/maternity-dma-report-digital-maturity-assessment-of-maternity-services-in-england-2018/NHSEnglandBetterBirths:ImprovingoutcomesofmaternityservicesinEngland-AFiveYearForwardViewofmaternitycare(2016)NHSEngland(2019a),ImplementingBetterBirths.https://www.england.nhs.uk/mat-transformation/implementing-better-births/NHSEngland(2019b),HealthSystemsSupportFrameworkhttps://www.england.nhs.uk/hssf/NHS(2019),NHSLongTermPlan,Chapter3:Furtherprogressoncarequalityandoutcomes.https://www.longtermplan.nhs.uk/online-version/chapter-3-further-progress-on-care-quality-and-outcomes/a-strong-start-in-life-for-children-and-young-people/maternity-and-neonatal-services/Wachter,R.(2016)MakingITwork:harnessingthepowerofhealthinformationtechnologytoimprovecareinEngland.https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/550866/Wachter_Review_Accessible.pdf

27

ExploringTheSocietalImpactsofEmergingeHealthTechnologieswithHigh-SchoolStudents

MrRichardTayloraandMsSandraStarkb

aSubjectManager-InternationalBaccalaureateOrganisation,UK.(richard.taylor@ibo.org)

bChiefExaminer(ITGS)-InternationalBaccalaureateOrganisation,UK.

The constant evolutionof digital technologies posesmany societal challenges. The InternationalBaccalaureate (IB) isattempting toprovide learnerswith theskills to flourish in this constantlychangingworld. Itsmission statement,which provides a framework for developing these skillsstates “ … These [IB] programmes encourage students across the world to become active,compassionateandlifelonglearners…….”[1]ThemissionstatementisexemplifiedbytheLearnerProfilethataimstodeveloplearnerswhohavethefollowingattributes;inquirers,knowledgeable,thinkers,communicators,principled,open-minded,caring,risk-takers,balancedandreflective[2]. TheIBDiplomaProgramme(DP)isaimedatpre-universitystudentsandoffersaround25subjects.AnumberofsubjectsoffercasestudiesbutonlythoseinComputerScience, intheExperimentalSciences group, and Information Technology in a Global Society (ITGS), in the Individuals andSocietiesgroup,givestudentstheopportunitytoresearchaspecifiedscenarioforoneyear.Authoring case studies for a diverse global cohort of teachers and students is challenging. Eachyeartheauthoringteammustselectascenariothatallowstheunderpinningdigitaltechnologiestobe presented at an appropriate depth as well as sufficient opportunities for independent andsustained research. Each case study has a standardized format and is linked to an externallyassessedexamination.The2017CaseStudy,Wearabletechnology-KitaHealthTech(KHT)wasreleasedonthe31stMay2016.ThiscasestudywasbasedonafictitiousscenariowherefourIndonesianstudentscreatedacompany (KHT) with a mission statement to “.. improve the lives of people using wearabletechnologyinasmanywaysaspossible”.Thescenariooriginatedfromaconversationaboutoneoftheauthor’ssmartwatches.Washewalkingthe ‘required’10,000stepseachday?Whatelsedidcompanies,suchasGoogleandAmazon,knowabouthim?As soon as the case study was released, collaborative spaces were set up by teachers. TwoexamplesofcollaborativespacesweretheITGSFacebookgroup[3]managedbyBarbaraStefanicsandtheTaipeiEuropeanSchoolsite[4]managedbyJamesGreenwood.TheITGSFacebookgroupcreates a space for both teachers and students to discuss the case study. However, it ispredominantlyteacherswhousethisresourceandcreatetheirownin-housecollaborativespacesfortheirstudents,suchastheonecreatedbyJamesGreenwood.JamesGreenwoodistheHeadofComputingandMediaatTaipeiEuropeanSchool.Heexplains“...When teaching the casestudy in ITGS, Iprovidemystudentswithanumberof curatedstartingpointsasabeginningforinquiryintothetopic.Thisisintendedtopreventthestudentsgoingoff-courseatthestartoftheirexploration”.Hecontinues“…Wehaveanin-classdiscussionaboutwhatmakesagoodsource,comparingthecuratedexampleswithothersfromlessreliablesources.[Thisallows] ... the students to collect their own resources, using social bookmarking tools orcollaborativeworkingtoolssuchasPadletorGoogleDocs.”Jamessetsupawebsitethatactsasafocal point for the research, arranges (if possible) for guest speakers on the topic, and devisesactivitiesforstudentstocarryoutprimaryresearch(forexample,testingouttheaccuracyofthesportswatchesthatmanystudentswear).

28

CasestudiesarecriticallyimportantforensuringthetimelinessofIBcourses,i.e.,thattheydonotbecome tooquicklyoutdated. In thesubjectareassuchas ITGS thatdiscussdigitaltechnologies,changeisconstant,anditisalmostimpossibletopredictwhattechnologiesmayexisttowardstheendofthelifetimeofaseven-yearlongcourse.However,casestudiesprovidemorethanjusttheacquisitionofsubjectspecificknowledge,theyalsoofferaframeworkthathelpsdeveloptheskillsofstudentsinpreparingthemforlifelonglearning.Inthefuture,digitaltechnologieswillcontinuetoevolve.Inresponse,individuals,organizationsandgovernments,suchasJapanwithitsSociety5.0initiative[5],willneedtomakeinformeddecisionsabouthowtheseevolvingtechnologiesmightbebestutilized.References[1]IBO.(2005-2019).Mission.RetrievedOctober16,2019,fromhttps://www.ibo.org/about-the-ib/mission/.[2]IBO.(2005-2019).Mission.RetrievedOctober16,2019,fromhttps://www.ibo.org/about-the-ib/mission/.[3]Stefanics,B.(2016,May31).CaseStudy2017:WearableTechnology–KitaHealthTech(KHT).RetrievedOctober16,2019,fromhttps://www.facebook.com/groups/940292289416791/.[4]Greenwood,J.(2017,May31).ITGSPaper32018.RetrievedOctober16,2019,fromhttp://itgs.org/wp-login.php?redirect_to=/course-info/getting-started/paper-3-2018/.[5]UNESCO.(2019).Latestnewsonjapan-pushing-ahead-society-50-overcome.RetrievedOctober16,2019,fromhttps://en.unesco.org/news/japan-pushing-ahead-society-50-overcome-chronic-social-challenges.

29

DigitalHealthcareandtheEthicalPrincipleofDualEffectAppliedtoDigitalHealthcare

ProfHaroldThimbleby

SeeChangeFellowinDigitalHealth–SwanseaUniversity,UK.(harold@thimbleby.net)

IntroductionIt iswell knownthatdrugshave side-effects: curingonehealthproblemoften causesor exacerbatesotherproblems.Aspirin,forinstance,helpsreducetheriskofstroke,butitalsounavoidablyincreasestheriskofbleeding,aproblematicside-effectforpeoplewithstomachulcers.Imyselfamonrituximab,whichmanagesmy neuropathy: it has numerous unwanted side-effects (NICE, 2019) with differentprobabilities, including some that are fatal. The only side-effects I have had so far are unwantedinfections,buttheside-effectswillgetworseovertime.Onbalance,though,theunwantedside-effectsarejustifiedbythebenefits.Fatal side-effects take us into an ethicalminefield, although side-effects of any severity raise ethicalissueseveniftheyarewithoutsuchasharpfocus.Adramaticdilemmawithregardtoside-effectsariseswhengivingpainkillersthatarealsoknowntoacceleratedeath.Itisuncontentiousthatgivingapainkillertocausedeathismurder,andisconsideredunethical;ontheotherhand,givingapainkillertomanageorreducepainisgood,andisconsideredtobeethical.Where, then,on the ethicalspectrum, isgivingsomuch legitimatepainkiller thatdeath isexpectedtobeinevitable?Or,wheredoesitlieontheethicalspectrumwhenapatientpleadsfordeathasreleasetoinsufferablepain?Howwouldusinganoff-labeldrugaffecttheethicalarguments?(“Off-label use” iswhena drug is not used for the purposes itwas rigorously evaluated and regulated tomanage.)It is temptingto thinkofdrugside-effectsasbeingan impersonalpropertyofdrugs; that is, thesideeffects are a property of the drug. Furthermore, particularly since the Thalidomide scandal, clinicaltrials are performed so the properties of drugs are well-known and evidence-based. Yet anyoneprescribingadrugunavoidablymakesanethicaldecision:doesitsbenefitforthepatient(atthisdose;underthesecircumstances)out-weighitsrisksforthispatient?Inotherwords,theethicalquestionsarenotapropertyofthedrugalone.Itisimportanttonotethatignoringanethicaldecisiondoesnotsimplyfreeadecisionfromtheethicaldomain.Forinstance,inhindsightadoctormayrealisetheyignoredapatient’sdrugallergy:ifthereisharmtothepatient,thenthisisprofessionalmisconduct,anditproperlycomesunderethicalscrutiny,even though the pressure of work at the time of prescription meant that the ethics were ignored(JohnsonandHaskell,2015).

ThePrincipleofDualEffectThePrincipleofDualEffectisanestablishedethicalprinciple,butintheclinicalcontextitmeansthatgivingadrug(orperforminganyotherintervention)withtheintentionofcuring,whilemanagingtheriskbutnotintendingit,isethicallyacceptable.ThePrincipleofDualEffecthasbeendevelopedrigorously.Ithasclearcriteria:notjustthatthegoodeffectsmustout-weighthebadeffects,buttheremustbediligencetakentominimizepotentialharms.Specifically(Cavanaugh,2016):

• thenatureoftheactisitselfgood,oratleastethicallyneutral;• theagent(e.g.,thehealthcareprofessional)intendsagoodeffect;• theagentidentifiesallbadeffects;• theagentdoesnotintendthebadeffectsasameanstosomegood;

30

• theagentdoesnotintendthebadeffectsasanendinthemselves;• thegoodeffectsoutweighthebadeffectsincircumstancessufficientlygravetojustifycausingthe

badeffects;• theagentexercisesduediligencetominimizethebadeffects;• Wherealltheseconditionsaremet,theactionunderconsiderationisethicallypermissible

despiteabadresult.

Inhindsight,afterabadoutcomeoccurs, itmaybeveryhard toestablish thatadequatepriorethicalassessmentwasperformedwithduediligenceaccordingtothestandardsofthePrinciple.Inparticular,when an outcome is so bad that it motivates a formal investigation, hindsight bias may motivatesimplistic blame, by labelling an act as unethical even when it was not apparently so at the time.(“Hindsightbias”isthatafteranincident,itiseasytoseeclearcausalchainsthatwereunknownatthetimeoftheevent.)Hindsightbiasmakesitseemthatapooroutcomewasmuchmorepredictablethanitwasatthetime.Here’sonewaytoputit:beforetheincident,aparticularbadeffecthadanestimatedprobabilitysufficientlylessthanonefortherisktobeignoredorconsideredworthwhile.However,nowthebadeffecthashappened,theprobabilityis—withnoanalysisrequired!—exactlyone,sinceithasasamatteroffactactuallyhappened.A brief but very powerful applied discussion of the Principle of Dual Effect can be found in RanaAwdish’s page-turner, In Shock: HowNearly DyingMadeMe a Better Intensive Care Doctor (Awdish,2017).Awdishisadoctorandwasapatientonthe“receivingend”ofthePrinciple.ThePrincipleofDualEffectcanbetracedbacktoThomasAquinas’sSummaTheologica,writtensometimeovertheperiod1265–1274AD.Theaimofthepresentpaperisnowtoconsiderdigitalhealthcareinthelightofthispracticalethicalprinciple.DigitalhealthcareDigital systems have bugs; computers and apps regularly crash, sometimes losing or corrupting ourwork. Digital systems used in healthcare arenot immune to bugs, and the bugs indigital healthcaresystemsmayprecipitatepatientharm.Sometimesbugscandirectlycausepatientharm,as inbugsinradiotherapymachines,medicalapps,andpacemakers(Thimbleby,2020).With digital healthcare, then, the Principle of Dual Effect looms large, at least in principle if notexplicitly.Adeveloperwritesaprogramintendedtohelpstafforpatients,butanyprogrammayhavebugs,whichcouldhavecounter-productiveeffects.ThePrincipleofDualEffectimpliesthatitisethicalto developdigital healthcareprovided that the risks— e.g., of bugs, cybersecurity challenges, designfaultsandtheireffects—areproperlymanagedandthatexplicitstepshavebeentakentominimisethoserisks.

Developinghealthcaresoftwarewithoutconsideringandmitigatingdigitalrisksisunethical.Thatclaim,Ihope,soundsuncontentious.Yet,oncloseranalysis,therearecriticaldifferencesindigitalhealth–whencomparedtoconventionaldomains(suchasprescribingdrugs)– thatmaketheapplicationof thePrinciple indigitalhealthcareraisenovelandurgentissues.Theseissuesincludethefollowing(unfortunatelythispaperisnotlongenough to consider each in detail): Software is very complex; The business models underpinningsoftwarearedisruptive;Softwarehasunknown(andthereforeunmanaged)side-effects;Thesoftwarebusinessisreluctanttoevaluatesoftwaretoavoidside-effects;Softwarecanonlybeprovedcorrectnottested (testing can only find bugs; proof shows bugs are absent); Software iswidely promoted as a“side-effect free solution” to healthcare inefficiencies; Software skills and resources in healthcare lagbehindthecurrentbestpractice(e.g.,tounderstandmodernsoftwareengineeringtechniques);Digitalhealthcareispoorlyregulated—notleastbecauseitistooslowtoreacttonewdigitalinnovationssuchasartificial intelligence(AI),machine learning(ML),cybersecurity, blockchain,andmore.Historicallyweakregulationisoftenusedtojustifythereluctanceofindustryandhealthcaresectorstoaddresstherelatedproblems.

31

Arguably, all digital healthcare is off-label use, becauseno “label” equivalent to the rigour applied todrugsisavailable.Thereisawidespreadblameculturethatdeflectsfromexaminingdigitaltrade-offsindetail—software’scomplexitydissuadesinformedanalysis.Abug,ofcourse,isnotaside-effectassuch,butis,potentially,thecauseofaside-effect.Theproblemisthatevenknowingthatthereisabugdoesnotdirectlyhelpanticipatewhatitsside-effectsmightbe.Forexample,abugcausingnumericalerrorsinaninfusionpumpmayturnadrugdosefrom1mgto1.0mg,whichhasno clinical impact, but the samebug could change1mgto10mg, and such anout-by-tenerrorislikelytohaveaclinicaleffect.Forthesuccessoflegalnegligenceclaims,itiscriticalwhetheranoutcomeisforeseeable.Withadrug,normal side-effects are documented (and are available in standard publications, such as BritishPharmacopoeia), but side-effects of digital systems are not documented— the culture is that digitalsystems do not have side-effects, and even when bugs are known, their side-effects are generallyunknown.Whatisforeseeableisthatadigitalsystemmaybewrong,andthereforetheclinicianshouldhavedouble-checkedanyresultsused.Forexample,thepotentialthat1mgand10mgareconfusedduetoabugmeansthatdiligenceisrequiredtocheckaccuracy.Unfortunately, awarenessofdigital bugs is very lowand, asThimbleby (2020) shows, bugsmayalsoaffectthesystemslogs(e.g.,enteringadoseof1mgdelivers10mgtothepatientduetoabugandisloggedas10mg),thuscorruptingthedigitalevidence(MasonandSeng,2017),potentiallycreatingthefalseimpressiontheerrorwastheclinician’sfault.The deceptive simplicity of blaming healthcare staff, and its apparent success (e.g., in courts afterpatient harm— see Thimbleby 2018), entrenches the culture of ignoring the ethical complexity ofdigitalhealthcare.Unfortunately,blamingstaffcreatesasecondvictim(thepatient is the firstvictim;the staffmember, the second)— thehealthprofessionalmaybeharmedas a result of the simplisticblameculture.Indeed,toomanydoctorsandnursescommitsuicideasaresultoftheethically-shallowperfectionculture(suchasthe“blamegame”—seeISMP2019)widespreadinhealthcareandsociety,especiallyinthemainstreammedia.

ConclusionThoughtfully managing drug side-effects is widely recognised as a professional and as an ethicalobligationinhealthcare:indeed,sowidelythatexplicitdiscussionsofethicsarerarelyneeded,atleastoutsideofacademiaandcourtrooms.ThispaperhasshownthatthePrincipleofDualEffectisapreciseethicalstatement,andone that isveryrelevant todigitalhealthcare.ThePrincipleraises– inaclearlight–manyprioritiesthathelptoclearlyidentifyandstarttoresolvetheethicalissuesraisedbydigitalhealthcare.

ReferencesR.Awdish,2017.InShock:HowNearlyDyingMadeMeaBetterIntensiveCareDoctor,Penguin.T.A.Cavanaugh,2016,Double-EffectReasoning:DoingGoodandAvoidingEvil,p36,OUP.ISMP[USInstituteofSafeMedicationPractices],2019,AnotherRoundoftheBlameGame:AParalyzingCriminalIndictmentthatRecklessly“Overrides”JustCulture,https://www.ismp.org/resources/another-round-blame-game-paralyzing-criminal-indictment-recklessly-overrides-just-cultureJ.JohnsonandH.Haskell,2015.CaseStudiesinPatientSafety,JonesandBartlettLearning.S.MasonandD.Seng,2017,DigitalEvidence,4thed.,SchoolofAdvancedStudy,UniversityofLondon.NICE[UKNationalInstituteforHealthandCareExcellence],Rituximab,2019.

https://bnf.nice.org.uk/drug/rituximab.html#sideEffectsH.Thimbleby,2018.“MisunderstandingIT:Hospitalcybersecurityproblemsincourt,”DigitalEvidence

andElectronicSignatureLawReview,15:11–32.http://journals.sas.ac.uk/deeslr/article/viewFile/4891/4841

H.Thimbleby,2020,FixIT,OU.

32

BigData,AnalyticsandAIforHealth:BenefitsandRisksMrJohnCrawford

FounderandCEO–CrawfordWorks,DigitalHealthConsulting,UK.

(john.crawford.works@gmail.com)IntroductionThesignificanceofBigDataandtheapplicationofanalyticsarenotnewconceptsinhealthcare.Sincethe 1850s, doctors, mathematicians and statisticians have been using mortality registers to try tounderstandthecauseandspreadof infectiousdiseases,andthecorrelationbetweenhealthrisksandobservedhealthoutcomes inpopulationsoverextendedperiods.Pioneers includingWilliamFarrandJohn Snow analysed registers andmaps in themid-19th century to identify the origin and spread ofcholerainLondon1.Acenturylater,inthe1950s,AustinBradfordHillandRichardDollusedstatisticalanalysistoconnectsmokingwithlungcancer2.Therehavebeenmanyotherexamplessincethen,suchas the Framingham Heart Study and Nurses’ Health Study3. These have led to the development ofalgorithmswhichcanbeused toassess theriskofdevelopingadisease, toagreaterorlesserextent.Thenumberofwaysinwhichtechnologiescanassistwiththisanalysishasincreaseddramatically.Developmentsinthelate20thcenturyAnearlyhealthcareexamplein1972wasthedevelopmentbyStanfordUniversityofMYCIN,anexpertsystemtosupportantibioticprescribing4.Howevertheexpertsystemsdevelopedinthiseradidnotfindmainstreamacceptance, and the following twodecadeshavebeendescribedas the ‘AIwinter’.Now,with thegrowth incapabilityofAI, someof these advancesare finding theirway into thepracticeofmedicine and the delivery of healthcare. This is taking place across a broad range of domains, fromclinical decision support,medical image interpretation, anddiagnostics, to themanagementof healthchallenges such as diabetes and heart arrythmias. This progress has been recognised in thebroadcastingmedia,withanexplosionofnewsstoriesaboutthepotentialbenefitsandpossiblerisksofthesedevelopments.In the1990s, therapidgrowth inprocesserpower led to thepossibilityofcomputationalalgorithmsbeingappliedinareaswhich,upuntilthen,wereconsideredtobetheexclusiverealmofhumanbeings.This shift startedwith the famous chess challenge inwhich IBM’s Deep Blue took on, and defeated,Grand Master Garry Kasparov5. Since then, there has been an evolution in programmed systems,exemplified by Deep Blue, and amore recentmove towards systems that can be trained by humanexperts,orwhichcaneventrainthemselves,usingnovelcomputingmodelsandmethodssuchasNeuralNetworks and Deep Learning. Topical examples include Google’s ‘Alpha Go’ and ‘Alpha Go Zero’projects6,7.RecentdevelopmentsAfterseveral ‘falsestarts’ fromthe1950sto the1980s,wenowappear tobeenteringaneraofhighinnovation and fast growth in the adoptionofArtificial Intelligence (AI).Today’s thrust inAI is nowbeingdrivenbythehugegrowthincomputerpowerandstorage;availabilityofdigitaldatasetsthatcanbeusedtotrainandvalidateAIsystems;andadvancesincomputersciencewhichhaveacceleratedthecapabilitiesofmachinelearning.Gartner,forexample,hasattemptedtopositionmanyoftheseinnovationsonGartner’sAIHypeCycle8.Manybookshavebeenwrittenwhichexplore thedriving forcesbehind this technological revolution,andtheimpacttheywillhaveforallofus9,10,11.Questionshavebeenraisedaroundtheissuesofprivacy,efficacy,safety,transparency,liabilityandlegalredress.AI:benefitsandrisksTheintroductionofAIintothefieldsofmedicineandhealthcareinparticularneedsparticularlycarefulconsideration,giventhemanypossiblebenefitscombinedwiththepotentialforharm.

33

ThispresentationexploresthisevolutioninAI,andplacesAI’sbenefitsandrisks–asitisalreadybeingdeployedinhealthcare–inabroadercontext.Forexample,AIhasestablishedapositivereputationintheareaofdiagnostics,especiallywhenthisinvolves analysis of medical images such as X-rays, CT scans, retinal images, and dermatologicalphotographs.Welltrainedsystemscanbemuchfasterthanhumans,andcanidentifyfeaturesinimageswhich even the best clinicians miss. The system developed by DeepMind, in use at Moorfields EyeHospital,London,whichdiagnosesdiseasesof theeye12 illustrates thepotential.Manyotherpossibleapplicationsarebeinginvestigated,inareassuchasspottingearlysignsofdementiafrombrainscans,predictingrisksofkidneyfailure,detectingprostatecancer,andperformingroboticsurgery.Atthesametime,thereareclearlyrisksassociatedwithAIsystemsusingNeuralNetworksandDeepLearning methods, resulting in a ‘black box’ system (where it can be difficult to determine how adiagnosticresulthasbeenreached).Thereisalsothequestionoftransferability,wherealgorithmshavebeen optimised to perform a specific task (‘narrow AI’), but may appear overly confident whenpresentedwithexamplesthattheyhavenotseenbefore.Thequalityandextentofthetrainingdatasetiscrucialinavoidingthischallenge.OtherapplicationsofAI,suchastheuseofchatbotsoravatarstoprovidetriageservicestocitizens,suchastheGPatHandserviceprovidedbyBabylonHealth13,mayincreaseaccesstohealthcareinformationand advice. However, there are questions about how much trust can be placed in these servicescomparedtoaconsultationwithahumanbeing,andtheremaybeunseenbiases in the trainingdataleadingtoincorrectadvicebeinggiven.Ifthisbiasleadstoharm,whocanbeheldaccountable?Thereisalsothequestionaboutwho‘owns’thedataprovidedbytheusersofsuchservices,andhowthatdatawillbeusedorpotentiallymisused.Afurtherquestionisabouthowtoevaluatethequalityandsafetyofthesesystemsagainstbestcurrentpractice.Do thesystemsneed tobealmostperfect tobeaccepted,or is it sufficient forthemtobeatleast as goodas human beings at performing theirwork? As iswell understood inmedicine, humanerrorwill occur.What is a ‘goodenough’ error rateor safety record, forAI systems, andhowdowemeasurethis?Referencesandusefullinks1-https://www.ncbi.nlm.nih.gov/pubmed/153135912-https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2038856/3-https://www.framinghamheartstudy.org4-https://en.wikipedia.org/wiki/Mycin5-https://www.scientificamerican.com/article/20-years-after-deep-blue-how-ai-has-advanced-since-conquering-chess/6-https://ai.googleblog.com/2016/01/alphago-mastering-ancient-game-of-go.html7-https://www.nature.com/articles/nature169618-https://www.gartner.com/smarterwithgartner/top-trends-on-the-gartner-hype-cycle-for-artificial-intelligence-2019/9-HelloWorld,HannahFry-TransworldPublishersLtd,ISBN:978178517576310-Superintelligence,NickBostrom–OxfordUniversityPress,ISBN:978019873983811–Life3.0,MaxTegmark–PenguinScience/Technology,ISBN:978014198180212–https://www.moorfields.nhs.uk/content/latest-updates-deepmind-health13–https://www.forbes.com/sites/bernardmarr/2019/08/16/the-amazing-ways-babylon-health-is-using-artificial-intelligence-to-make-healthcare-universally-accessible/

34

ArtificialIntelligenceforHealthandCareintheEU:Developingethicalandlegalframeworks

DrCarlisleGeorge

AssociateProfessorandBarrister–MiddlesexUniversity,UK.(c.george@mdx.ac.uk)

IntroductionThis presentation focuses on the increasing importance of Artificial Intelligence (AI) in the digitaltransformationofhealthandcare intheEuropeanUnion(EU),andchanges totheregulatory(ethicalandlegal)environment.ThepresentationgivesaselectedhistoricaloverviewofrecentactionsbytheEuropean Commission on AI and health and care, as well as the progressmade in some aspects ofethicalandlegalframeworks.BackgroundSeveralrecentEuropeanCommissionCommunicationsandreportshavereferredtotheimportanceofAIforEurope.In April 2018, the European Commission issued the Communication on enabling the digitaltransformation of health and care in the Digital Single Market; empowering citizens and building ahealthiersociety[1].Oneofthreeprioritiesidentified,wastheneedtopromotedigitaltoolsforperson-centredhealthandcare.AkeyenablingtechnologyidentifiedfordigitalhealthwasAI.Forexample,useof AI and data analytics was cited to “help design and test new healthcare products, provide fasterdiagnosis and better treatments” and, together with computermodelling and simulation, to develop"digitalpatient"predictiveapproaches.AnotherCommunicationonArtificialIntelligenceforEurope[2]inApril2018statedthatAIwasoneofthemost strategic technologies of the 21st century and argued that the EU should lead the way indevelopingandusingAI.TheCommunicationnotedthatsomeAIapplicationsmayraisenewethicalandlegalquestions(e.g.relatedtoliabilityorbiaseddecision-making),hencethereisaneedtodevelopAIinanappropriateethicalandlegalframework.SuchaframeworkmustrespectEUvaluesandfundamentalrights,ethicalprinciples(e.g.accountability,transparency)andmustensurecompliancewithrelevantlaws(e.g.dataprotection).Aspartofthewayforward,theCommunicationlistedmanyfutureinitiativesonAI.Initiativesrelatedtolegalandethicalissuesincluded:implementingtheGeneralDataProtectionRegulation (GDPR) to enhance personal data protection; drafting AI ethics guidelines; and issuingguidance on existing product liability rules. The drafting of guidelines and guidance were tasked torelevantHigh-levelExpertgroups.

In December 2018, the Commission issued a Communication on a Coordinated Plan on ArtificialIntelligence [3] that outlined EU-level activities to maximise the benefits of AI for all Europeans.Regarding the development of a suitable ethical and legal framework for AI, the activities proposedincluded:thedraftingofguidanceontheimplementationofaProductLiabilitydirective;thedraftingofAIethicsguidelinesinvolvingmaking“ethicsbydesign”akeyprincipleatthestartofthedesignprocessofAIproductsandservices;providingstrong“cybersecurity”topreventhackingormanipulationofAIalgorithms(orthedataprocessedbythem)andtoensurecustomersafety;ensuringthesuitabilityofexistingregulationsrelatingtodataprotectionandprivacy,consumerprotection,competition lawbydesign, and intellectual property; andensuring fairness, transparency andaccountability of decision-makingby(AI–machinelearning)algorithms.SomeDevelopmentsinEUEthicalandLegalFrameworkstoaddressAIThissectionexploresingreaterdetailsomeoftheissuesthattheEuropeanCommissionhasdeterminedareimportantforthesatisfactorydevelopmentofAI.Itstartswithethicalguidelinesandthendiscussessomelegalissuesnamelydataprotection,productliability,intellectualpropertyandcybersecurity.

35

EthicsGuidelinesforAIOn 8 April 2019, the EU’s High-Level Expert Group on AI presented its “Ethics Guidelines for aTrustworthy AI” [4]. The guidelines’ main aim is to promote “trustworthy AI”, which has threecomponentsthatmustbemetthroughoutanAIsystem’slifecycle:(i)Itmustbelawful–theremustbecompliancewith relevant laws and regulations; (ii) itmustbeethical–adhering to ethical principlesandvaluesand(iii)itmustberobust–bothtechnicallyandsocially(i.e.topreventunintentionalharm).The guidelines set out sevenkey requirements thatmustbemetby anAI system tobe trustworthy,namely:Humanagencyandoversight;Technicalrobustnessandsafety;PrivacyandDatagovernance;Transparency;Diversity,non-discriminationand fairness;Societalandenvironmentalwell-being;andAccountability.Thenewguidelineswillbeessentialtothedesign,developmentanduseofAItechnologyinhealthandcare.DataProtectionInMay2018,theGeneralDataProtectionRegulation(GDPR)[5]cameintoforceintheEUtoregulatethe processing of personaldata [6] andprotect fundamental rights (e.g. the right to privacy, humanautonomy and non-discrimination). Among many provisions, it contains several high-level dataprotection principles, obligations on data controllers and processers, subject’s rights, and enhancedprotectionfor“sensitivedata”suchasmedicaldata.TheseprovisionsimpactthedevelopmentanduseofAIincaseswherepersonaldataisprocessed.Someimportantprovisionsinclude:theneedforalegalbasis for processing (collection and any use of) personal data; being fair and transparent whenprocessingpersonaldata; collecting the least amount of data needed for a specific purpose; keepingdataaccurateandup-to-date;retainingdataonlyforaslongasisnecessaryforthepurposecollected;assessingtheimpactofprocessingondatasubjects;complyingwithsubjects’rights(includingnottobesubject to a decision based solely on automated processing, including profiling); and requiring dataprotectionbydesignanddataprotectionbydefault.ThenatureofAIsystemsandprocessespresentsmanychallengeswithregardtocompliancewithmanyprovisionsoftheGDPR.Oneexampleisthenatureofmachinelearninganddataanalyticsmeansthatmachinelearningalgorithmsareoptimisedbytheuseofextensiveamountsofdatafortraining.ThisisincontrasttotheGDPR,whichmandatesdataminimisation–i.e.collectingtheleastamountofdataaspossibleforaspecificpurpose.Anotherexampleisthattherequirementfor“transparency”undertheGDPRcanbeimpossibletomeetinAItechnologies,sincehumanbeingsmaynotunderstand(andhencebeabletoexplaintoadatasubject)howmachinelearningalgorithmswork(howtheymakedecisions)bothbeforetheyaredeployedandaftertheyhavebeenoptimisedbytrainingondata.Athirdexampleisthatsubjects’rights,suchasthe“rightoferasure”ofpersonaldata,maybeimpossibletoachieveafterpersonaldatahasbeenusedincombinationwithnumerousotherdatatotrainalgorithms.ProductliabilityProductliabilityreferstoliability(theresponsibilityofamanufacturerorvendor)forinjuryordamagetoaconsumerarisingfromadefectiveproduct.IntheEU,theProductLiabilityDirective85/374/EECappliestoanyproductmarketedintheEuropeanEconomicArea[7].SincetheDirectivecameintoforce,there have been numerous technological developments. Notwithstanding that the Directive istechnology-neutral, new technologiessuch asAIbringunanticipated consequences.One such issue isthe debate on whether AI (i.e., self-learning) technologies that are autonomous and capable ofunpredictable and automated decision-making (without the influence of human beings) should betreatedasalegalpersonality(separatefromtheircreators)andthereforebeheldliablefortheiractions[8].Inlightofsomeoftheseissuesandotherchallenges,theEuropeanCommission’s“ExpertGrouponliabilityandnewtechnologies”hasbeenorganisedintotwosubgroupstodeterminehowbesttofurtherdevelopthe1985ProductLiabilityDirective.OnesubgroupistaskedwithdrawingupguidanceontheDirective (e.g. providing clarity on concepts such as ‘product’, ‘defect’, ‘damage’, and advisingon anyreforms needed). The other subgroup is tasked with assessing the implications of emergingtechnologies for liability frameworks at national level and at European level. At the time of writing(November 2019), the Commission has not yet issued its official guidance on the Product LiabilityDirective(althoughitwasoriginallydueinmid-2019).

36

IntellectualProperty(Copyright)lawAmajor aspect of AI is the use of Text andDataMining (TDM)which involves the copying of largeamounts of material (texts and data) in order to perform electronic analysis to reveal patterns orrelationships.TheuseofTDMmay involvematerialprotectedbycopyrightand,hence,copyright lawimpactsonTDM.InlightoftheimportanceofTDMtoAI,andtheneedofAItoaccesslargedatasetstoextractknowledge,theCommissionincludedamandatoryexemptionforTDMinthe2019DirectiveonCopyrightintheSingleMarket[9](Articles3and4tobeenactedbyMemberStates).Thishasimportantimplications for enabling information search/retrieval, research, and the development of intelligentapplicationsinthemedicalsector(includingthepharmaceuticalindustry).CybersecurityAsnotedpreviously,theEuropeanCommissionidentifiedtheneedforstrongcybersecuritytoprotectAIalgorithms,data,andpeople.InJune2019,theEuropeanCybersecurityAct[10]cameintoforce.Itcomplements theGDPR (requiringsecuritywhenprocessingpersonaldata)andtheEUNetworkandInformationSecurityDirective(NISDirective)[11]whichfocusesontheprotectionofcriticalnationalinfrastructure.Amongotherprovisions,itmandates:(i)newtasksfortheEUAgencyforCybersecurity(ENISA) that include increasing cooperation at EU level, handling cyber attacks at the request of EUMemberStates,andhelpingwithEU-coordinationintheeventof large-scaleattacksorcrises;and(ii)the development of an EU-wide cybersecurity certification framework to certify information andcommunication technology (ICT) products, processes and services for compliance with specifiedcybersecurityrequirements.ConclusionThe advent of AI to the digital transformation of health and care in the EU has required thetransformationofexistingregulatory(ethicalandlegal)frameworks.AIcontinuestobringchallenges,andfurtherchangestoethicalandlegalframeworkswillbeneededaswebecomemoreawareoftheimpactofAI.Itisnotclear,however,whetherwewilleverbecomeprivytothesecretsofAIduetotheopacityofself-learningalgorithms.ThismeansthatregulationmaybecomeincreasinglydifficultasAIsystemsbecomemoreautonomous.Wemust,therefore,remainvigilantandcontinuetoputadequateregulatorystructuresinplacetoguidethedevelopmentanduseofAIinhealthandcare.Endnotes[1]https://ec.europa.eu/digital-single-market/en/news/communication-enabling-digital-transformation-health-and-care-digital-single-market-empowering[2]https://ec.europa.eu/digital-single-market/en/news/communication-artificial-intelligence-europe[3]https://ec.europa.eu/digital-single-market/en/news/coordinated-plan-artificial-intelligence[4]https://ec.europa.eu/digital-single-market/en/news/ethics-guidelines-trustworthy-ai[5]https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679[6]‘Personaldata’meansanyinformationrelatingtoanidentifiedoridentifiablenaturalperson(‘datasubject’).[7]SeeAndoulsiandWilson(2013),UnderstandingLiabilityineHealth:TowardsGreaterClarityatEuropeanUnionLevel,inCarlisleGeorge,DianeWhitehouseandPennyDuquenoy(eds).eHealth:Legal,EthicalandGovernanceChallenges,Springer-Verlag.[8]Atabekov,AandYastrebov,O(2018),LegalStatusofArtificialIntelligenceAcrossCountries:LegislationontheMove.EuropeanStudiesJournal,VolumeXXI,Issue4,2018[9]https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52016PC0593[10]https://ec.europa.eu/digital-single-market/en/eu-cybersecurity-act[11]https://ec.europa.eu/digital-single-market/en/network-and-information-security-nis-directive

37

StandardsfortheEthicsofAIMrBrianTranter

ANECrepresentative–IEC,UK.(btranter@btinternet.com)

Artificial intelligence (AI) is a transformative technology. It is already impacting consumers andwillincreasinglydosoindifferentways,manyofwhichareyettobedefined.Inthemajorityofcasestheimpact will be positive, offering solutions to modern day problems. However, although a systemutilising artificial intelligence may be safe, applied inappropriately it has the potential to lead tounethicalorsociallyunacceptableoutcomes.Forexample,collaborativerobotshavehugepotentialtosupplementtheworkofhumancarersandenhancesurgicalproceduresbutwhataretheethicsofdoingso. Should the use of these systems be limited in some way, if so under what conditions and whodecides? While encouraging the positive uses of AI it is therefore equally important to have amechanism to ensure that allwho use this technology are protected from these potentially negativeeffects.Standards are awell-established tool used to supplement regulatory requirements, set specificationsand give guidance to designers, installers, users and others connected to a product or service. Forexample, standardsdevelopedovermanyyearshavehelped toensure that theproductsandservicesused by us all are physically safe. Through the application of these standards risks and hazards areidentified,andsolutionsdeterminedthatremoveoratleastreduceanyriskstoanacceptablelevel.ForasystemusingAInewandinnovativestandardsarethereforeneededtoaddressethicalriskssuchas loss of human dignity, control or capability in the same way that physical risks are addressed.Historicallyitisnotanareathatstandardshavecoveredanditisacomplexproblem.Theremaynotbea ‘rightsolution’.The ‘bestsolution’maynotalwaysbe thesameas itwilldependnotonlyupontheapplication but also the precise circumstances in which it is applied. Regional difference will alsoinfluencetheacceptabilityofasolution.WhatisacceptableinEuropemaynotbeacceptableinAsiaorAmerica.Andethicalnormsarealsosubjecttochange.Despitethesedifficultiesworkinthisareaisprogressing.NewstandardswillbedevelopedthatwillnotonlyhelptoprotectusersofAIandassociatedsystemsbuttheywillalsohelptoprotectthereputationofAIandencouragethepositivedevelopmentofthisimportanttransformativetechnology.Someusefullinks:https://www.anec.eu/https://www.anec.eu/priorities/digital-societyhttps://blog.iec.ch/2019/04/iec-standardization-evaluation-group-for-autonomous-and-artificial-intelligence-applications-establishes-new-work-programme/https://www.iec.ch/dyn/www/f?p=103:186:16011968436394::::FSP_ORG_ID:22827

38

How Data-driven AI can Benefit from Formalized Knowledge to Become More “Explainable”: An Experience from Medical Process Mining

Prof Stefania Montani

ProfessorofComputerScience-UniversityofPiemonteOrientaleAlessandriaArea,Italy.(stefania.montani@uniupo.it)

Fromself-drivingcars,tospeech-interpreters,andtomedicaldecisionsupport,weareexperiencinganexplosion of Artificial Intelligence (AI) applications,which aredemonstrating themselves to bemoreandmorehelpfulandaccurate.However,theyaretypicallypoweredbyunsupervisedmachinelearningalgorithms (data-driven AI),which often operate as “black boxes”, in the sense that no transparentinterpretationisavailableforthealgorithmoutput.Explainability,thatwecandefineastheabilitytoexplainortopresenttheoutputofanalgorithminawaythatiscomprehensibleandunderstandabletoahuman,isthereforeacriticalissue,whichhasbeenconsidered(atleasttosomeextent)alsointheGDPREUregulation[1].Therighttoexplanation(i.e.,therighttobegivenanexplanationforanoutputofthealgorithm),inparticular,becomesparticularlyurgentinapplicationssupportingmedicaldecisionmaking,astestifiedintheliterature[2].Existingstrategies todealwith this issuerange fromthedefinitionofglobalsurrogatemodels [3], tolocalones[4].Ontheonehand,globalsurrogatesseektodistiltheknowledgecapturedbyablack-boxdata-drivenmodelintoamoreinterpretablemodel:thisapproachisflexible,buttheconclusionsdrawnconcernthemodel,notthedata,sincethesurrogatemodeldoesnothaveaccesstotheactualdata,butonlytotheoriginalmodeloutput.Assuch,theexplanationsprovidedonthealgorithmstendtobeonlyasgoodas theoriginalmodel.Localsurrogates,on theotherhand,makeuseofamore interpretablemodeltoexplainthebehaviourofablack-boxalgorithmwhenitisappliedtoagivensampleoftheinputdata. This second family of solutions suffers from a considerable degree of instability in terms ofexplanations of the algorithms used: if the sampling process is repeated, onemight obtain differentexplanations,jeopardizingthemethodrobustness.In thispresentation,we suggest to followadifferent researchdirection, namely to exploit asynergybetweendata-driven andknowledge-basedAI approaches (the latter are intendedasmethods thatmodelhumanknowledgeincomputationalterms),todealwithtransparencyandexplainability.Inparticular, thepresentationwill illustrateour experience in the fieldofmedical processmining,wherewehaveadoptedanontologyandarule-basedsystem(knowledge-basedAI)toabstractmedicalprocesstraces(i.e.,thesequencesofactivitiesthathavebeenactuallyexecutedandloggedwhilecaringthepatients).Thisapproachhasledaprocessminingalgorithm(data-drivenAI)tolearnmorereadableandunderstandableprocessmodels,where thekeyprocessstepsarealwaysclear,and thealgorithmoutputisimmediatelyinterpretablebydomainexperts[5].We believe that this strategy could be considered in other situations as well. Indeed, powerful andpromisingdata-drivenAIcanstronglybenefitofmethodsbasedonknowledgeformalization,andtheirgeneralization and abstraction capabilities, which can be particularly helpful in providing a reallyexplainable decision support; indeed, as stated by the 2017 Barcelona Declaration for the ProperDevelopment and Usage of Artificial Intelligence in Europe [6], “the full potential of AI will only berealizedwithacombinationofthesetwoapproaches”.References[1]GoodmanB,FlaxmanS.EuropeanUnionregulationsonalgorithmicdecision-makingandarighttoexplanation.AIMagazine.201738(3):50–57[2]ShortliffeEH,SepulvedaMJ.Clinicaldecisionsupportintheeraofartificialintelligence.JAMA.2018Dec4;320(21):2199-200[3]Che,Z.,Purushotham,S.,Khemani,R.,Liu,Y.:InterpretabledeepmodelsforICUoutcomeprediction.

39

In:AMIASymposium2016,pp.371–380(2016)[4]Ribeiro,M.,Singh,S.,Guestrin,C.:”WhyshouldItrustyou?”:explainingthepredictionsofanyclassifier.In:Proceedingsof22ndACMSIGKDD,pp.1135–1144,NY,USA(2016)[5]Montani,S.,Leonardi,G.,Striani,M.,Quaglini,S.,Cavallini,A.:Multi-levelabstractionfortracecomparisonandprocessdiscovery,ExpertSystemswithApplications81(2017)398-409[6]BarcelonaDeclarationfortheProperDevelopmentandUsageofArtificialIntelligenceinEurope.2017Mar;1-4.

40

TheLanguageofAutomatedMedicineMrChrisZielinski

VisitingFellow–UniversityofWinchester,UK.

(chris@chriszielinski.com)This presentation focuses on what happens to language in the digital age, and specifically languagerelatedtohealthinthecontextofartificialintelligence.Itwillexplorewhattheimplicationsareforthefurtherdevelopmentofartificialintelligenceandalgorithms.Thefirstpartofthediscussionoffersacriticalreviewofautomatedtranslationsoftwarebasedon50yearsofpersonalexperience(theauthorstartedhiscareerasaprofessionaltranslator).Broadeningthediscussion from personal experience to empirical results, the author reviews the use of automatedtranslationformedicaldiagnoses(citingpapersintheBritishMedicalJournalandelsewhere).Despitethemanybreakthroughs inthis field,anddespitethebillionsofdollarspoured into it, theresultsarediscouraging.Automatedtranslationsoftwarecontinuestobepoorandunreliable.Why?Thesecondsectionofthepresentationfocusesontheuseoflanguage,specifically,thewaylanguageisbeingusedtopersonifydigitaltechnology–from“bugs”and“pirates”to“neuralnetworks”andmachine“learning”.Itisimportanttorecognizethatthesearemetaphoricusesthatdonotrepresent–andoftenmis-represent–reality,producingakindoffakenews.Thispartofthepresentationonpersonificationand “andropomorphism” in the digital age continues into reflections on the language of artificialintelligence.Abriefoverviewofartificialintelligencefromthisstandpointisofferedinthethirdpart.Thisaddressesthe semantic gap – the questions of intelligence, understanding and consciousness are (very briefly)touchedon–andleadsontothedefinitionoftwoformsofAI.Onevarietyistheexplicitlyalgorithm-based AI (as used in the Big Blue/Kasparov chessmatch) and the other is the goal-seeking variety,where the software generates its own algorithms in search of an explicit target (as used in theDeepMind/AlphaGoattackonthegameofGo).The finalpartof thepresentationaddressed theconceptof “artificial ignorance”–where thesoftwareproducesresultsthatcannotbeparsedorchecked,wherewecannotbesurewehavetherightanswer,or the best answer. Books have been written about the biases and prejudices being accidentally orunconsciously coded into software. Examples of these are given, focusing on artificial ignorance andhealth.Pragmaticandethicalissuesareoutlined.It should be stressed that the objective of this presentation is not to debunk artificial intelligence.Artificial intelligencewill certainlycontinue tobringmanypositiveresultsandsolve issues thathaveplaguedthehumanracesincethedawnoftime.Itwillhelpsecureanequitableexistenceformanyinallwalks of society and at all economic levels, and is likely to usher in a new era of ever-improvinghealthcare.However,therearecertainlydangerzones.Thisauthordoesnotfear“thesingularity”–thetermusedby Kurzweil and others to describe the moment when artificial intelligence becomes in some waysuperiortohumanintelligenceandquicklytakesovertheworld,consigningthehumanracetoslaveryor extinction.Despite fears expressed in thisdirectionbyanumberofnotable leadersof technology,thisissciencefiction,andisnotgoingtohappen.In fact, the realandpressing concern for thehuman race isnot that the technologywill become toointelligent,butratherthatitwillbecometooignorantiflefttoitsowndevices,leadingtoconsequencesthatwillaffectmillionsofpeople.Humaninputisessentialandcannotbeignoredinthedevelopmentofself-improvingsoftware.

41

ReferencesPatilS.andDavisP.2014.UseofGoogleTranslateinmedicalcommunication:evaluationofaccuracyBMJ2014;349:g7392doi:10.1136/bmj.g7392(Published15December2014)(https://www.bmj.com/content/349/bmj.g7392)Kurzweil,R.1990.TheAgeofIntelligentMachines,Cambridge,MA:MITPress,ISBN0-262-11121-7Caughill,P.2017.ElonMusk:“TheSingularityforThisLeveloftheSimulationIsComingSoon”October5th2017(https://futurism.com/elon-musk-the-singularity-for-this-level-of-the-simulation-is-coming-soon)Cellan-Jones,R.2014.StephenHawkingwarnsartificialintelligencecouldendmankind.BBCNews2December2014(https://www.bbc.co.uk/news/technology-30290540)Bostrom,N.2014.Superintelligence:Paths,Dangers,Strategies,OxfordUniversityPress,Oxford;ISBN-10:9780198739838DasS.2019.It’shysteria,notaheartattack,GPappBabylontellswomenOctober132019,12:01am,TheSundayTimes(https://www.thetimes.co.uk/article/its-hysteria-not-a-heart-attack-gp-app-tells-women-gm2vxbrqk)

Figure1–PathtoArtificialIgnorance

42

QualityAuditswithBlockchainforHealthcareintheUKDrIanMitchellaandMsSukvhinderHarab

aAssociateProfessor-MiddlesexUniversity,UK.

(i.mitchell@mdx.ac.uk)

bSeniorLecturer–MiddlesexUniversity,UK.QualityAuditsQualityauditsarenecessarytoensurethataffiliatedorganisations’procedures,practicesandprocessesarealignedtothegoverningbodies’principles,whichultimatelyinspects,reportsandhastheauthoritytoissuealicensetooperateasahealthcareprovider.Qualityisconcernedwithmaintainingprinciples,whilstallowingpracticestochange.Inmanycasesinhealthcare, qualitymanagement produces paperwork that provides evidence on the procedures andpractices given to care for an individual. It is difficult to generaliseaboutall quality audits, however,many institutions that do quality audits have a governing body. For example, in the context ofhealthcareprovidersoperatingintheUK,theCareQualityCommission(CQC)inspectsitsaccreditedoraffiliatedhealthcareproviders,betheydentists,carehomesorhospitals.Thisinspectionoftenleadstosuccessfulaffiliationwitharating,occasionallytheinspectionswilluncoversomemajortransgressionsofpracticesthatcanleadtothelicencebeingrevoked.Soauditsareoftenseeingtheorganisationinitsbest light, despite shortnotice givenby theCQC.During thesequalityaudits it is the integrityof thepaperwork,recordsordatathatisinquestionandinparticularthedetectionofretrospectiveediting.Retrospective editing can be prevented by the introduction of a blockchain technological solution,wherebytheCPUeffortrequiredtoalterandeditrecordsbecomesinsurmountable.Thispossibilityisexplainedattheendofthisnextsectiononblockchain.BlockchainBlockchainisnotonlyBitcoin[10].Blockchainisthetechnology[12]supportingBitcoinandincludes:cryptography, to ensure confidentiality; consensus, establishing and ensuring trust; Peer-2-Peernetwork, to ensure availability and openness; and append-only immutable distributed ledgers, toensure validation. Despite Nakamoto’s paper [10] being over 10 years old, we are on the cusp of ablockchainrevolution[6]thatischanginghoworganisationscommunicateandoperate.Blockchain has two types: permissionless and permissioned. Permissionless allows anyone tocontribute and add new blocks and is often thought of as being public; whereas permissionedblockchain allows onlymembers to contribute and add new blocks and is often thought of as beingprivate.Theuseoftokenscanalsocharacteriseblockchains.Originally,blockchainwasdevelopedasacryptocurrency [1] to exchange financial valuewithout the need for an intermediary, e.g. a bank, toconfirmthetrustworthinessoftheindividualsinvolved.Theseblockchainscaneitherbepermissionedorpermissionless,andare referred toas cryptocurrency.Over the yearsblockchainwasviewedasadirectsolutiontomanybusinessproblems,e.g.,infinancialauditing[5],integrityverificationandrightsmanagement[7]andgovernance[8].Forafullerdescriptionandreviewonblockchaintechnologyandapplicationssee[4].Manyoftheseapplicationsdonotrequiretheexchangeoftokensorcoins,butjustasimpletransactionhastakenplaceandcreatedviaconsensusontheimmutabledistributedledger.Wecallthesetypesofblockchain:tokenisedandtokenless.A combinationof the above typesof blockchain technologies cangive rise topermissionedtokenlessblockchain applications that can support, record and enhance the administration of patient recordsadheringtotheprincipleslaiddownundertheCaldicottReport[3].Whilemedicalblockchainapplications[2,11]andsharingofpatients’dataisnotnew[13],thispaperexamineswhether theuseof blockchain forquality audits [9] can improve trust in recordedmedicaldata.

43

AuditsandBlockchainBlockchainbyitsnaturehasanaffinitywithqualityauditsthat,asofwriting, isyettobeexploitedinhealthcare sectors across the UK. Most medical applications concern themselves with handling andsharingofpatientdata;however,workbyMitchellandHara[9]focusedonaprototypeapplicationofblockchainthatinvestigatesitsuseasanauditingtool.Briefly, thecompletionofaMedicalAdministrationRecord(MAR)sheet iscompulsory forhealthcareproviders in care sectors. Administering medication to a service user requires that a healthcareprofessionalrecordthisactionasanentryinaMARsheet.TheobjectiveofMARsheetsistosafeguardvulnerableadultsinadministeringmedicationthatis,amongstotherthings,inspectedbytheCQCintheUK.Blockchain Medical Administration Record (BMAR) allows secure updates on an MAR sheet.Furthermore, it isapermissionednetworkgovernedbyanauthority,e.g.,CQC,andhenceallupdatescan be viewed. All healthcare professionalswould complete theirMARs entry,whichwould then becreatedbyconsensusandupdatedonanappend-onlyledger.Currently,whenmistakesaremade,itistemptingtodestroytheoriginalMARsheetandreplaceit.MistakescanbeupdatedonBMAR;however,the update would also be recorded on the blockchain. This makes BMAR tamper-proof and thuspromotesthesafeguardingofvulnerableadults.ConclusionBMARs[9]providesevidencethatqualityauditscanbeimplementedviatheblockchain.Auditabilityisindeedconducive to theuseof blockchainapplications,and therefore it isproposed that informationrequiredbyauditsshouldbecompletedviablockchain.References[1]AndreasM.Antonopoulos.MasteringBitcoin.O’Reilly,2ndedition,2017.[2]AsaphAzaria,ArielEkblaw,ThiagoVieira,andAndrewLippman.Medrec:Usingblockchainformedicaldataaccessandpermissionmanagement.InOpenandBigData(OBD),InternationalConferenceon,pages25–30.IEEE,2016.[3]FCaldicott.Information:Toshareornottoshare?Theinformationgovernancereview.Dept.ofHealth,UK,March2013.[4]FranCasino,ThomasKDasaklis,andConstantinosPatsakis.Asystematicliteraturereviewofblockchain-basedapplications:currentstatus,classificationandopenissues.TelematicsandInformatics,2018.[5]JunDaiandMiklosAVasarhelyi.Towardblockchain-basedaccountingandassurance.JournalofInformationSystems,31(3):5–21,2017.[6]EvgeniiaFilippova,ArnoScharl,andPavelFilippov.Blockchain:Anempiricalinvestigationofitsscopeforimprovement.InInternationalConferenceonBlockchain,pages1–17.Springer,2019.[7]ShigeruFujimura,HirokiWatanabe,AtsushiNakadaira,TomokazuYamada,AkihitoAkutsu,andJayJunichiKishigami.Bright:Aconceptforadecentralizedrightsmanagementsystembasedonblockchain.In2015IEEE5thInternationalConferenceonConsumerElectronics-Berlin(ICCE-Berlin),pages345–346.IEEE,2015.[8]HengHou.Theapplicationofblockchaintechnologyine-governmentinchina.In201726thInternationalConferenceonComputerCommunicationandNetworks(ICCCN),pages1–4.IEEE,2017.[9]IanMitchellandSukhvinderHara.BMAR-blockchainformedicationadministrationrecords.InBlockchainandClinicalTrial,pages231–248.Springer,2019.

44

ANovelPrivacyFrameworkformHealthwhenManagingChronicDiseasesMrFaradJusob,DrCarlisleGeorgeandDrGlenfordMapp

ALERTResearchGroup-MiddlesexUniversity,UK.

(FJ105@live.mdx.ac.uk)IntroductionThispresentationdescribesthedevelopmentofanovelprivacyframeworkformHealth.Theframework(i) proposes a new methodological approach to addressing privacy and mHealth in the context ofmanaging chronic diseases, and (ii) combines specific mechanisms and technologies to enable thedevelopmentofaprototypemHealthsystem.Background-mHealthandPrivacyThewidespreadrise inchronic illnesses(e.g.,diabetesandhypertension)hasresulted in theneed tofindmoreefficientwaysofmanagingthetreatmentofpatientswiththeseconditions.Onesuchwayisthroughtheuseofmobilehealth(mHealth) technologies thatcangatherreal-timedata frompatientsandmonitorthepatientsfromadistance,removingtheirneedtobeatamedicalfacility(EstrinandSim,2010). These technologies can be an integral part of intelligent healthcare environments (e.g., smarthomes that monitor and assist elderly patients) (Augusto, 2013) which are essential to reducinghealthcare costs, improving efficiency, and enhancing the quality of treatment and care given topatients.TheuseofmHealth,however,bringsvariousprivacyconcernsandchallenges(EuropeanCommission2014;EDPS,2015).WhenusingmHealthtechnologies,patientsmusttrustthattheirhealthinformationisprivateandsecure.Ifpatientslackasenseoftrustinthetreatmentoftheirhealthdataandfeelthatthe confidentiality and accuracy of their health information is in jeopardy, they may choose to notdisclosetheirpersonalhealthinformation.Thiscanresultinamisunderstandingofthepatients’overallhealth status by healthcare professionals and in the provision of sub-optimal treatment. Given thesensitivity of health data, the rapid development of the mHealth sector raises privacy and securityconcernsregardingthedatacollectedfrompatients.TheNeedforaNovelPrivacyFrameworkInthecontextofmHealth,managingprivacyisacomplexissueandpatientsshouldhavemorecontrolover the collection, recording, dissemination, and access to their mHealth data. Themanagement ofprivacy can be facilitated through the use of suitable privacy frameworks because they outline coreprinciples,bestpracticesandsolutionstoprotectandmanage theprivacyof informationandpeople.HavingasuitableprivacyframeworkformHealthinthecontextofthemanagementofchronicdiseasesis therefore essential to building patient trust and providing good healthcare. A review of variousexistingregulatoryframeworksforprivacyconcludedthatnosingleframeworkcompletelyaddressesthe privacy concerns regarding the management of chronic diseases when using mHealth solutions(Jusob, 2017). Existing regulatory frameworkswere designed to be used for health information andwere found to focusmostly on the data aspect of privacy and not to take into consideration bodilyprivacyanduserautonomy(Jusob,2017).ThereisthereforeaneedtodevelopasuitableprivacyframeworkformHealthinthiscontext.ProposedFrameworkTheworkpresentedinthispaperdiscussesthedevelopmentofaprivacyframeworkformHealthinthecontextofmanagingchronicdiseases.ThemethodologicalapproachtodevelopingtheframeworkwasbasedonamodifiedversionoftheEngineeringDesignProcessmethodology(Khandani,2005).Firsttheproblemwas defined. Second, informationwas gathered on the problem, (i.e. an analysis of existingsolutionsregulatory frameworksforprivacywascarriedout, followedbyresearch toidentifyprivacythreats and concerns from previous studies when managing chronic diseases with mHealth). Third,solutionswereanalysedandasolutionwasgeneratedandselected(i.e.frameworkrequirementswere

45

specified,thentheframeworkwasdesignedandillustratedinadiagrammaticformat).Thefourthstep,involves testing the solution generated and focuses on the development of a software prototype (toimplement the framework). Prototype development is currently ongoing using a four-stepprototypedevelopmentprocessdescribedbyNaumannandJenkins(1982).TheproposedframeworkisillustratedintheFigure1(below)andconsistsoffivelayers.

Figure1-ProposedPrivacyFramework

Theproposedprivacyframeworktakesintoconsiderationthedataandbodilyaspectofprivacyaswellas incorporates capabilities and mechanisms to facilitate user autonomy. The first layer of theframework focuses on identifying: (i) privacy obligations/guidelines from regulatory frameworks forprivacyand(ii)privacythreatsandconcernsfromexistingresearchstudies.Thesecondlayerconsistsofprinciples necessary to address (a) the privacy obligations/guidelines derived from regulatoryframeworksand(b)theprivacythreats/concernsidentifiedinthefirstlayer.Thethirdlayerbuildsonthe second layer and translates the privacy principles into privacy requirements that can beimplemented into an mHealth system. The fourth layer discusses the mechanisms and associatedtechnologies needed to implement the privacy requirements. This includes use of encryption, accesscontrol mechanisms, device and storage security, anonymisation and pseudo-anonymisationmechanisms,systemprograms,andblockchain.Thefifthlayerdefinestheprototype thatincorporatesthemechanismsandassociatedtechnologiesnecessarytoimplementtheprivacyrequirementsaswellasothertechnologiesneededtodevelopaprivacy-consciousmHealthsystem.

Acomparisonmade,oftheproposedframeworkwithexistingprivacyframeworks,concludedthatthenew framework covers a wider array of privacy principles compared with any single previousframework. Currently the prototype proposed is being developed. It will then undergo testing andevaluation.

The presentation will discuss the framework development process and the different layers of theframeworkingreaterdetail.

ReferencesAugustoJ,CallaghanV,KameasA,Cook,D,andSatohI.(2013).IntelligentEnvironments:amanifesto.Human-CentricComputingandInformationSciences,3(12),doi:10.1186/2192-1962-3-12.EuropeanDataProtectionSupervisor(EDPS),(2015).MobileHealth:Reconcilingtechnologicalinnovationwithdataprotection.Opinion1/2015,Brussels.https://edps.europa.eu/sites/edp/files/publication/15-05-21_mhealth_en_0.pdf[Lastaccessed14/09/2019]

Privacy Threats and Concerns +

Legal and Ethical frameworks

Privacy Principles

Privacy Requirements

Mechanisms and Associated Technologies

Prototype

Privacy Threats and Concerns

Regulatory Frameworks for Privacy

+

46

Estrin,D,andSim,I.(2010).OpenmHealthArchitecture:AnEngineforHealthCareInnovation,Science330:759-760.EuropeanCommission(2014).GreenPaperonmobileHealth(“mHealth”).Brussels,10April2014,COM(2014)219final.Jusob,F.R.,George,C.andMapp,G. (2017).Exploring theneed forasuitablePrivacyFramework formHealth when managing Chronic Diseases. Journal of Reliable Intelligent Environments, December2017,Volume3,Issue4,pp243–256.Khandani,S.(2005).EngineeringDesignProcess.https://resources.saylor.org/wwwresources/archived/site/wp-content/uploads/2012/09/ME101-4.1-Engineering-Design-Process.pdf.[Lastaccessed14/09/2019].Nauman,J.D.andJenkins,M.(1982).Prototyping:TheNewParadigmforSystemsDevelopment,MISQuarterly,6,3,29-44.

47

AComprehensiveInformationSecurityFrameworkformHealthandPrototypeDevelopment

MsNattaruedeeVithanwattana,DrGlenfordMappandDrCarlisleGeorge

ALERTResearchGroup–MiddlesexUniversity,UK.(NV166@live.mdx.ac.uk)

IntroductionTheuseofmobileandwirelesstechnologiestosupportachievementsinhealthcaresystems(mHealth)hasanenormouspotentialtotransformhealthcareacrosstheglobe[1].mHealthcovers“medicalandpublichealthpracticesupportedbymobiledevices,suchasmobilephones,patientmonitoringdevices,personaldigitalassistants(PDAs),andotherwirelessdevices”[2].Othersolutionsincludebodysensorsandwireless infrastructures. These devices are used in collecting clinical healthdata, and deliveringhealthcareinformation(e.g.viaBluetooth)topatients,medicalprofessionals,andresearchers.Theyarealsousedforreal-timemonitoringofpatients’vitalsigns,suchasheartrate,bloodglucoselevel,bloodpressure, body temperature, andbrainactivities [3].Healthcaredata collected is stored indatabasesincluding those on mobile devices and Cloud storage. Healthcare data is classed as “sensitive data”under data protection legislation, and hence requires a high level of security to protect theconfidentialityofthedataandtopreventunauthorisedaccess.mHealthsystemsarestillvulnerabletonumeroussecurityissuesrelatingtoweaknessesintheirdesignanddatamanagement.Therefore,thereisaneedtodevelopacomprehensiveinformationsecurityframeworkformHealth.

FrameworkAmajorchallengeindevelopinganeffectiveInformationSecurityFrameworkistoensurethatsecurityencompassesbothmHealthdevicesandCloudstorageinordertosecuresensitivemHealthsystem.Thispaper discusses a proposed new Information Security Framework, developed by the authors, and aprototypetoimplementaspectsofthisframework.AsapartofdevelopingthenewinformationsecurityframeworkformHealthsystems,possiblesolutionswereconsideredformanagingmHealthdatausingvariousmechanismsinordertodelivertheessentialsecuritycomponentsofmHealthsystems.Theseinclude Confidentiality, Integrity, Availability, Non-repudiation, Authentication, Authorisation,Accountability, Auditability, and Reliability. These mechanisms include Encryption as a Service,Capabilities, Storage Management, Digital Filter, Secure Transport Layer, Blockchain, SecureTransactional Layer, andServiceManagementPlatform.Figure1below illustrates theproposednewinformationsecurityframework[4].

APPLICATIONSAPPLICATIONDEVELOPMENTLAYERSERVICEMANAGEMENTPLATFORMSECURETRANSACTIONALLAYER

BLOCKCHAINSYSTEMSECURETRANSPORTLAYERDIGITALFILTERSYSTEM

STORAGEMANAGEMENTLAYERCAPABILITYSYSTEM

OSLAYERFigure1–ProposedInformationSecurityFramework[4]

• TheApplication layer containsmHealth (device) applicationsandwill authenticate andauthorise

applicationusers.• TheApplicationDevelopmentLayerinteractswiththecloudservertoauthenticatetheapplication.• TheServiceManagementPlatformwilldefinetherequirementstorunsystemservices.• TheSecureTransactionalLayerprotectsremoteprocedurecallsbetweenstakeholdersandcloud

serversusingstrongtypingandcapabilities.

48

• TheBlockchainSystemisusedtorecordtheinteractionbetweenanyclientandservers.• TheSecureTransportLayersecuresthetransmissionofhealthcaredatabetweenstakeholdersand

thecloudinfrastructure.• DigitalFiltersdeliversadditionalcontrolbywhichuserswillbeabletoaccesshealthcaredata.• TheStorageManagementLayerisusedtosecurestorehealthcaredata.• Capabilitiesmanageaccessrightstostoredhealthcaredata.• EncryptionasaServiceprotectstheconfidentialityofhealthcaredata.• TheOperatingSystemLayerprovidesavarietyofservicesincludingthefundamentaloperating

servicessuchasmemorymanagement,filesystemhandling,aswellassystemandnetworkingservices.

PrototypeDevelopmentThe proposed framework consists of many different layers and each layer is rather complex toimplement.Asaresult,buildingaviableprototype thatclearlyembodiesall featuresof theproposedframework will require a significant and lengthy effort. In this context, a prototype was designedconsistingofasubsetoffivelayersoftheproposedframework(seeFigure2below).Threeofthelayers(mHealthApplications,FileSystemandSecureTransportLayer)consistofexistingtechnologies.Twoofthe layers (Service Management Platform and the Secure Transactional Layer) are being newlydevelopedduetothenon-existenceofsuitabletechnologiesfortheselayersinthecontextofensuringsecurityformHealthsystems.

MHEALTHAPPLICATION

SERVICEMANAGEMENTPLATFORMSECURETRANSACTIONALLAYERSECURETRANSPORTLAYER

FILESYSTEMFigure2:Abasicprototype

ThefivelayersoftheprototypeshowninFigure2aredescribedasfollows:

• Application:AnmHealthapplication,whichcancreate,store,modify,anddeletehealthcarerecords.

• ServiceManagementplatform:Functionalityincludesservicemanagementandsecurity.Serviceswillbetrackedandcapabilitieswillbeappliedtoprovideaccesstoservices.Thestateofthesystemwillbemonitored.

• SecureTransactionalLayer:AstronglytypedRemoteProcedureCallwillbedevelopedandimplementedintothislayertoprotectthetransactionsbetweenstakeholdersandcloudservers.Capabilitieswillalsobeusedtochecktheauthenticationandauthorisationofclientsandservers.

• SecureTransportLayer:AnewprotocolcalledtheSimpleLightweightTransportProtocolhasbeendevelopedandwillbeusedtoimplementthislayer[5].

• FileSystem:Thislayerreplacestheneedtousearealcloudstoragesystemforpurposesofevaluatingtheprototype.Itisusedtostoreandretrievehealthcaredatawhichwillbeencrypted.

References

[1] WorldHealthOrganization(2011).mHealth:Newhorizonsforhealththroughmobiletechnologies.[online]Availablefrom:https://www.who.int/goe/publications/goe_mhealth_web.pdf[Accessed:15October2019]

[2] EuropeanCommission(2014).GreenPaperonmobileHealth(“mHealth”).Availablefrom:https://ec.europa.eu/digital-agenda/en/news/green-paper-mobile-health-mhealth[Accessed:15October2019]

[3] GermanakosP.,MourlasC.,andSamarasG.(2005).AMobileAgentApproachforUbiquitousandPersonalizedeHealthInformationSystems.ProceedingsoftheWorkshopon'Personalizationfor

49

e-Health'ofthe10thInternationalConferenceonUserModeling(UM'05).Edinburgh,July29,2005,pp.67–70.

[4] Vithanwattana,N,Mapp,G.andGeorge,C.(2017).DevelopingaComprehensiveInformationSecurityFrameworkformHealth:ADetailedAnalysis,inSpecialIssueon"ApplicationofSoftwareEngineeringTechniquestoImprovetheReliabilityofIntelligentEnvironments”,JournalofReliableIntelligentEnvironments,July2017,Volume3,Issue1,pp21–39

[5] Mapp,G.,Aiash,M.,Ondiege,B.,andClarke,M(2014).ExploringaNewSecurityFrameworkforCloud Storage Using Capabilities. In: 2014 IEEE 8th Symposium on Service Oriented SystemEngineering(SOSE).Oxford:IEEE,P.484-489

50

SecuringeHealthandmHealth:MovingfromFrameworkstoPrototypesDrGlenfordMapp,DrCarlisleGeorge,MsSukhvinderHara,

MsNattaruedeeVithanwattana,MrFaradJusobandMsAnnSamuels

MedicalDataResearchGroup–MiddlesexUniversity,UK.(g.mapp@mdx.ac.uk)

IntroductioneHealthandmHealthhavebeenwithusforsomeyears.However,theuptakeintheuseofthesesystemsindevelopedcountriesaspartofnationalhealthprogrammeshasbeenrelativelyslow.Thoughactualdevicesandphysicaltechnologiesarenowwell tested, therestill isnonationallegal,ethical,ormoreimportantly, security framework for eHealth or mHealth. Several frameworks have been examinedattemptingtoaddresskeypropertiesofsecurityforeHealthandmHealth.TheseincludetheFiresmithframework [1] that completely specifies the required security properties as well as an operationalframework,whichhasbeendevelopedbyNattaruedeeVithanwattanaatMiddlesexUniversity[2].TowardsanImplementationFrameworkBy investigating these efforts, we believe that there is now a key set of technologies, which can bebroughttogethertoformanImplementationFrameworkfromwhichpracticalprototypesmaybebuilt.The four technologies are capabilities, secure remote procedure calls (SRPC), blockchain as well asencryptionandhashingtechniques.CapabilitiesCapabilities are immutabledigital tokensor tickets thatmustbeproducedby clients inorder to getservicefromservers.Capabilitiesnotonlyspecifytheservicerequiredbutalsowhatfunctionscanbedonebytheserveronbehalfoftheclient.Thiscanbeeasilyshownusingacommonfilesystem.Ownersorcreatorsoffileshavetherighttoread,writeanddeletetheirfiles.Thisisrepresentedbythemastercapabilityofthefile.However,ownersshouldalsobeabletosharefileswithothers;soweneedanothercapabilitythatwouldallowausertoreadorwritetothefileandyetanothercapabilitythatwouldonlyallowotheruserstoreadthefile.Thesetwocapabilitiescanbederivedfromthemastercapability.In theproposedprototype, capabilitiesare associatedwith everything in a securehealthcare systemincludingpeople,devicesanddigitalassetssuchasfilesandelectronichealthrecords.Thisallowsrole-basedsecuritytobeimplementedusingcapabilities;sodoctors,nurses,administratorsandpatientscanfunctionintheirnormalrolesinahospitalcontext.Hence,capabilitiesareusedforauthentication:sinceeveryentitymusthaveacapability,andauthorizationbecausecapabilitiesalsoindicatewhatfunctionscanbeexercisedonbehalfoftheholderofagivencapability.Theconceptofcapabilitiesisnotanewidea,itwasdevelopedinthe1960s,butfellintodisuseasAccessControlLists(ACLs)wereusedtoimplementsecurityfordigitalassetssuchaselectronicrecordsandfiles.However,recentwork[3]atMiddlesexUniversityhasmadetheuseofcapabilitiesmucheasierbyprovidingpracticalsolutionstomanagingcapabilitiesincludingthesafepropagationandrevocationofcapabilities.In[4],theauthorsshowedhowcapabilitiesareusedinremotepatientmonitoring.SecureRPCThe second major technology is the secure remote procedure call (SRPC). A remote procedure call(RPC) specifies how applications and servers interactwith each other. So RPC specifies the functioncallsandargumentsthatareusedtoallowtheservertoserveclients.However,innormalRPCsystems,the interaction between the client and server is predefined and all calls are assumed to follow thepredefinedformat.Thishasledtolargesecuritybreachessuchasbufferoverflows,emptyorNULL-callcorruptionandclientsgainingaccesstosensitivedatabecauseserversassumethattheclientsaresafelyusingthepredefinedformat.SeveralsystemssuffergreatlyfromthismaladyandthushospitalsystemswhicharenotregularlyupdatedhassufferedfromthisasseenintheRansomwareattacksintheUK.InsecureRPC,itispossibletopassinformationaboutthesymbolsaswellasthevalueofthatsymbolor

51

argumentintheremoteprocedurecall.Thismeansthattheservercaneasilycheckthateverycallandits arguments obey the predefined format before it attempts to fulfil the call. Security is thereforeincreased.Performance testinghasshownthattheaddedcostofusingSecureRPC isonly10%morethannativeorinsecureRPC.Hence,thebenefitsoutweighthecosts.BlockchainThethirdkeytechnologyisblockchain.Thisisanewtechnologyinwhichtransactionsbetweenentitiescanbe certified ashaving takenplacewithout a third entityhaving todo the certification. Insteadanumberof distributedalgorithmsare runondifferentmachines thatproduce an immutable chainofblocks,whichrecordthetransactions.Bitcoinisanexampleofblockchaintechnologyusedtomanagefinancialtransactions.Theuseofblockchainforthemanagementofhealthrecordsisnowbeingactivelyexplored[5].Anewopensourceblockchain-basedtechnologycalledHyperledger,whichcanbeusedtosupportdifferent types of systems, has beenmade available to developers. The use of blockchain torecord interactions via Secure RPC and capabilities in healthcare systemswill enhance the securityenvironmentasitaddstheimportantsecuritypropertyofnon-repudiationandprovidestheabilitytoquicklydiscoversecurityandprivacyviolations.EncryptionandHashingThefourthandfinaltechnologyistheuseofencryptionandhashingalgorithms.Thiscanbedoneattwolevels inapracticalsystem.The first is forstoragesystems.Thus, in theproposedsystem,alldata isstored using strong encryption algorithms such as AES. Encryption and hashing techniques such asIPSec[6]arealsousedtoprovidesecurecommunicationsbetweenentitiesinthesystem.ImplementationFrameworkTheoverallsystemisshowninFigure1.

CAPABILITIES

SECUREREMOTEPROCEDURECALLS

BLOCKCHAINHYPERLEDGER

ENCRYPTION+HASHINGIPSec,AES

Figure1:ComponentsoftheImplementationFrameworkConclusionsAt Middlesex University we are concentrating on building a functional prototype for eHealth andmHealthbasedonthesetechnologies.References[1]FiresmithD,“Specifyingreusablesecurityrequirements,”JournalofObjectTechnology,vol.3,no.1,pp.61–75,2004.[2]VithanwattanaN,MappG,GeorgeC:DevelopingacomprehensiveinformationsecurityframeworkformHealth:adetailedanalysis:JournalofReliableIntelligentEnvironments,2017.[3]MappG,AiashM,OndiegeBandClarke,M.:ExploringaNewSecurityFrameworkforCloudStorageUsingCapabilities:1stInt’lWorkshoponCyberSecurityandCloudComputing,OxfordUK,7-11April2014.[4]OndiegeB,Clarke,MandMappG.E.:ExploringaNewSecurityFrameworkforRemotePatientMonitoringDevices:MDPIComputersJournal:February2017:doi:10.3390/computers6010011.[5]MitchellIandHaraS:(2019)BMAR–BlockchainforMedicationAdministrationRecords.In:JahankhaniH.,KendzierskyjS.,JamalA.,EpiphaniouG.,Al-KhateebH.(eds)BlockchainandClinicalTrial.AdvancedSciencesandTechnologiesforSecurityApplications.Springer.[6]FrankelSandKrishnanS:IPSecurity(IPSec)andInternetSecurityKeyExchange(IKE)DocumentRoadmapathttps://tools.ietf.org/html/rfc6071lastaccessed8thOctober2019.

52

ListofParticipants

• BARN,Balbir,MiddlesexUniversity,UK.• BOORSMA,AndréTNO,TheNetherlands.• COCKERTON,Tracey,MiddlesexUniversity,UK.• CRAWFORD,John,CrawfordWorks,UK.• DeMURO,Paul,NelsonMullins,USA.• DUQUENOY,Penny,MiddlesexUniversity,UK.• GEORGE,Carlisle,MiddlesexUniversity,UK.• GALAL-EDEEN,Galal,CairoUniversity,Egypt.• GOMESDEALMEIDA,Vania,MiddlesexUniversity,UK.• HARA,Sukhvinder,MiddlesexUniversity,UK.• HAREWOOD,Kelvin,MiddlesexUniversity,UK.• JUSOB,Farad,MiddlesexUniversity,London,UK.• LEONCE,Jasmine,EastandNorthHertfordshire,NHSTrust,UK.• MANGIACOTTI,Anthony,PaduaUniversity,Italy.• MAPP,Glenford,MiddlesexUniversity,UK.• MITCHELL,Ian,MiddlesexUniversity,UK.• MONTANIStefania,UniversityofPiemonteOrientaleAlessandriaArea,Italy.• NAGARAJAN,DurgaVellore,MiddlesexUniversity,UK.• NAMORADO,Joana,FraunhoferInstitute,Germany.• NOVOSELOVA,Tatiana,MiddlesexUniversity,UK.• OGOH,George,DeMontfortUniversity,UK.• OMISANYA,JosephOpeoluwa,MiddlesexUniversity,UK.• PETRIDIS,Miltos,MiddlesexUniversity,UK.• ROSENMÖLLER,Magdalene,IESEBusinessSchool,Spain• TAYLOR,Richard,InternationalBaccalaureate,UK.• THIMBLEBY,Harold,SwanseaUniversity,UK.• TRANTER,Brian,ANECrepresentative,UK.• VANLIESHOUT,Marc,TNO,TheNetherlands.• VITHANWATTANA,Nattaruedee,MiddlesexUniversity,UK.• WHITEHOUSE,Diane,TheCastlegateConsultancy,UK.• WHITNEY,Gill,MiddlesexUniversity,UK.• ZIELINSKI,Chris,UniversityofWinchester,UK.

53

ThankyoutoourWorkshopSponsors!!!!

FacultyofScienceandTechnologyMiddlesexUniversity,London,UK

http://www.mdx.ac.uk/about-us/our-faculties/faculty-of-science-and-technology

InstituteforBioethicsandHealthPolicyMillarSchoolofMedicineUniversityofMiami,USA

https://bioethics.miami.edu

TheCastlegateConsultancyUnitedKingdom

TheEuropeanCentrefortheStudyofEthics,LawandGovernance

inHealthInformationTechnologyOnline:http://ecelghit.org

Proceedingsofthe2019HealthITWorkshopon

EmergingTechnologiesinHealthcare:Legal,Ethical&SocialAspects7th&8thNovember2019

MiddlesexUniversity,London,UK

FacultyofScienceandTechnologyAspectsofLawandEthicsRelatedtoTechnology(ALERT)ResearchGrouphttp://www.eis.mdx.ac.uk/research/groups/Alert/ehealthwks2019/