Privacy Considerations in the Canadian Regulation of Commercially-Operated Healthcare Artificial Intelligence
Artificial intelligence (AI) is increasingly being developed and implemented in healthcare. This presents privacy issues since many AIs are privately owned and rely on data sharing arrangements for mass quantities of patient health information. We investigated the Canadian legal and policy framework focusing on regulation relevant to the potential for inappropriate use or disclosure of personal health information by private AI companies. This included analysis of federal and provincial legislation, common law and research ethics policy. Our evaluation of the various regulatory frameworks found that together they require private AI companies and their partners in healthcare implementation to meet high standards of privacy protection that prioritize patient autonomy, with limited exceptions. We found that healthcare AI systems are required to be consistent with the rules and foundational ethical norms enshrined in law and research ethics, even if this poses challenges to implementation. Data sharing arrangements must focus on tight integration with high levels of data security, strong oversight and retention of patient control over data.
Copyright (c) 2022 Blake Murdoch, Allison Jandura, Timothy Caulfield
This work is licensed under a Creative Commons Attribution 4.0 International License.
The Canadian Journal of Bioethics applies the Creative Commons Attribution 4.0 International License to all its publications. Authors therefore retain copyright of their publication, e.g., they can reuse their publication, link to it on their home page or institutional website, deposit a PDF in a public repository. However, the authors allow anyone to download, reuse, reprint, modify, distribute, and/or copy their publication, so long as the original authors and source are cited.