Privacy Considerations in the Canadian Regulation of Commercially-Operated Healthcare Artificial Intelligence

  • Blake Murdoch Health Law Institute, Faculty of Law, University of Alberta, Edmonton, Alberta, Canada
  • Allison Jandura Health Law Institute, Faculty of Law, University of Alberta, Edmonton, Alberta, Canada https://orcid.org/0000-0002-2329-2187
  • Timothy Caulfield Health Law Institute, Faculty of Law, University of Alberta, Edmonton, Alberta, Canada
Keywords: Health Law, Privacy, Artificial Intelligence, Bioethics, Legislation, Canada
Language(s): English

Abstract

Artificial intelligence (AI) is increasingly being developed and implemented in healthcare. This presents privacy issues since many AIs are privately owned and rely on data sharing arrangements for mass quantities of patient health information. We investigated the Canadian legal and policy framework focusing on regulation relevant to the potential for inappropriate use or disclosure of personal health information by private AI companies. This included analysis of federal and provincial legislation, common law and research ethics policy. Our evaluation of the various regulatory frameworks found that together they require private AI companies and their partners in healthcare implementation to meet high standards of privacy protection that prioritize patient autonomy, with limited exceptions. We found that healthcare AI systems are required to be consistent with the rules and foundational ethical norms enshrined in law and research ethics, even if this poses challenges to implementation. Data sharing arrangements must focus on tight integration with high levels of data security, strong oversight and retention of patient control over data.

Published
2022-12-09
How to Cite
[1]
Murdoch B, Jandura A, Caulfield T. Privacy Considerations in the Canadian Regulation of Commercially-Operated Healthcare Artificial Intelligence. Can. J. Bioeth. 2022;5:44-52. https://doi.org/10.7202/1094696ar.
Section
Articles