В работе рассматривается мировой опыт регулирования использования медицинских данных для целей создания систем искусственного интеллекта (СИИ) с помощью методов машинного обучения. Для успешного внедрения СИИ в медицинскую практику и повышения эффективности принятия клинических и управленческих решений необходимы качественные наборы медицинских данных, для формирования которых в свою очередь требуется соответствующая нормативно-правовая база, учитывающая интересы всех участников на каждом из этапов разработки и использования СИИ.
Обзор зарубежных законодательств проводился для стран лидеров макрорегионов, которые были выбраны исходя из метрик рынка ИИ. На сегодняшний день существуют разные подходы к защите медицинских данных. Из них можно выделить отраслевой подход (США) и межотраслевой (ЕС). Для обеспечения надлежащего баланса между безопасностью пациента и возможностью сбора медицинских данных для разработчиков, необходимо формирование нормативно правовой базы как для межотраслевого, так и отраслевого регулирования.
Обзор зарубежных законодательств проводился для стран лидеров макрорегионов, которые были выбраны исходя из метрик рынка ИИ. На сегодняшний день существуют разные подходы к защите медицинских данных. Из них можно выделить отраслевой подход (США) и межотраслевой (ЕС). Для обеспечения надлежащего баланса между безопасностью пациента и возможностью сбора медицинских данных для разработчиков, необходимо формирование нормативно правовой базы как для межотраслевого, так и отраслевого регулирования.
Литература
1. Davenport T., Kalakota R. The potential for artificial intelligence in healthcare. Future Healthc J. Royal College of Physicians. 2019; 6(2): 94-98. doi: 10.7861/futurehosp.6-2-94.
2. Leslie D, et al. Does “AI” stand for augmenting inequality in the era of covid-19 healthcare? BMJ. 2021; 372. doi: 10.1136/bmj.n304.
3. Artificial Intelligence in Healthcare Market Size & Share 2030. Reports and data. 2022. https://www.reportsanddata.com/report-detail/artificial-intelligence-in-healthcare-market.
4. Павлов Н.A. и др. Эталонные медицинские датасеты (MosMedData) для независимой внешней оценки алгоритмов на основе искусственного интеллекта в диагностике. // Digital Diagnostics. — 2021. — Т.2. — №1. — C.49-66. doi: 10.17816/DD60635.
5. Winter J.S. AI in healthcare: data governance challenges. J Hosp Manag Health Policy. 2021; 5.
doi: 10.21037/jhmhp-2020-ai-05.
6. Celi LA, et al. Sources of bias in artificial intelligence that perpetuate healthcare disparities — A global review. PLOS Digital Health. 2022; 1(3). doi: 10.1371/journal.pdig.0000022.
7. Зинченко В.В. и др. Стандартизация в области регулирования технологий искусственного интеллекта в российском здравоохранении // Казанский медицинский журнал. — 2021. — Т.102. — №6. — С.923-933. doi: 10.17816/KMJ2021-923.
8. Schwalbe N, Wahl B. Artificial intelligence and the future of global health. The Lancet. 2020; 395: 1579-1586. doi: 10.1016/S0140-6736(20)30226-9.
9. Zhang D, et al. The AI Index 2021 Annual Report. AI Index Steering Committee, Human-Centered AI Institute, Stanford University. Stanford, 2021.
10. Ethics and Governance of Artificial Intelligence for Health: WHO guidance. World Health Organization. 2021.
11. Jaremko JL, et al. Canadian Association of Radiologists White Paper on Ethical and Legal Issues Related to Artificial Intelligence in Radiology. Can Assoc Radiol J. 2019; 70(2): 107-118. doi: 10.1016/j.carj.2019.03.001.
12. Шарова Д.Е. и др. К вопросу об этических аспектах внедрения систем искусственного интеллекта в здравоохранении // Digital Diagnostics. — 2021. — Т.2. — №3. — С.356-368. doi: 10.17816/DD77446.
13. Health Insurance Portability and Accountability Act of 1996. Public law. 1996. https://aspe.hhs.gov/reports/health-insurance-portability-accountability-act-1996.
14. Data Protection Laws and Regulations Report 2022 USA. The International Comparative Legal Guides. 2022. https://iclg.com/practice-areas/data-protection-laws-and-regulations/usa.
15. Data Privacy and Protection Relating to Healthcare in Europe, the United States and Brazil. Latin Lawyer. 2020. https://www.lexology.com/library/detail.aspx?g=99b83b76-3f2f-4b23-a5c3-30ad576af369.
16. Covered Entities and Business Associates. U.S. Department of Health & Human Services. https://www.hhs.gov/hipaa/for-professionals/covered-entities/index.html.
17. McGraw D, Petersen C. From Commercialization to Accountability: Responsible Health Data Collection, Use, and Disclosure for the 21st Century. Appl Clin Inform. 2020; 11(2): 366-373. doi: 10.1055/ s-0040-1710392.
18. Tanner A. Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records. Beacon Press, 2017.
19. Methods for De-identification of PHI. U.S. Department of Health & Human Services. https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html.
20. Grundy Q, et al. Data sharing practices of medicines related apps and the mobile ecosystem: traffic, content, and network analysis. The BMJ. BMJ Publishing Group. 2019; 364. doi: 10.1136/bmj.l920.
21. Terry N. Existential challenges for healthcare data protection in the United States. Ethics Med Public Health. 2017; 3(1): 19-27. doi: 10.1016/j.jemep.2017.02.007.
22. Zhang D, et al. The AI Index 2022 Annual Report. AI Index Steering Committee, Human-Centered AI Institute, Stanford University. Stanford, 2022.
23. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union. 2016. https://gdpr-info.eu.
24. Adequacy decisions. European Commission. https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
25. Art. 6 GDPR — Lawfulness of processing — General Data Protection Regulation (GDPR). Official Journal of the European Union. 2016. https://gdpr-info.eu/art-6-gdpr/.
26. Durovic M, Montanaro M. Data Protection and Data Commerce: Friends or Foes? European Review of Contract Law. 2021; 17(1): 1-36. doi: 10.1515/ercl-2021-000.
27. Wrobel M. Anonymized data — curse or blessing of data protection?! Taylor Wessing LLP. 2020. https://www.lexology.com/library/detail.aspx?g=1517d319-4184-4d49-b3a9-d0e99da65019.
28. Rocher L, Hendrickx JM, de Montjoye YA. Estimating the success of re-identifications in incomplete datasets using generative models. Nat Commun. 2019; 10(1). doi: 10.1038/s41467-019-10933-3.
29. Art. 4 GDPR — Definitions — General Data Protection Regulation (GDPR). Official Journal of the European Union. 2016. https://gdpr-info.eu/art-4-gdpr/.
30. Art. 5 GDPR — Principles relating to processing of personal data — General Data Protection Regulation (GDPR). Official Journal of the European Union. 2016. https://gdpr-info.eu/art-5-gdpr/.
31. Art. 9 GDPR — Processing of special categories of personal data — General Data Protection Regulation (GDPR). Official Journal of the European Union. 2016. https://gdpr-info.eu/art-9-gdpr/.
32. Войниканис E.A. Большие (персональные) данные: проблема баланса интересов // Журнал Суда по интеллектуальным правам. — 2021. — Т.34. — №4. — С.19-27.
33. BfDI nutzt erstmals Konsultationsverfahren // der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit. 2020. https://www.bfdi.bund.de/SharedDocs/Pressemitteilungen/DE/2020/03_Konsultationsverfahren.
34. van Veen EB. Observational health research in Europe: understanding the General Data Protection Regulation and underlying debate. Eur J Cancer. 2018; 104: 70-80. https://doi.org/10.1016/ j.ejca.2018.09.032.
35. Peloquin D, DiMaio M, Bierer B, Barnes M. Disruptive and avoidable: GDPR challenges to secondary research uses of data. European Journal of Human Genetics. 2020; 28(6): 697-705. https://doi.org/10.1038/s41431-020-0596-x.
36. Allen CG. Understanding China’s AI Strategy. Center for a New American Security. 2019. https://www.cnas.org/publications/reports/understanding-chinas-ai-strategy.
37. Colvin TJ, Liu I, Babou TF, Wong GJ. A Brief Examination of Chinese Government Expenditures on Artificial Intelligence R&D. Institute for Defense Analyses. 2020. https://www.ida.org/research-and-publications/publications/all/a/ab/a-brief-examination-of-chinese-government-expenditures-on-artificial-intelligence-r-and-d.
38. China to boost big data application in health and medical sectors. The State Council of the People’s Republic of China. 2016. http://english.www.gov.cn/policies/latest_releases/2016/06/24/content_281475379018156.htm.
39. Zhang L, et al. Big data and medical research in China. BMJ. 2018; 360. doi: 10.1136/bmj.j5910.
40. Translation: Personal Information Protection Law of the People’s Republic of China — Effective Nov. 2021; 1. Stanford University. https://digichina.stanford.edu/work/translation-personal-information-protection-law-of-the-peoples-republic-of-china-effective-nov-1-2021.
41. Zhu J. The Personal Information Protection Law: China’s Version of the GDPR? Columbia Journal of Transnational Law. 2022. https://www.jtl.columbia.edu/bulletin-blog/the-personal-information-protection-law-chinas-version-of-the-gdpr.
42. Chen D, Wang K. At a glance: data protection and management of health data in China. Ropes & Gray LTD. 2022. https://www.lexology.com/library/detail.aspx?g=fd2bb402-33d5-4ba7-85a7-c5383cb11526.
43. The Asia Pacific Privacy Guide 2020-2021 // Deloitte Asia Pacific Limited. 2020. https://www2.deloitte.com/id/en/pages/risk/articles/ap-privacy-guide-2020-2021.html.
44. How Singapore brings together the best in innovation and investment to drive start-up growth. Investment Monitor and Singapore Economic Development Board. 2022. https://www.investmentmonitor.ai/tech/how-singapore-brings-together-the-best-in-innovation-and-investment-to-drive-start-up-growth.
45. Parry C. M., Aneja U. AI in Healthcare in India: Applications, Challenges and Risks. Chatham House, International Affairs Think Tank. 2020. https://www.chathamhouse.org/2020/07/artificial-intelligence-healthcare-insights-india-0/3-ai-healthcare-india-applications.
46. Data Protected India. Talwar Thakore & Associates. 2022. https://www.linklaters.com/en/insights/data-protected/data-protected-india.
47. LGPD Brazil — General Personal Data Protection Act. Data Protection National Authority. 2018. https://lgpd-brazil.info.
48. Article 7: Chances of Carrying Out Personal Data Processing — Chapter 2 — Processing of Personal Data — LGPD Brazil. Data Protection National Authority. 2018. https://lgpd-brazil.info/chapter_02/article_07.
49. Article 11: Processing of Sensitive Personal Data — Chapter 2 — Processing of Personal Data — LGPD Brazil. Data Protection National Authority. 2018. https://lgpd-brazil.info/chapter_02/article_11.
2. Leslie D, et al. Does “AI” stand for augmenting inequality in the era of covid-19 healthcare? BMJ. 2021; 372. doi: 10.1136/bmj.n304.
3. Artificial Intelligence in Healthcare Market Size & Share 2030. Reports and data. 2022. https://www.reportsanddata.com/report-detail/artificial-intelligence-in-healthcare-market.
4. Павлов Н.A. и др. Эталонные медицинские датасеты (MosMedData) для независимой внешней оценки алгоритмов на основе искусственного интеллекта в диагностике. // Digital Diagnostics. — 2021. — Т.2. — №1. — C.49-66. doi: 10.17816/DD60635.
5. Winter J.S. AI in healthcare: data governance challenges. J Hosp Manag Health Policy. 2021; 5.
doi: 10.21037/jhmhp-2020-ai-05.
6. Celi LA, et al. Sources of bias in artificial intelligence that perpetuate healthcare disparities — A global review. PLOS Digital Health. 2022; 1(3). doi: 10.1371/journal.pdig.0000022.
7. Зинченко В.В. и др. Стандартизация в области регулирования технологий искусственного интеллекта в российском здравоохранении // Казанский медицинский журнал. — 2021. — Т.102. — №6. — С.923-933. doi: 10.17816/KMJ2021-923.
8. Schwalbe N, Wahl B. Artificial intelligence and the future of global health. The Lancet. 2020; 395: 1579-1586. doi: 10.1016/S0140-6736(20)30226-9.
9. Zhang D, et al. The AI Index 2021 Annual Report. AI Index Steering Committee, Human-Centered AI Institute, Stanford University. Stanford, 2021.
10. Ethics and Governance of Artificial Intelligence for Health: WHO guidance. World Health Organization. 2021.
11. Jaremko JL, et al. Canadian Association of Radiologists White Paper on Ethical and Legal Issues Related to Artificial Intelligence in Radiology. Can Assoc Radiol J. 2019; 70(2): 107-118. doi: 10.1016/j.carj.2019.03.001.
12. Шарова Д.Е. и др. К вопросу об этических аспектах внедрения систем искусственного интеллекта в здравоохранении // Digital Diagnostics. — 2021. — Т.2. — №3. — С.356-368. doi: 10.17816/DD77446.
13. Health Insurance Portability and Accountability Act of 1996. Public law. 1996. https://aspe.hhs.gov/reports/health-insurance-portability-accountability-act-1996.
14. Data Protection Laws and Regulations Report 2022 USA. The International Comparative Legal Guides. 2022. https://iclg.com/practice-areas/data-protection-laws-and-regulations/usa.
15. Data Privacy and Protection Relating to Healthcare in Europe, the United States and Brazil. Latin Lawyer. 2020. https://www.lexology.com/library/detail.aspx?g=99b83b76-3f2f-4b23-a5c3-30ad576af369.
16. Covered Entities and Business Associates. U.S. Department of Health & Human Services. https://www.hhs.gov/hipaa/for-professionals/covered-entities/index.html.
17. McGraw D, Petersen C. From Commercialization to Accountability: Responsible Health Data Collection, Use, and Disclosure for the 21st Century. Appl Clin Inform. 2020; 11(2): 366-373. doi: 10.1055/ s-0040-1710392.
18. Tanner A. Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records. Beacon Press, 2017.
19. Methods for De-identification of PHI. U.S. Department of Health & Human Services. https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html.
20. Grundy Q, et al. Data sharing practices of medicines related apps and the mobile ecosystem: traffic, content, and network analysis. The BMJ. BMJ Publishing Group. 2019; 364. doi: 10.1136/bmj.l920.
21. Terry N. Existential challenges for healthcare data protection in the United States. Ethics Med Public Health. 2017; 3(1): 19-27. doi: 10.1016/j.jemep.2017.02.007.
22. Zhang D, et al. The AI Index 2022 Annual Report. AI Index Steering Committee, Human-Centered AI Institute, Stanford University. Stanford, 2022.
23. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union. 2016. https://gdpr-info.eu.
24. Adequacy decisions. European Commission. https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
25. Art. 6 GDPR — Lawfulness of processing — General Data Protection Regulation (GDPR). Official Journal of the European Union. 2016. https://gdpr-info.eu/art-6-gdpr/.
26. Durovic M, Montanaro M. Data Protection and Data Commerce: Friends or Foes? European Review of Contract Law. 2021; 17(1): 1-36. doi: 10.1515/ercl-2021-000.
27. Wrobel M. Anonymized data — curse or blessing of data protection?! Taylor Wessing LLP. 2020. https://www.lexology.com/library/detail.aspx?g=1517d319-4184-4d49-b3a9-d0e99da65019.
28. Rocher L, Hendrickx JM, de Montjoye YA. Estimating the success of re-identifications in incomplete datasets using generative models. Nat Commun. 2019; 10(1). doi: 10.1038/s41467-019-10933-3.
29. Art. 4 GDPR — Definitions — General Data Protection Regulation (GDPR). Official Journal of the European Union. 2016. https://gdpr-info.eu/art-4-gdpr/.
30. Art. 5 GDPR — Principles relating to processing of personal data — General Data Protection Regulation (GDPR). Official Journal of the European Union. 2016. https://gdpr-info.eu/art-5-gdpr/.
31. Art. 9 GDPR — Processing of special categories of personal data — General Data Protection Regulation (GDPR). Official Journal of the European Union. 2016. https://gdpr-info.eu/art-9-gdpr/.
32. Войниканис E.A. Большие (персональные) данные: проблема баланса интересов // Журнал Суда по интеллектуальным правам. — 2021. — Т.34. — №4. — С.19-27.
33. BfDI nutzt erstmals Konsultationsverfahren // der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit. 2020. https://www.bfdi.bund.de/SharedDocs/Pressemitteilungen/DE/2020/03_Konsultationsverfahren.
34. van Veen EB. Observational health research in Europe: understanding the General Data Protection Regulation and underlying debate. Eur J Cancer. 2018; 104: 70-80. https://doi.org/10.1016/ j.ejca.2018.09.032.
35. Peloquin D, DiMaio M, Bierer B, Barnes M. Disruptive and avoidable: GDPR challenges to secondary research uses of data. European Journal of Human Genetics. 2020; 28(6): 697-705. https://doi.org/10.1038/s41431-020-0596-x.
36. Allen CG. Understanding China’s AI Strategy. Center for a New American Security. 2019. https://www.cnas.org/publications/reports/understanding-chinas-ai-strategy.
37. Colvin TJ, Liu I, Babou TF, Wong GJ. A Brief Examination of Chinese Government Expenditures on Artificial Intelligence R&D. Institute for Defense Analyses. 2020. https://www.ida.org/research-and-publications/publications/all/a/ab/a-brief-examination-of-chinese-government-expenditures-on-artificial-intelligence-r-and-d.
38. China to boost big data application in health and medical sectors. The State Council of the People’s Republic of China. 2016. http://english.www.gov.cn/policies/latest_releases/2016/06/24/content_281475379018156.htm.
39. Zhang L, et al. Big data and medical research in China. BMJ. 2018; 360. doi: 10.1136/bmj.j5910.
40. Translation: Personal Information Protection Law of the People’s Republic of China — Effective Nov. 2021; 1. Stanford University. https://digichina.stanford.edu/work/translation-personal-information-protection-law-of-the-peoples-republic-of-china-effective-nov-1-2021.
41. Zhu J. The Personal Information Protection Law: China’s Version of the GDPR? Columbia Journal of Transnational Law. 2022. https://www.jtl.columbia.edu/bulletin-blog/the-personal-information-protection-law-chinas-version-of-the-gdpr.
42. Chen D, Wang K. At a glance: data protection and management of health data in China. Ropes & Gray LTD. 2022. https://www.lexology.com/library/detail.aspx?g=fd2bb402-33d5-4ba7-85a7-c5383cb11526.
43. The Asia Pacific Privacy Guide 2020-2021 // Deloitte Asia Pacific Limited. 2020. https://www2.deloitte.com/id/en/pages/risk/articles/ap-privacy-guide-2020-2021.html.
44. How Singapore brings together the best in innovation and investment to drive start-up growth. Investment Monitor and Singapore Economic Development Board. 2022. https://www.investmentmonitor.ai/tech/how-singapore-brings-together-the-best-in-innovation-and-investment-to-drive-start-up-growth.
45. Parry C. M., Aneja U. AI in Healthcare in India: Applications, Challenges and Risks. Chatham House, International Affairs Think Tank. 2020. https://www.chathamhouse.org/2020/07/artificial-intelligence-healthcare-insights-india-0/3-ai-healthcare-india-applications.
46. Data Protected India. Talwar Thakore & Associates. 2022. https://www.linklaters.com/en/insights/data-protected/data-protected-india.
47. LGPD Brazil — General Personal Data Protection Act. Data Protection National Authority. 2018. https://lgpd-brazil.info.
48. Article 7: Chances of Carrying Out Personal Data Processing — Chapter 2 — Processing of Personal Data — LGPD Brazil. Data Protection National Authority. 2018. https://lgpd-brazil.info/chapter_02/article_07.
49. Article 11: Processing of Sensitive Personal Data — Chapter 2 — Processing of Personal Data — LGPD Brazil. Data Protection National Authority. 2018. https://lgpd-brazil.info/chapter_02/article_11.
Для цитирования
Шарова Д.Е., Михайлова А.А., Гусев А.В., Гарбук С.В., Владзимирский А.В., Васильев Ю.А. Анализ мирового опыта в регулировании использования медицинских данных для целей создания систем искусственного интеллекта на основе машинного обучения. Врач и информационные технологии. 2022; 4: 28-39. doi: 10.25881/18110193_2022_4_28.
Документы
Ключевые слова