WPF advises Secretary’ s Advisory Committee on Human Research Protection regarding its proposed AI Framework World Privacy Forum Skip to Content Javascript must be enabled for the correct page display Home Connect With Us: twitter Vimeo email Main Navigation Hot Topics

WPF advises Secretary’ s Advisory Committee on Human Research Protection regarding its proposed AI Framework

WPF reviewed and provided recommendations regarding a proposed AI Framework to the Secretary’s Advisory Committee on Human Research Protections, SACHRP, which reports to the US Secretary of Heath and Human Services. The issue of human subject research is a critically important one. In the US, The Common Rule (45 CFR subpart A) is a key regulation that protects people from unethical medical research. As research utilizing tools such as AI and SaMD — software as a medical device — grows in use, there is an urgent need to determine the proper ethical, legal, and regulatory framework for the use of these tools in the human subject research context. In the proposed AI Framework, there is a discussion regarding the use of “In Vitro Diagnostic Devices” (IVD) as a parallel to AI-based research. IVD facilitates the use of the resulting data from those devices for research, instead of using biological specimens. WPF agrees with the SACHRP proposed framework’s analysis that AI can be used as a clinical equivalent of an IVD, “basing its diagnostic outcomes on data rather than biological specimens.” (lines 83, 84). We also agree that poorly planned AI studies can impact populations and groups of people negatively. Such studies can also impact individual research participants, particularly if the AI/machine learning is classifying or scoring, or otherwise making decisions about people whose results puts them in the realm of statistical outliers. Software as a Medical Device (SaMD) is undergoing a regulatory process with existing draft guidance at the US Food and Drug Administration (FDA). In addition to the core SaMD draft guidance, in January 2021 the FDA also published an AI-specific action plan for SaMD, the Artificial Intelligence / Machine Learning (AI/ML) – Based Software as a Medical Device (SaMD) Action Plan. It was this latter plan from the FDA that the SACHRP proposed as a potential framework to consider applying to AI and machine learning in the human subjects research protection context. WPF agrees that it could prove to be part of an important regulatory framework for an AI/machine learning framework to consider incorporating, but only as part of a broader whole. WPF notes that the FDA’s Artificial Intelligence / Machine Learning (AI/ML) – Based Software as a Medical Device (SaMD) Action Plan is much narrower than the Common Rule. WPF has therefore urged that the Common Rule, with its broader scope and more complete protections for human research subjects, should inform the FDA’s approach to AI/ML as well as SACHRP’s. WPF made four concrete recommendations to SACHRP: WPF urges that as SACHRP works to create formal guidance regarding AI/ML in the human subjects research context, that harms to individuals and harms to groups of people are studied, and that empirical data from numerous case studies is used to form the basis of recommendations. The hope is that this activity would encompass many fora, and take the appropriate time needed to get robust and inclusive feedback from diverse and relevant stakeholders. WPF urges that the SACHRP confront the various loopholes allowing human subjects research to occur without privacy, fairness, meaningful consent, and without protections for other ethical failures. This is a matter of some urgency, as the capacity for such research has outpaced the policy guiding it and many research studies already use AI/ML, which in other contexts would be considered human subjects research. Case studies regarding these practices would be helpful in understanding the needs and context for broader guardrails in a changed research environment. WPF urges SACHRP to be inclusive in its understanding of data sets and their uses. We noted that rare and orphan disease experts have a particular interest in AI/ML work, which brings us to the set of challenges regarding sparse datasets. Sparse datasets present different problems in the AI/ML context than high-dimension data sets present, and there has been progress in addressing the problems of sparse datasets. It is important that the AI Framework address the full range of data sets that may be utilized in human subjects research, and does not focus only on large. high-dimension datasets. WPF encourages SACHRP to take advantage of the expertise in AI/ ML as it applies to large and small populations, and in complex and interconnected ecosystems in multiple use cases. WPF also requests that the SACHRP works to create a curated set of case studies specific to multiple aspects of human subjects research that utilizes AI/ ML.

Related Documents and Materials

Read WPFs Analysis Comments of WPF to SACHRP 2022 PDF 7 pages

HHS Office for Human Research Protections and the SACHRP

The Common Rule 45 CFR 46 subpart A

Software as a Medical Device SaMD FDA

AI Machine Learning AI ML -based Software as a Medical Device SaMD Action Plan Jan 2021 FDA

The Belmont Report

Jerry Menikoff MD JD Julie Kaneshiro MA and Ivor Pritchard Ph D The Common Rule Updated The New England Journal of Medicine

Posted August 31, 2022 in AI, Food and Drug Administration (FDA), Health Privacy, Human Subject Research Protection, U.S. Department of Health and Human Services Tags: AI/ML SaMD Action Plan, FDA, SACHRP, SaMD Next »WPF advises FTC regarding proposed changes to the Telemarketing Sales Rule « PreviousIdentity ecosystems are a central aspect of global digitalization; the principle of Do No Harm must be a policy priority and commitment WPF updates and news CALENDAR EVENTS

WHO Constituency Meeting WPF co-chair

6 October 2022, Virtual

OECD Roundtable WPF expert member and participant Cross-Border Cooperation in the Enforcement of Laws Protecting Privacy

4 October 2022, Paris, France and virtual

OECD Committee on Digital and Economic Policy fall meeting WPF participant

27-28 September 2022, Paris, France and virtual more Recent TweetsWorld Privacy Forum@privacyforum·7 OctExecutive Order On Enhancing Safeguards For United States Signals Intelligence Activities The White House https://www.whitehouse.gov/briefing-room/presidential-actions/2022/10/07/executive-order-on-enhancing-safeguards-for-united-states-signals-intelligence-activities/Reply on Twitter 1578431679592427526Retweet on Twitter 1578431679592427526Like on Twitter 1578431679592427526TOP REPORTS National IDs Around the World — Interactive map About this Data Visualization: This interactive map displays the presence... Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974 This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process. COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic The COVID-19 pandemic strained the U.S. health ecosystem in numerous ways, including putting pressure on the HIPAA privacy and security rules. The Department of Health and Human Services adjusted the privacy and security rules for the pandemic through the use of statutory and administrative HIPAA waivers. While some of the adjustments are appropriate for the emergency circumstances, there are also some meaningful and potentially unwelcome privacy and security consequences. At an appropriate time, the use of HIPAA waivers as a response to health care emergencies needs a thorough review. This report sets out the facts, identifies the issues, and proposes a roadmap for change.