Artificial intelligence systems and patient data – a new NHS code of conduct

Author: Tim Wright

Tim Wright, Partner, Fladgate LLP (


NHS England has published an ethical code of conduct (the Code[1]) to ensure that only the best and safest data-driven technologies are adopted by the NHS. The Code is aimed squarely at technology companies developing and implementing AI and other data-driven technologies for use by the NHS. It specifies that suppliers involved in developing technologies to tackle some of the biggest issues in healthcare, such as dementia, obesity and cancer, must meet a “gold-standard set of principles” designed to protect patient data to the highest standards. The Code will also be used by health and care providers when evaluating and selecting AI solutions. Other objectives include:

  • promoting the UK as the “best place in the world” to invest in HealthTech
  • reassuring patients and clinicians of the effectiveness and safety of AI and their data
  • guiding the development of new products so that they are suitable for the NHS in the future
  • helping the NHS to get a fair deal from the commercialisation of its data resources

The last of these objectives is of particular relevance as it should help to drive commercialism within the NHS that has, until now, often been lacking.

The Code sets out the behaviours expected from those developing, deploying and using data-driven technologies, based on the ethical principles for data initiatives developed by the Nuffield Council on Bioethics[2]:

  • respect for persons
  • respect for human rights
  • participation
  • accounting for decisions

The Code’s 10 principles are:

  1. Understand users, their needs and the context
  2. Define the outcome and how the technology will contribute to it
  3. Use data that is in line with appropriate guidelines for the purpose for which it is being used
  4. Be fair, transparent and accountable about what data is being used
  5. Make use of open standards
  6. Be transparent about the limitations of the data used and algorithms deployed
  7. Show what type of algorithm is being developed or deployed, the ethical examination of how the data is used, how its performance will be validated and how it will be integrated into health and care provision
  8. Generate evidence of effectiveness for the intended use and value for money
  9. Make security integral to the design
  10. Define the commercial strategy

Principle 10 is of particular relevance in helping to shape and frame the commercial structures for AI-related engagements between the NHS and the private sector. The starting point is that wherever the NHS data pool is the basis of the commercial arrangements, the five Life Sciences Sector Deal 2 guiding principles[3] (set out on page 46) must be followed:

  1. Commercial use of NHS data must have an explicit aim of improving the health and care of patients in the UK, including through the discovery of new treatments, diagnostics, and other scientific breakthroughs. The terms of any arrangements should, where possible, include quantifiable and explicit benefits for UK patients
  2. NHS data is an important asset and, in entering into commercial arrangements, NHS organisations should ensure they agree mutually-beneficial and fair terms
  3. Commercial arrangements should not undermine, inhibit or impact the ability of the NHS, at national level, to maximise the value or use of NHS data, i.e. arrangements should not be exclusive or include conditions limiting any benefits from being applied, nor should they undermine the wider NHS digital architecture, including open standards and interoperability
  4. Commercial arrangements should be transparent, clearly communicated and should not undermine public trust and confidence either in the NHS or wider government data policies
  5. Commercial arrangements agreed by NHS organisations should fully adhere to all national level legal, privacy and security obligations, including the National Data Guardian’s Data Security Standards

The following should also be considered (before engaging in any contract negotiations): proportionality; scope; exclusivity; value; ownership of intellectual property; liability; audit; bias; and roles.

The Code aims to tackle emerging ethical challenges associated with the use AI in the NHS and the wider health and care system. The Department of Health and Social Care and NHS England will engage with the Centre for Data Ethics and Innovation on further developing the Code to ensure it fits with evolving best practices. Further updates are expected towards the end of 2019.





View by date:

View by author:

Would you like to hear more?