Legal Governance of Brain Data Derived from Artificial Intelligence

Photo by Josh Riemer on Unsplash 
Introduction 
With the rapid advancements in neurotechnological machinery and improved analytical insights from machine learning in neuroscience, the availability of big brain data has increased tremendously. Neurological health research is done using digitized brain data.[1] There must be adequate data governance to secure the privacy of subjects participating in brain research and treatments. If not properly regulated, the research methods could lead to significant breaches of the subject’s autonomy and privacy. This paper will address the necessity for neuroprotection laws, which effectively govern the use of big brain data to ensure respect for patient privacy and autonomy. 
Background 
Artificial intelligence and machine learning can be integrated with neuroscience big brain data to drive research studies. This integrative technology allows patterns of electrical activity in neurons to be studied in detail.[2]Specifically, it uses a robotic system which can reason, plan, and exhibit biologically intelligent behavior. Machine learning is a method of computer programming where the code can adapt its behavior based on big brain data.[3] The big brain data is the collection of large amounts of information for the purpose of deciphering patterns through computer analysis using machine learning.[4] The information that these technologies provide is extensive enough to allow a researcher to read a patient’s mind. AI and machine learning technologies work by finding the underlying structure of brain data, which is then described by patterns known as latent factors, eventually resulting in an understanding of the brain’s temporal dynamics.[5] 
Through these technologies, researchers are able to decipher how the human brain computes its performances and thoughts. However, due to the extensive and complex nature of the data processed through AI and machine learning, researchers may gain access to personal information a patient may not wish to reveal. From a bioethical lens, tensions arise in the realm of patient autonomy. Patients are not able to control the transmission of data from their brains that is analyzed by researchers. Governing brain data through laws may enhance the extent of patient privacy in the case where brain data is being used through AI technologies.[6] A responsible approach to governing brain data would require a sophisticated legal structure. 
Analysis 
Impact on Patient Autonomy and Privacy 
 In research pertaining to big brain data, the consent forms do not fully cover the vast amounts of information that is collected. According to research, personal data has become the most sought out commodity to provide content to corporations and the web-based service industry. Unfortunately, data leaks that release private information frequently occur.[7]  The storage of an individual’s data on technologies accessible on the internet during research studies makes it vulnerable to leaks, jeopardizing an individual’s privacy. These data leaks may cause the patient to be identified easily, as the degree of information provided by AI technologies are personalized and may be decoded through brain fingerprinting methods.[8] 
There has been an extensive growth in the development and use of AI. It is efficient in providing information to radiologists who diagnose various diseases including brain cancer and psychiatric disease, and AI assists in the delivery of telemedicine.[9] However, the ethical pitfall of reduced patient autonomy must be addressed by analyzing current AI technologies and creating more options for patient preference in how the data may be used. For instance, facial recognition technology[10] commonly used in health care produces more information than listed in common consent forms, threatening to undermine informed consent. Facial recognition software collects extensive data and may disclose more information than a person would prefer to provide despite being a useful tool for diagnosing medical and genetic conditions.[11] In addition, people may not be aware that their images are being used to generate more clinical data for other purposes. It is difficult to guarantee the data is anonymized. Consent requirements must include informing people about the complexity of the potential uses of the data; software developers should maximize patient privacy.[12] Furthermore, there is a “human element” in the use of AI technologies as medical providers control the use and the extent to which data is captured or accessed through the AI technologies.[13] People must understand the scope of the technology and have clear communication with the physician or health care provider about how the medical information will be used.   
Existing Laws for Brain Data Governance 
A strict system of defined legal responsibilities of medical providers will ensure a higher degree of patient privacy and autonomy when AI technologies and data from machine learning are used. Governing specific algorithmic data is crucial in safeguarding a patient’s privacy and developing a gold standard treatment protocol following the procurement of the information.[14] Certain AI technologies provide more data than others, and legal boundaries should be established to ensure strong performance, quality control, and scope for patient privacy and autonomy. For instance, currently AI technologies are being used in the realm of intensive neurological care. However, there is a significant level of patient uncertainty about how much control patients have over the data’s uses.[15] Calibrated legal and ethical standards will allow important brain data to be securely governed and monitored. 
Once brain signals are recorded and processed from one individual, the data may be merged with other data in Brain Computer Interface Technology (BCI).[16] To ensure a right and ability to retrieve personal data or pull it from the collection, specific regulations for varying types of data are needed.[17] The importance of consent and patient privacy must be considered through giving patients a transparent view of how brain data is governed.[18] The legal system must address discriminatory issues and risks to patients whose data is used in studies. Laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Protection Act (CCPA) can serve as effective models to protect aggregated data. These laws govern consumer information and ensure the compliance when personal data is collected.[19] California voters recently approved expansion of the CCPA to health data. The Washington Privacy Act, which would have provided rights to access, change, and withdraw personal data, failed to pass.  Other states should improve privacy as well,[20] although a federal bill would be preferable. Scientists at the Heidelberg Academy of Sciences argue for data security to be governed in a manner that balances patient privacy and autonomy with the commercial interests of researchers.[21] The balance could be achieved through privacy protections like those in the Washington Privacy Act. Although the Health Insurance Portability and Accountability Act (HIPAA) provides an overall framework to deter the likelihood of dangers to patient protection and privacy, more thorough laws are warranted to combat pervasive data transfer and analysis that technology has brought to the health care industry.[22] Breaches of patient privacy under current HIPAA regulations include releasing patient information to a reporter without their consent and sending HIV data to a patient’s employer without  consent.[23] HIPAA does not cover information being shared with outside contractors who do not have an agreement with technology companies to keep patient data confidential. HIPAA regulations also do not always address blatant breaches on patient data confidentiality.[24] Patients must be provided with methods to monitor the data being analyzed to be able to view the extent of private information being generated via AI technologies. In health research, the medical purposes of better diagnosis, earlier detection of diseases, or prevention are ethical justifications for the use of the data if it was collected with permission, the person understood and approved the uses of the data, and the data was deidentified. 
A standard governance framework is required in providing the fairest system of care to patients who allow their brain data to be examined. Informed consent in the neuroscience field could reaffirm the privacy and autonomy of patients by ensuring that they understand the type of information collected. Laws also could protect data after a patient’s death. Malpractice in the scope of brain data could give people a cause of action critical in safeguarding patient’s rights. Data breach lawsuits will become common but generally do not cover deidentified data that becomes part of big data collection. A more synchronized approach to the collection and consent process will encourage an understanding of how big data is used to diagnose and treat patients. Some altruistic people may even be more likely to consent if they know the largescale data collection is helpful to treat and diagnose people. Others should have the ability to opt out of sharing neurological data, especially when there is not certainty surrounding deidentification.[25] 
Conclusion 
Artificial intelligence and machine learning technologies have the potential to aid in the diagnosis and treatment of people globally by extracting and aggregating brain data specific to individuals. However, the secure use of the data is necessary to build trust between care providers and patients, as well as in balancing the bioethical principles of beneficence and patient autonomy. We must ensure the highest quality of care to patients, while protecting their privacy, informed consent, and clinical trust. More sophisticated tools for informed consent will be necessary to ensure that people understand how their data may be used. 
[1] Kellmeyer, P. (2018). Big Brain Data: On the Responsible Use of Brain Data from Clinical and Consumer-Directed Neurotechnological Devices. Neuroethics. https://doi.org/10.1007/s12152-018-9371-x 
[2] Ethical Dimensions of Using Artificial Intelligence in Health Care. (2019). AMA Journal of Ethics, 21(2). https://doi.org/10.1001/amajethics.2019.121 
[3] Kellmeyer, P. (2018). Big Brain Data: On the Responsible Use of Brain Data from Clinical and Consumer-Directed Neurotechnological Devices. Neuroethics. https://doi.org/10.1007/s12152-018-9371-x 
[4] Kellmeyer, P. (2018). Big Brain Data: On the Responsible Use of Brain Data from Clinical and Consumer-Directed Neurotechnological Devices. Neuroethics. https://doi.org/10.1007/s12152-018-9371-x 
[5] Savage, N. (2019, July 24). How AI and neuroscience drive each other forwards. Nature News. https://www.nature.com/articles/d41586-019-02212-4. 
[6] Fothergill, B. T., Knight, W., Stahl, B. C., & Ulnicane, I. (2019). Responsible Data Governance of Neuroscience Big Data. Frontiers in Neuroinformatics, 13. https://doi.org/10.3389/fninf.2019.00028 
[7] Kayaalp, M. (2018). Patient Privacy in the Era of Big Data. Balkan Medical Journal, 35(1), 8–17. https://doi.org/10.4274/balkanmedj.2017.0966 
  https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5820452/ 
[8] Kellmeyer, P. (2018). Big Brain Data: On the Responsible Use of Brain Data from Clinical and Consumer-Directed Neurotechnological Devices. Neuroethics. https://doi.org/10.1007/s12152-018-9371-x 
[9] Ethical Dimensions of Using Artificial Intelligence in Health Care. (2019). AMA Journal of Ethics, 21(2). https://doi.org/10.1001/amajethics.2019.121 
[10]Martinez-Martin, Nicole. “What Are Important Ethical Implications of Using Facial Recognition Technology in Health Care?” AMA Journal of Ethics 21, no. 2 (2019). https://doi.org/10.1001/amajethics.2019.180. 
[11] Kayaalp, M. (2018). Patient Privacy in the Era of Big Data. Balkan Medical Journal, 35(1), 8–17. https://doi.org/10.4274/balkanmedj.2017.0966 
[12] Martinez-Martin, Nicole. “What Are Important Ethical Implications of Using Facial Recognition Technology in Health Care?” AMA Journal of Ethics 21, no. 2 (2019). https://doi.org/10.1001/amajethics.2019.180. 
[13] Kayaalp, M. (2018). Patient Privacy in the Era of Big Data. Balkan Medical Journal, 35(1), 8–17. https://doi.org/10.4274/balkanmedj.2017.0966 
[14] Kayaalp, M. (2018). Patient Privacy in the Era of Big Data. Balkan Medical Journal, 35(1), 8–17. https://doi.org/10.4274/balkanmedj.2017.0966 
[15] Kayaalp, M. (2018). Patient Privacy in the Era of Big Data. Balkan Medical Journal, 35(1), 8–17. https://doi.org/10.4274/balkanmedj.2017.0966 
[16] Beets, R. (n.d.). Webinar Data Governance. International Neuroethics Society. https://www.neuroethicssociety.org/webinar-data-2021. 
[17] Price, W. Nicholson, 2nd, and I. Glen Cohen. Privacy in the Age of Medical Big Data. Nat Med. 2019;25(1):37-43. doi:10.1038/s41591-018-0272-7 
[18] Price, W. Nicholson, 2nd, and I. Glen Cohen. Privacy in the Age of Medical Big Data. Nat Med. 2019;25(1):37-43. doi:10.1038/s41591-018-0272-7 
[19] Price, W. Nicholson, 2nd, and I. Glen Cohen. Privacy in the Age of Medical Big Data. Nat Med. 2019;25(1):37-43. doi:10.1038/s41591-018-0272-7 
[20] Grey, Stacey. “A New US Model for Privacy? Comparing the Washington Privacy Act to GDPR, CCPA, and More.” Future of Privacy Forum, https://fpf.org/blog/a-new-model-for-privacy-in-a-new-era-evaluating-the-washington-privacy-act/ 
  
[21] Beets, R. (n.d.). Webinar Data Governance. International Neuroethics Society. https://www.neuroethicssociety.org/webinar-data-2021. 
[22] Pasquale, Frank. “Protecting Health Privacy in an Era of Big Data Processing and Cloud Computing.” Stanford Technology Law Review 17, no. 2 (2014). https://ncvhs.hhs.gov/wp-content/uploads/2017/11/Pasquale-Ragone-Protecting-Health-Privacy-in-an-Era-of-Big-Data-508.pdf 
[23] Vanderpool D. HIPAA Compliance: A Common Sense Approach. Innov Clin Neurosci. 2019;16(1-2):38-41 
[24] Vanderpool D. HIPAA Compliance: A Common Sense Approach. Innov Clin Neurosci. 2019;16(1-2):38-41 
[25] Zimmerman, A. (2020). Marketing madness: The disingenuous use of free speech by big data and big pharma to the detriment of medical data privacy. Voices in Bioethics, 6. https://doi.org/10.7916/vib.v6i.5901 
 


INTRODUCTION
With the rapid advancements in neurotechnological machinery and improved analytical insights from machine learning in neuroscience, the availability of big brain data has increased tremendously. Neurological health research is done using digitized brain data. 1 There must be adequate data governance to secure the privacy of subjects participating in brain research and treatments. If not properly regulated, the research methods could lead to significant breaches of the subject's autonomy and privacy. This paper will address the necessity for neuroprotection laws, which effectively govern the use of big brain data to ensure respect for patient privacy and autonomy.

BACKGROUND
Artificial intelligence and machine learning can be integrated with neuroscience big brain data to drive research studies. This integrative technology allows patterns of electrical activity in neurons to be studied in detail. 2 Specifically, it uses a robotic system which can reason, plan, and exhibit biologically intelligent behavior. Machine learning is a method of computer programming where the code can adapt its behavior based on big brain data. 3 The big brain data is the collection of large amounts of information for the purpose of deciphering patterns through computer analysis using machine learning. 4 The information that these technologies provide is extensive enough to allow a researcher to read a patient's mind. AI and machine learning technologies work by finding the underlying structure of brain data, which is then described by patterns known as latent factors, eventually resulting in an understanding of the brain's temporal dynamics. 5 Through these technologies, researchers are able to decipher how the human brain computes its performances and thoughts. However, due to the extensive and complex nature of the data processed through AI and machine learning, researchers may gain access to personal information a patient may not wish to reveal. From a bioethical lens, tensions arise in the realm of patient autonomy. Patients are not able to control the transmission of data from their brains that is analyzed by researchers. Governing brain data through laws may enhance the extent of patient privacy in the case where brain data is being used through AI technologies. 6 A responsible approach to governing brain data would require a sophisticated legal structure.

Impact on Patient Autonomy and Privacy
In research pertaining to big brain data, the consent forms do not fully cover the vast amounts of information that is collected. According to research, personal data has become the most sought out commodity to provide content to corporations and the web-based service industry. Unfortunately, data leaks that release private information frequently occur. 7 The storage of an individual's data on technologies accessible on the internet during research studies makes it vulnerable to leaks, jeopardizing an individual's privacy. These data leaks may cause the patient to be identified easily, as the degree of information provided by AI technologies are personalized and may be decoded through brain fingerprinting methods. 8 There has been an extensive growth in the development and use of AI. It is efficient in providing information to radiologists who diagnose various diseases including brain cancer and psychiatric disease, and AI assists in the delivery of telemedicine. 9 However, the ethical pitfall of reduced patient autonomy must be addressed by analyzing current AI technologies and creating more options for patient preference in how the data may be used. For instance, facial recognition technology 10 commonly used in health care produces more information than listed in common consent forms, threatening to undermine informed consent. Facial recognition software collects extensive data and may disclose more information than a person would prefer to provide despite being a useful tool for diagnosing medical and genetic conditions. 11 In addition, people may not be aware that their images are being used to generate more clinical data for other purposes. It is difficult to guarantee the data is anonymized. Consent requirements must include informing people about the complexity of the potential uses of the data; software developers should maximize patient privacy. 12 Furthermore, there is a "human element" in the use of AI technologies as medical providers control the use and the extent to which data is captured or accessed through the AI technologies. 13 People must understand the scope of the technology and have clear communication with the physician or health care provider about how the medical information will be used.

Existing Laws for Brain Data Governance
A strict system of defined legal responsibilities of medical providers will ensure a higher degree of patient privacy and autonomy when AI technologies and data from machine learning are used. Governing specific algorithmic data is crucial in safeguarding a patient's privacy and developing a gold standard treatment protocol following the procurement of the information. 14 Certain AI technologies provide more data than others, and legal boundaries should be established to ensure strong performance, quality control, and scope for patient privacy and autonomy. For instance, currently AI technologies are being used in the realm of intensive neurological care. However, there is a significant level of patient uncertainty about how much control patients have over the data's uses. 15 Calibrated legal and ethical standards will allow important brain data to be securely governed and monitored. Once brain signals are recorded and processed from one individual, the data may be merged with other data in Brain Computer Interface Technology (BCI). 16 To ensure a right and ability to retrieve personal data or pull it from the collection, specific regulations for varying types of data are needed. 17 The importance of consent and patient privacy must be considered through giving patients a transparent view of how brain data is governed. 18 The legal system must address discriminatory issues and risks to patients whose data is used in studies. Laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Protection Act (CCPA) can serve as effective models to protect aggregated data. These laws govern consumer information and ensure the compliance when personal data is collected. 19 California voters recently approved expansion of the CCPA to health data. The Washington Privacy Act, which would have provided rights to access, change, and withdraw personal data, failed to pass. Other states should improve privacy as well, 20 although a federal bill would be preferable. Scientists at the Heidelberg Academy of Sciences argue for data security to be governed in a manner that balances patient privacy and autonomy with the commercial interests of researchers. 21 The balance could be achieved through privacy protections like those in the Washington Privacy Act. Although the Health Insurance Portability and Accountability Act (HIPAA) provides an overall framework to deter the likelihood of dangers to patient protection and privacy, more thorough laws are warranted to combat pervasive data transfer and analysis that technology has brought to the health care industry. 22 Breaches of patient privacy under current HIPAA regulations include releasing patient information to a reporter without their consent and sending HIV data to a patient's employer without consent. 23 HIPAA does not cover information being shared with outside contractors who do not have an agreement with technology companies to keep patient data confidential. HIPAA regulations also do not always address blatant breaches on patient data confidentiality. 24 Patients must be provided with methods to monitor the data being analyzed to be able to view the extent of private information being generated via AI technologies. In health research, the medical purposes of better diagnosis, earlier detection of diseases, or prevention are ethical justifications for the use of the data if it was collected with permission, the person understood and approved the uses of the data, and the data was deidentified.
A standard governance framework is required in providing the fairest system of care to patients who allow their brain data to be examined. Informed consent in the neuroscience field could reaffirm the privacy and autonomy of patients by ensuring that they understand the type of information collected. Laws also could protect data after a patient's death. Malpractice in the scope of brain data could give people a cause of action critical in safeguarding patient's rights. Data breach lawsuits will become common but generally do not cover deidentified data that becomes part of big data collection. A more synchronized approach to the collection and consent process will encourage an understanding of how big data is used to diagnose and treat patients. Some altruistic people may even be more likely to consent if they know the largescale data collection is helpful to treat and diagnose people. Others should have the ability to opt out of sharing neurological data, especially when there is not certainty surrounding deidentification. 25 CONCLUSION Artificial intelligence and machine learning technologies have the potential to aid in the diagnosis and treatment of people globally by extracting and aggregating brain data specific to individuals. However, the secure use of the data is necessary to build trust between care providers and patients, as well as in balancing the bioethical principles of beneficence and patient autonomy. We must ensure the highest quality of care to patients, while protecting their privacy, informed consent, and clinical trust. More sophisticated tools for informed consent will be necessary to ensure that people understand how their data may be used.