- The two sides of any regulation, the regulators and those who are regulated, have opposing views on whether more or less of it is needed.
- In healthcare, there is a fine line between proper reaction and overregulation, and the latter often becomes prohibitive to new research and development.
- When calculating the cost of new medicines and associated risks, the regulators tend to miss the real focus, i.e. the patient themselves.
- With more regulation, exceptions will come to the forefront, which will mean leaving many patients without hope for survival.
- In the end, regulation is all about trust, and here the banking industry may serve as an example to healthcare.
In a recent discussion about Artificial Intelligence (AI), data and healthcare, I was asked a relevant question: “What sort of regulation do we need for AI in healthcare?”
A very thought-provoking question! Regulation in general is already a heavily discussed subject, with strong feelings on both sides, for and against. Do we need more regulation? Do we need specific regulation? Are the checks and balances at the right level? Might a moratorium on regulation be a good idea? Are we aware of the hidden costs when we say ‘no’?
On one side of the discussion are the lawyers, supervisors and regulators who earn their living from regulation. Their answer is usually, “Yes, we need more and specific regulation for AI.” On the other side are the ones who are being regulated, mostly the companies, institutions and professionals. They usually complain about the extra work, cost and operational obstacles caused by regulation; they want less. Incidentally, there are no bad intentions from either side. It’s simply “the way we work” (Kapitein 2018a), but the question here is specifically about healthcare. In the end, as final stakeholders and the object of the data involved, we, the patients and patient advocates, simply say, “Please, no more regulation. Stop talking about the abuse of data. Use our data!”
I will go back to the original purpose of regulation, and that is to enable the citizen to trust important things in their life, such as food quality, product safety, safety in traffic and in aviation, reliability of money and savings, et cetera. Might trust also be a solution to keep the process rolling and at speed? Should an important outcome of regulations be trust? When do we trust?
Regulation is often necessary and helps. It helps to build trust. There is, in my opinion, no doubt about that. It ensures that we take care in doing things the proper way. In aviation, for example, it has done an enormous amount of good on the part of safety. It saves lives. The focus was exactly on saving lives. And when we regulate, we need to keep the focus on the essence (the ultimate objective). In healthcare that should be the patient.
Rules and regulations are constantly adapting to cover new developments and new perceived risks. The two airplane crashes in 2018 and 2019 with the Boeing 737 Max were caused by faulty software. That type of plane has not been allowed to fly for over a year now. It is very unlikely that any passenger would trust this plane until there is strong evidence that the problem has been completely analysed and fixed. This looks like a very forceful but also a reasonable reaction. Not an overreaction.
Now consider the case of a medicine: thalidomide in the early 1960’s. It was a sleeping pill, safe and with few side effects, so it became a success and was even available without prescription. But then babies started to be born with deformities and after a few years it was discovered that thalidomide was the cause. Of course, it was immediately taken off the market. Nevertheless, after good (additional) research and safety checks (it seemed to be effective and is made available under a solid safety protocol), it is now used only for very specific treatments, for instance, for multiple myeloma.
Another effect of the thalidomide case, however, was that the protocol for testing a medicine before release has become much more restrictive. So much, that today a medicine may exist that could be of major benefit for a patient with terminal cancer and a predicted lifespan of three months, but the medicine cannot be given because its long-term side effects may be unknown. “But doctor, I have three months to live, those side effects will never appear!” This is an obvious case of regulators overreacting.
Overreacting is what we quite often do. When we regulate, it has become the norm to focus on the exceptions rather than the main problem. Regulation of medicines was originally intended to protect patients from unscrupulous doctors. Now, it protects the doctor from lawsuits by patients, because the doctor cannot be sued for malpractice if they have stringently followed the protocol, even at the cost of not fulfilling a medical need of the patient. This liability culture started in the U.S. and has now solid ground in Europe as well. The only ones who are at risk in this situation are not the regulators, professionals, doctors and industry, and neither they nor the patient advocates are involved in the decision-making process. This example is not an exception, it’s common practice in hospitals for patients, and I’m pretty sure that there is no bad intention on the part of anyone involved. We’re in ‘a way of working’ that makes these absurd things become reality for people; for patients on a daily basis (Kapitein 2018a).
Another example is the use of patient data. Almost all patients want their data to be used for research in order to achieve better treatments. We need regulation (checks and balances) that prevent users from misuse and abuse, not hinder the use of patient data. I think that the checks and balances are in place. I will elaborate further on this later in the article.
It’s my belief that the General Data Protection Regulation (GDPR) is meant to improve the interoperability of data between research institutes. In practice, this interoperability is severely restricted, but not in order to protect the patient’s data. The two main reasons for this are:
• Most researchers simply do not want to share their data before publication. This is not a good thing because the data are patient data and should therefore be available for everybody, anytime. These same data could and should be used by other researchers simultaneously. Cooperation speeds up the process of research, not competition (Kapitein 2018b).
• Industry never publishes the data of the trials that fail (the so-called ‘failures’). Therefore, these data also can’t be shared. Data on failures are also important for research, especially when we evolve towards personalised medicine. When we are able to diagnose the individual patient, and have gained knowledge on personalised medicine, then that ‘failure’ might be a good treatment for an individual patient. Up until now, the treatment is prevented from reaching the market because there is a medicine that, based on statistics, has a better score. As a consequence, the patient loses their life while a possible treatment might have been available.
So, the problem is not the GDPR. The problem is that institutions, researchers and industry are protecting their own interests by misusing the GDPR because of a wrong focus in their work.
Hidden Costs of Saying No
When we want a new treatment to be designed, developed, tested and implemented, we are quite often able to calculate the costs. We write a plan and make an estimate, based on experienced people’s opinions, and we come to a reasonable figure. That figure can then be used to make a business decision on the investment. What is missing in this business plan is that ‘taking no action’ also has its costs and losses. Doing nothing doesn’t mean ‘no cost.’ Doing nothing sometimes costs a lot more than taking action. Doing nothing sometimes costs lives, as Professor Dr Joep Lange (HIV/AIDS researcher/clinician) stated so powerfully: “Inaction kills.” These are, among others, ‘the hidden costs of saying no!’
The cost of saying yes can be calculated most of the time and demonstrated in a style that is familiar and congenial to lawyers, whereas the cost of saying no is a matter of conjecture and has no established legal standing. Besides, if those costs are the lives of patients, that burden is not carried by the institution or company deciding on its investment, whereas the financial gains in patents, fees and prices definitely contribute to their bottom line. Therefore, we need more knowledge and a more realistic balance of uncertainties and risks.
According to Freeman Dyson (1975), there are two facts of life that make it difficult for political authorities to reach wise decisions and which therefore cause many hidden costs.
1. The unpredictability of technology. In our situation: the output of industry in designing and developing new medicines.
2. The inflexibility of bureaucratic institutions. In our situation: there are rules, and the rules determine the answer to the question about doing right or wrong.
1) I think this is true. The uncertainty of the output and outcome of industry is a big problem. Making new medicines is certainly not mathematics. These uncertainties are a problem for industry but also for government or health insurance companies/payers. We simply have difficulties with calculating the costs, and therefore we think that medicines are too expensive. The price of medicines is far too high, but not for the reasons that most people believe. The so-called ‘cost of capital’ is the most important reason why medicines are so expensive. The structure of the financial complex of investors and shareholders, banks, pharmaceutical companies, hospitals and doctors are responsible for these enormous costs (Gupta Strategists 2019), and the regulations for bookkeeping and profit calculation provide a way to make profit mechanisms ever more seemingly effective but also more complex and risky.
2) I can be short on this one, for in the first paragraph I write about the rules that prevent doctors from treating dying patients with a medicine that has not been tested in a phase 3 trial because of long-term effects. It’s a strong and painful example of what happens when the subject, the patient (the essence) plays no part and has no power in this decision. It is, however, not caused by the doctors alone, but by the stakeholders in the institutions and corporations involved in the medical processes. Also, patient organisations can be part of the problem when they argue against early access and deny their fellow patients this hope. It is, in other words, a problem of “the way we work,” the medical industrial complex.
Let us not forget that regulations in healthcare start with politicians who make the rules, and the regulator who implements them. During this process of making and implementing, many changes to what was intended can occur. In the end, the politicians have the primary responsibility, but every other (‘next’ in the chain) stakeholder has a responsibility as well. According to Hannah Arendt (2005), one never loses their responsibility when part of a larger scene. Some thoughts from this great philosopher, who did a lot of work around responsibility that helps us making the right decision, are worth noting: “You can be responsible for things that you have not done. You cannot be guilty of things you have not done, although you can pay for it.” Her plea was for thinking to be a humane process; that is recognising the importance in making the difference between good and evil: “The sad truth is that most evil is done by people who never make up their minds to be good or evil.”
The problem is not that the costs are too high, the problem is that regulators (whether in healthcare or finance) have another focus in their work. They miss the essence, and therefore the costs are not in control.
Cost, Benefit and Risk
Who wants to take a risk? When it comes to chances, people fight harder to protect what they have than to gain something new (Kahneman 2013). Patients will fight hard to stay alive. But do they always get this chance from healthcare? We saw how patients are prevented by regulators, doctors, industry and health insurance companies from being treated because of the uncertainty of the long-term effects of medicines, even when they are dying. Patients want to fight but do not get the chance!
Risk equals chance multiplied by impact. This is exactly what is missing in healthcare when we look at the individual patient. The risk of a treatment for a patient is in many cases close to zero. There might be long-term effects, but for the dying patient they are irrelevant, which means that there is no risk for the patient. The impact of saying no and withholding the medicine from them is enormous and precise: certain death. When they take the drug, they have a chance.
The reason why a patient doesn’t get the chance for these new experimental drugs is that the rules have been driven by other risks: the risks of physicians who might get sued because of the effects of a drug. Also, the cost/benefit ratio for a physician is quite different to that of the patient, and these risks have been determined by the regulators giving no say, or only a formal say to patients. If any, this is conducted mostly by representatives of patients and not with the patients themselves who have the unmet medical need.
The difference to be recognised between patients and citizens (non-patients) is urgency. When there is urgency, your decision is different from when there is no urgency. The lack of concern influences the risk/benefit ratio, and people who are not dealing with unmet medical needs act differently because they have something material to lose. When you have nothing to lose, because you’re dying, it is simply wrong that you don’t even have the right of self-determination in evaluating risk (Bunnik et al. 2018).
And let’s not forget: people in different economic and cultural situations make different decisions. A Colombian woman once told me that in Colombia people were more concerned when their computer was stolen than when their data were misused or abused. The computer was the ‘now,’ the data are the ‘future.’ Most regulations are made by politicians or by big bureaucratic institutions like the European Medicines Agency and the Food and Drug Administration where the employees have little or no knowledge about these situations.
The problem in healthcare is that the actual cost/benefit ratio is not the ratio involving the patient’s life. It is the ratio of other stakeholders in the medical industrial complex, and they miss the essence.
Checks and Balances
In my opinion, there is enough regulation. More regulation, especially when dealing with AI and data analysis in healthcare and personalised medicine, will kill the opportunity for patients and take away their hope. AI can be a chance for better diagnostics and treatments, and therefore better quality of life. Regulation quite often stifles innovation (as stated in the opening quote from Freeman Dyson). Healthcare has fallen too much into the hands of regulators: lawyers and politicians. We patients experience these problems daily. We pay the costs and we take the risks.
Let me give you an example. When we want an existing drug to be ‘repositioned’ and registered for another disease, we have to deal with a lot of issues that are already in place for this drug. This is natural because it’s another disease. Yes, but off-label, a physician is allowed to prescribe it. What’s the difference between prescribing it 1,000 times off-label and registering it for general use, so long as the patient and the doctor have an agreement on the prescription and its use, with informed consent in place?
It is my belief that a lot of regulation, checks and balances are already in place. Therefore, I make a plea for a moratorium on regulation when AI and personalised medicine come on the stage. Let me tell you why checks and balances are at the right level.
We can exchange data because of the GDPR. I know the barriers, but we can exchange and use data; we only have to ask the patients. Don’t be afraid to share it, and no, your publication is not of greater importance than our lives, so hurry up; please share!
Other checks and balances deal with science and the scientists. When they misuse our data, their career is dead; more or less the same for industry: there is a risk of their business failing. Misuse of data leads to no registration of their product (this might hurt patients as well when it concerns a good drug). They get fined. However, in most cases, this doesn’t hurt industry too much. But no industry wants to be a second Cambridge Analytica, and that wasn’t even about patient data. The reputation of big pharma is not very good, but what happened to Cambridge Analytica was a serious image problem of different dimension with a huge business impact.
Regulation should be in place for the general issues dealing with patients and safety. They should not deal with the exceptions. We can deal with exceptions using common sense. When we try to regulate all the exceptions, we block the introduction of new medicines and the repositioning of existing ones. Finally, we end up in the situation (which is, in fact, already the case) that so much work has to be done to register a medicine that only big pharma can afford to do, needing huge apparatus. We don’t want that. Young, innovative and relatively small companies should have the opportunity to enter the market as well.
Trust and Speed of Trust
Now, after all, comes the easiest part of the article: ‘Trust.’
It’s all about trust. We put our life in the hands of a physician because we trust them. We give our data when we have trust. We use the data (as scientists and industry) when we trust that all is in order and we won’t get sued. When we trust, we regulate the general issues and not the exceptions. The exceptions are dealt with using common sense. Trust is connected to the question of whether the checks and balances are in place. I think they are.
When I ask people, “Do you trust banks?” nobody says “Yes!” We all have our savings in a bank account because we trust the checks and balances. When a bank goes bankrupt, our savings are guaranteed up to a certain amount of money. We know that upfront. Governments and banks have now taken measures so that we can trust our money in the bank.
Banks may do risky things with your money (like lend it), but in the end, you get your money back the moment you ask for it. When necessary, you get it in the physical form: banknotes. You are protected!
Therefore, we don’t want more regulations. We know that the checks and balances are in place. Therefore, we trust. What banks can do, healthcare can do as well.
I would like to thank Ingmar de Gooijer (myTomorrows) and Tielo Jongmans (Patient Advocate Inspire2Live) for their critical remarks and advice. They have been of great value for me. This does not mean that this article necessarily reflects their opinion. I would also like to thank Barbara and Mark Moss for their final touch on the English language and their contribution as a patient advocate.
Conflict of Interest