Skills application
Responsible AI development (healthcare scenario)
You are an AI ethics and governance consultant reviewing data practices atHealth Insights AI, a startup building a cardiovascular risk model from EHRs, wearables, genetics and patient-reported symptoms.

Context
Stakeholders worry about sensitive health data,bias in diagnostics and whether practices meet UK GDPR and broader clinical-data expectations (use HIPAA only where it truly applies to your scenario).
Success criteria
- Bias and error analysis: ≥3 risks from sources, retention or metadata gaps; fairness and accuracy impact.
- Security and compliance: ≥2 legal/ethical requirements; what to audit in current ML security posture.
- Security protocol design: ≥2 protocols (for example differential privacy, federated patterns, strengthened de-identification with risk assessment).
- Bias minimisation: ≥3 collection/preprocessing strategies grounded in the scenario.
Completing this activity unlocks the solution example on the following page.
Scenario documentation
Data sources and lineage
- EHRs: rich clinical and demographic history; long retention; logging granularity varies by contributing hospital.
- Wearables: continuous streams aggregated daily; raw one year, aggregates five years; device-specific algorithms not harmonised.
- Genetics: separate secure store; retention like EHRs;uneven ethnic representation from historical study recruitment.
- App symptoms: free text + structured forms; three-year retention; NLP extractionpoorly documented.
Retention (summary)
- EHR/genetics: long-term clinical retention patterns.
- Wearables: raw 1y / aggregates 5y.
- App: 3y.
- Metadata: partial;no central catalogue; transforms and bias context inconsistently recorded.
Security (ML-relevant)
- Mixed de-identification; mapping controls exist but effectiveness not fully documented.
- Encryption in transit and at rest; audits skew to infra, not ML-specific re-identification risk.
- Access policies exist; fairness expectations for ML still immature.
Preprocessing
- Heterogeneous EHR coding; wearable metric differences not tested for bias; genetic missingness; NLP bias unevaluated; simple imputation without slice-aware analysis; expert-driven feature picks without proxy review.
Tasks
- Research: UK GDPR + health-data themes; common clinical ML bias sources; lineage/retention roles.
- Bias and error analysis
- Security and compliance evaluation
- Security protocol design
- Bias minimisation
- Synthesise a concise report for Health Insights AI.
Action item: Submit your report
Draft in the form below; export for your governance forum if needed.
Healthcare ethics report
Research summary (regulations, bias themes, lineage/retention)
Your response here...
Bias and error analysis (≥3 risks)
Your response here...
Security and compliance evaluation (≥2 requirements)
Your response here...
Security protocol design (≥2 protocols)
Your response here...
Bias minimisation strategies (≥3)
Your response here...
Executive summary and next steps
Your response here...