AI & Medical Devices: Emerging Legal Risks for Patients - Thompson & Co Solicitors
0800 7313982
0191 5656308
Request Free Consultation

Request Free Consultation


    AI & Medical Devices: Emerging Legal Risks for Patients


    Artificial Intelligence (AI) is transforming healthcare. From diagnostic imaging to robotic surgery, AI-powered medical devices are becoming more common in clinics and hospitals across the UK. However, with this technological advancement comes a range of emerging legal risks, particularly for patients. While AI promises faster diagnostics, improved accuracy, and cost efficiency, it also raises questions about liability, safety, data protection, and informed consent.

    In this article, we explore how AI is being used in medical devices, the potential risks patients face, and the legal frameworks governing accountability when things go wrong.

    What Is AI in Medical Devices?

    AI in medical devices refers to the integration of machine learning algorithms, data analytics, and intelligent automation into tools that diagnose, monitor, or treat medical conditions. Common examples include:

    • Imaging analysis software that detects cancer on MRI scans.
    • Wearable devices that monitor heart rhythms and predict arrhythmias.
    • AI-powered surgical robots used in orthopaedic or laparoscopic procedures.
    • Chatbots used for triage and symptom checking.

    Unlike traditional software, AI systems can learn from data and adapt over time, often without direct human input. This evolution, while improving performance, introduces unique legal complexities.

    Key Legal Concerns for Patients

    1. Accountability and Liability

    One of the most pressing legal questions is: who is liable if an AI-powered device makes an error that causes harm to a patient? Unlike traditional medical devices, AI can act autonomously or semi-autonomously, which makes assigning responsibility more complex.

    There are three potential parties who could be liable:

    • The manufacturer of the device
    • The healthcare provider or hospital
    • The software developer or AI algorithm provider

    In many cases, UK law may treat AI as a product under the Consumer Protection Act 1987. If the product is defective and causes injury, the manufacturer could be held strictly liable. However, proving a defect in an adaptive AI system that constantly changes its behaviour is much more difficult than with a static product.

    2. Medical Negligence and Duty of Care

    Healthcare professionals have a legal duty to act in a manner that is reasonable and consistent with accepted standards of care. But if a clinician relies on AI advice that turns out to be wrong, is the clinician negligent – or is it the AI’s fault?

    Currently, UK courts are likely to hold the clinician responsible for the final decision. The General Medical Council (GMC) expects doctors to critically assess any technology they use, including AI tools. If they fail to question or override a faulty AI output, they could still be liable for medical negligence.

    3. Informed Consent

    Patients have the legal right to make informed decisions about their care. That includes understanding how decisions are made,  and who or what is making them.

    If a diagnosis or treatment recommendation is based on an AI system, the patient must be informed. They should be told:

    • That AI is being used
    • How much influence the AI has over the decision
    • Any known limitations or risks associated with the technology

    Failure to obtain valid informed consent could expose clinicians or institutions to legal claims, especially if the patient would have chosen a different course of action had they known the full facts.

    4. Data Protection and Privacy

    AI devices often rely on large volumes of personal health data to function properly. That raises significant concerns under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

    Patients must be told how their data is being used, stored, and shared. They also have the right to access, rectify, or erase their data. If AI systems use patient data without proper consent or safeguards, data breaches or unlawful processing could lead to regulatory penalties and civil claims.

    AI systems must also avoid using biased or incomplete datasets, as this can result in discriminatory outcomes,  a potential breach of the Equality Act 2010.

    5. Regulatory Compliance and Device Approval

    In the UK, medical devices (including those powered by AI) must be registered with the Medicines and Healthcare products Regulatory Agency (MHRA). Devices must meet certain safety, performance, and efficacy standards before being used in patient care.

    The challenge with AI is that it may change its function over time,  something known as “adaptive AI.” This makes regulation more difficult. Current MHRA guidance requires developers to ensure continued compliance through post-market surveillance and updates, but gaps remain in monitoring how AI performs after deployment.

    Case Examples and Scenarios

    To better illustrate these risks, consider the following hypothetical scenarios:

    Scenario 1: AI Misdiagnosis
    An AI system used in a radiology department fails to detect early signs of lung cancer on a CT scan. The clinician does not review the image manually, relying entirely on the AI output. The cancer progresses undetected and becomes incurable. The patient sues the hospital.

    Legal Issue: While the AI tool malfunctioned, the clinician failed in their duty to verify the diagnosis. Liability may fall on the hospital for inadequate supervision or training, but the manufacturer might also be liable under product liability laws.

    Scenario 2: Uninformed Consent
    A patient undergoes robotic-assisted surgery. They are told about the general risks of surgery, but not that a semi-autonomous AI system will be performing most of the operation. Post-op complications arise, and the patient claims they would not have consented had they known.

    Legal Issue: The lack of full disclosure could breach informed consent requirements, creating grounds for a clinical negligence claim.

    Scenario 3: Data Misuse
    An AI health app collects sensitive patient data but fails to anonymise it properly. A data breach occurs, exposing names, medical histories, and location data.

    Legal Issue: This would likely breach the UK GDPR and the Data Protection Act, potentially resulting in fines from the Information Commissioner’s Office (ICO) and claims for distress or loss.

    The Future Legal Landscape

    As AI becomes more embedded in patient care, legal frameworks will need to evolve. Key areas of development include:

    • Statutory AI Liability Schemes: The EU has proposed specific liability laws for AI. While the UK is no longer bound by EU law, similar proposals could emerge domestically to clarify who is responsible when AI causes harm.
    • AI-Specific Medical Device Regulations: The MHRA and NICE are working on updated guidance to account for adaptive algorithms and real-world performance.
    • Professional Guidance: The GMC, BMA, and other bodies are expected to issue updated ethical guidelines to help clinicians understand how to use AI safely and legally.

    What Can Patients Do?

    Patients concerned about AI use in their treatment can:

    • Ask if AI is being used in their diagnosis or care
    • Request information on how decisions are made
    • Review data consent forms carefully
    • Speak to a solicitor if something has gone wrong

    If a patient suffers harm due to an AI error, they may be able to pursue a legal claim under:

    • The Consumer Protection Act 1987
    • The law of negligence
    • Data protection and privacy law

    A solicitor specialising in medical negligence or product liability can help navigate the complexities of AI-related claims.

    Conclusion

    AI in healthcare holds great promise, but it also brings new legal challenges. As medical devices become more autonomous and data-driven, the risks to patients increase. Current laws are struggling to keep pace with the speed of innovation, leaving grey areas in accountability, consent, and safety. Patients must be vigilant, and regulators must continue to refine legal frameworks that protect individuals while enabling innovation.

    Solicitors, too, must stay informed and ready to advise clients on this rapidly changing field. The future of AI in healthcare is here, and the law must keep up.

    Menu
    -->