Privacy and security crucial for healthcare robot adoption – according to new report

The paper, co-authored by academics from Sheffield Hallam, Loughborough University and industry leaders, calls for "secure by design" and “privacy by design” principles to build user trust in care robots that manage sensitive health and medical data.

The use of assistive robots in healthcare has enormous potential benefits but also risks due to the sensitive health and medical data these systems manage. The paper states that security and privacy protections are crucial for care robots to be accepted and adopted on a wide scale.

The paper calls for care robots to be auditable and transparent so their actions are traceable, and any privacy issues could be identified. Legal protections also need strengthening to hold manufacturers accountable.

The UK-Robotics and Autonomous Systems (RAS) White Paper was produced by Dr Jims Marchang, senior lecturer of cybersecurity, Professor Alessandro Di Nuovo, professor of machine intelligence and Dr Samuele Vinanzi, lecturer in robotics and artificial intelligence at Sheffield Hallam University alongside Professor Massimiliano Zecca from Loughborough University, Dr Chris Elliott, founder and CEO of Pitchill Ltd, and Dr Helen Meese, founder and CEO of the Care Machine Ltd.

Dr Jims Marchang, senior lecturer in cybersecurity and corresponding author of the white paper, said: " Although RAS is already gaining popularity, building user's trust, and promoting the adoption of assistive RAS will depend on the incorporation of robust secure mechanisms to safeguard its confidentiality, integrity, availability, and user's privacy. Moreover, the security solutions should not become a barrier and a burden to the users.

"This project is vital because without security and privacy being taken into account, assistive RAS adoption and acceptance will be a challenge because it deals with sensitive and private information of the users."

The white paper recommends designers and developers should adopt the following key strategies when implementing secure Robotics Autonomous Systems (RAS):

The RAS should be “secure by design” so that security features are added from the start and not added after the development of the system.

The RAS should be “privacy by design” to safeguard the privacy of the user from the start of the design and the development of the RAS to guarantee the privacy of the user.

The care RAS system should be transparent so that it is auditable and traceable.

A careful trade-off between the quality of the RAS service delivery and system overheads should be considered in designing and developing care RAS to ensure a real-time response.

To make RAS adoption acceptable and usable with ease, personalised user centric security and privacy mechanisms and techniques should be developed, while the underlying security complexity should be concealed to avoid them being perceived as barriers and burdens.

New Government laws, policies, regulations, and compliances need to be developed to oversee the safe adoption of this new era of AI-based care RAS solution in healthcare to strictly comply with the UK General Data Protection Regulation (UK GDPR).

The white paper highlights the critical need for secure and private RAS in healthcare environments. By adopting the key strategies, user trust and acceptance of RAS can be improved while promoting compliance with data protection regulations. Conversely, underestimating these aspects during the design and development of RAS might have serious repercussions for their widespread adoption.

This research was funded by the EPSRC UK Robotics & Autonomous Systems (UK-RAS) Network.

Read the full white paper here.