[dv_dt]

Using unvalidated algorithms (including AI) when life is on the line should not be legal.

This is clearly the direct case for medical devices, but there should also be a standard when algorithms are being applied that moderate access to healthcare too - because they have effects exactly like that of doctors making medical decisions.

[tossandthrow]

The issue is that a case worker that has been instructed to delay processes (or has incentive structures in place to do so) is equally bad.

I think we just need regulation. Not regulation that takes AI into account.

[dv_dt]

Agreed, I think of a standardized clerical process (even if wholly administered by humans) as an algorithm.

I’m not a lawyer but I suspect there are regulations that apply to unjustified denial of insurance healthcare services - they don’t seem to be closely enforced and moreover there is also a frustrating magical enforcement loophole when software becomes involved where even previous precedents seem to need to be reestablished just because tech doing the denial is somehow different than people following a process.

[troupo]

> Using unvalidated algorithms (including AI) when life is on the line should not be legal.

EU AI Act forbids that.

[badpun]

In European bank I worked at, it was worked around by having an employee "reviewing" the "recommendation" given by AI, and making the final decision. The final decision was of course 100% in line with AI "recommendation".

[rsynnott]

The AI act is less than a month old; you were likely dealing with either older or local legislation, or some attempt at corporate responsibility (possibly risk management; if you tell your financial regulators “yeah, an unverifiable magic box makes the lending decisions, unreviewed”, you will likely get in trouble, at least in the post-noughties-financial-crisis era).

The EC is usually rather sceptical of attempts to work around the rules.

[david_allison]

GDPR Article 22 has been in force for a long time:

> The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

https://gdpr-info.eu/art-22-gdpr/

[troupo]

Yup, that's my worry about these things, too.

[lumost]

If an employee is pressured to deliver faster, and the employer looks the other way when chatgpt comes out - then there is little for the regulator to do. If you penalize the employee, another will just do the same.

[jprete]

As a regulator, you don't penalize the employee; you penalize the company as though it were a wilful violation.

[lumost]

The company is much larger and incentivized to make it look like an employee issue. Unless there are active mechanisms to prevent this, it will be the default outcome.

[falcor84]

What would a "validated" algorithm even look like? (I suppose you're not thinking of mathematical formal proofs)

[dv_dt]

Well if there are high denial rates for procedures that are within the accepted body of medical practice then the claims process is standing in the way of individual healthcare.

Who validates that a procedure is accepted practice, doctors or insurance accountants.

[falcor84]

That sounds more like black-box testing rather than validating the algorithm itself