Workshop Outcomes
1. Synthetic Data
What is it? How could it be used to protect patients? What is a mix of synthetic and real data? How could they be used together? What are the advantages of various approaches?
Synthetic data is artificially generated data that replicates the statistical properties, structure, and patterns of real-world datasets without directly revealing any identifiable patient information. It is typically created using machine learning models such as Generative Adversarial Networks (GANs), Variational Autoencoders (VAEs), diffusion models, or agent-based simulations.
In healthcare, synthetic data acts as a privacy-preserving proxy for sensitive clinical datasets, enabling analytics, AI development, and testing without exposing patient identities. As a follow on to the workshop, a small demonstrator will be built to explore how a synthetic data set could be used to support clinical decisions, while protecting patient data.
2. Agentic AI
What is the difference between Generative AI and Agentic AI? What is an example of Agentic AI? Is agentic AI a threat or opportunity to patient security and data?
Generative AI produces content such as text, images, or summaries, while agentic AI can take actions toward goals, make decisions, and interact with systems without constant human instruction. A simple example of agentic AI is an automated clinical workflow assistant that can retrieve patient records, schedule scans, order routine tests, or flag risks by acting across multiple systems.
Agentic AI is both a threat and an opportunity for patient security and data. It is an opportunity because it can automate safety checks, reduce human error, improve traceability, and strengthen consent and access controls. It is a threat if it is not well governed, as uncontrolled actions, poor oversight, or weaknesses in decision logic could allow misuse of records, incorrect clinical actions, or exposure of sensitive data. The real outcome depends on strong supervision, clear guardrails, and continuous monitoring.
3. Data Poisoning
Why is it a threat? How could it manifest itself? Who would do this? Why would they do it?
Data poisoning is a deliberate attack where an adversary manipulates training data to corrupt, mislead, or bias an AI model. Because modern clinical AI relies heavily on data-driven learning, poisoning can silently compromise:
- Diagnostic accuracy
- Clinical decision support
- Triage and risk models
- Medical imaging classification
- IoT and remote monitoring systems
- Large language models used in healthcare settings
The threat is significant because poisoning can be undetectable, subtle, and highly damaging. It undermines patient safety, clinical trust, regulatory compliance, and the integrity of models deployed inside hospitals. During the sandpit, this was highlighted as a major risk to NHS AI adoption, especially as datasets become shared across institutions.
4. Blockchain
Why are blockchain tools relevant in AI security? How could they be used in patient security protection? How could they be used in giving control of data to patients? Will blockchain technology be relevant in the next 5 years?
Blockchain tools are relevant in AI security because they provide a transparent and tamper-proof record of how data and models are created, shared, and used. In a healthcare setting this can strengthen patient safety by ensuring that every access to data, every model update, and every clinical AI decision is recorded in a way that cannot be altered. This creates strong accountability and helps detect misuse or unauthorised activity.
For patients, blockchain systems can store consent choices, track who has viewed their information, and allow them to grant or remove access instantly. This gives patients genuine control because the system always reflects the most current choice and cannot be quietly changed in the background. Blockchain can also support secure sharing of medical records, synthetic data, and model outputs by ensuring that only trusted parties can participate, and by providing an audit trail that regulators and clinicians can verify.
Over the next five years blockchain will likely become more relevant in healthcare, not as a cryptocurrency tool but as a trust and verification layer for AI systems, patient consent, research data sharing, and collaboration between hospitals and industry. Its value will depend on practical integration into clinical systems, but the direction of travel across digital health suggests growing importance, especially where transparency and safety are essential.
5. Patient Consent
How could dynamic patient consent be developed? Could AI tools provide new ways of gaining patient consent? Would mood monitoring be relevant in consent? Will patients' mood influence consent? Could dynamic patient consent be more relevant for certain types of patients?
Dynamic patient consent can be developed through secure interactive digital platforms that let patients update their data sharing preferences whenever they wish, instead of giving consent only once. Artificial intelligence tools can support this by providing personalised explanations, simple and clear conversations, and gentle understanding checks to make sure the patient knows what they are agreeing to. These tools can also alert patients when new uses of their data appear, so consent becomes a living process that grows with their care.
Mood can affect a patient's ability to make informed decisions, so soft mood or readiness monitoring may help identify when someone is anxious, confused, or not prepared to process important information. This would simply guide the timing of consent and never replace the patient's own choice. Dynamic consent is particularly helpful for people whose preferences or decision-making ability change over time, such as patients with long-term conditions, cognitive decline, mental health challenges, or rare conditions, as it gives them more control and confidence throughout their care journey.
6. Product Development
What are the security threats in the supply chain for sensors or other equipment? How will processes help product development validate products and services?
Security threats in the supply chain for sensors and other clinical equipment include counterfeit components, hidden backdoors, malicious firmware, data interception during manufacturing or distribution, and the introduction of insecure modules that compromise clinical networks once deployed. These risks can lead to corrupted data streams, inaccurate sensor readings, privacy breaches, and unsafe behaviour in AI systems that depend on these devices.
Strong processes such as supplier verification, secure procurement checks, hardware and firmware integrity testing, continuous vulnerability scanning, and independent certification can help product teams validate that each component is authentic, safe, and trustworthy. These processes create a clear chain of evidence showing that devices, data flows, and AI services have been thoroughly checked, making it easier for healthcare providers and regulators to trust the final product.
7. Forensic Data
What is custody of data? Why is maintaining this important for hospitals? What are the main challenges of custody of data with many healthcare devices used in care?
Custody of data refers to a clear and traceable record of who collected the data, how it was stored, who accessed it, and how it was used at every stage of its life. Maintaining this is important for hospitals because it protects patient safety, supports legal and regulatory responsibilities, and ensures that clinical decisions and investigations can rely on accurate and trustworthy information. When an incident occurs, hospitals must be able to show exactly where the data came from, who handled it, and whether it was altered, which is only possible with strong custody records.
The main challenges come from the large number of healthcare devices now involved in patient care, such as bedside monitors, pumps, imaging systems, wearables, and remote sensors. These devices generate continuous streams of data that pass through different networks, systems, suppliers, and storage layers. Each handover increases the risk of gaps in tracking, loss of traceability, device misconfiguration, and difficulty proving the integrity of the data. Ensuring strong custody across this complex ecosystem requires consistent standards, secure device management, and clear ownership of responsibility across clinical and technical teams.
8. Commercial Challenges
What are the challenges faced by businesses? What products are healthcare organisations buying? What are the emerging demands for companies?
Businesses face several challenges when working with secure AI and digital health technologies. These include long procurement cycles in healthcare, complex regulatory requirements, limited access to high quality clinical data, and the difficulty of proving safety, trust, and real-world value to hospitals. Many companies also struggle with the cost of validation, integration with existing clinical systems, and the need to demonstrate clear benefits before hospitals will adopt their tools.
At present, healthcare organisations are mainly buying products that support clinical workflow automation, remote monitoring, secure data platforms, synthetic data tools, model governance dashboards, and solutions that help them meet new regulatory expectations. The emerging commercial demands are centred on safe AI integration, assurance of model performance, strong cyber-security, real-time monitoring of AI behaviour, transparent consent management, and systems that make data sharing between hospitals, SMEs, and researchers trustworthy and efficient. The workshop also highlighted that these issues are not all unique to healthcare and that lessons learned from delivering products in other sectors can be applied.
