A Quantitative Model for the Assessment of Ethics Risks in Information Technology

The management of sensitive and personal data in the healthcare sector must guarantee the widest respect of patients' fundamental rights. However, some quantitative evaluation framework for assessing the level of ethical compliance of a technology to the most important ethical principles is still missing. In this work, we first provide a model to quantitatively assess constitutive ethics, i.e., the intrinsic ethical compliance of a technology. Secondly, we propose a method for quantitatively assessing circumstantial ethics risks of a technology, when used in some specific context. Our ethics risk assessment model is based on the evaluation of the compliance of the technology to a defined set of controls about some ethical principles and about the robustness of the technological infrastructure underneath. Then, we validate our model by applying it to some recent health-related blockchain frameworks, and we compare a qualitative ethical assessment with the quantitative assessment made with the proposed model for constitutive ethics compliance. Through our assessment, we identify some technical choices that achieve the highest ethical scores, such as using a permissioned blockchain, off-chain storage, and encryption of data. Finally, we observe that the principles of privacy and data governance turn out to be the most satisfied ethical principles, contrary to fairness.