IntroductionThe aim of this paper is to point out possible dangers of implementing artificial intelligence doctors in hospitals, how to manage potential hazards, and what approach should be taken by policy-makers to control and reduce the risks unpredictability of artificial intelligence doctor implementation. Structure of this paper will be as follows The first part will point out the likely threats from a health perspective, the second part will be referring to the potential risks coming from privacy perspective, the third part will be about giving as to how those risks can be assessed and lastly, the fourth part will introduce possible regulatory tools that could help policy-makers to control the risks mentioned in this paper.Risk regulation model is a model which is made of three different parts that, for the purpose of this paper, need to be clearly distinguished. For acquiring a better understanding of potential insecurities that can arise from the DigiDoc application, it is necessary to assess the possible risks which can arise from using cutting-edge technology. In order to achieve that, it is important to identify, analyze, and evaluate risk. The second important part of the risk assessment process as a whole is risk management, which helps regulators handle risk. The third part of the risk assessment process is risk communication. Communication is an integral part of the entire risk assessment process, so as to insure that everyone in the organization, including all the stakeholders are well informed about potential risk and its control.Potential risks from a health perspectiveHaving an artificial intelligence doctor in hospitals is a good idea in its root. It is not uncommon in these times to see that a lot of hospitals have artificial intelligence systems as a part of their “personnel”, but none of those artificial intelligence systems are put into the “driver seat”. They are mostly used as support for a human doctor or participate in some procedures that require extreme precision. A lot of risks can arise if one decides to replace a human doctor with an artificial intelligence one. From the health perspective, one of the dangers that could potentially arise from DigiDoc implementation is how can DigiDoc see the difference between different diagnoses which have several mutual symptoms such as nausea, headache, dizziness. Moreover, potential threats can appear when patients are expected to diagnose themselves. Patients are not experts in medicine and there is a high chance that people would not able to describe their symptoms correctly. Furthermore, some treatments require further examination by a human doctor, because some delicate parts of our body cannot be examined by an artificial intelligence doctor, for example eyes, or skin. An enormous advantage the DigiDoc application has over a human doctor is the ability to acquire knowledge at a rapid rate through cross-referencing different sources such as reports, published scientific papers, medical articles and others, while retaining the ability to properly sift through all the information and quickly decide the best course of action. However, we must take into account that the information the application collects is not always reliable and that there is a possibility the application chooses the latest cutting-edge studies which are not yet proven to be as effective as older more traditional but ultimately reliable procedures. There are also several other risks that should not stay unmentioned. One of them is that DigiDoc is an application that is made by the people from different fields of studies, and by a company that is well-known by its influence in the social media field but not in medicine. The question that can be posed is how much can the IT experts, application developers, software designers educated for creation of an artificial intelligence software that can examine and treat people? Another question to be asked is who will be liable for the damage caused when DigiDoc gives a wrong diagnosis?Potential risks from privacy perspectiveDigiDoc is an application that can be used both on mobile phones and personal computers. As such it subject to the same dangers as other applications which function with the use of internet as a means of communication. There is always a possibility of potential breach during which the intruders can steal people’s data from their devices. For ease of use and good user experience the developers of the application put a “login” system in place for patients so they could consult DigiDoc on daily basis, however this on the other side means that the people are using their names and e-mail addresses in order to get into a chatroom. The question is how secure that login system is and how well-designed the entire application is in preventing cyberattacks. In order to make DigiDoc work how it should, it is necessary to have a large database of medical records of all the patients and if an application is not efficient in protecting patients’ medical records hospitals could be in danger of having the data about patients’ condition, their social security numbers, names, ID numbers, date of birth, etc… stolen.How should the risks be assessed and managedIn this part, there will be suggestions on how risks from both a health and a privacy perspective should be assessed. Since the DigiDoc will be appointed to the position of a general practitioner it will be responsible for the largest amount of patients` diagnosis. Moreover, taking into account the scale of the both positive andpotential negative impact this change is going to have on the patients experience “it is important that stakeholders’ perception of the potential risks as well as their perception of benefits is identified”. “Risk perception is different from a stakeholders’ point of view than from the experts’ point of view, so it is important to inform the stakeholders because that will give decision-makers some insights of what stakeholders expect” from DigiDoc, and what are their concerns or issues are. Having in mind that DigiDoc collects information from scientific reports and published articles in order to give the best diagnosis a person, who oversees that only relevant data is allowed entry into DigiDoc database, should be appointed. By doing that there will be more precise diagnoses and the risks of giving a wrong diagnosis will be mitigated as well.Decision-makers should take into account that patients are not experts in medicine and that there is a high risk of people wrongly describing their symptoms in the DigiDoc chatroom. That kind of risk can be very frequent and in order to help people in describing their symptoms more precisely there should be some kind of questionnaire within DigiDoc application with understandable terms of symptoms, in order to help the people describe their symptoms more accurately.It is likely that a big database of medical records can be an attractive target for hackers. Decision-makers should conduct audits over the company which makes DigiDoc application to determine how well and secure the application is designed. Speaking about designing the application, IT engineers, software designers and data scientists should be aware that they are dealing with important data which can harm people if that data falls into the wrong hands. What IT engineers, software designers and data scientists should do is to make sure that the possibility of a breach is mitigated and to determine what kind of information DigiDoc application will process when giving an access to a chatroom, identifying person by its name, age, personalized number, etc…Another important thing while assessing and managing risks is how decision-makers analyse risks. Good risk analysis provides information about whether the risks need to be treated and what kind of treatment should be used. For better risk analysis hospitals should develop their own system of likelihood, consequences and description of risks, which can help decision-makers to prioritize risks. “On a likelihood scale, risks should be listed from those which are almost certain to occur to those which are unlikely to occur. On a consequence scale, risks should be listed from those which are minor to the most critical one. By using these scales, decision-makers should know how to manage risks and control risk impact.””Using the results from risk analysis, decision makers can easily evaluate risks and determine whether the risks are tolerable or unacceptable.” In order to evaluate risk, decision-makers should take into account the impact of each risk and cost of its control. Risk is tolerable if impact is so low that the cost of reducing it exceeds the benefit of not accepting its impact on the hospital. For example, possibility of DigiDoc not working properly on some patients’ device is lower than making sure that DigiDoc is giving correct diagnosis for every patientHospital’s decision-makers should know that they will be facing risks on daily basis and also they should know that some of the risk will sooner or later have big or small effects on the organization. Risk treatment policy should be developed as a part of risk assessment. When risk treatment policy is developed, decision-makers will know how to treat the risk by choosing one of several treatments. “Avoiding risk is one of the treatments that can be used if risk has a small or insignificant impact on organization. Another method in treating risk is its reduction, either likelihood of risk, consequences, or potentially both. When reducing risk, there should be a trade-off between risk level and its cost of reducing it. Those results decision-makers get from the previous step in risk assessment, risk analysis. Sharing is also one way of risk treatment. Sharing the risk means disclosure of valuable information in full or in part with another party.” In a case of DigiDoc application, sharing the risk is important, as said before patients are the one who get the biggest risk impact by implementing DigiDoc. When there is a good relationship between two parties, patients will know how their data is handled, and they will also continue to use DigiDoc and hospital will gain their trustWhen all other steps in risk assessment process are well developed, the last step is continues monitoring and reviewing of risk assessment. “Monitoring and review is an essential and integral step in the process of managing risk. It is necessary to monitor risks, the effectiveness of the plan, strategies and management system that have been set up to control implementation of the risk treatments.” Reasons why risk and strategies of the risk treatment should be monitored is because new circumstances can occur, new drug can come into the market, DigiDoc can improve itself, patients’ preferences can change and all that can cause that risk may have a bigger impact on organization. The process of review and monitoring ensures that risk management is a vital part of the organization’s business process.Possible regulatory tools that could be adopted by decision-makersIn the final part of this paper, here will be given possible regulatory tools that could be adopted to control the risks. Regulatory tools exist in order to help decision-makers to implement and use them in controlling various risks on daily basis. When summarizing everything that is stated in this paper it is easy to conclude that there are several options the decision-makers have at their disposal, and what they use depends on what kind of risk needs to be controlled. One of the regulatory tools is a standard-setting approach in controlling risks. Standard-setting is a tool that public powers use in order to set thresholds on a market. This regulatory tool can be used as a technical standard for DigiDoc application when it comes to how patients’ information is collected, handled, stored and protected. Those standards are industry standards and can be achieved by consulting experts from IT industry.In a time where fines are high, external audits are very frequent and when reputation can be so easily damaged complying with industry standards is just not enough. Decision-makers should develop organizational culture that sets the standards even higher than industry does. Also, organization should follow and stick to its ownrules, and that is achievable by implementing a good code of conduct which describes every step of organization’s daily business. Self-regulation is not just about giving a good example how business should be done, it also helps to the organization to adapt itself to quick changes that can jeopardize the organization, because those rules are more flexible than the state rules or industry standards.DigiDoc application will face a lot of request from public and also will be a cause of a lot of concerns when it comes to its functionality. Therefore, before it’s put into practice the decision-maker should also consult all the potential stakeholders such as patients and the government so they can give their insights on how the application is being developed and how it will work on daily basis. By doing that, public have a chance to regulate risks by controlling the development of the technology.Lastly, and maybe where the most effort should be put in regarding DigiDoc application is how the whole application will be designed in order to reduce risk impact. Using this regulatory tool, decision-makers will need to pay attention how DigiDoc application is designed, is it aligned with what the public wants, is application complied with industry standards.ConclusionIt is not hard to see with what kind of problems decision-makers face on daily basis when offering new product or service on a market. It is also not hard to conclude that risk assessment process is really complex but apart from being complex it also helps to identify, analyze, evaluate and control risks that may have big impact on organization and on the third parties. If risk assessment process is implemented as an integral part of the conducting business and is monitored regularly, decision-makers can be prepared to manage risk and reduce its impact on the business as a whole.