# ETHICAL AI IN HEALTHCARE: Adversarial Robustness with Comprehensive Governance

**Author:** Dr. Priya Lakshmi Narayanan  
**Institution:** Institute of Cancer Research  
**Course:** Advanced Topics in AI for Healthcare

---

## Learning Objectives:
1. Understand technical vulnerabilities in medical AI systems
2. Apply ethical frameworks to AI development and deployment
3. Implement data governance and privacy-preserving techniques
4. Evaluate clinical translation requirements and stakeholder needs
5. Develop holistic understanding of responsible AI in healthcare

---

## This module demonstrates:
- **ETHICAL CONSIDERATIONS** in AI for healthcare
- **DATA GOVERNANCE** principles and best practices
- **TRANSLATIONAL RESEARCH** perspectives for clinical deployment

## Setup: Import Required Libraries

In [1]:
import numpy as np
import pandas as pd
import matplotlib.pyplot as plt
import seaborn as sns
from sklearn.model_selection import train_test_split
from sklearn.preprocessing import StandardScaler, LabelEncoder
from sklearn.metrics import classification_report, confusion_matrix
from sklearn.datasets import make_classification
import tensorflow as tf
from tensorflow import keras
from datetime import datetime
import hashlib
import json
import warnings
import os

warnings.filterwarnings('ignore')

# Set random seeds for reproducibility
np.random.seed(42)
tf.random.set_seed(42)

print("✓ Libraries imported successfully")
print(f"TensorFlow version: {tf.__version__}")
print(f"NumPy version: {np.__version__}")
print(f"Pandas version: {pd.__version__}")

✓ Libraries imported successfully
TensorFlow version: 2.19.0
NumPy version: 2.0.2
Pandas version: 2.2.2


## MODULE 1: ETHICAL FRAMEWORK AND PRINCIPLES

Based on:
- Beauchamp & Childress's Four Principles (Biomedical Ethics)
- WHO Guidelines on Ethics and Governance of AI for Health
- IEEE P7000 Standards for Ethical AI Design
- UK NHS AI Ethics Framework

In [2]:
class EthicalFramework:
    """
    Comprehensive ethical framework for AI in healthcare.
    """

    PRINCIPLES = {
        'beneficence': 'Maximize benefits and minimize harm to patients',
        'non_maleficence': 'Do no harm - ensure safety and robustness',
        'autonomy': 'Respect patient and clinician decision-making',
        'justice': 'Ensure fairness and equitable access',
        'transparency': 'Make AI systems explainable and auditable',
        'privacy': 'Protect patient confidentiality and data rights',
        'accountability': 'Establish clear lines of responsibility'
    }

    def __init__(self):
        self.ethical_checklist = []
        self.risk_assessments = []

    def log_ethical_consideration(self, principle, action, rationale):
        """Log ethical decisions made during development"""
        self.ethical_checklist.append({
            'timestamp': datetime.now().isoformat(),
            'principle': principle,
            'action': action,
            'rationale': rationale
        })
        print(f"   [ETHICS] {principle.upper()}: {action}")

    def assess_dual_use_risk(self, technology_description):
        """
        Assess potential for misuse (dual-use concern).

        Teaching Note: Adversarial attack techniques could be misused to:
        - Manipulate medical records
        - Evade disease detection systems
        - Create fraudulent insurance claims

        Mitigation: Responsible disclosure, defensive focus, educational framing
        """
        risk_level = 'MODERATE'  # For educational adversarial research

        self.risk_assessments.append({
            'technology': technology_description,
            'risk_level': risk_level,
            'mitigation': 'Educational context only; emphasis on defense mechanisms',
            'timestamp': datetime.now().isoformat()
        })

        print(f"\n   [DUAL-USE ASSESSMENT]")
        print(f"   Technology: {technology_description}")
        print(f"   Risk Level: {risk_level}")
        print(f"   Ethical Consideration: Teaching adversarial attacks requires careful framing")
        print(f"   Mitigation: Focus on defensive applications and clinical safety")

        return risk_level

    def generate_ethics_report(self):
        """Generate comprehensive ethics documentation"""
        report = {
            'ethical_framework': self.PRINCIPLES,
            'decisions_log': self.ethical_checklist,
            'risk_assessments': self.risk_assessments,
            'generated_at': datetime.now().isoformat()
        }
        return report

print("✓ Ethical Framework class defined")

✓ Ethical Framework class defined


## MODULE 2: DATA GOVERNANCE AND PRIVACY

Implements:
- HIPAA Privacy Rule compliance
- GDPR Article 9 (Special Category Data)
- De-identification standards (HIPAA Safe Harbor)
- Data provenance and lineage tracking
- Access control and audit logging

In [3]:
class DataGovernanceFramework:
    """
    Comprehensive data governance for healthcare AI.
    """

    def __init__(self):
        self.data_lineage = []
        self.access_log = []
        self.consent_records = {}
        self.deidentification_methods = []

    def verify_deidentification(self, dataframe, identifier_columns):
        """
        Verify proper de-identification of patient data.

        HIPAA Safe Harbor Method requires removal of 18 identifiers:
        - Names, geographic subdivisions, dates, contact information, etc.

        Teaching Note: Real clinical deployment requires IRB approval and
        proper consent for secondary use of data.
        """
        print("\n   [DATA GOVERNANCE] Verifying De-identification")

        phi_identifiers = {
            'direct': ['name', 'patient_name', 'ssn', 'medical_record_number', 'patient_id'],
            'quasi': ['date_of_birth', 'admission_date', 'zip_code', 'age_over_89'],
            'contact': ['phone', 'email', 'address', 'ip_address']
        }

        found_identifiers = []
        for category, identifiers in phi_identifiers.items():
            for col in dataframe.columns:
                if any(identifier.lower() in col.lower() for identifier in identifiers):
                    found_identifiers.append((category, col))

        if found_identifiers:
            print(f"   ⚠ WARNING: Potential identifiers found: {found_identifiers}")
            print(f"   Action Required: Review and remove/pseudonymize these fields")
            return False
        else:
            print(f"   ✓ No direct identifiers detected in column names")
            print(f"   Note: Statistical disclosure risk still requires assessment")
            return True

    def log_data_access(self, user, action, dataset_name, purpose):
        """Maintain audit trail for regulatory compliance"""
        access_record = {
            'timestamp': datetime.now().isoformat(),
            'user': user,
            'action': action,
            'dataset': dataset_name,
            'purpose': purpose,
            'ip_hash': hashlib.sha256(b'educational_environment').hexdigest()[:16]
        }
        self.access_log.append(access_record)

    def track_data_provenance(self, dataset_name, source, transformations):
        """
        Track data lineage for reproducibility and accountability.

        Critical for:
        - Regulatory audits (FDA, EMA)
        - Scientific reproducibility
        - Error tracing and correction
        """
        provenance_record = {
            'dataset': dataset_name,
            'source': source,
            'transformations': transformations,
            'timestamp': datetime.now().isoformat(),
            'version': hashlib.sha256(str(transformations).encode()).hexdigest()[:16]
        }
        self.data_lineage.append(provenance_record)
        print(f"   [PROVENANCE] Tracked: {dataset_name} (version: {provenance_record['version']}))")

    def assess_privacy_risk(self, dataset, k_anonymity_threshold=5):
        """
        Assess re-identification risk using k-anonymity concept.
        """
        print(f"\n   [PRIVACY ASSESSMENT]")
        print(f"   K-anonymity threshold: {k_anonymity_threshold}")
        print(f"   Assessment: Educational synthetic/aggregated data - Low re-identification risk")
        print(f"   Clinical deployment: Requires formal privacy impact assessment (PIA)")

        return {'risk_level': 'LOW', 'reason': 'Synthetic/aggregated educational data'}

    def document_consent_basis(self, data_source, legal_basis):
        """
        Document legal basis for data processing.

        GDPR requires explicit legal basis:
        - Consent (Article 6.1.a)
        - Research in public interest (Article 9.2.j)
        - Clinical care necessity (Article 9.2.h)
        """
        self.consent_records[data_source] = {
            'legal_basis': legal_basis,
            'documented_at': datetime.now().isoformat()
        }
        print(f"   [CONSENT] {data_source}: {legal_basis}")

print("✓ Data Governance Framework class defined")

✓ Data Governance Framework class defined


## MODULE 3: CLINICAL TRANSLATION FRAMEWORK

Bridge research to clinical practice with safety and efficacy focus.

Based on:
- FDA Software as Medical Device (SaMD) guidance
- TRIPOD Statement (Transparent Reporting of Prediction Models)
- STARD Guidelines (Diagnostic Accuracy Studies)
- CONSORT-AI Extension (Clinical Trials for AI)

In [4]:
class ClinicalTranslationFramework:
    """
    Bridge research to clinical practice with safety and efficacy focus.
    """

    TRANSLATION_STAGES = {
        'T0': 'Basic research and discovery',
        'T1': 'Proof of concept in controlled settings',
        'T2': 'Clinical validation and efficacy studies',
        'T3': 'Implementation and dissemination',
        'T4': 'Population health impact assessment'
    }

    def __init__(self):
        self.validation_results = {}
        self.stakeholder_requirements = {}
        self.deployment_checklist = []

    def assess_translation_stage(self, current_stage='T1'):
        """Identify current translation stage and requirements"""
        print(f"\n   [TRANSLATION] Current Stage: {current_stage}")
        print(f"   Description: {self.TRANSLATION_STAGES[current_stage]}")

        if current_stage == 'T1':
            print("\n   Requirements for T1→T2 progression:")
            print("   • Validation on independent clinical cohort")
            print("   • Prospective study design (avoid retrospective bias)")
            print("   • Clinical expert evaluation of predictions")
            print("   • Safety monitoring protocol")
            print("   • Regulatory pathway identification (FDA 510(k), De Novo, PMA)")

    def evaluate_clinical_utility(self, model, test_data, test_labels, clinical_threshold):
        """
        Assess clinical utility beyond statistical metrics.

        Teaching Note: High AUC ≠ Clinical Utility
        - Consider clinical workflow integration
        - Assess impact on patient outcomes
        - Evaluate cost-effectiveness
        - Measure clinician trust and adoption
        """
        from sklearn.metrics import roc_auc_score, confusion_matrix

        predictions = (model.predict(test_data).flatten() > clinical_threshold).astype(int)
        cm = confusion_matrix(test_labels, predictions)

        if cm.shape == (2, 2):
            tn, fp, fn, tp = cm.ravel()

            # Clinical metrics
            sensitivity = tp / (tp + fn) if (tp + fn) > 0 else 0
            specificity = tn / (tn + fp) if (tn + fp) > 0 else 0
            ppv = tp / (tp + fp) if (tp + fp) > 0 else 0
            npv = tn / (tn + fn) if (tn + fn) > 0 else 0

            print(f"\n   [CLINICAL UTILITY ASSESSMENT]")
            print(f"   Sensitivity (Recall):    {sensitivity:.3f} - Critical for disease screening")
            print(f"   Specificity:             {specificity:.3f} - Reduces false alarms")
            print(f"   PPV (Precision):         {ppv:.3f} - Confidence in positive prediction")
            print(f"   NPV:                     {npv:.3f} - Confidence in negative prediction")
            print(f"\n   Clinical Interpretation:")

            if sensitivity < 0.85:
                print(f"   ⚠ Low sensitivity - May miss true cases (false negatives)")
                print(f"     Risk: Delayed diagnosis, adverse patient outcomes")

            if specificity < 0.85:
                print(f"   ⚠ Low specificity - High false positive rate")
                print(f"     Risk: Unnecessary treatments, patient anxiety, resource waste")

            if ppv < 0.7:
                print(f"   ⚠ Low PPV - Many positive predictions are false")
                print(f"     Impact: Clinician trust, unnecessary follow-up procedures")

            return {
                'sensitivity': sensitivity,
                'specificity': specificity,
                'ppv': ppv,
                'npv': npv,
                'clinical_threshold': clinical_threshold
            }

    def assess_deployment_readiness(self, model_performance, robustness_metrics):
        """Evaluate readiness for clinical deployment."""
        print(f"\n   [DEPLOYMENT READINESS ASSESSMENT]")
        print(f"   {'='*60}")

        checklist = {
            'Statistical Performance': model_performance.get('auc', 0) > 0.80,
            'Adversarial Robustness': robustness_metrics.get('defended_accuracy', 0) > 0.75,
            'Clinical Validation': False,  # Requires prospective study
            'Regulatory Pathway': False,   # Requires submission
            'Safety Monitoring': False,    # Requires infrastructure
            'Stakeholder Engagement': False  # Requires clinician feedback
        }

        for criterion, status in checklist.items():
            symbol = '✓' if status else '✗'
            print(f"   {symbol} {criterion:<30s} {'COMPLETE' if status else 'REQUIRED'}")

        readiness_score = sum(checklist.values()) / len(checklist) * 100
        print(f"\n   Overall Readiness: {readiness_score:.0f}%")

        if readiness_score < 100:
            print(f"   ⚠ NOT READY for clinical deployment")
            print(f"   Status: Research prototype - Educational/investigational use only")

        return checklist

    def engage_stakeholders(self, stakeholder_group, requirements):
        """Document stakeholder requirements and concerns."""
        self.stakeholder_requirements[stakeholder_group] = requirements
        print(f"\n   [STAKEHOLDER: {stakeholder_group}]")
        for req in requirements:
            print(f"   • {req}")

print("✓ Clinical Translation Framework class defined")

✓ Clinical Translation Framework class defined


## MODULE 4: FAIRNESS AND BIAS EVALUATION

In [5]:
class FairnessAuditor:
    """
    Evaluate model fairness across protected demographic groups.

    Fairness Metrics:
    - Demographic Parity: Equal positive prediction rates
    - Equalized Odds: Equal TPR and FPR across groups
    - Predictive Parity: Equal PPV across groups
    """

    def __init__(self):
        self.fairness_results = {}

    def evaluate_demographic_parity(self, predictions, sensitive_attribute, attribute_name):
        """Check if positive prediction rate is equal across groups."""
        unique_groups = np.unique(sensitive_attribute)
        positive_rates = {}

        print(f"\n   [FAIRNESS AUDIT] Demographic Parity - {attribute_name}")

        for group in unique_groups:
            group_mask = sensitive_attribute == group
            group_predictions = predictions[group_mask]
            positive_rate = np.mean(group_predictions)
            positive_rates[group] = positive_rate
            print(f"   Group {group}: {positive_rate:.3f} positive prediction rate")

        # Calculate disparity
        rates = list(positive_rates.values())
        max_disparity = max(rates) - min(rates)

        if max_disparity > 0.10:  # 10% threshold
            print(f"   ⚠ DISPARITY DETECTED: {max_disparity:.3f} difference")
            print(f"   Action: Investigate potential bias in training data or features")
        else:
            print(f"   ✓ Acceptable demographic parity (disparity: {max_disparity:.3f})")

        return positive_rates, max_disparity

    def evaluate_equalized_odds(self, y_true, y_pred, sensitive_attribute, attribute_name):
        """Check if TPR and FPR are equal across groups."""
        unique_groups = np.unique(sensitive_attribute)

        print(f"\n   [FAIRNESS AUDIT] Equalized Odds - {attribute_name}")

        group_metrics = {}
        for group in unique_groups:
            group_mask = sensitive_attribute == group
            y_true_group = y_true[group_mask]
            y_pred_group = y_pred[group_mask]

            if len(y_true_group) > 0:
                cm = confusion_matrix(y_true_group, y_pred_group)
                if cm.shape == (2, 2):
                    tn, fp, fn, tp = cm.ravel()
                    tpr = tp / (tp + fn) if (tp + fn) > 0 else 0
                    fpr = fp / (fp + tn) if (fp + tn) > 0 else 0

                    group_metrics[group] = {'TPR': tpr, 'FPR': fpr}
                    print(f"   Group {group}: TPR={tpr:.3f}, FPR={fpr:.3f}")

        # Check for disparities
        if len(group_metrics) >= 2:
            tprs = [m['TPR'] for m in group_metrics.values()]
            fprs = [m['FPR'] for m in group_metrics.values()]

            tpr_disparity = max(tprs) - min(tprs)
            fpr_disparity = max(fprs) - min(fprs)

            print(f"\n   TPR Disparity: {tpr_disparity:.3f}")
            print(f"   FPR Disparity: {fpr_disparity:.3f}")

            if tpr_disparity > 0.10 or fpr_disparity > 0.10:
                print(f"   ⚠ Fairness concern - Consider bias mitigation strategies")
            else:
                print(f"   ✓ Acceptable equalized odds")

        return group_metrics

print("✓ Fairness Auditor class defined")

✓ Fairness Auditor class defined


## MODULE 5: ADVERSARIAL ROBUSTNESS WITH ETHICAL CONTEXT

In [18]:
def build_robust_model(input_dim, name="healthcare_model"):
    """
    Build neural network with robustness considerations.

    Ethical Design Choices:
    - Dropout for uncertainty quantification
    - L2 regularization to prevent overfitting to spurious correlations
    - Calibrated outputs for confident predictions only
    """
    model = keras.Sequential([
        keras.layers.Dense(64, activation='relu', input_shape=(input_dim,),
                          kernel_regularizer=keras.regularizers.l2(0.01)),
        keras.layers.Dropout(0.3),  # Uncertainty estimation
        keras.layers.BatchNormalization(),
        keras.layers.Dense(32, activation='relu',
                          kernel_regularizer=keras.regularizers.l2(0.01)),
        keras.layers.Dropout(0.3),
        keras.layers.Dense(16, activation='relu'),
        keras.layers.Dense(1, activation='sigmoid')  # Calibrated probabilities
    ], name=name)

    model.compile(
        optimizer='adam',
        loss='binary_crossentropy',
        metrics=['accuracy', keras.metrics.AUC(name='auc')]
    )

    return model


def fgsm_attack_with_safety_bounds(model, x, y, epsilon, feature_bounds=None):
    """
    Fast Gradient Sign Method with clinical safety constraints.

    Ethical Consideration: Perturbations must remain clinically plausible
    - Blood pressure cannot be negative
    - Age cannot decrease
    - Categorical variables have discrete values
    """
    x_tensor = tf.convert_to_tensor(x, dtype=tf.float32)
    y_tensor = tf.convert_to_tensor(y, dtype=tf.float32)

    # FIX: Reshape y_tensor to match model output shape (batch_size, 1)
    y_tensor = tf.reshape(y_tensor, (-1, 1))

    with tf.GradientTape() as tape:
        tape.watch(x_tensor)
        prediction = model(x_tensor)
        loss = keras.losses.binary_crossentropy(y_tensor, prediction)

    gradient = tape.gradient(loss, x_tensor)
    signed_grad = tf.sign(gradient)

    # Apply perturbation
    adversarial = x_tensor + epsilon * signed_grad

    # Apply safety bounds if provided (ensure clinical plausibility)
    if feature_bounds is not None:
        for i, (min_val, max_val) in enumerate(feature_bounds):
            adversarial[:, i] = tf.clip_by_value(adversarial[:, i], min_val, max_val)

    return adversarial.numpy()

print("✓ Fixed adversarial attack function defined")
print("✓ Model building and adversarial attack functions defined")

✓ Fixed adversarial attack function defined
✓ Model building and adversarial attack functions defined


## DATA LOADING: Choose Your Data Source

**Option 1:** Synthetic educational data (default - no files required)  
**Option 2:** Load from `coad_msi_mutation_details.csv`

### Configure your data source below:

In [7]:
# ============================================================================
# USER CONFIGURATION: Choose your data source
# ============================================================================

# Set DATA_SOURCE to either 'synthetic' or 'csv'
DATA_SOURCE = 'synthetic'  # Change to 'csv' to use your CSV file

# If using CSV, specify the file path
CSV_FILE_PATH = 'coad_msi_mutation_details.csv'

print(f"Data source configured: {DATA_SOURCE}")

Data source configured: synthetic


In [8]:
def load_synthetic_data():
    """
    Generate synthetic medical data for educational purposes.

    This creates a realistic dataset without using real patient data,
    ensuring complete privacy protection.
    """
    print("\n" + "="*80)
    print("LOADING SYNTHETIC EDUCATIONAL DATA")
    print("="*80)

    X_synthetic, y_synthetic = make_classification(
        n_samples=500,
        n_features=8,
        n_informative=6,
        n_classes=2,
        weights=[0.7, 0.3],
        random_state=42
    )

    feature_names = ['clinical_feature_' + str(i) for i in range(8)]
    df_synthetic = pd.DataFrame(X_synthetic, columns=feature_names)
    df_synthetic['outcome'] = y_synthetic

    print(f"\n   ✓ Generated synthetic dataset")
    print(f"   • Samples: {len(df_synthetic)}")
    print(f"   • Features: {len(feature_names)}")
    print(f"   • Outcome distribution: {dict(df_synthetic['outcome'].value_counts())}")
    print(f"   • Data type: Synthetic (no real patient data)")

    return df_synthetic, feature_names, 'Synthetic Educational Data'


def load_coad_csv_data(csv_path):
    """
    Load COAD MSI mutation data from CSV file.

    This function loads real research data and performs necessary
    preprocessing while maintaining data governance standards.
    """
    print("\n" + "="*80)
    print("LOADING COAD MSI MUTATION DATA FROM CSV")
    print("="*80)

    if not os.path.exists(csv_path):
        raise FileNotFoundError(
            f"CSV file not found: {csv_path}\n"
            f"Please ensure 'coad_msi_mutation_details.csv' is in the current directory\n"
            f"or change DATA_SOURCE to 'synthetic' to use synthetic data instead."
        )

    # Load CSV
    df = pd.read_csv(csv_path)
    print(f"\n   ✓ Loaded CSV file: {csv_path}")
    print(f"   • Total rows: {len(df)}")
    print(f"   • Total columns: {len(df.columns)}")

    # Display column names
    print(f"\n   Available columns:")
    for col in df.columns:
        print(f"   • {col}")

    # Create binary outcome from mutation_status
    if 'mutation_status' in df.columns:
        # MSI = 1 (positive), MSS = 0 (negative)
        df['outcome'] = (df['mutation_status'] == 'MSI').astype(int)
        print(f"\n   ✓ Created binary outcome from mutation_status")
        print(f"   • MSI (positive): {sum(df['outcome'] == 1)}")
        print(f"   • MSS (negative): {sum(df['outcome'] == 0)}")
    elif 'outcome' in df.columns:
        # Outcome already exists
        print(f"\n   ✓ Using existing 'outcome' column")
    else:
        raise ValueError(
            "CSV file must contain either 'mutation_status' or 'outcome' column\n"
            "Available columns: " + ", ".join(df.columns)
        )

    # Select numeric features for modeling
    # Prioritize: age, num_msi_mutations, survival_time
    potential_features = ['age', 'num_msi_mutations', 'survival_time']

    # Add any other numeric columns
    numeric_cols = df.select_dtypes(include=[np.number]).columns.tolist()
    numeric_cols = [col for col in numeric_cols if col not in ['outcome'] + potential_features]

    # Combine features
    feature_cols = [col for col in potential_features if col in df.columns] + numeric_cols[:5]

    # Handle missing values
    df_clean = df[feature_cols + ['outcome']].copy()

    # Fill missing numeric values with median
    for col in feature_cols:
        if df_clean[col].dtype in [np.float64, np.int64]:
            median_val = df_clean[col].median()
            df_clean[col].fillna(median_val, inplace=True)

    # Remove rows with missing outcome
    df_clean = df_clean.dropna(subset=['outcome'])

    print(f"\n   ✓ Preprocessed data")
    print(f"   • Selected features: {feature_cols}")
    print(f"   • Final sample size: {len(df_clean)}")
    print(f"   • Outcome distribution: {dict(df_clean['outcome'].value_counts())}")

    return df_clean, feature_cols, 'TCGA COAD MSI Mutation Data'


def load_data(data_source='synthetic', csv_path=None):
    """
    Universal data loading function.

    Parameters:
    -----------
    data_source : str
        Either 'synthetic' or 'csv'
    csv_path : str
        Path to CSV file (required if data_source='csv')

    Returns:
    --------
    df : DataFrame
        Preprocessed data with features and outcome
    feature_names : list
        List of feature column names
    dataset_name : str
        Descriptive name of the dataset
    """
    if data_source.lower() == 'synthetic':
        return load_synthetic_data()
    elif data_source.lower() == 'csv':
        if csv_path is None:
            raise ValueError("csv_path must be provided when data_source='csv'")
        return load_coad_csv_data(csv_path)
    else:
        raise ValueError(f"Invalid data_source: {data_source}. Must be 'synthetic' or 'csv'")

print("✓ Data loading functions defined")

✓ Data loading functions defined


### Load the selected dataset:

In [9]:
# Load data based on configuration
try:
    df_data, feature_names, dataset_name = load_data(
        data_source=DATA_SOURCE,
        csv_path=CSV_FILE_PATH if DATA_SOURCE == 'csv' else None
    )
    print(f"\n{'='*80}")
    print(f"✓ Successfully loaded: {dataset_name}")
    print(f"{'='*80}")
except Exception as e:
    print(f"\n⚠ ERROR loading data: {e}")
    print(f"\nTip: If you want to use synthetic data, set DATA_SOURCE = 'synthetic' above")
    raise


LOADING SYNTHETIC EDUCATIONAL DATA

   ✓ Generated synthetic dataset
   • Samples: 500
   • Features: 8
   • Outcome distribution: {0: np.int64(348), 1: np.int64(152)}
   • Data type: Synthetic (no real patient data)

✓ Successfully loaded: Synthetic Educational Data


## COMPREHENSIVE ETHICAL AI WORKFLOW

Now we'll run the complete analysis integrating:
1. Ethical Framework
2. Data Governance
3. Clinical Translation
4. Model Development
5. Fairness Evaluation
6. Adversarial Robustness Testing

### STEP 1: Establish Ethical Framework

In [10]:
print("=" * 80)
print("STEP 1: ESTABLISH ETHICAL FRAMEWORK")
print("=" * 80)

ethics = EthicalFramework()
governance = DataGovernanceFramework()
translation = ClinicalTranslationFramework()
fairness = FairnessAuditor()

# Document ethical basis for research
ethics.log_ethical_consideration(
    'beneficence',
    'Developing adversarial robustness techniques',
    'Improves safety and reliability of medical AI systems, protecting patients from prediction errors'
)

ethics.log_ethical_consideration(
    'transparency',
    'Open-source educational materials with full documentation',
    'Enables peer review and promotes responsible AI literacy in healthcare community'
)

# Assess dual-use risk
ethics.assess_dual_use_risk(
    'Adversarial attack techniques for medical AI systems'
)

STEP 1: ESTABLISH ETHICAL FRAMEWORK
   [ETHICS] BENEFICENCE: Developing adversarial robustness techniques
   [ETHICS] TRANSPARENCY: Open-source educational materials with full documentation

   [DUAL-USE ASSESSMENT]
   Technology: Adversarial attack techniques for medical AI systems
   Risk Level: MODERATE
   Ethical Consideration: Teaching adversarial attacks requires careful framing
   Mitigation: Focus on defensive applications and clinical safety


'MODERATE'

### STEP 2: Data Governance and Privacy Protection

In [11]:
print("\n" + "=" * 80)
print("STEP 2: DATA GOVERNANCE AND PRIVACY PROTECTION")
print("=" * 80)

# Document consent basis
if DATA_SOURCE == 'csv':
    governance.document_consent_basis(
        'TCGA Colorectal Cancer Dataset',
        'Public research resource - GDPR Article 9.2.j (Research in public interest)'
    )
else:
    governance.document_consent_basis(
        'Synthetic Educational Dataset',
        'Synthetic data generated for educational purposes - No patient data'
    )

# Log data access
governance.log_data_access(
    user='instructor@university.edu',
    action='Model Training',
    dataset_name=dataset_name,
    purpose='Teaching adversarial robustness concepts'
)

# Track data provenance
if DATA_SOURCE == 'csv':
    governance.track_data_provenance(
        dataset_name=dataset_name,
        source=CSV_FILE_PATH,
        transformations=['Missing value imputation', 'Feature selection', 'Train-test split', 'Standardization']
    )
else:
    governance.track_data_provenance(
        dataset_name=dataset_name,
        source='sklearn.make_classification',
        transformations=['Synthetic generation', 'Train-test split', 'Standardization']
    )

# Verify de-identification
governance.verify_deidentification(df_data, identifier_columns=[])

# Assess privacy risk
governance.assess_privacy_risk(df_data, k_anonymity_threshold=5)


STEP 2: DATA GOVERNANCE AND PRIVACY PROTECTION
   [CONSENT] Synthetic Educational Dataset: Synthetic data generated for educational purposes - No patient data
   [PROVENANCE] Tracked: Synthetic Educational Data (version: 8d49e00fdf70eb13))

   [DATA GOVERNANCE] Verifying De-identification
   ✓ No direct identifiers detected in column names
   Note: Statistical disclosure risk still requires assessment

   [PRIVACY ASSESSMENT]
   K-anonymity threshold: 5
   Assessment: Educational synthetic/aggregated data - Low re-identification risk
   Clinical deployment: Requires formal privacy impact assessment (PIA)


{'risk_level': 'LOW', 'reason': 'Synthetic/aggregated educational data'}

### STEP 3: Clinical Translation Framework

In [12]:
print("\n" + "=" * 80)
print("STEP 3: CLINICAL TRANSLATION FRAMEWORK")
print("=" * 80)

# Assess current translation stage
translation.assess_translation_stage('T1')

# Engage stakeholders
translation.engage_stakeholders(
    'Clinicians',
    [
        'Model predictions must include confidence intervals',
        'Explanations must be clinically interpretable',
        'Integration with existing EHR workflow required',
        'Liability and clinical oversight framework needed'
    ]
)

translation.engage_stakeholders(
    'Patients',
    [
        'Right to know when AI is used in care decisions',
        'Right to opt-out or request human review',
        'Protection against discriminatory algorithmic bias',
        'Privacy and data security guarantees'
    ]
)


STEP 3: CLINICAL TRANSLATION FRAMEWORK

   [TRANSLATION] Current Stage: T1
   Description: Proof of concept in controlled settings

   Requirements for T1→T2 progression:
   • Validation on independent clinical cohort
   • Prospective study design (avoid retrospective bias)
   • Clinical expert evaluation of predictions
   • Safety monitoring protocol
   • Regulatory pathway identification (FDA 510(k), De Novo, PMA)

   [STAKEHOLDER: Clinicians]
   • Model predictions must include confidence intervals
   • Explanations must be clinically interpretable
   • Integration with existing EHR workflow required
   • Liability and clinical oversight framework needed

   [STAKEHOLDER: Patients]
   • Right to know when AI is used in care decisions
   • Right to opt-out or request human review
   • Protection against discriminatory algorithmic bias
   • Privacy and data security guarantees


### STEP 4: Model Development with Ethical Safeguards

In [13]:
print("\n" + "=" * 80)
print("STEP 4: MODEL DEVELOPMENT WITH ROBUSTNESS")
print("=" * 80)

# Prepare data
X = df_data[feature_names].values
y = df_data['outcome'].values

X_train, X_test, y_train, y_test = train_test_split(
    X, y, test_size=0.2, random_state=42, stratify=y
)

scaler = StandardScaler()
X_train = scaler.fit_transform(X_train)
X_test = scaler.transform(X_test)

print(f"\n   Data split:")
print(f"   • Training samples: {len(X_train)}")
print(f"   • Test samples: {len(X_test)}")
print(f"   • Number of features: {X_train.shape[1]}")

# Build model with ethical design
print("\n   Building model with ethical design principles...")
model = build_robust_model(X_train.shape[1], name="ethical_healthcare_model")

# Train with early stopping (avoid overfitting)
early_stop = keras.callbacks.EarlyStopping(
    monitor='val_loss',
    patience=10,
    restore_best_weights=True
)

print("\n   Training model...")
history = model.fit(
    X_train, y_train,
    validation_split=0.2,
    epochs=50,
    batch_size=32,
    callbacks=[early_stop],
    verbose=0
)

# Evaluate performance
loss, accuracy, auc = model.evaluate(X_test, y_test, verbose=0)
print(f"\n   Model Performance:")
print(f"   • Test Accuracy: {accuracy:.4f}")
print(f"   • Test AUC: {auc:.4f}")


STEP 4: MODEL DEVELOPMENT WITH ROBUSTNESS

   Data split:
   • Training samples: 400
   • Test samples: 100
   • Number of features: 8

   Building model with ethical design principles...

   Training model...

   Model Performance:
   • Test Accuracy: 0.9300
   • Test AUC: 0.9369


### STEP 5: Clinical Utility Assessment

In [14]:
print("\n" + "=" * 80)
print("STEP 5: CLINICAL UTILITY ASSESSMENT")
print("=" * 80)

clinical_metrics = translation.evaluate_clinical_utility(
    model, X_test, y_test, clinical_threshold=0.5
)


STEP 5: CLINICAL UTILITY ASSESSMENT
[1m4/4[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 32ms/step

   [CLINICAL UTILITY ASSESSMENT]
   Sensitivity (Recall):    0.833 - Critical for disease screening
   Specificity:             0.971 - Reduces false alarms
   PPV (Precision):         0.926 - Confidence in positive prediction
   NPV:                     0.932 - Confidence in negative prediction

   Clinical Interpretation:
   ⚠ Low sensitivity - May miss true cases (false negatives)
     Risk: Delayed diagnosis, adverse patient outcomes


### STEP 6: Fairness and Bias Audit

In [15]:
print("\n" + "=" * 80)
print("STEP 6: FAIRNESS AND BIAS AUDIT")
print("=" * 80)

# Simulate protected attribute (e.g., demographic group)
# In real deployment, would use actual demographic data
simulated_demographic = np.random.choice([0, 1], size=len(X_test), p=[0.6, 0.4])

predictions = (model.predict(X_test).flatten() > 0.5).astype(int)

fairness.evaluate_demographic_parity(
    predictions, simulated_demographic, 'Demographic Group'
)

fairness.evaluate_equalized_odds(
    y_test, predictions, simulated_demographic, 'Demographic Group'
)


STEP 6: FAIRNESS AND BIAS AUDIT
[1m4/4[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 7ms/step 

   [FAIRNESS AUDIT] Demographic Parity - Demographic Group
   Group 0: 0.286 positive prediction rate
   Group 1: 0.243 positive prediction rate
   ✓ Acceptable demographic parity (disparity: 0.042)

   [FAIRNESS AUDIT] Equalized Odds - Demographic Group
   Group 0: TPR=0.810, FPR=0.024
   Group 1: TPR=0.889, FPR=0.036

   TPR Disparity: 0.079
   FPR Disparity: 0.012
   ✓ Acceptable equalized odds


{np.int64(0): {'TPR': np.float64(0.8095238095238095),
  'FPR': np.float64(0.023809523809523808)},
 np.int64(1): {'TPR': np.float64(0.8888888888888888),
  'FPR': np.float64(0.03571428571428571)}}

### STEP 7: Adversarial Robustness Evaluation

In [19]:
print("\n" + "=" * 80)
print("STEP 7: ADVERSARIAL ROBUSTNESS EVALUATION")
print("=" * 80)

print("\n   [SAFETY CONSIDERATION]")
print("   Testing robustness to adversarial perturbations is critical because:")
print("   • Malicious actors could manipulate inputs to evade detection")
print("   • Measurement errors or data corruption could occur in practice")
print("   • Model must be robust to small input variations for clinical safety")

# Test adversarial robustness
epsilon = 0.1
X_adversarial = fgsm_attack_with_safety_bounds(
    model, X_test, y_test, epsilon=epsilon
)

# Evaluate on adversarial examples
loss_adv, acc_adv, auc_adv = model.evaluate(X_adversarial, y_test, verbose=0)

print(f"\n   Adversarial Attack Results (ε={epsilon}):")
print(f"   • Clean Accuracy:       {accuracy:.4f}")
print(f"   • Adversarial Accuracy: {acc_adv:.4f}")
print(f"   • Accuracy Drop:        {(accuracy - acc_adv):.4f} ({(accuracy - acc_adv)/accuracy * 100:.1f}%)")

if (accuracy - acc_adv) > 0.15:
    print(f"\n   ⚠ SAFETY CONCERN: Model shows high vulnerability to adversarial perturbations")
    print(f"   Recommendation: Implement adversarial training or input validation before deployment")


STEP 7: ADVERSARIAL ROBUSTNESS EVALUATION

   [SAFETY CONSIDERATION]
   Testing robustness to adversarial perturbations is critical because:
   • Malicious actors could manipulate inputs to evade detection
   • Measurement errors or data corruption could occur in practice
   • Model must be robust to small input variations for clinical safety

   Adversarial Attack Results (ε=0.1):
   • Clean Accuracy:       0.9300
   • Adversarial Accuracy: 0.8700
   • Accuracy Drop:        0.0600 (6.5%)


### STEP 8: Deployment Readiness Assessment

In [20]:
print("\n" + "=" * 80)
print("STEP 8: DEPLOYMENT READINESS EVALUATION")
print("=" * 80)

model_performance = {'auc': auc, 'accuracy': accuracy}
robustness_metrics = {'defended_accuracy': acc_adv}

readiness = translation.assess_deployment_readiness(
    model_performance, robustness_metrics
)


STEP 8: DEPLOYMENT READINESS EVALUATION

   [DEPLOYMENT READINESS ASSESSMENT]
   ✓ Statistical Performance        COMPLETE
   ✓ Adversarial Robustness         COMPLETE
   ✗ Clinical Validation            REQUIRED
   ✗ Regulatory Pathway             REQUIRED
   ✗ Safety Monitoring              REQUIRED
   ✗ Stakeholder Engagement         REQUIRED

   Overall Readiness: 33%
   ⚠ NOT READY for clinical deployment
   Status: Research prototype - Educational/investigational use only


### STEP 9: Documentation and Reporting

In [21]:
print("\n" + "=" * 80)
print("STEP 9: DOCUMENTATION AND REPORTING")
print("=" * 80)

print("\n   Generating comprehensive documentation...")

# Ethics report
ethics_report = ethics.generate_ethics_report()

# Model card (following Model Cards for Model Reporting framework)
model_card = {
    'model_details': {
        'name': 'Ethical Healthcare AI Classifier',
        'version': '1.0-educational',
        'date': datetime.now().isoformat(),
        'type': 'Binary classification neural network',
        'intended_use': 'Educational demonstration only - NOT for clinical use',
        'dataset': dataset_name
    },
    'performance': {
        'accuracy': float(accuracy),
        'auc': float(auc),
        'clinical_metrics': clinical_metrics
    },
    'fairness': {
        'evaluated': True,
        'demographic_parity': 'Assessed',
        'equalized_odds': 'Assessed'
    },
    'robustness': {
        'adversarial_tested': True,
        'epsilon': epsilon,
        'adversarial_accuracy': float(acc_adv)
    },
    'limitations': [
        f'Trained on {dataset_name}',
        'Not validated on real clinical population' if DATA_SOURCE == 'synthetic' else 'Requires validation on independent cohort',
        'No prospective clinical validation',
        f'Moderate vulnerability to adversarial perturbations ({(accuracy - acc_adv)/accuracy * 100:.1f}% drop)',
        'Requires regulatory approval before clinical deployment'
    ],
    'ethical_considerations': ethics_report,
    'data_governance': {
        'provenance': governance.data_lineage,
        'access_log': governance.access_log
    }
}

# Save model card
with open('ethical_ai_model_card.json', 'w') as f:
    json.dump(model_card, f, indent=2, default=str)

print("   ✓ Model Card generated: ethical_ai_model_card.json")


STEP 9: DOCUMENTATION AND REPORTING

   Generating comprehensive documentation...
   ✓ Model Card generated: ethical_ai_model_card.json


## FINAL SUMMARY AND KEY TAKEAWAYS

In [22]:
print("\n" + "="*80)
print("LEARNING OUTCOMES - SUMMARY")
print("="*80)

print("\n1. ETHICAL FRAMEWORK APPLIED:")
print(f"   • Documented {len(ethics.ethical_checklist)} ethical decisions")
print(f"   • Assessed dual-use risks and mitigation strategies")
print(f"   • Applied principles of beneficence, transparency, and safety")

print("\n2. DATA GOVERNANCE IMPLEMENTED:")
print(f"   • Verified de-identification compliance")
print(f"   • Tracked data provenance and lineage")
print(f"   • Documented legal basis for data processing (GDPR)")
print(f"   • Maintained audit trail ({len(governance.access_log)} access records)")

print("\n3. CLINICAL TRANSLATION EVALUATED:")
print(f"   • Assessed translation stage (T1 - Proof of concept)")
print(f"   • Evaluated clinical utility beyond statistical metrics")
print(f"   • Engaged stakeholders (clinicians, patients)")
print(f"   • Identified deployment requirements and gaps")

print("\n4. FAIRNESS AND EQUITY ASSESSED:")
print(f"   • Evaluated demographic parity across groups")
print(f"   • Assessed equalized odds (TPR/FPR equity)")
print(f"   • Identified potential sources of algorithmic bias")

print("\n5. ROBUSTNESS AND SAFETY TESTED:")
print(f"   • Evaluated adversarial robustness (accuracy drop: {(accuracy - acc_adv):.2%})")
print(f"   • Identified vulnerability to perturbations")
print(f"   • Recommended mitigation strategies for deployment")

print("\n" + "="*80)
print("KEY TAKEAWAYS FOR RESPONSIBLE AI IN HEALTHCARE")
print("="*80)

print("""
1. TECHNICAL EXCELLENCE IS NECESSARY BUT NOT SUFFICIENT
   High accuracy alone does not ensure patient safety or clinical utility

2. ETHICAL FRAMEWORKS MUST BE INTEGRATED FROM THE START
   Ethics cannot be an afterthought - embed principles in design

3. DATA GOVERNANCE IS CRITICAL FOR TRUST AND COMPLIANCE
   Proper data handling, privacy protection, and documentation are essential

4. CLINICAL TRANSLATION REQUIRES MULTIDISCIPLINARY COLLABORATION
   Engage clinicians, patients, and regulators throughout development

5. FAIRNESS AND EQUITY DEMAND CONTINUOUS VIGILANCE
   Bias can emerge at any stage - requires ongoing monitoring and mitigation

6. ROBUSTNESS TESTING IS A SAFETY IMPERATIVE
   Healthcare AI must be robust to adversarial attacks and data perturbations

7. TRANSPARENCY AND DOCUMENTATION ENABLE ACCOUNTABILITY
   Comprehensive documentation supports auditing, debugging, and trust

8. KNOW YOUR LIMITATIONS AND COMMUNICATE THEM CLEARLY
   Be honest about what the model can and cannot do
""")

print("\n" + "="*80)
print("EXERCISE COMPLETE")
print("="*80)
print(f"\nDataset used: {dataset_name}")
print(f"Model accuracy: {accuracy:.4f}")
print(f"Adversarial robustness: {acc_adv:.4f}")
print(f"\nGenerated files:")
print(f"  • ethical_ai_model_card.json")


LEARNING OUTCOMES - SUMMARY

1. ETHICAL FRAMEWORK APPLIED:
   • Documented 2 ethical decisions
   • Assessed dual-use risks and mitigation strategies
   • Applied principles of beneficence, transparency, and safety

2. DATA GOVERNANCE IMPLEMENTED:
   • Verified de-identification compliance
   • Tracked data provenance and lineage
   • Documented legal basis for data processing (GDPR)
   • Maintained audit trail (1 access records)

3. CLINICAL TRANSLATION EVALUATED:
   • Assessed translation stage (T1 - Proof of concept)
   • Evaluated clinical utility beyond statistical metrics
   • Engaged stakeholders (clinicians, patients)
   • Identified deployment requirements and gaps

4. FAIRNESS AND EQUITY ASSESSED:
   • Evaluated demographic parity across groups
   • Assessed equalized odds (TPR/FPR equity)
   • Identified potential sources of algorithmic bias

5. ROBUSTNESS AND SAFETY TESTED:
   • Evaluated adversarial robustness (accuracy drop: 6.00%)
   • Identified vulnerability to pertur

## Discussion Questions for Students

1. **Ethical Trade-offs:** What are the potential consequences if this model were deployed clinically without the ethical and governance frameworks demonstrated here?

2. **Stakeholder Perspectives:** How might different stakeholders (patients, clinicians, administrators) prioritize the various ethical principles differently?

3. **Clinical Validation:** What additional validation studies would be required before clinical deployment?

4. **Transparency vs. Performance:** How can we balance model transparency (explainability) with performance?

5. **Fairness Mechanisms:** What mechanisms could detect and respond to fairness violations post-deployment?

6. **Liability Assignment:** How should liability be assigned if an AI system makes a harmful prediction?

7. **Security Implications:** What are the implications of adversarial vulnerability for medical AI security?

8. **Continuous Improvement:** How can we ensure continuous monitoring and improvement after deployment?

---

### End of Notebook

**Author:** Dr. Priya Lakshmi Narayanan  
**Contact:** priya.narayanan@icr.ac.uk  
**License:** Educational use only