Rules for AI in the healthcare sector set by the Italian privacy authority

The Italian Privacy Authority issued a decalogue of rules on artificial intelligence in the healthcare that sets out principles that can be applicable to both public and private companies using AI.

Artificial intelligence (AI) systems are assuming an increasingly prominent role in healthcare services, however, the use of AI in this area can be particularly risky. ?This is why the Italian Privacy Authority, the Garante, recently decided to issue a decalogue of rules for the implementation of healthcare services in the public sector through AI systems that are useful for any business developing or reling on artificial intelligence.

Below are the most relevant points of the decalogue in our opinion:

1. The legal basis for processing personal data in the public healthcare sector must be the public interest, which requires a specific law allowing the use of AI and defining in detail the requirements to be met. Normally this requirement is met with a very detailed ministerial decree that also defines the technical measures to be met;

2. Businesses must be able to demonstrate that the solution was created in line with the principles of privacy by design. This requirement is normally met through documents and assessments drafted during product development;

3. The logic and metrics behind the algorithm must be disclosed in the privacy information notice and DPIA. Although this is an obligation for the data controller, the information will probably have to be provided by the vendor on whom the obligation consequently falls;

4. The data used to train the algorithm must be accurate and up-to-date. ?The problem with generative AI is that it is possible to train the algorithm to disregard specific information in evaluation, but once the algorithm has learned the information that information cannot be removed. ?The same issue arises in case of exercise of the right of objection by individuals, like patients;

5. The data controller must provide a very detailed DPIA that must include a risk and nondiscrimination analysis that is very reminiscent of the AI Act; and

6. The adequacy of the security measures implemented to protect the data processed must be demonstrated.

There is no doubt that the Italian data protection authority is trying to acquire a leading role within the European Union as authority of reference on artificial intelligence. ?This intent was already confirmed by the actions undertaken against OpenAI that led to the undertakings taken by OpenAI towards the Garante. ?You can read about it in this article “The Italian case on ChatGPT benchmarks generative AI’s privacy compliance?”.

On a similar topic, the article “The Power of Artificial Intelligence in Healthcare: Exploring Opportunities, Legal Obligations, and Risks” may be of interest.

The Future of Remote Gambling in Italy: Opportunities or Threats for Operators?

The remote gambling market in Italy is undergoing significant changes that could reshape its landscape, potentially transforming it into exclusive opportunities for a few operators, with daunting barriers to entry and unprecedented tax hikes.?Read more

Generative Artificial Intelligence in the LegalTech market

The rapid progress of artificial intelligence has enabled relevant changes and innovations in LegalTech, the applied technology supporting the legal sector. Let’s take a look together at the main fields of application, the latest trends in the market, and new products launched during the Legal Geek conference 2023. Read more

Legal Tech Tools and Offerings

Prisca AI Compliance

Prisca AI Compliance is turn-key solution to assess the maturity of artificial intelligence systems against the main regulations and technical standards providing a score of compliance and identifying corrective actions to be undertaken. Read more

Transfer - DLA Piper legal tech solution to support Transfer Impact Assessments

This presentation shows DLA Piper legal tech tool named "Transfer" to support our clients to perform a transfer impact assessment after the Schrems II case. Read more

DLA Piper Turnkey solution on NFT and Metaverse projects

You can have a look at DLA Piper capabilities and areas for NFT and Metaverse projects. Read more