Pablo Malo Segura
The healthcare sector is at a crucial moment in the face of the emergence of artificial intelligence (AI) and new technologies. In this context, the Spanish Private Health Alliance (ASPE) and the Global Health Foundation have organized the Conference Challenges in Data Protection in the face of ICT and AIwith the collaboration and sponsorship of Alaro Avant, where the need for the AI in health comply with the regulations and respect the fundamental rights of patients while promoting innovation.
“The technological advances and data protection and privacy They must go hand in hand. We must guarantee that the use of AI in diagnosis and treatment respects the right to privacy and ensure that ICT do not compromise data security”has highlighted Luján Sanjuanmanager of the San Vicente Hospital and member of the ASPE board of directors.
In this sense, he explained that the General Data Protection Regulation (GDPR), establishes fundamental principles so that personal information is collect responsibly. “As AI is increasingly used in predicting diagnoses or recommending treatments, the importance of ensure that patients’ rights over their own data are respected“highlights.
Furthermore, he has pointed out the importance of carrying out preventive strategies to ensure that the digitalization of the health system is done safely. “Compliance with the GDPR is not only a legal obligation, but also an ethical issue. Implement a data protection culture aligned with the GDPR It requires a collective effort from all the agents involved.”he has stated.
Luján Sanjuán: “Compliance with the RGPD is not only a legal obligation, but also an ethical issue”
Implications of AI in data protection regulations
For its part, Natalia Olivares AlvarezDPO and Director of the Legal and Data Protection Department at Alaro Avant, has addressed the implications of AI in data protection regulations. The recent approval of the Artificial Intelligence Law by the European Parliament seeks to harmonize regulations on AI to “guarantee security and respect for fundamental rights while promoting innovation”.
In this sense, he has pointed out that the AI systems are being introduced more frequently in projects in the health field. This tool has great potential for the early diagnosis of many diseases, but it poses multiple challenges and must be adapted to regulations. “we have to innovate without forgetting to protect fundamental rights of the patients. Many AI systems in health require a data protection review“, he indicated.
Natalia Olivares: “Many AI systems in health require a review of data protection”
He IA Regulation It came into force on August 1, 2024, although it will be fully applicable in 2027. Its objective is to regulate the introduction of certain AI services into the market. “The EU seeks to be a world leader in the development of safe, trustworthy and ethical AI“, he stated.
The regulation establishes three categories of AI (superintelligent, strong and weak) and regulates the life cycle of these systems: conception and analysis, development and validation, exploitation and retirement. Also prohibits the use of AI in different casessuch as when it can transcend human consciousness, cause harm to vulnerable groups, evaluate people, try to deduce emotions or perform biometric identification in real time without police cause.
Natalia Olivares has advocated for implementing quality and safety guarantees. “The availability of technology or its novelty is not a sufficient reason to market products that do not meet an adequate level of quality of service.”he recalled. Likewise, he stressed that the compliance with data protection regulations (RGPD and LOPD-GDD) is essential. ““Strategies such as transparency, risk management and auditing will not only allow compliance with the provisions of the GDPR, but will also improve user trust in AI-based products and services and open new market opportunities.”he pointed out.
On the other hand, he highlighted the potential of AI applications to support privacy protection and implement mechanisms that ensure data protection. “One of the main problems with AI solutions is how people are going to use AI technology and the new psychological biases that arise from its use.“, he concluded.
Adaptation to the GDPR of treatments that incorporate AI
After her presentation, Natalia Olivares moderated a round table focused on the compliance with the GDPR of treatments that incorporate AI. “If an AI system processes personal data, it must comply with the GDPR“, he assured. On the other hand, Paula Ortiz Lopezco-founder and co-CEO of TheLegal.School, has pointed out that model cards They are a good practice of institutions to ensure transparencysomething fundamental in a sector like health that collects such sensitive data. “They are like AI nutritional labels that record the itinerary and purpose of the treatment, what data the system has been trained with, whether it has taken into account vulnerable groups, etc.“.
Maite Sanz de Galdeanoan expert professional specialized in Digital Identity and Artificial Intelligence, has highlighted the advances that are being produced in neurotechnology. Among them, he recalled that recently a ALS patient was able to use his mind to control the virtual assistant Alexa from Amazon and make purchases. This was possible thanks to a tiny brain implant from the company Synchron. “It is a brutal achievement, incredible things are being achieved“, he celebrated.
Maite Sanz: “Neurodata is extremely sensitive personal data and its processing must be carried out with the maximum guarantees”
Neurotechnologies collect neurodata (the information collected from the brain and nervous system and the data inferred from these such as emotions or tastes). “Yeson extremely sensitive personal data and its treatment must be carried out with the maximum guarantees“, he remarked. Along these lines, he has commented on the uncertainty that exists in the neurotechnology market, highlighting that misuse represents a elevated risk to mental privacy.
Specifically, he has given the example of the Emotiv company in Chile and the marketing of its device Insighta headband with sensors that collect information about brain activity. “User neurodata is stored in the cloud without adequate protection and patients could not access them without paying”he has stated. The Supreme Court of Chile paralyzed the marketing of the device as long as it is not evaluated by the health authorities. Finally, he has emphasized that innovation in AI must be accompanied by strict compliance with data protection regulations to ensure that respect fundamental rights of the patients.