AI in healthcare: the (inestimable) value of data and the GDPR challenge (Guest blog)

Artificial intelligence and in general 4th industrial revolution technologies are promising to enhance healthcare in a revolutionary way.

It is well acknowledged that the capacity of algorithms and machine learning is nothing without the right data to “feed” it. And the term right data means data that is accurate and structured, but most of all, when it comes to healthcare, it means personal data.

The value of such data is of great benefit for the healthcare system. It drives efficiency in terms of costs (as it reduces the treatment errors) and innovation, such as personalised medicine, that enable patients to have access to targeted treatments and cures. Indeed, the more data machine learning is given, the more precise is the outcome.

To sum up, if data is available in a controlled but accessible environment, health systems and companies can innovate from it. The outcomes of artificial intelligence applications will be more accurate, and consequentially benefits for society would be greater.

Precise and accurate outcomes are reachable through processes that often involve data on treatments, lifestyle, genetic history and bio parameters. Such information can be collected and stored through mobile devices, smart sensors, as well as through traditional health records.

All of this amount of information is considered personal data according to the General Data Protection Regulation entered into force last May 2018.

GDPR is aimed at protecting the fundamental rights of individuals in relation to such information, being a directly binding and applicable piece of legislation enacted at European level in order to assure a general level of compliance by companies and businesses collecting personal data.

GDPR emphasises accountability and privacy by design, encouraging users to think beyond the tick-box approach to privacy. It incentivises so by providing not only a range of requirements to comply with when processing or controlling personal data, but also a system of imposable sanctions that apply in case of infringement of certain provisions.

The question is: can these GDPR rules still allow a wise use of inestimably valuable data to foster advancement in healthcare?

GDPR, as mentioned, on one side protects patients’ and people’s data. Indeed, an uncontrolled spread of sensitive information would involve many risks for individuals from multiple perspectives, ranging from insurance to employment.

On the other side, GDPR should not be seen as an obstacle for innovation. On the contrary, it should be perceived as a key element to promote the responsible use of such data and the maximisation of the benefits from its use.

In such a scenario, indeed, a solid legal framework is to be seen as an opportunity. Thanks to GDPR, investments in cybersecurity and engagement in prevention through cyber risk assessment are top priorities in today’s digital world, aimed at avoiding an extremely Orwellian 1984 society as well as at incentivising safe and secured environments for data to be used. In conclusion, order to optimise the value of data, trust is the key, and GDPR is the warranty.

Francesca Mazzi

Francesca Mazzi holds a master’s degree in law from Luiss Guido Carli University of Rome, with a thesis in Private...
Read Morechevron_right