iliomad Health Data

🆘 With its much-anticipated Opinion 28/2024 (December 17, 2024), the EDPB provides guidance on certain aspects of personal data processing in the context of AI models, mainly addressing the criteria for determining the anonymity of AI models, the conditions for using legitimate interest as a legal basis for AI development and deployment, as well as the implications of using unlawfully processed personal data in the development phase of AI models. 🥷 On the anonymity of AI models: -AI models specifically designed to reveal personal data from training sets (e.g., mimicking voices) cannot be deemed anonymous. -For the rest of AI models, achieving true anonymity requires that the risk of identifying individuals is insignificant, taking into account all 'reasonably likely' methods available to controllers or third parties. -Supervisory Authorities (SAs) should assess anonymity on case-by-case basis, considering the model’s design (e.g., data minimisation and pseudonymisation measures), the model’s analysis (e.g., measures to limit the likelihood of identification) and its testing and resistance to re-identification attacks. -Comprehensive documentation, including DPIAs and receiving feedback from the DPO, is crucial for demonstrating the anonymity of the AI model. ⚖️ On the use of legitimate interest as a legal basis: -Adhering to the Article 5 GDPR principles is essential at all stages of AI model development and deployment. -The EDPB emphasised the relevance of its Guidelines 1/2024 on processing personal data under Article 6(1)(f) for this analysis. It is recalled data subjects’ reasonable expectations remain a cornerstone in assessing and balancing legitimate interests. -The EDPB also provides a non-exhaustive list of possible mitigating measures applicable to all stages of the AI model when data subjects’ rights and freedoms override a controller’s or a third party’s legitimate interest. ⏩ On the impact of unlawful data processing: -SAs can impose fines, limit processing, or require dataset deletion to address non-compliance in the development phase of the AI model. -If an AI model retains personal data unlawfully processed during its development phase and this data is subsequently used in the deployment phase by the same or another controller, the corrective measures imposed by SAs for the initial unlawful processing may also affect the subsequent processing. Both the original developer and subsequent users of the AI model hold independent accountability for ensuring GDPR compliance. -Declarations of conformity for high-risk AI systems, as required by the EU AI Act, do not independently ensure GDPR compliance for subsequent controllers. -If personal data is anonymised at deployment, GDPR no longer applies, provided no further personal data is processed. https://lnkd.in/eAxrubAC #AI #DataProtection #GDPR #Privacy #EDPB #Accountability

📝 Libbie Canter & Elizabeth Brim highlight in their latest article that 2025 is shaping up to be a critical year for health privacy. 🔒 Key areas to watch include DOJ rulemaking on sensitive data transfers, emerging AI-related legislative proposals, and continued enforcement of health information privacy laws. 📊 Looking back at 2024, we saw significant activity at both state and federal levels, including updates to the HIPAA Security Rule, new state laws on consumer health data, and legal challenges to HIPAA modifications related to reproductive care. 🌐 Additional developments featured state genetic privacy laws, FTC scrutiny of health data use, and increasing concerns over online tracking technologies on health-related websites. 🔎 At Iliomad Health Data, we’re monitoring these trends closely to ensure health privacy evolves alongside innovation. #HealthPrivacy #DataProtection #HealthTech #HIPAA #AI #PrivacyLaws #Healthcare https://lnkd.in/dyaWaEGD

🩺💡 Revolutionising clinical trial participation: The National Institutes of Health (NIH) have unveiled TrialGPT, a cutting-edge generative AI tool designed to streamline clinical trial matching. ✅ How it works: TrialGPT analyses patient-provided summaries to identify suitable clinical trials while excluding ineligible options. It simplifies complex eligibility criteria into clear recommendations. Compared to traditional recruitment methods, it delivers clinician-level accuracy and reduces screening time by 40%. ⬆️ This innovation could solve long-standing challenges in clinical research, especially for decentralised trials where physical presence isn’t required. 🔎 Potential risks: Despite the tool’s advanced features, bias in AI algorithms remains a concern, as it could exacerbate healthcare disparities and limit trial access for certain groups. 🔄 Looking ahead: With responsible integration, generative AI tools similar to TrialGPT could transform clinical trial participation, enhancing efficiency and freeing clinicians to focus on tasks requiring advanced human expertise. https://lnkd.in/dCPQskEi #GenerativeAI #ClinicalTrials #HealthTech #AIinHealthcare #MedicalInnovation #DigitalHealth

🌟 Progress in healthcare digitalisation: Germany has taken a significant step forward in healthcare innovation with the introduction of the “electronic patient record” (ePA)—a voluntary and free-of-charge tool for individuals covered by health insurance to centralise and manage their health information digitally. 🩺 🏥 What is the ePA? The ePA is a single digital repository for storing personal health information, such as test results, diagnoses, medical treatment reports, and recommendations. Starting in 2025, all individuals with statutory health insurance will automatically receive an ePA unless they opt out. ⬆️ Why does this matter? Today, an individual’s health information is scattered across multiple sources, making it challenging to build a comprehensive and up-to-date clinical picture. This fragmentation often leads to inefficiencies, misdiagnoses, and suboptimal care. With the ePA, patients have control over their health data, ensuring it is easily accessible to medical professionals when needed. This not only improves personalised care but also: -prevents redundant tests and assessments. -enhances understanding of medication interactions, allergies, and intolerances. -facilitates holistic care by centralising relevant data. 🔎 💊 Moreover, individuals can voluntarily contribute pseudonymised data for research, enabling faster development of new treatments and medical insights. 🛡️ Data security and patient autonomy: While the benefits of the ePA are undeniable, data protection must remain a top priority. Patients should have complete control over their information—deciding what is stored, how long it is kept, and who can access it. Given the sensitive nature of health data, implementing robust security measures is essential to safeguard personal information and build trust in this transformative system. https://lnkd.in/da2bq8JE #HealthcareInnovation #DigitalHealth #HealthData #PatientEmpowerment #DataSecurity #MedicalResearch #PersonalisedCare

🤖 ❌ Artificial intelligence systems, particularly large language models (LLMs), sometimes generate content that appears credible but is factually incorrect—a phenomenon known as "AI hallucinations." These inaccuracies present significant challenges under the EU General Data Protection Regulation (GDPR), especially in high-stakes contexts like health care, where accuracy is paramount. 🎯 A recent article by Théodore Christakis, published by IAPP, delves into how regulators like the Hamburg DPA and the ICO are tackling this issue. Their approaches are practical and results-driven, focusing on the outputs of AI systems rather than the internal workings of LLMs. By adopting a risk-based framework, they consider the purpose and context of AI applications, emphasising transparency and safeguarding data subjects' rights while fostering innovation. 🔎 For example, the Hamburg DPA argues that general-purpose AI systems like LLMs do not inherently contain personal data. During training, any personal data in the dataset undergoes a transformation into abstract mathematical representations, losing concrete characteristics and references to specific individuals. Consequently, LLMs themselves cannot be directly subject to data subject rights under Articles 12 et seq. of the GDPR. However, when personal data is processed in outputs or database queries, controllers must ensure compliance with these rights. ⚖️ ⏩ AI developers are also stepping up by introducing measures to reduce hallucinations, improve model accuracy, and ensure the protection of data subject rights, focusing on the system’s outputs. The article underscores the importance of a balanced, collaborative approach to managing AI hallucinations under GDPR—one that protects individual rights while enabling technological innovation in Europe. For a deeper dive into these considerations, read the full article here: https://lnkd.in/dHMaC4qm #ArtificialIntelligence #GDPR #Hallucinations #PrivacyRights #LLMs #Accuracy

🌎 This month, key updates include Brazil’s introduction of a new SCC-based framework for international data transfers. 📋 The EDPB shared its evaluation of the EU-US Data Privacy Framework. 🤖 Advancements in AI-driven health solutions, such as Sanofi’s Muse for clinical trial recruitment, were also highlighted. 🧬 Discussions focused on genomics privacy, neural data protection, and the transformative role of AI in healthcare and compliance landscapes. #DataPrivacy #AIinHealthcare #GlobalCompliance #GenomicsPrivacy #NeuralDataProtection #HealthTechInnovation #SCC #EUUSPrivacyFramework #ClinicalTrials #AIAdvancements

🌟 NIH Researchers Use AI to Improve Clinical Trial Recruitment 🤖 NIH researchers have developed TrialGPT, an AI model designed to match patients with clinical trials by analyzing medical summaries. A recent study published in Nature Communications shows the tool achieves 87.3% accuracy, comparable to human performance, and speeds up patient screening by 40%. ⏱️ While TrialGPT has some limitations, such as occasional errors in medical reasoning, it holds promise for addressing recruitment challenges faced by clinical trials. The tool is now being tested in real-world settings as part of the NIH’s 2024 Director’s Challenge Innovation Award. #ClinicalTrials #AIHealthcare #TrialGPT #PatientRecruitment #NIH #HealthTech https://lnkd.in/ef-ZrHhU

🇨🇭Report on the Federal Act on Data Protection (FADP): One year after the FADP came into force in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC) has published a comprehensive report assessing its effectiveness and practical impact. ✅ According to the report, the following positive outcomes of the FADP’s implementation scheme were identified: ⚖️ Cause and effect: As data controllers’ obligations became stricter, data subjects’ rights were significantly enhanced 🔓 Reporting suspected violations of the FADP is efficiently enabled through the FDIP’s website 🌐 The FDPIC's website also provides dedicated portals to help controllers meet their legal obligations, such as reporting data breaches and appointing a Data Protection Officer (DPO) 🔎 Finally, the report highlighted that the FDPIC devoted considerable time to supervision activities. The data speaks for itself: - 1,183 reports were received regarding violations of the FDAP and 889 were concluded; - 293 data breach notifications were received; - 86 low-threshold interventions (: voluntary re-establishment of data protection compliance in simple cases) were performed by the FDPIC, of which -90% were accepted by controllers; and -26 preliminary inquiries and investigations were opened under the FADP. 🏥 Data processing in Switzerland, particularly for clinical trials, is now governed by this new framework. The effectiveness of the rules outlined in the report emphasizes the importance for clinical trial sponsors operating in the country to comply with this regulation. https://lnkd.in/du8E-vQy #FADP #Switzerland #Dataprotection #Enforcement #FDPIC

🇪🇺 - 🇺🇸 Transfer of personal data to the US: The European Data Protection Board (EDPB) issued its first report under the EU-US Data Privacy Framework (DPF), alongside a statement on recommendations regarding access to data for law enforcement purposes. ✅ ⚖️ As an overall assessment, the EDPB noted several positive developments since the adoption of the adequacy decision. One of them, is the establishment of a multi-layered redress system, which provides EU individuals with several accessible avenues for lodging complaints. However, by highlighting the need to supplement this system with proactive compliance checks by competent U.S. authorities, ex officio investigations into the substantial compliance of US DPF-certified companies are expected to expand. ⬆️ Another area for improvement is the Accountability for Onward Transfer Principle, which requires further practical guidance as to the requirements that DPF-certified companies must meet when transferring personal data received from EU exporters. 🔎 Regarding access by U.S. public authorities to personal data transferred from the EU to certified organisations, future reviews of the Executive Order 14086 should focus on practical insights into how the enshrined principles of necessity and proportionality are specifically interpreted and applied. Lastly, the developments related to the U.S. Foreign Intelligence Surveillance Act should be closely monitored, particularly in light of the extended reach of Section 702 following its re-authorisation by the U.S. Congress earlier this year. 🔄 The EDPB advises that the next review of the EU-US adequacy decision should occur within three years or sooner. https://lnkd.in/dWyFRKgg #Datatransfers #US #DPF #EDPB

🚀 A busy week for Iliomad Health Data: two cities, two must-attend conferences! 🌍 We’re thrilled to be part of two key events this week, exploring the intersection of privacy, data protection, and innovation: 1️⃣ IAPP Europe Data Protection Congress 2024 #DPC24 📍 Brussels (SQUARE – Brussels Convention Center) 🗓 November 20–21 From data protection fundamentals—like managing third-party providers and the value of data mapping—to advanced topics like AI governance and EU Digital Regulations, the Congress promises a packed agenda! The focus on technology is undoubtable, as is the pressing need to deliver actionable insights, or at least ‘food for thought’, to address emerging privacy challenges. One of the key highlights for us will be the discussion on balancing progress and privacy in clinical trials. We’re looking forward to insightful presentations from the keynote speakers, and even more so to engaging conversations with talented professionals and privacy experts from across Europe. If you’re attending, we’d love to connect—feel free to reach out to Seamus Larroque directly through his LinkedIn profile! 2️⃣ AI for Health #Summit by Artefact 📍 Paris (Station F) 🗓 November 21 The Summit is all about healthcare innovation powered by AI, spanning areas like pharmaceuticals and drug discovery, patient care and treatment, radiology, diagnosis, mental health challenges, and research. While exploring new use cases of AI in healthcare is central, the agenda goes further—emphasizing responsible AI development and robust data governance solutions. We’re eager to meet representatives from pioneering companies and start-ups in the global healthcare industry, exchanging ideas and delving into the critical role of privacy in driving AI innovation in health. If you’re attending, feel free to connect with Pierre Malvoisin through his LinkedIn profile—we’d love to chat! At Iliomad Health Data, we believe in the power of continuous learning and collaboration to stay ahead in the ever-evolving world of privacy and innovation. #Privacy #DataProtection #AIforHealth #HealthTech #IAPP #Artefact #Innovation