The use of Artificial Intelligence in healthcare continues to grow and it is poised to reach 188 billion by 2030. It also raises many concerns.

The Italian data protection authority (Garante) has recently issued recommendations based on 10 points, which can be found here.

The Garante particularly insists on:

1. Human in the loop: a human being must be involved in the control, validation or change of the automatic decision;
2. No algorithmic discrimination: trustworthy AI systems should reduce mistakes and avoid discrimination due to inaccurate processing of health data;
3. Data quality: health data must be correct and updated. Representation of interested subjects must correctly reflect the population.
4. Transparency: the interested subject must be able to know the decisional processes based on automated processes and must receive information on the logic adopted so as to be able to understand it (easier said than done!). The Garante also requires that at least an excerpt of the Data Protection Impact Assessment is published.

Other recommendations are not surprising for anyone familiar with the GDPR:

• Profiling and decisions based on automated processes must be expressly allowed by Member State’s laws.
• The principles of privacy by design and privacy by default obviously play a big role in healthcare AI systems.
• Roles of controller and processor must be correctly allocated: in particular, the public administration must ensure that external entities processing data are appointed as data processors.
• A Data Protection Impact Assessment must be carried out and any risks must be evaluated.
• Integrity, security and confidentiality of data must be ensured.

Striving for genuine transparency in connection with very complex and rapidly evolving algorythms is not going to be an easy task for the data controller. Similarly, understanding how AI works in a healthcare setting is not going to be simple for patients.