Kristof Van Quathem and Giulia Romana Mele of Covington & Burling write:
On 24 January 2023, the Italian Supervisory Authority (“Garante”) announced it fined three hospitals in the amount of 55,000 EUR each for their unlawful use an artificial intelligence (“AI”) system for risk stratification purposes, i.e., to systematically categorize patients based on their health status. The Garante also ordered the hospitals to erase all the data they obtained as a consequence of that unlawful processing.
The hospitals used the AI technology to “profile” their patients, predict whether they may develop certain pathologies, sort them into the corresponding risk group and, based on that, assign a priority class to them in the hospitals’ waiting lists. The hospitals indicated that, in essence, they used the AI for predictive medicine purposes, which is part of their standard healthcare activities (Article 9(2)(h) GDPR).
The Garante, however, disagreed.
Read more at InsidePrivacy.