Norwegian AI Vendors in Healthcare – Why CE Marking, Data Security and Privacy Are Crucial
Open Info is publishing this article after several requests for an overview of Norwegian vendors of artificial intelligence (AI) for the healthcare sector. The article provides insight into CE m...
Open Info is publishing this article after several requests for an overview of Norwegian vendors of artificial intelligence (AI) for the healthcare sector. The article provides insight into CE marking, data security, pseudonymisation and the consequences of data breaches, as well as the benefits of using AI in patient consultations.
The four key players in the Norwegian market
- MediVox.ai: CE-approved as a medical device. All data processing takes place exclusively in Norway. The system uses speech-to-text and generative AI to produce medical record notes and discharge summaries.
- Caiamd.ai: Also CE-approved. Uses similar technology, but it is unclear where the data centre and processing are located.
- MedBric: Has chosen not to apply for CE approval.
- Noteless.ai: Does not state its CE status. If the system is used for record-keeping or medical assessments, it must, under the MDR, be CE-marked.
What is CE marking and why is it important?
CE marking is the manufacturer's declaration that the solution meets all the requirements of EU legislation for medical devices. This includes risk assessment, performance testing, clinical documentation and compliance with the MDR (EU 2017/745).
Overview of CE classes:
- Class I: Low risk. For example, support tools for documentation. Can be CE-marked by self-declaration.
- Class IIa: Moderate risk. For example, AI that generates medical record notes without manual review. Requires assessment by a notified body.
- Class IIb: High risk. For example, AI that provides treatment recommendations. Requires extensive technical and clinical documentation.
How to become CE-approved?
- Define the product's intended use and assess its risk class.
- Prepare technical documentation including risk assessment and clinical validation.
- Carry out a conformity assessment (with a notified body for IIa and above).
- Sign the declaration of conformity and apply the CE mark.
Anonymisation vs. pseudonymisation
Handling patient data requires careful consideration of privacy. A distinction is made between:
- Anonymisation: Data cannot be linked to an individual. Falls outside the GDPR. Used by, for example, MedBric and Noteless.ai.
- Pseudonymisation: Identifiers are replaced, but a key can link them back. Still regarded as personal data and covered by the GDPR. MediVox.ai is the only player that offers systematic pseudonymisation with local key control.
Comparison table:
| Property | Anonymisation | Pseudonymisation |
|---|---|---|
| Identifiability | Removed | Possible via key |
| Covered by GDPR | No | Yes |
| Suitable for real-time use | No | Yes |
| Patient rights (rectification, erasure) | No | Yes |
| Example | MedBric, Noteless.ai | MediVox.ai |
Consequences of a data breach
A data breach at an AI vendor can have serious consequences for healthcare professionals:
- Loss of patient trust and potential damage to the clinic's reputation
- Legal liability and financial penalties for breaches of the GDPR and health legislation
- Suspension of system use and operational downtime
- Obligation to notify patients and the Norwegian Data Protection Authority
It is therefore crucial that vendors offer built-in security, robust logging, pseudonymisation and that processing takes place within Norwegian jurisdiction.
How to use AI safely in the clinic?
- Use only CE-approved systems
- Ensure that data processing takes place within Norway or the EU with strong security controls
- Choose vendors that use pseudonymisation
- Regularly assess risk, data usage and the model's output
- Inform patients about its use and obtain consent where necessary
Clinical benefits of AI in patient consultations
Experiences from Norwegian doctors show that AI delivers significant clinical and practical value:
- Time savings: Doctors can save up to 2 hours a day on documentation
- Improved patient contact: The doctor can look the patient in the eye and participate fully in the conversation
- Better documentation quality: AI systems capture the entire conversation and produce structured, clinically accurate notes
- Increased patient safety and care: More accurate and complete documentation results in better healthcare
“The system documents faster and more precisely than I can manage myself. Patients get better contact and we avoid working in the evenings.” – General practitioner, Oslo
Further reading and relevant sources
For those who want to learn more about regulations, security requirements, and how AI solutions can be used safely and effectively in the healthcare sector, we recommend the following resources:
📘 Regulations and regulatory requirements
- The Norwegian Directorate of Health – Artificial intelligence in healthcare
https://www.helsedirektoratet.no/tema/kunstig-intelligens
An overview of the legal and ethical guidelines for the use of AI in healthcare, with an emphasis on responsibility, documentation and implementation in clinical practice. - Lovdata – The EU Medical Device Regulation (MDR 2017/745)
https://lovdata.no/dokument/SF/forskrift/2021-05-10-1417
The legal framework that regulates the CE marking of medical devices, including AI-based systems used in diagnostics and treatment. - The Norwegian Data Protection Authority – Guide to data protection by design and pseudonymisation
https://www.datatilsynet.no/rettigheter-og-plikter/virksomhetenes-plikter/innebygd-personvern/
A practical guide on how to implement secure technical and organisational measures for sensitive personal data.
📊 Technology and security in AI solutions
- Norwegian Health Network – Cloud and data security in the healthcare sector
https://www.nhn.no/sikkerhet-og-personvern/skytjenester
Describes the requirements for data storage, geographic location and access control for systems that process patient data. - The EU AI Act (Artificial Intelligence Act)
https://artificialintelligenceact.eu
A forthcoming regulation that will have major implications for the classification, approval and market access of AI systems used in healthcare. - SINTEF – Report: Ethical and responsible artificial intelligence in healthcare
https://www.sintef.no/publikasjoner/etisk-ai-helse
Research on how AI should be developed and used in line with patient rights, professional ethics and social responsibility.
🧭 Norwegian practice and players
- MediVox.ai – Norwegian CE-approved AI solution for healthcare professionals
https://www.medivox.ai
Offers speech-to-text and generative AI for record-keeping and discharge summaries, with all data processing within Norway and pseudonymisation as standard. - Norwegian Health Network – Helsenorge API and integrations
https://helsenorge.no/utvikler
Information for vendors wishing to develop integrated solutions for medical record systems and patient communication in Norway.
📚 In-depth professional reading
- OECD – Artificial Intelligence in Healthcare
https://www.oecd.org/health/artificial-intelligence.htm
An international report on how AI affects healthcare services, focusing on quality, risk and efficiency. - WHO – Ethics & governance of AI for health
https://www.who.int/publications/i/item/9789240029200
A global guideline for the responsible use of AI in the healthcare sector, including requirements for transparency, traceability and equal access.
