Open Info publishes this article after several requests for an overview of Norwegian suppliers of artificial intelligence (AI) to the health service. The article provides insight into CE marking, data security, pseudonymization and the consequences of data breaches, as well as the benefits of using AI in patient consultations.
The four key players in the Norwegian market
- MediVox.ai: CE-approved as a medical device. All data processing takes place exclusively in Norway. The system utilizes speech-to-text and generative AI to produce journal notes and discharge summaries.
- Caiamd.ai: Also CE-approved. Uses similar technology, but it is unclear where the data center and processing takes place.
- MedBric: Has chosen not to apply for CE approval.
- Noteless.ai: Does not state CE status. If the system is used for record keeping or medical assessments, it must be CE marked according to the MDR.
What is CE marking and why is it important?
CE marking is the manufacturer's declaration that the solution meets all the requirements of EU legislation for medical devices. This includes risk assessment, performance testing, clinical documentation and compliance with the MDR (EU 2017/745).
Overview of CE classes:
- Class I: Low risk. E.g. support tools for documentation. Can be CE marked by self-declaration.
- Class IIa: Moderate risk. E.g. AI that generates journal notes without manual review. Requires assessment by notified body.
- Class IIb: High risk. E.g. AI that provides treatment suggestions. Requires extensive technical and clinical documentation.
How to become CE approved?
- Define the product's intended use and assess the risk class.
- Prepare technical documentation including risk assessment and clinical validation.
- Carry out conformity assessment (with notified body for IIa and higher).
- Sign the declaration of conformity and affix the CE mark.
Anonymization vs. pseudonymization
Handling patient data requires careful consideration of privacy. A distinction is made between:
- Anonymization: Data cannot be linked to an individual. Fall outside the GDPR. Used by e.g. MedBric and Noteless.ai.
- Pseudonymization: Identifiers are replaced, but key can link back. Still considered personal data and covered by GDPR. MediVox.ai is the only player that offers systematic pseudonymization with local key control.
Comparison table:
| Property | Anonymization | Pseudonymization |
|---|---|---|
| Identifiability | Removed | Possible via key |
| Covered by GDPR | no | Yes |
| Suitable for real-time use | no | Yes |
| Patient rights (rectification, deletion) | no | Yes |
| Example | MedBric, Noteless.ai | MediVox.ai |
Consequences of a data breach
A data breach at an AI provider can have serious consequences for healthcare professionals:
- Loss of patient trust and potential damage to the clinic's reputation
- Legal liability and financial sanctions for breaches of GDPR and healthcare legislation
- System downtime and operational downtime
- Requirements for notification to patients and the Norwegian Data Protection Authority
Therefore, it is crucial that suppliers offer built-in security, robust logging, pseudonymization and that the processing takes place within Norwegian jurisdiction.
How to use AI safely in the clinic?
- Only use CE-approved systems
- Ensure that data processing takes place within Norway or the EU with strong security controls
- Choose suppliers with pseudonymization
- Perform regular assessment of risk, data usage and model performance
- Inform patients about use and obtain consent where necessary
Clinical benefits of AI in patient consultations
Experience from Norwegian doctors shows that AI provides great clinical and practical value:
- Time saving: Doctors can save up to 2 hours a day on documentation
- Improved patient contact: The doctor can look the patient in the eye and fully participate in the dialog
- Better documentation quality: AI systems capture the entire conversation and produce structured, professional notes
- Increased patient safety and care: More accurate and complete documentation leads to better healthcare
"The system documents faster and more accurately than I can do myself. The patients get better contact and we avoid evening work." - General practitioner, Oslo
Further reading and relevant sources
If you want to learn more about regulations, security requirements and how AI solutions can be used safely and effectively in the healthcare sector, we recommend the following resources:
📘 Regulations and regulatory requirements
- Norwegian Directorate of Health - Artificial intelligence in the health service
https://www.helsedirektoratet.no/tema/kunstig-intelligens
An overview of legal and ethical guidelines for the use of AI in health, with an emphasis on responsibility, documentation and implementation in clinical practice. - Lovdata - EU regulation on medical devices (MDR 2017/745)
https://lovdata.no/dokument/SF/forskrift/2021-05-10-1417
The legal framework governing the CE marking of medical devices, including AI-based systems used in diagnostics and treatment. - Norwegian Data Protection Authority - Guide to privacy by design and pseudonymization
https://www.datatilsynet.no/rettigheter-og-plikter/virksomhetenes-plikter/innebygd-personvern/
A practical guide on how to implement secure technical and organizational measures for sensitive personal data.
📊 Technology and security in AI solutions
- Norsk Helsenett - Cloud and data security in the healthcare sector
https://www.nhn.no/sikkerhet-og-personvern/skytjenester
Describes the requirements for data storage, geographical location and access control for systems that process patient data. - EU AI Act (Artificial Intelligence Act)
https://artificialintelligenceact.eu
A future regulation that will have a major impact on the classification, approval and market access of AI systems used in health. - SINTEF - Report: Ethical and responsible artificial intelligence in healthcare
https://www.sintef.no/publikasjoner/etisk-ai-helse
Research on how AI should be developed and used in line with patient rights, professional ethics and social responsibility.
🧭 Norwegian practices and players
- MediVox.ai - Norwegian CE-approved AI solution for healthcare professionals
https://www.medivox.ai
Offering speech-to-text and generative AI for medical records and discharge summaries, with full data processing within Norway and pseudonymization as standard. - Norsk helsenett - Helsenorge API and integrations
https://helsenorge.no/utvikler
Information for suppliers who want to develop integrated solutions for EHR systems and patient communication in Norway.
📚 Professional deepening
- OECD - Artificial Intelligence in Healthcare
https://www.oecd.org/health/artificial-intelligence.htm
International report on the impact of AI on healthcare, with a focus on quality, risk and efficiency. - WHO - Ethics & governance of AI for health
https://www.who.int/publications/i/item/9789240029200
A global guideline for the responsible use of AI in the healthcare sector, including requirements for transparency, traceability and equal access.
English 
Norsk bokmål