{"id":1552,"date":"2025-04-16T00:21:08","date_gmt":"2025-04-15T22:21:08","guid":{"rendered":"https:\/\/nettsak.no\/?p=1552"},"modified":"2025-04-24T13:24:37","modified_gmt":"2025-04-24T11:24:37","slug":"norske-ai-suppliers-in-the-health-service-ce-labeling","status":"publish","type":"post","link":"https:\/\/nettsak.no\/en\/norske-ai-suppliers-in-the-health-service-ce-labeling\/","title":{"rendered":"Norwegian AI suppliers in healthcare - Why CE marking, data security and privacy are crucial"},"content":{"rendered":"<p>Open Info publishes this article after several requests for an overview of Norwegian suppliers of artificial intelligence (AI) to the health service. The article provides insight into CE marking, data security, pseudonymization and the consequences of data breaches, as well as the benefits of using AI in patient consultations.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The four key players in the Norwegian market<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/medivox.ai\" data-type=\"link\" data-id=\"https:\/\/medivox.ai\" target=\"_blank\" rel=\"noopener\">MediVox.ai<\/a>:<\/strong> CE-approved as a medical device. All data processing takes place exclusively in Norway. The system utilizes speech-to-text and generative AI to produce journal notes and discharge summaries.<\/li>\n\n\n\n<li><strong>Caiamd.ai:<\/strong> Also CE-approved. Uses similar technology, but it is unclear where the data center and processing takes place.<\/li>\n\n\n\n<li><strong>MedBric:<\/strong> Has chosen not to apply for CE approval.<\/li>\n\n\n\n<li><strong>Noteless.ai:<\/strong> Does not state CE status. If the system is used for record keeping or medical assessments, it must be CE marked according to the MDR.<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><a href=\"https:\/\/nettsak.no\/medivox-noteless-medbric-sammenligning\/\">See our article where we compare the different players here<\/a><\/p>\n<\/blockquote>\n<\/blockquote>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">What is CE marking and why is it important?<\/h3>\n\n\n\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"1024\" src=\"https:\/\/nettsak.no\/wp-content\/uploads\/2025\/04\/CE.png\" alt=\"\" class=\"wp-image-1560\" srcset=\"https:\/\/nettsak.no\/wp-content\/uploads\/2025\/04\/CE.png 1024w, https:\/\/nettsak.no\/wp-content\/uploads\/2025\/04\/CE-300x300.png 300w, https:\/\/nettsak.no\/wp-content\/uploads\/2025\/04\/CE-150x150.png 150w, https:\/\/nettsak.no\/wp-content\/uploads\/2025\/04\/CE-768x768.png 768w, https:\/\/nettsak.no\/wp-content\/uploads\/2025\/04\/CE-12x12.png 12w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>CE marking is the manufacturer's declaration that the solution meets all the requirements of EU legislation for medical devices. This includes risk assessment, performance testing, clinical documentation and compliance with the MDR (EU 2017\/745).<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Overview of CE classes:<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Class I:<\/strong> Low risk. E.g. support tools for documentation. Can be CE marked by self-declaration.<\/li>\n\n\n\n<li><strong>Class IIa:<\/strong> Moderate risk. E.g. AI that generates journal notes without manual review. Requires assessment by notified body.<\/li>\n\n\n\n<li><strong>Class IIb:<\/strong> High risk. E.g. AI that provides treatment suggestions. Requires extensive technical and clinical documentation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to become CE approved?<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Define the product's intended use and assess the risk class.<\/li>\n\n\n\n<li>Prepare technical documentation including risk assessment and clinical validation.<\/li>\n\n\n\n<li>Carry out conformity assessment (with notified body for IIa and higher).<\/li>\n\n\n\n<li>Sign the declaration of conformity and affix the CE mark.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Anonymization vs. pseudonymization<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"683\" src=\"https:\/\/nettsak.no\/wp-content\/uploads\/2025\/04\/anonymisering-1024x683.png\" alt=\"\" class=\"wp-image-1558\" srcset=\"https:\/\/nettsak.no\/wp-content\/uploads\/2025\/04\/anonymisering-1024x683.png 1024w, https:\/\/nettsak.no\/wp-content\/uploads\/2025\/04\/anonymisering-300x200.png 300w, https:\/\/nettsak.no\/wp-content\/uploads\/2025\/04\/anonymisering-768x512.png 768w, https:\/\/nettsak.no\/wp-content\/uploads\/2025\/04\/anonymisering-18x12.png 18w, https:\/\/nettsak.no\/wp-content\/uploads\/2025\/04\/anonymisering.png 1536w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Handling patient data requires careful consideration of privacy. A distinction is made between:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Anonymization:<\/strong> Data cannot be linked to an individual. Fall outside the GDPR. Used by e.g. MedBric and Noteless.ai.<\/li>\n\n\n\n<li><strong>Pseudonymization:<\/strong> Identifiers are replaced, but key can link back. Still considered personal data and covered by GDPR. MediVox.ai is the only player that offers systematic pseudonymization with local key control.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Comparison table:<\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Property<\/th><th>Anonymization<\/th><th>Pseudonymization<\/th><\/tr><\/thead><tbody><tr><td>Identifiability<\/td><td>Removed<\/td><td>Possible via key<\/td><\/tr><tr><td>Covered by GDPR<\/td><td>no<\/td><td>Yes<\/td><\/tr><tr><td>Suitable for real-time use<\/td><td>no<\/td><td>Yes<\/td><\/tr><tr><td>Patient rights (rectification, deletion)<\/td><td>no<\/td><td>Yes<\/td><\/tr><tr><td>Example<\/td><td>MedBric, Noteless.ai<\/td><td>MediVox.ai<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Consequences of a data breach<\/h3>\n\n\n\n<p>A data breach at an AI provider can have serious consequences for healthcare professionals:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Loss of patient trust and potential damage to the clinic's reputation<\/li>\n\n\n\n<li>Legal liability and financial sanctions for breaches of GDPR and healthcare legislation<\/li>\n\n\n\n<li>System downtime and operational downtime<\/li>\n\n\n\n<li>Requirements for notification to patients and the Norwegian Data Protection Authority<\/li>\n<\/ul>\n\n\n\n<p>Therefore, it is crucial that suppliers offer built-in security, robust logging, pseudonymization and that the processing takes place within Norwegian jurisdiction.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How to use AI safely in the clinic?<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Only use CE-approved systems<\/li>\n\n\n\n<li>Ensure that data processing takes place within Norway or the EU with strong security controls<\/li>\n\n\n\n<li>Choose suppliers with pseudonymization<\/li>\n\n\n\n<li>Perform regular assessment of risk, data usage and model performance<\/li>\n\n\n\n<li>Inform patients about use and obtain consent where necessary<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Clinical benefits of AI in patient consultations<\/h3>\n\n\n\n<p>Experience from Norwegian doctors shows that AI provides great clinical and practical value:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Time saving:<\/strong> Doctors can save up to 2 hours a day on documentation<\/li>\n\n\n\n<li><strong>Improved patient contact:<\/strong> The doctor can look the patient in the eye and fully participate in the dialog<\/li>\n\n\n\n<li><strong>Better documentation quality:<\/strong> AI systems capture the entire conversation and produce structured, professional notes<\/li>\n\n\n\n<li><strong>Increased patient safety and care:<\/strong> More accurate and complete documentation leads to better healthcare<\/li>\n<\/ul>\n\n\n\n<p><em>\"The system documents faster and more accurately than I can do myself. The patients get better contact and we avoid evening work.\"<\/em> - General practitioner, Oslo<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><\/h4>\n\n\n\n\n\n<h2 class=\"wp-block-heading\">Further reading and relevant sources<\/h2>\n\n\n\n<p>If you want to learn more about regulations, security requirements and how AI solutions can be used safely and effectively in the healthcare sector, we recommend the following resources:<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udcd8 <strong>Regulations and regulatory requirements<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Norwegian Directorate of Health - Artificial intelligence in the health service<\/strong><br><a class=\"\">https:\/\/www.helsedirektoratet.no\/tema\/kunstig-intelligens<\/a><br>An overview of legal and ethical guidelines for the use of AI in health, with an emphasis on responsibility, documentation and implementation in clinical practice.<\/li>\n\n\n\n<li><strong>Lovdata - EU regulation on medical devices (MDR 2017\/745)<\/strong><br><a class=\"\">https:\/\/lovdata.no\/dokument\/SF\/forskrift\/2021-05-10-1417<\/a><br>The legal framework governing the CE marking of medical devices, including AI-based systems used in diagnostics and treatment.<\/li>\n\n\n\n<li><strong>Norwegian Data Protection Authority - Guide to privacy by design and pseudonymization<\/strong><br><a class=\"\">https:\/\/www.datatilsynet.no\/rettigheter-og-plikter\/virksomhetenes-plikter\/innebygd-personvern\/<\/a><br>A practical guide on how to implement secure technical and organizational measures for sensitive personal data.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udcca <strong>Technology and security in AI solutions<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Norsk Helsenett - Cloud and data security in the healthcare sector<\/strong><br><a class=\"\">https:\/\/www.nhn.no\/sikkerhet-og-personvern\/skytjenester<\/a><br>Describes the requirements for data storage, geographical location and access control for systems that process patient data.<\/li>\n\n\n\n<li><strong>EU AI Act (Artificial Intelligence Act)<\/strong><br><a class=\"\" href=\"https:\/\/artificialintelligenceact.eu\" target=\"_blank\" rel=\"noopener\">https:\/\/artificialintelligenceact.eu<\/a><br>A future regulation that will have a major impact on the classification, approval and market access of AI systems used in health.<\/li>\n\n\n\n<li><strong>SINTEF - Report: Ethical and responsible artificial intelligence in healthcare<\/strong><br><a class=\"\">https:\/\/www.sintef.no\/publikasjoner\/etisk-ai-helse<\/a><br>Research on how AI should be developed and used in line with patient rights, professional ethics and social responsibility.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\udded <strong>Norwegian practices and players<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>MediVox.ai - Norwegian CE-approved AI solution for healthcare professionals<\/strong><br><a class=\"\" href=\"https:\/\/www.medivox.ai\" target=\"_blank\" rel=\"noopener\">https:\/\/www.medivox.ai<\/a><br>Offering speech-to-text and generative AI for medical records and discharge summaries, with full data processing within Norway and pseudonymization as standard.<\/li>\n\n\n\n<li><strong>Norsk helsenett - Helsenorge API and integrations<\/strong><br><a class=\"\">https:\/\/helsenorge.no\/utvikler<\/a><br>Information for suppliers who want to develop integrated solutions for EHR systems and patient communication in Norway.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udcda <strong>Professional deepening<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OECD - Artificial Intelligence in Healthcare<\/strong><br><a class=\"\">https:\/\/www.oecd.org\/health\/artificial-intelligence.htm<\/a><br>International report on the impact of AI on healthcare, with a focus on quality, risk and efficiency.<\/li>\n\n\n\n<li><strong>WHO - Ethics &amp; governance of AI for health<\/strong><br><a class=\"\" href=\"https:\/\/www.who.int\/publications\/i\/item\/9789240029200\" target=\"_blank\" rel=\"noopener\">https:\/\/www.who.int\/publications\/i\/item\/9789240029200<\/a><br>A global guideline for the responsible use of AI in the healthcare sector, including requirements for transparency, traceability and equal access.<\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Open Info publiserer denne artikkelen etter flere foresp\u00f8rsler om en oversikt over norske leverand\u00f8rer av kunstig intelligens (AI) til helsetjenesten. Artikkelen gir innsikt i CE-merking, datasikkerhet, pseudonymisering og konsekvensene ved databrudd, samt fordeler med bruk av AI i pasientkonsultasjoner. De fire sentrale akt\u00f8rene i det norske markedet Hva er CE-merking og hvorfor er det viktig? [&hellip;]<\/p>","protected":false},"author":1,"featured_media":1554,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,42],"tags":[68,67,65,66,53,51,52],"class_list":["post-1552","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nyheter","category-teknologi","tag-ai-for-helse","tag-caiamd","tag-ce-merking","tag-ce-merking-for-medisinsk-utstyr","tag-medbric","tag-medivox","tag-noteless"],"_links":{"self":[{"href":"https:\/\/nettsak.no\/en\/wp-json\/wp\/v2\/posts\/1552","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nettsak.no\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nettsak.no\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nettsak.no\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nettsak.no\/en\/wp-json\/wp\/v2\/comments?post=1552"}],"version-history":[{"count":0,"href":"https:\/\/nettsak.no\/en\/wp-json\/wp\/v2\/posts\/1552\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nettsak.no\/en\/wp-json\/wp\/v2\/media\/1554"}],"wp:attachment":[{"href":"https:\/\/nettsak.no\/en\/wp-json\/wp\/v2\/media?parent=1552"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nettsak.no\/en\/wp-json\/wp\/v2\/categories?post=1552"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nettsak.no\/en\/wp-json\/wp\/v2\/tags?post=1552"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}