Artificial intelligence (AI) is transforming the healthcare industry in Canada. Examples of AI in the healthcare industry include AI scribes, machine-learning-enabled medical devices, virtual nursing assistants and predictive analytics. Additionally, hospitals and clinics are leveraging AI for diagnostic imaging, disease surveillance and administrative automation, while pharmaceutical companies are using AI to accelerate drug discovery. The use of AI has the potential to improve patient outcomes, streamline operations and increase cost efficiencies.
As AI becomes more embedded in healthcare delivery, organizations must navigate a complex legal and regulatory landscape. However, if used properly, AI can bring significant benefits to healthcare organizations.
Legal and regulatory considerations
Despite the benefits, use of AI in the healthcare sector raises significant legal and regulatory questions. Canada does not yet have a comprehensive AI-specific framework (the proposed Artificial Intelligence and Data Act (Canada) under the former Bill C-27 died on the Order Paper when Parliament was prorogued ahead of the 2025 federal election). For now, healthcare organizations must rely on existing laws, voluntary codes, regulatory guidance and best practices for use of AI systems. Some examples include:
- Privacy and data protection laws, such as the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial health and privacy laws
- Professional standards, such as the healthcare provider’s applicable Code of Ethics and Standards of Practice
- Standards of practice relating to the use of AI in healthcare (such as those provided by local colleges and regulatory bodies)
- Other forms of guidance (e.g. the Office of the Privacy Commissioner of Canada, the Canadian Institute for Health Information, Health Canada, the World Health Organization, etc.)
Privacy remains a critical concern under health information laws, as AI systems in healthcare often process personal health information. Organizations must ensure informed consent is obtained, robust safeguards are in place and transparency requirements are complied with. In addition, professional accountability also remains central. Healthcare organizations and providers cannot shift responsibility to AI and must validate AI-generated recommendations to avoid liability.
Mitigating legal risks
The following are some key considerations for organizations to mitigate legal risks when implementing AI systems in healthcare:
- AI governance policies – Organizations should establish clear governance frameworks for AI adoption, including validation, audit and monitoring AI outputs.
- Transparency and patient consent – Healthcare organizations and providers must consider whether and how to inform patients when AI tools are used in their care and obtain consent where required. Personal or sensitive information must not be shared with AI systems unless the patient has provided informed consent and proper authorization. should be prepared to answer patient questions and should avoid using AI systems if they do not understand or cannot explain how they work.
- Vendor due diligence and agreements – Appropriate due diligence should be conducted on AI vendors and in addition to standard technology provisions, contracts should include provisions addressing data security, limitations on the use of personal health information and compliance with Canadian laws. These agreements should also allocate responsibilities for regulatory adherence and risk management. Additionally, healthcare organizations and providers should conduct a privacy impact assessment if an AI system will or may collect, use or disclose personal information or personal health information.
- Privacy and security compliance – AI systems often process personal health information, making compliance with health information laws essential. Organizations must implement compliance programs including robust safeguards and conduct regular risk assessments to prevent unauthorized access, use or disclosure of personal health information.
- Training and professional oversight – Users of AI systems should receive regular and clear training on the limitations of AI tools and the importance of human oversight in clinical decision-making. Healthcare professionals remain accountable for patient outcomes, even when assisted by AI.
- Staying up to date – AI is a quickly developing field and are responsible for staying up to date on AI laws, regulations and professional guidance.
Artificial intelligence presents exciting opportunities for healthcare organizations, but its adoption must be approached with care to avoid legal and regulatory pitfalls. If your organization is considering implementing AI in healthcare or is seeking guidance on navigating these complex issues, the leading Technology, Intellectual Property and Privacy group at MLT Aikins would be pleased to assist your organization in developing strategies that balance innovation with legal compliance so that your organization can confidently leverage AI to improve patient care.
Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.
Share
