Artificial Intelligence in Healthcare
Modern AI assistants are revolutionizing healthcare: whether in documentation, appointment scheduling, support with radiological findings, data analysis or diagnostics. Researchers are even working on AI-supported robots as surgical assistants that may one day even be able to operate autonomously.
Behind the enormous potential that AI holds for healthcare and medical technology, there are also major challenges. This is not “only” about processing personal data (which already needs to be protected!), but above all about sensitive health and patient data. A challenge that requires particularly high levels of compliance.
Will AI replace doctors in the future?
AI will definitely not replace doctors, that’s for sure. But as an assistant, it can offer major opportunities: analyzing large volumes of data, making abnormalities in images or findings visible more quickly, and helping to better assess treatments or risks. AI can also provide relief in administration, for example in documentation, appointment management, billing or the structured preparation of patient information. Ideally, this leaves more time for what is crucial in healthcare: the personal care of patients.
What does the increased compliance requirement mean in the medical sector?
Alongside the major opportunities that AI offers, a number of stumbling blocks must be avoided: data protection, access control, encryption and a clearly defined legal jurisdiction must be considered from the very beginning. For the use of AI, this has direct consequences: medical data must not flow uncontrolled into arbitrary systems, training and analysis processes must remain traceable, and responsibilities must be clearly defined. Especially when it comes to AI applications in healthcare, what matters is therefore not only what is technically possible, but whether data can be processed securely, in compliance with the GDPR, and in an audit-ready way.
What is the legal situation for processing health and medical data?
Processing health data with major hyperscalers is not an option. US laws such as the US Cloud Act allow US authorities to access data held by US-based providers, even if the data is stored in the EU. This conflicts with European data protection and healthcare law requirements and creates a structural legal risk.
Since July 1, 2024, Section 393 of the German Social Code Book V (SGB V) has regulated the use of cloud services in healthcare. Cloud processing may only take place within Germany, the EU or a recognized country with an adequacy decision. The data-processing entity must have a domestic branch and provide a current C5 attestation.
What role do cloud providers play for medical data?
Cloud providers such as centron play a major role for companies that process medical data: they must have independently audited certifications, such as ISO 27001 for general IT security, as well as the C5 attestation, which is specifically aimed at cloud providers. The increasing threat situation in cyberspace makes high security standards indispensable for cloud service providers in healthcare.

