AI in dentistry and data protection
Balancing innovation with privacy rights
Artificial Intelligence (AI) has the potential to revolutionise dental care, offering transformative benefits in diagnostics, treatment planning, operational efficiency and patient engagement. However, as AI systems increasingly rely on sensitive health data, the need for robust governance in relation to the handling and protection of patient personal data has never been more important.
In this article, we consider the legal, privacy and ethical standards required to protect patient personal data to ensure that dental practices embracing AI technologies operate within the requirements of UK Data Protection Laws and Regulations when integrating AI technology into patient care.
AI opportunities in dentistry
We are seeing a number of emerging AI technologies being developed, tested and adopted to support dental practices. These technologies include diagnostic tools to:
- Provide predictive analytics to identify patients most at risk of conditions such as oral cancers
- Assist with the development of treatment plans
- Identify the earliest signs of decay
- Create records of patient discussions and to extract insights
- Automate and streamline administrative tasks.
The possibilities appear endless, and many dental practices are looking at ways these innovations can improve patient outcomes and reduce costs. Embracing these opportunities does not come without some risk. In a healthcare setting, these tools are more likely to process large volumes of personal and special category (sensitive) data about patients, and this raises questions and concerns about data protection, privacy, consent, compliance and accountability.
AI and data protection challenges
All dental practices must process personal data about patients in accordance with the requirements of the UK Data Protection Act, UK GDPR and now also the Data Use and Access Act 2025, which received Royal Assent on 19 June and is expected to be implemented by June next year. The key requirements to consider include:
Establishing a lawful basis for processing personal data. Where AI is utilised, this may be based on patient consent, scientific research or where processing is carried out for reasons of public interest in public health.
Being transparent. It is essential that patients are told how their personal data will be used, and this applies to processing using AI systems. Processing using AI and the effects of such processing may not be immediately obvious to a patient, so it is essential to tell patients what the reasons for using AI and consequential effects may be (whether positive or negative). The Data Use and Access Act 2025 has revised the approach that organisations can take to using AI to make automated decisions about patients, and compliance with those requirements must also be prioritised.
Data minimisation and security must always be considered. Practices should only process the minimum data necessary to achieve the desired outcome and always carry out due diligence to make sure that any third-party AI technology procured is secure and conduct data protection impact assessments to ensure privacy controls are baked into new data processing activities from the start.
AI and ethical challenges
Ethical considerations can be complex. For example:
- Bias: AI systems can produce bias results and can hallucinate. If data quality is poor or inaccurate, the results may be skewed and inaccurate which could have a detrimental effect on the patient or negatively impact patient care. This has the potential to increase the risk of complaints, claims and other legal issues arising.
- Consent: Patient consent can be challenging due to the perceived power imbalance between clinician and patient and challenges in relation to transparency and clarity and communicating the right to opt-out where applicable. Seeking advice and training on this point can assist dental practices in successfully navigating these challenges.
- Accountability: identifying AI tools to assist your practice may take time and demonstrating accountability with data protection law is crucial to the decision-making process. Reaching a sound decision which meets legal, privacy and ethical standards while also meeting your commercial and operational needs may involve consultation and collaboration between a number of stakeholders and professional advisors.
Best practices for AI and data protection
To ensure that your practice demonstrates accountability and compliance with relevant data protection laws and ethical standards we recommend that consideration is given to:
- Defining a clear use case and purpose for processing personal data via an AI tool.
- Complete a data protection impact assessment to document your approach, privacy and ethical considerations and build privacy controls into the process from the start.
- Where possible, minimise the amount of personal data processed to only what is strictly necessary to pursue your intended outcome/result.
- Consider transparency and how you will communicate clearly your AI strategy to patients.
- Audit your use of AI tools to identify any bias or hallucinations or potential security risks.
- Always manage consent in accordance with the requirements of data protection law.
AI has the potential to improve patient care and create efficiencies and cost savings, but it must be deployed responsibly and used in accordance with legal requirements. Thorntons Data Protection Team can assist your practice with the safe introduction of innovative AI tools.
About the author
Morgan O’Neill
Director, Data Protection Services, Thorntons Law LLP
Telephone: 0330 2367008
Email: moneill@thorntons-law.co.uk
Web: thorntons-law.co.uk
Comments are closed here.