Use of AI in general practice

David Hui; Harriet Akre; Vera Goebel; Thomas Plagemann; Lars Andre Strøm Arnesen

doi:10.4045/tidsskr.25.0432

Perspectives

Use of AI in general practice

Norwegian

David Hui, Harriet Akre, Vera Goebel, Thomas Plagemann, Lars Andre Strøm Arnesen

See All Articles

David Hui

david.hui@medisin.uio.no

David Hui, specialty registrar in general surgery at Oslo University Hospital, Rikshospitalet, and clinical doctoral research fellow at the University of Oslo

The author has completed the ICMJE form and declares no conflicts of interest.

See All Articles

Harriet Akre

Harriet Akre, professor emerita of medicine at the University of Oslo

The author has completed the ICMJE form and declares no conflicts of interest.

See All Articles

Vera Goebel

Vera Goebel, professor of informatics at the Department of Informatics, University of Oslo

The author has completed the ICMJE form and declares the following conflict of interest: she has received funding from the Research Council of Norway for the Respire (Responsible Explainable Machine Learning for Sleep-related Respiratory Disorders) project.

See All Articles

Thomas Plagemann

Thomas Plagemann, professor of informatics at the Department of Informatics, University of Oslo

The author has completed the ICMJE form and declares the following conflict of interest: he has received funding from the Research Council of Norway for the Respire (Responsible Explainable Machine Learning for Sleep-related Respiratory Disorders) project.

See All Articles

Lars Andre Strøm Arnesen

Lars Andre Strøm Arnesen, lawyer and doctoral research fellow at the Department of Private Law, University of Oslo

The author has completed the ICMJE form and declares the following conflict of interest: he has received funding from the Research Council of Norway for the Respire (Responsible Explainable Machine Learning for Sleep-related Respiratory Disorders) project.

Article

Artificial intelligence has been adopted by the health and care sector, but there is widespread uncertainty about what is allowed. We aim to clarify when use of AI is permitted in general practice.

The Norwegian Directorate of Health has published a good, though rather lengthy guide on the use of artificial intelligence (AI) in the health sector (1). At events on medical AI, we are often asked whether general practitioners (GPs) are allowed to use AI. There seems to be a perception that AI can only be used by hospital specialists or in connection with research. However, GPs report using language models such as ChatGPT to find medical information or write patient records.

How is medical AI regulated?

The use of medical AI is regulated, partly through the rules governing medical devices and the General Data Protection Regulation (GDPR) (2–4). In addition, the EU's AI Regulation imposes supplementary requirements on AI systems classified as 'high risk,' including medical AI. The regulation will apply in the EU from August 2026 (5) and will be incorporated into Norwegian law through the EEA Agreement, likely coming into effect at the same time (6).

The AI Regulation provides the first legal definition of AI

The AI Regulation provides the first legal definition of AI. According to Article 3 of the Regulation (1), AI systems are designed to operate with 'varying levels of autonomy', meaning they have some degree of independence from human involvement and can operate without human intervention (5). In addition to pre-programmed AI-based expert systems, AI can be developed through machine learning, where the system identifies patterns in the data and generates responses autonomously, either through supervised or unsupervised learning. Supervised learning entails learning from data that are annotated by humans. Some systems can 'learn' from data without human supervision, which involves independently performing a vast number of operations to identify similarities, differences and relationships between data points (7).

Medical AI falls under the definition of 'medical devices', which encompasses equipment used for diagnosis, prevention, monitoring, prediction, prognosis, treatment and alleviation of symptoms (3). Manufacturers are responsible for defining the device's intended purpose and clinically validating it accordingly. Medical AI must bear the CE marking, indicating compliance with EU medical device regulations, and will also need to be CE-marked as an approved AI system once the AI Regulation takes effect (5). The EU is establishing a dedicated medical device database, the European Database on Medical Devices (EUDAMED), which will include medical AI (8).

ChatGPT, DeepSeek and other generative language models are not classified as medical AI, even if a doctor uses them in clinical practice

AI systems that are not intended by the manufacturer for medical purposes are not considered medical AI. For example, ChatGPT, DeepSeek and other generative language models are not classified as medical AI, even if a doctor uses them in clinical practice. Using ChatGPT for medical purposes can therefore be considered irresponsible and in violation of Section 4 of the Norwegian Health Personnel Act. It may also breach the GDPR (2). GPs who wish to use language models to assist them should instead choose a CE-marked medical AI system.

What requirements apply?

The Norwegian Medical Devices Act is aimed at manufacturers and does not impose requirements on healthcare personnel, users or patients. For professional users of medical devices, regulation is currently limited to the Regulation on the Use of Medical Devices (9), which requires devices to be used and maintained in accordance with the manufacturer's instructions. This framework will change with the introduction of the AI Regulation.

The AI Regulation introduces a range of new requirements for healthcare personnel as professional users of medical AI. These are organisational requirements that will apply to hospitals, GPs and other healthcare providers seeking to introduce AI systems.

The new requirements include ensuring adequate AI competence and human oversight of the AI system. Each organisation must appoint someone with the necessary competence, training and support to be responsible for such oversight. Persons to whom human oversight is assigned must be capable of 'detecting and addressing anomalies, dysfunctions and unexpected performance', as stipulated in Article 14(4). They must also be able to correctly interpret the AI system's output and to disregard, override or reverse the output, or intervene in or stop the operation of the AI system if necessary. The requirement for human oversight is one of the reasons why the use of generative AI systems, such as ChatGPT, may be considered unsafe. Ensuring adequate oversight would be particularly challenging for systems that are not developed for medical purposes.

The requirement for human oversight is one of the reasons why the use of generative AI systems, such as ChatGPT, may be considered unsafe

In addition to human oversight, organisations are required to 'take appropriate technical and organisational measures to ensure they use such systems in accordance with the instructions for use', as stipulated in Article 26 of the AI Regulation. Supplementary requirements relating to human oversight include monitoring, alerting, logging and reviewing the data used to train the AI model.

Who is responsible for human oversight?

Medical AI comprises a diverse range of systems, each with their own requirements for user competence. Adequate human oversight of these systems requires sufficient medical insight into the relevant field (10).

Article 26 of the AI Regulation requires organisations to implement human oversight and take other 'appropriate technical and organisational measures'. Meeting these requirements may pose particular challenges for smaller organisations, such as GP practices.

Doctors are not required to personally conduct oversight, nor must it be carried out by staff employed within the organisation

Human oversight is a mandatory requirement under the AI Regulation, but it can be carried out in different ways. Doctors are not required to personally conduct oversight, nor must it be carried out by staff employed within the organisation. The nature and extent of oversight depend on the type of AI system involved. For instance, a GP practice could contract an external provider with sufficient expertise to perform human oversight. The regulation is flexible, and it is therefore also possible for the manufacturer to assume a substantial portion of the oversight responsibility. For conventional medical devices, the manufacturer is responsible for monitoring the device during use (3, 4) in order to detect errors and deviations, while the user is only responsible for following the manufacturer's instructions. The degree of oversight required for medical AI will therefore depend on the stipulations in the instructions, in other words, largely reflecting the same requirements that already apply to conventional medical devices.

Conclusion

The forthcoming AI Regulation will include new requirements for organisations seeking to use medical AI. These may seem daunting for small organisations, such as GP practices, particularly the requirement for human oversight of AI systems. However, primary responsibility rests with the manufacturer. As with other medical devices, doctors are responsible for familiarising themselves with the manufacturer's instructions to understand the system's performance limitations and usage restrictions. Human oversight can be carried out in various ways by the manufacturer, and the new requirement does not necessarily require every GP to be an AI expert.

Doctors do, however, need to comply with the GDPR and the Health and Personal Data Act, and protect the patient's rights to information and involvement under Sections 3 - 1 and 3 - 2 of the Patient and User Rights Act. Patients have the right to receive information about their care and should be informed when medical AI is integrated into the treatment pathway.

References

1.
Helsedirektoratet. Rapport om kvalitetssikring: Bruk av kunstig intelligens i helse- og omsorgstjenesten. 2025. https://www.helsedirektoratet.no/rapporter/rapport-om-kvalitetssikring-bruk-av-kunstig-intelligens-i-helse-og-omsorgstjenesten Accessed 23.9.2025.
2.
Justis- og beredskapsdepartementet. Lov om behandling av personopplysninger (personopplysningsloven). EUROPAPARLAMENTS- OG RÅDSFORORDNING (EU) 2016/679 av 27 april 2016 om vern av fysiske personer i forbindelse med behandling av personopplysninger og om fri utveksling av slike opplysninger samt om oppheving av direktiv 95/46/EF (generell personvernforordning) [PVF, GDPR]. https://lovdata.no/dokument/NL/lov/2018-06-15-38/KAPITTEL_gdpr#KAPITTEL_gdpr Accessed 23.9.2025.
3.
§. Helse- og omsorgsdepartementet. Lov om medisinsk utstyr. § 1.Gjennomføring av forordningene om medisinsk utstyr. Forordning (EU) 2017/745 av 5 april 2017 om medisinsk utstyr. https://lovdata.no/lov/2020-05-07-37/§1 Accessed 23.9.2025.
4.
Helse- og omsorgsdepartementet. Lov om medisinsk utstyr. § 1.Gjennomføring av forordningene om medisinsk utstyr. Forordning (EU) 2017/746 av 5 april 2017 om in vitro medisinsk utstyr. https://lovdata.no/lov/2020-05-07-37/§1 Accessed 23.9.2025.
5.
Regjeringen. EUROPAPARLAMENTS- OG RÅDSFORORDNING (EU) 2024/1689 av 13. juni 2024 om fastsettelse av harmoniserte regler for kunstig intelligens og om endring av forordning (EF) nr. 300/2008, (EU) nr. 167/2013, (EU) nr. 168/2013, (EU) 2018/858, (EU) 2018/1139 og (EU) 2019/2144 og direktiv 2014/90/EU, (EU) 2016/797 og (EU) 2020/1828 (forordningen om kunstig intelligens). https://www.regjeringen.no/contentassets/e823dc21809c43f2b4ba9ff1e389e245/ki-forordningen-eu-2024.1689-uoffisiell-norsk-131037.pdf Accessed 23.9.2025.
6.
Regjeringen. Høring – utkast til ny lov om kunstig intelligens – gjennomføring av EUs forordning om kunstig intelligens i norsk rett. https://www.regjeringen.no/no/dokumenter/3112327/id3112327/?expand=horingsnotater Accessed 23.9.2025.
7.
Cabitza F, Campagner A, Malgieri G et al. Quod erat demonstrandum? - Towards a typology of the concept of explanation for the design of explainable AI. Expert Syst Appl 2023; 213. doi: 10.1016/j.eswa.2022.118888. [CrossRef]
8.
European Commission. EUDAMED database. https://ec.europa.eu/tools/eudamed/#/screen/home Accessed 23.9.2025.
9.
Helse- og omsorgsdepartementet, Justis- og beredskapsdepartementet. FOR-2013-11-29-1373 Forskrift om håndtering av medisinsk utstyr. https://lovdata.no/dokument/SF/forskrift/2013-11-29-1373 Accessed 23.9.2025.
10.
López MQ, Plagemann T, Goebel V et al. Requirements Analysis for Responsible Explainable AI for Pediatric Sleep Apnea Diagnosis. 2024 IEEE International Conference on Smart Computing (SMARTCOMP). https://ieeexplore.ieee.org/document/10595654/ Accessed 29.1.2025.

Comments ( 2 )

Dette kommentarfeltet modereres, men kommentarer blir ikke redaksjonelt behandlet ut over å sikre at de følger retningslinjer for vårt kommentarfelt.

07.11.2025:

Takk til forfatterne for deres bidrag til debatten rundt bruk av kunstig intelligens innen medisin. Jeg mener at det er svært nyttig at flest mulig deltar for at vi kan få en nyansert debatt. Jeg kunne samtidig ønske at man tar med en allmennmedisiner når man velger å skrive om forholdene på fastlegekontoret.

Angående KI-journalføring (AI scribes som de kaldes i engelsk litteratur) og CE-merking har jeg en tro på at Direktoratet for medisinske produkter etter hvert vil kreve CE-merking jf. klasse IIa. Dette er dog ikke helt avklart ennå. Der er noen som argumenterer mot at KI-journalskrivere skal klassifiseres som medisinsk utstyr (1). Mine juridiske kunnskaper er ikke tilstrekkelig til å kunne anfekte dette. Min kliniske og teknologiske forståelse sier meg at det vil være naturlig med strammere og klarere regler enn vi har i dag (2).

Litteratur:
1. Brodshaug J, Morla LK. Forsvarlig bruk av kunstig intelligens i pasientjournaler – løfter og hallusinasjoner. Lov & Data 2025; 163(3). https://lod.lovdata.no/article/2025/09/Forsvarlig%20bruk%20av%20kunstig… Lest 7.11.2025.
2. Nassehi D. Skepsis som ressurs: Kunstig intelligens mellom trygghet og teknologisk determinisme. Dagens medisin 26.9.2025. https://www.dagensmedisin.no/e-helse-kunstig-intelligens/skepsis-som-ressurs-kunstig-intelligens-mellom-trygghet-og-teknologisk-determinisme/707496 Lest 26.9.2025.

12.11.2025:

Diskusjon av medisinsk KI er viktig. Forfatterne opplyser godt om regelverket. Jeg mener imidlertid at dagens store språkmodeller har alvorlig mangler som er underkommunisert. KI gir treffsikre diagnoser i viktige spesialiteter som radiologi. Det skyldes at en tekst og en diagnose korresponderer med bildene som omhandler samme problem. Data fra radiologiske elektroniske pasient journaler (EPJ) er godt egnet for trening av nevrale nettverk.

Problemorienterte EPJ er også egne til å trene nevrale nettverk og diagnosene er treffsikre (1). Det skyldes at en diagnose er knyttet til journaltekst som beskriver problemet. Slike EPJ er også en kilde til kunnskap om medisinske problemer (2). I kronologiske EPJ kan hver tekst omhandle mange problemer og være knyttet til mange problemer. Slike journaler er mindre egnet (uegnet?) for å trene nevrale nettverk (3). Diagnostikk med slike nettverk er utilfredsstillende, og nettverkene kan ikke forklare diagnosene.

KI historien er om lag 75 år gammel. Fra starten bygget man diagnostiske systemer på modeller som kan forklare hvordan diagnosene fremkommer. Jeg mener at en generell modell vil danne grunnlag for neste generasjon medisinsk KI (4, 5).

Litteratur:
1. Bassøe C-F. Automated diagnoses from clinical narratives: A medical system based on computerized medical records, natural language processing and neural network technology. Neural Networks 1995; 82: 313-319. doi.org/10.1016/0893-6080(94)00076-X.
2. Rasmussen JE, Bassøe C-F. Semantic analysis of medical records. Methods Inf Med. 1993; 32: 66-72.
3. Bassøe C-F. Automatisk analyse av journaltekst. Tidsskr Nor Laegeforen 1994: 30;114: 1974-6.
4. Bassøe C-F. Combinatorial clinical decision-making. Doktoravhandling. Bergen: Institutt for informasjons- og medievitenskap, University of Bergen, 2007.
5. Bassøe C-F. A universal diagnosis syntax. BMC Med Inform Decis Mak 2023; 23: 143. doi.org/10.1186/s12911-023-02209-0.

Skriv Kommentar

Published: 3 November 2025

Tidsskr Nor Legeforen 3 November 2025 Vol. 145.

doi:

10.4045/tidsskr.25.0432

Received 2.7.2025, first revision submitted 30.8.2025, accepted 23.9.2025.

Published: 3 November 2025

Tidsskr Nor Legeforen 2025 Vol. 145.

doi: 10.4045/tidsskr.25.0432

Received 2.7.2025, first revision submitted 30.8.2025, accepted 23.9.2025.

PDF

Print

Reply to article

Use of AI in general practice

How is medical AI regulated?

What requirements apply?

Who is responsible for human oversight?

Conclusion

Angående KI-journalføring

Neste generasjon medisinsk KI

Recent Articles