A0236
Title: Mind the gap: From synthetic data to regulatory confidence in healthcare AI
Authors: Vibeke Binz Vallevik - University of Oslo (Norway) [presenting]
Abstract: The growing use of synthetic data in healthcare AI demands validation strategies that ensure both technical integrity and regulatory compliance. Current validation practices largely emphasize statistical similarity to real data, falling short of the requirements outlined by the EU's MDR, IVDR, and AI Act. Moreover, the GDPR's ambiguous definition of personal data creates uncertainty about the legal status of synthetic health data, complicating its use in development and approval pipelines. At the same time, growing regulatory openness to synthetic data in product development and approval underscores the need for multidimensional validation approaches. The EU-funded SYNTHIA project is addressing this gap by developing a quality assurance framework aligned with EU regulatory principles of risk management, transparency, and clinical relevance. The framework extends beyond conventional metrics to incorporate fairness, privacy, and environmental impact. A case study using membership inference attacks on a synthetic cancer dataset demonstrates practical methods to assess residual privacy risks. In parallel, legal analysis based on fundamental rights helps clarify when synthetic data might still fall under GDPR, guiding developers on compliance. Together, these approaches support a structured path for responsible and lawful integration of synthetic data into healthcare AI.
