Can You Train AI on Hospital Data Legally?
Yes — if the data never leaves the hospital.
The legality of training AI on hospital data depends entirely on whether the data moves. If you export patient data to your infrastructure, you trigger a cascade of regulatory requirements: GDPR data transfer rules, HIPAA business associate obligations, NHS DSPT compliance, data protection impact assessments, and institutional data sharing agreements. If you train on the data without moving it — using compute-to-data infrastructure — most of these requirements are either simplified or not triggered at all.
"The legal analysis for AI training on hospital data turns on one question: does the data change custody? If it does, you need a data processing agreement, a data protection impact assessment, and institutional governance sign-off at minimum. If it doesn't — because the AI model trains locally inside the hospital's own infrastructure — the legal framework is fundamentally simpler. You're not exporting data. You're providing a service (compute) to the data controller (the hospital). The hospital retains custody throughout. This is the compute-to-data model, and from a regulatory perspective, it's a different category of legal analysis than data sharing."
Legal pathways compared
Data export + BAA/DPA
Requires: data sharing agreement, BAA or DPA, DPIA, institutional governance approval, data minimisation assessment, purpose limitation justification, data retention and destruction policy, international transfer safeguards (if applicable). Timeline: 6-18 months.
Compute-to-data (Rapha Protocol)
Requires: institutional governance approval to run compute, data controller retains custody throughout, OPA policy configuration for access controls. Data never changes hands. GDPR data minimisation and purpose limitation principles satisfied by design. No international transfer triggered. Timeline: institutional governance review.
Key regulatory principles satisfied by compute-to-data
- Data minimisation (GDPR Art 5(1)(c)): Only trained model weights leave — the minimum possible output consistent with the purpose of AI training.
- Purpose limitation (GDPR Art 5(1)(b)): Data is processed for AI training within the data controller's environment. No repurposing for unrelated processing.
- Storage limitation (GDPR Art 5(1)(e)): Training data is not stored outside the data controller's environment. No copies created beyond the edge appliance's transient training workspace.
- Integrity and confidentiality (GDPR Art 5(1)(f)): SGX/TDX enclave provides hardware-enforced protection against unauthorised processing. TPM 2.0 provides platform integrity verification.
This page provides informational analysis, not legal advice. Consult qualified healthcare regulatory counsel for your specific jurisdiction and use case.