📖 THEORY | 60 Minutes
Chapter 5: AI Safety, Ethics & Compliance
Navigate data privacy, Vietnam's AI regulations, and responsible AI use in medical device manufacturing.
🎯 Chapter Objectives
- Understand data privacy requirements when using AI tools
- Learn Vietnam's regulatory framework for AI (DTI Law, Decree 13)
- Apply responsible AI principles in medical device manufacturing
- Identify risks and mitigation strategies for AI in regulated environments
🖼️ Visual Summary — Chapter 5 Theory
Use this one-page infographic as the quick visual recap for this theory. Open the full-size version for classroom projection or participant sharing.
View Vietnamese version
5.1 The 5 Golden Rules of AI at MPV
🚫
NEVER input patient data, personal info, or trade secrets into public AI tools
✅
ALWAYS verify AI outputs before using them in official documents or decisions
👁️
ALWAYS maintain human oversight — AI assists, YOU decide
📋
ALWAYS document when AI was used in creating compliance-related content
🔒
ALWAYS use company-approved AI tools with appropriate security settings
5.2 Data Privacy & AI
What You Must NEVER Put Into Public AI Tools
- Personal Information: Employee names, ID numbers, health records, salaries
- Customer Data: Hospital names with contract details, pricing agreements
- Trade Secrets: Proprietary formulations, machine specifications, process parameters
- Financial Data: Unpublished financial results, pricing strategies
- Quality Records: Specific defect data that could identify production issues to competitors
✅ SAFE to Use: Generic templates, public information, anonymized data, general industry knowledge, hypothetical scenarios, and publicly available regulations.
Vietnam's Data Protection Framework
| Regulation | Effective | Key Requirement |
| Decree 13/2023 (PDPD) | July 2023 | Health data classified as "sensitive" — requires explicit consent for processing |
| Law on Data | July 2025 | New rules on "important data" transfers, risk assessments for data processing |
| DTI Law | January 2026 | Risk-based AI classification, mandatory AI output labeling, regulatory sandboxes |
| Draft Medical Data Decree | Expected 2026 | National Medical Database under MOH oversight |
5.3 AI Risks in Medical Device Manufacturing
⚠️
Hallucination Risk
AI may generate plausible but incorrect technical specifications or compliance information
🔓
Data Leakage
Sensitive data entered into AI tools may be used for model training or exposed to unauthorized parties
⚖️
Bias
AI models may reflect biases from training data, affecting supplier evaluations or HR decisions
📜
Compliance Gaps
AI-generated compliance documents may not meet ISO 13485 or regulatory standards without human review
Mitigation Strategy: Every AI output used in compliance, quality, or regulatory contexts must be reviewed and approved by a qualified human before use. Document the review process as part of your quality management system.
5.4 Responsible AI Principles for MPV
🎯
Transparency
Be open about when and how AI is used in your work. Don't hide AI involvement.
⚖️
Fairness
Check AI outputs for bias, especially in HR (recruitment) and procurement (supplier evaluation).
🔒
Privacy
Protect personal data. Use anonymization when possible. Follow Decree 13 requirements.
👤
Accountability
Humans are always responsible for decisions — AI is a tool, not a decision-maker.
📝 Chapter 5 Summary
Key Takeaways:
- Follow the 5 Golden Rules when using AI at MPV
- NEVER input personal, financial, or proprietary data into public AI tools
- Vietnam's DTI Law (January 2026) introduces risk-based AI classification
- Always verify and document AI-generated compliance content
- Human oversight is mandatory — AI assists, you decide