artificial intelligence

AI, Healthcare and HIPAA

Alarmist stories about Artificial Intelligence (AI) have sown fear about the future. Doomsday scenarios about computers amassing power or waging war loom large. Unfortunately, these stories overshadow the history and growth of AI and the benefits it has brought. Technology is outpacing laws and policies, but stopping innovation is impossible, so let’s focus on shaping new laws and policies to balance AI’s risks and benefits.

Definition of AI

Artificial intelligence is a broad term that includes a variety of technologies and abilities. Below are definitions from Microsoft and Google – both are included because of their emphasis on data analysis:

  • Microsoft: Artificial Intelligence is the ability of a computer system to deal with ambiguity, by making predictions using previously gathered data, and learning from errors in those predictions in order to generate newer, more accurate predictions about how to behave in the future.
  • Google: Artificial intelligence is a field of science concerned with building computers and machines that can reason, learn, and act in such a way that would normally require human intelligence or that involves data whose scale exceeds what humans can analyze. The ability to analyze vast amounts of data quickly can lead to accelerated breakthroughs in research and development.

AI Benefits in Healthcare

Artificial Intelligence (AI) in healthcare is here. AI has been supporting diagnostics, treatment, and research for years. It also has potential applications for improving patient engagement, administration, and healthcare operations. AI is evolving rapidly and has enormous potential for improving patient outcomes.

For example, today AI enables radiologists to identify tumors at a much earlier stage than they were able to do with the human eye looking at an X-Ray or digital image. Radiology has been used for over one-hundred years, but AI began to assist radiologists thirty years ago in the 90’s. Early detection of cancer is possible today largely because of AI.

An excellent description of AI in healthcare can be found in The Future Healthcare Journal: The Potential for Artificial Intelligence in Healthcare. The article names several related technologies including machine learning, natural language processing, rule-based expert systems, physical robots and robotic process automation. Described this way, it is easy to see current applications in surgery, research, communications and reimbursement processing.

Although AI is embedded in healthcare today, the general public has misgivings. A February 2023 study by the Pew Research Center reveals that 60% of Americans would be uncomfortable with a provider relying on AI in their own health care. It seems likely that survey respondents do not realize that AI is already commonly used in trusted diagnostic settings like cancer screenings.

The U.S. Department of Health and Human Services (HHS) has already stepped forward to embrace the adoption of AI with a strategy statement intended to guide its use with best practices, evaluate risks, provide support to the healthcare sector and shape new policies. HHS has also published a Trustworthy AI Playbook intended to “maintain public trust by ensuring that our solutions are ethical, effective, and secure.”

AI Drawbacks in Healthcare

There are concerns about bias, transparency, and ethics in relation to widespread use of AI in healthcare. An excellent and balanced summary of the downsides of AI can be found in Biomedical Materials and Devices –  Drawbacks of Artificial Intelligence and Their Potential Solutions in the Healthcare Sector.

Like technologies before it, AI relies on human inputs to carry out a task. Mistakes or misinformation can trigger bad outputs.

Moreover, AI’s reliance on individually identifiable health information raises patient privacy and security questions that were unimaginable when the HIPAA Rules were being developed. Whether conducting cancer research, predicting pandemic outbreaks or making reimbursement decisions, a user must employ protected health information (PHI) from individuals.

One popular AI tool is ChatGPT, a language processor that can help write text like letters, memos, essays, and poetry. It’s easy to use and becoming more common since its introduction last Fall. Take care before using it to ensure you have strong cybersecurity protections and you don’t violate the HIPAA Privacy and Security Rules with unauthorized disclosures.

The HIPAA Privacy Rule Puts Patients First

How can we take advantage of all of AI’s potential and still safeguard patient privacy?

The Biomed article noted above takes a positive view and argues that AI has potential to make “healthcare more personalized, predictive, preventative, and interactive” and ultimately will “become a mature and effective tool for the healthcare sector.” Nonetheless, because of the risk to data security and privacy, the article concludes that “maintaining the confidentiality of medical records is crucial.” (italics added for emphasis)

The HIPAA Privacy Rule is the fundamental rule, and a core principle is that uses and disclosures of PHI are not permitted unless authorized by the patient. There are exceptions to the need for authorization though, including for treatment, payment or health care operations; for research under certain conditions; and when required by law. The Privacy Rule also limits uses and disclosures to “the minimum necessary” needed for the task at hand.

You are probably already using or benefiting from AI today, under another name, like newer diagnostics, microsurgery, or prescription fulfillment. There is no need to run from it or fear its worst-case scenarios. Instead, continue to remain vigilant about patient privacy.

Policy-makers and ethicists are looking at AI and finding ways to adapt. The HHS AI Strategy and its Trustworthy AI Playbook will evolve as AI evolves. In the meantime, follow HIPAA and put patients first.

Share This Post

Maggie Hales

Maggie Hales is a lawyer focusing on health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2023 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Use | Privacy Policy | Cookies Policy | Privacy Settings | HTML/XML Sitemap

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
St. Louis, MO 63124

Powered by JEMSU