Artificial intelligence (AI) has changed the way almost every global industry operates, from customer service to logistics to even artistic endeavors, though healthcare is one industry that has arguably been the most radically transformed with the help of AI. Machine learning has been applied in diagnosis, medication development, data analysis, and patient care approaches — but with innovative technology like AI, there may be concerns about HIPAA compliance and the protection of private healthcare data.
“AI heightens the risk of data exposure in applications, as the technology is new and development and hardening techniques are not yet perfected,” says Lancer Seaman, Executive Partner of IT Systems & Enterprise Analytics at SCALE Healthcare. Although the protection of healthcare data in the age of increased AI usage is not yet perfected, there are still ways to keep patient data as secure as possible.
Increased risks with AI use
Before diving into how to best protect patient data in the age of AI, one must be aware of what risks are currently (and may later be) present with AI use in healthcare. “AI poses risks to healthcare data in a variety of areas,” Seaman says, “but generally speaking, these areas include vulnerability attacks using AI and systems integrated with AI-based solutions.”
As Seaman explains, patient records and data sets are particularly vulnerable to hacker attacks. One of the major issues with the rise in AI use is complacency. AI is becoming so advanced that people may even mistake artificial intelligence for human intelligence, thus allowing their private data to be accessed unknowingly.
There is also a noted risk of distorted outcomes of imperfect algorithms. Although AI is becoming very intuitive, it is still unable to truly replicate human intelligence or conversational nuances. This, in turn, can create some errors in machine learning, leading to data sets that are not as predictive as they should be.
Protecting patient data
Thankfully, there are several best practice approaches for protecting patients and organizations, while still taking advantage of everything AI technology has to offer. “The best approaches for protecting against AI-based intrusions are no different than what the security community has recommended for common vulnerabilities,” says Seaman. “The steps for healthcare organizations must be proactive, and there must be processes in place to address the very real vulnerabilities that AI can bring about.”
According to Seaman, maintaining patients’ data security requires regular analysis and patches of healthcare organizations’ systems and applications, as well as encryption of data at rest and in motion. With encryption, text data is converted into a format that is unreadable by cybercriminals and hackers, meaning that even if hackers manage to gain access to data, proper encryption will keep the data safe. Organizations should also employ multiple layers of authentication security, such as MFA (multi-factor authentication), security tokens, routine password changes, and the use of strong passphrases.
“Healthcare organizations must also be prepared with a strong response strategy,” Seaman adds. Such strategies can include the performance of tabletop exercises, secure offline backups of data sets and vulnerable patient information, and robust disaster recovery plans.
Additionally, organizations should also focus on end-user awareness training. With the rise of AI use, training modules within organizations will likely need to pivot to include AI-specific training.
Lastly, healthcare organizations must perform regular vulnerability scans and intrusion tests, rather than simply assume that patients’ data is automatically secure as a result of all their checks and balances. As Seaman mentions, the rise of AI use will require these organizations to be ahead of the game with every step, utilizing a layered security model that begins with the user and extends through the endpoints to the edge of their networks.
Employee training and awareness
Innovations and advancements in AI technology are already moving at warp speed, and it may seem a herculean effort to keep healthcare organization employees abreast of all changes and necessary security measures. Once something is put into place, the technology shifts, and new measures need to be implemented — such is the nature of today’s technological landscape.
“The growing reliance on AI technology to find hidden meanings in data opens organizations to potential risks of data loss,” says Seaman. “The healthcare industry must be proactive and diligent by working collaboratively across organizations to identify data and how it is being used and made available. The risk from intrusion by AI bots is increasing with their ability to seek specific vulnerabilities, identify patterns and trends, and exploit these gaps in data security.”
Moreover, Seaman mentions that comprehensive employee training in security is imperative to protecting patients’ data. Healthcare teams should be aware of the potential threats and the ongoing, shifting efforts to guard against those threats. Organizations should conduct regular training on password management, identifying phishing and hacking attempts, and awareness of how technology is changing healthcare.
AI can be a useful tool in a healthcare industry that is increasingly complex and tech-reliant. The more patients learn about how AI can improve access and outcomes, the more the demand for AI-influenced healthcare will grow.
Healthcare organizations need to prioritize safety and security and prepare themselves for this new technological age to best serve their patients and earn their trust.
— Lancer Seaman is the Executive Partner, IT Systems & Enterprise Analytics for SCALE Healthcare. His background includes over 30 years as a healthcare-focused Chief Information Officer with experience across practices, MSOs, hospitals, and healthcare IT companies. His experience has leveraged advanced disruptive technology solutions to assist healthcare organizations in overcoming seemingly insurmountable challenges, including building and running scaled IT departments; partnering with executive leads to develop IT strategies that advance key corporate and department objectives; managing IT/cyber security programs; and developing and implementing advanced enterprise analytics strategies across clinical, operational, revenue cycle and payer contracting functional domains.