The Health Insurance Portability and Accountability Act (otherwise known as HIPAA) is one of the most widely used pieces of legislation in U.S. healthcare, setting the legal standards protecting patient privacy from being disclosed. This principle protecting the right to medical privacy isn’t just seen in the U.S. either—the European Union has the General Data Protection Regulation (GDPR), Canada has the Personal Information Protection and Electronic Documents Act (PIPEDA), and these are only a few of the policies safeguarding health information across the world. But with the growing popularity of artificial intelligence in both our daily lives and healthcare industries, some have raised concerns about what this means for securing patient privacy.
In the dawning age of artificial intelligence, its use in healthcare has begun to show potential. Using AI to help interpret test results, guide decisions, and assist in administrative tasks may all help reduce human error, streamline tasks, and save on costs. However, this isn’t without its risks.
For one, artificial intelligence has had its history with data breaches. For instance, in 2022, American wireless network operator T-Mobile experienced one such breach after an attack, resulting in the exposure of millions of customers’ names, contacts, and PINs. Attackers can potentially do the same with healthcare data by looking for weaknesses in AI systems or using AI tools (such as unauthorized “shadow AI”) to deceive.
In the case of HIPAA specifically, the US Department of Health and Human Services released the Trustworthy AI (TAI) Playbook (2021). Though focused on the US, the Playbook outlines four considerations when it comes to privacy that can apply to AI healthcare systems in general. This includes data sensitivity, which is whether the data collected can be personally identifiable; individual privacy rights, which is whether patients are aware of how their data is being used and if they agree to it; legal requirements, which is whether AI tools align with existing privacy laws; and data sharing, which is whether scientific progress is worth the cost of risking privacy. The use of AI calls all of these issues into question.
All this isn’t to say that AI should not be used in healthcare—rather, it is important to consider the inherent risks that come with using any tool. If AI continues to be involved in patient data in the future, it is crucial that the privacy risks that come with it are thoroughly assessed in order to prevent them from coming to fruition.
Leave a Reply