AI and data privacy in healthcare – Less risk, more support

smart health wearable device

Though usually associated with more privacy risk, artificial intelligence (AI) can improve patient privacy, and here’s why!

As there is more individual information available, protecting patient privacy rises as a serious concern. Meanwhile, the recent expansion of employing AI in the industry has sparked controversy over privacy risks. However, from another perspective, the technology may help to enhance cybersecurity.

Data privacy in healthcare – Why so complicated?

The sensitive nature of patient data makes privacy a critical task. The information generated and collected in the healthcare industry comes in so many forms. The gathered data includes: 

  • medical records
  • insurance claims
  • physician notes
  • wearables and other mobile monitoring devices
  • conversations about health on social media

Because it is closely related to each individual, protected health information (PHI) is recognized among patients’ most sensitive data and simultaneously among the desired targets for cyber-criminals.

As a result, it came as no surprise that in 2019, the healthcare sector was subjected to cyber attacks the most, with 382 data breaches, costing businesses and organizations over $2.5 billion. Compared to the 164 incidents and $633 million worth of damage in 2018, it was indeed a huge jump.

healthcare data privacy
Figure 1: Why is privacy and security of PHI an issue? (Source: Deloitte)

More AI medical applications means more concern for both providers and clients

AI is rapidly taking over more roles in healthcare, from automatically performing drudgery and routine tasks to managing patients and medical resources. However, the technology functions based on large volumes of data. The more data collected, the better the experience.

The increasing need for data creates problems for both service providers and consumers. For the providers, they need to balance the utility of data with compliance with privacy regulations.

Moreover, increased data collection means larger data pools and poses more risk if breaches occur. Meanwhile, consumers have the right to reject tracking. Their fear of their sensitive information being extracted or sold against their will is justified.

Surprise! AI can be our ally

The above arguments are indeed valid. However, according to Matt Fisher – former chair of Mirick O’Connell’s Health Law Group, AI can be a part of the solution for protecting patient privacy.

Compliance monitoring is one such application of AI, which is currently in practice. To comply with privacy regulations such as the General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA), the organization’s information systems must be audited and monitored.

The goal is to determine any inappropriate access, data leakage, and other malfunctions. When data systems continue to become larger, manually reviewing them is no longer effective, considering how time-consuming it is. AI systems can refine and monitor the enormous volume of data while minimizing errors in the process.

For example, experts have developed an AI-supported, near real-time monitoring system that can report unauthorized access to a patient’s medical record.

The system can identify the relationship between the patient and the employee trying to access, based on the hospital’s data, forming an explanation-based auditing process. As a result, it can filter out reasonable attempts and only alert security staff about truly suspicious ones.  

medicine reminder

Another area of consideration is AI’s ability to facilitate a better overall security posture. Security, meaning protecting data, is key to ensuring privacy. AI’s ability to run an array of analyses and make highly educated decisions can be helpful in this regard. 

It will provide layering protections and help build a flexible background capable of keeping pace with cyber-criminals, who continue to perfect their attack vector.

To illustrate, AI can support a self-configuring network. The technology can detect any vulnerability and perform response actions, such as self-patching. Therefore, it paves the way for greater network resilience, together with more effective protection against cyber threats.

In short, AI has introduced drastic and positive changes to the healthcare industry. The technology facilitates the delivery of improved services to consumers and the automation of mundane tasks to providers.

However, it has also raised concerns regarding privacy protection. Though such arguments are not unfounded, there are strong reasons to believe that AI can be on our side against cyber-crimes.