AI and Healthcare Privacy Laws: Are We Prepared for the Future?
We have seen artificial intelligence (AI) in healthcare go up quickly, and we have tremendous opportunities and huge challenges, particularly driven by patient privacy. As AI systems are integrated into healthcare, they give rise to crucial privacy concerns with AI in healthcare that current privacy laws were not designed to tackle.
While regulations move slowly, there are still large gaps between the protection afforded to patient data in a burgeoning AI-driven health environment. Today, we will explore current laws regarding privacy laws, how they adapt (again, or how well they adapt) to AI, and whether they’ll be adequate in the future.
The Rise of AI and the Limitations of HIPAA
(HIPAA) governs healthcare privacy in the United States. However, it is very dated, considering that it was devised in 1996 when there was no AI. The AI is, therefore, too sophisticated for HIPAA rules, so it may not sufficiently address the complexities and risks of working with it.
For example, HIPAA only covers certain health data; however, with the capacity to peruse large amounts of information far exceeding the scope of present laws, it also covers non-health data, such as social media or wearable gadget information, simultaneously.
The same may also be said of healthcare, where the Food, Drug, and Cosmetic Act (FDCA) and the Common Rule apply in some respects, both lacking the ‘processing of’ in those aspects.
See also: How Health Sharing Plans Can Help Small Businesses Save on Healthcare Costs
AI’s Growing Data Requirements and Privacy Risks
Another of AI’s biggest challenges to healthcare privacy is that AI simply needs to process too much data to work well. The amount of data needed by AI systems is huge, so there are questions about how that data is collected, stored, and made secure.
The problem is not with having more data but with the lack of new data among healthcare organizations not used to dealing with it: just how many new ways can data be breached if data practices are outdated or inadequate?
Further, data collected initially for some purpose may be reused for developing artificial intelligence products without the patient’s informed consent. Patients whose personal information is used in secondary data use might not be aware of how it was used. As a result, they face new privacy risks when using secondary data.
Re-identification and Lack of Transparency
Another new risk around AI is reidentification, where supposedly anonymized data can be stitched back together, and people’s identities can be identified. The problem is that AI is good at finding patterns in large datasets.
The more about a person is known, the more likely it is to uniquely reidentify them. Second, AI systems are black boxes even to their own developers. So, the end result is a lack of transparency on how and why AI utilizes patient and health care provider data and makes decisions.
The Need for Updated Privacy Laws
The solution to these problems requires expanding and modernizing privacy laws. To achieve any semblance of trust, regulations should also extend their scope beyond the mandates of health data as a source of data and share more transparency of AI algorithms to enable the patient and provider to understand how an AI is performed.
Dynamic consent also allows patients to ‘consent’ to data use at any time frame. This benefits the current consent model, which may not satisfy AI, where complex data use necessitates a different consent approach.
Conclusion
The change in regulatory environments often lags far behind the speed with which AI evolves. Although the FDA is doing everything possible to create guidelines specific to AI, there’s still a long way to go. Healthcare privacy laws must evolve based on the rapidly evolving advances in AI so that patient data remains private.
Unfortunately, if these laws remain out of date and cannot be proactively updated, patient trust will erode, and these concerns will be categorically detrimental to the ethical uses of AI across the healthcare spectrum. The future of AI in healthcare is how privacy laws can indeed keep up with technological advancements and shield patient rights.