How is AI technology impacting the medical records industry, and what do we need to know to protect privacy?

Years after the advent of electronic health records, the modern healthcare industry’s most valuable assets are now its huge repositories of data. The power of this data can be harnessed to train powerful AI tools that can be used to combat disease and bring new drugs to market. As this technology quickly advances, how is the medical records industry keeping up?

Companies in the release of information industry often must help maintain this delicate balance between protecting individuals’ privacy and gatekeeping valuable data to be used for good purposes.

In this article, we will review terminology, current legislation, and a snapshot of what is to come.

What is AI?

For many Americans, the term artificial intelligence (AI) evokes visions of scary sci-fi movies led by villainous robot attacks. A natural amount of fear is associated with technology that seems to have a mind of its own and is able to “learn.” Before getting too frightened, it is important to really understand how AI and machine learning work, as well as how to best evaluate its efficacy, application, and safety prior to passing judgment.

All AI is not created equal. AI is a blanket term that covers a wide variety of applications. Basically, it encompasses programs that have the ability to perform tasks commonly associated with humans – such as learning, reasoning, and using language. AI consumes and analyzes large amounts of data (machine learning), and then draws conclusions from that data. Just like a human would draw from their education and experience data over a lifetime to make decisions. Therefore, the quality of AI output is a direct result of the quality of data it ingests. In general, the larger and more diverse the data set, the better the output is.

Common types of AI that people encounter daily are:

• Virtual assistants. Have you ever asked Alexa or Siri a question? Asked to set a reminder, play a song, or the capital of Pennsylvania? If so, then you have used AI.
• Image recognition. Google Photos automatically categorizes and tags photos according to their content. Facial recognition software also works this way. A couple of practical uses for this technology is to solve crimes and to provide higher security for sensitive locations.
• Self-driving cars. We know they exist, but how many of us trust a self-driving car? The technology used in these vehicles perceives the environment – such as other vehicles, road conditions, and pedestrians – and makes decisions based on that information.
• Medical diagnosis. AI can be used to assist physicians in performing tasks that help inform their diagnoses. Analyzing volumes of medical records, suggesting potential diagnoses, and assessing risks are all ways that AI can enhance physician practice.
• Chatbots. Many companies now use chatbots on their websites for customer service. The chatbots vary in sophistication – from quickly answering common questions to even assessing the emotional state of the customer when deciding how to respond or whether to escalate the call to a human representative.

AI in Healthcare

Many products are already being marketed to healthcare organizations to improve efficiency, reveal new diagnostic insights, and provide earlier detection of patient abnormalities. Some software products are designed to allow clinicians to work more quickly in the EHR. Others are using AI to move claims more quickly and accurately through the coding and billing cycle. The possibilities are huge.

The questions that come up surrounding this technology are around the data harvesting itself, where the data is stored, how it is transmitted, and how secure it is. Electronic health records are very complex, and the same piece of the record that has a billing code may also have sensitive psychosocial indicators. How do developers build in safeguards to the AI, and how much testing is done to ensure safety?

Is AI Safe? Is it Regulated?

Many times when new technology hits the market, regulations occur later as a reactionary response. We saw this happen when EHRs were first implemented, with electronic PHI protections being added to HIPAA after the fact.

With the ever-present concern that medical records are protected as HIPAA intends, AI is the newest threat to that privacy. It is easy to see how AI technology could pose problems that could be devastating to patients and healthcare systems in the quest to access large sets of patient data to train new software tools.

Late in 2023, the White House released its Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence. This document recognizes that as AI capabilities grow, so do the implications for American’s safety and security. The order requires developers to share safety test results and other critical information with the government. It also requires the development of standards, tools, and tests to help ensure AI systems are safe and trustworthy.

The executive order addresses some concerns in healthcare by “Advancing the responsible use of AI in healthcare and the development of affordable and life-saving drugs.” However, beyond the pharmaceutical industry lies a vast landscape of healthcare stakeholders that have valid concerns.

Prior to the US response, the World Health Organization had already issued its humanitarian position on AI, covering 6 guiding principles:

1. Protecting human autonomy. Ensuring that humans remain in control of healthcare systems and medical decision-making and that privacy and confidentiality is protected.
2. Promoting human well-being and safety and the public interest. Developers should satisfy regulatory requirements for safety, accuracy, and efficacy for very well-defined use cases.
3. Ensuring transparency, explainability, and intelligibility. This requires that sufficient information be published or documented before the design or deployment of an AI-based technology.
4. Fostering responsibility and accountability. Maintaining the responsibility of stakeholders to ensure that AI technologies are used under appropriate conditions and by appropriately trained people.
5. Ensuring inclusiveness and equity. AI for healthcare should be designed to encourage the widest possible use and access, and data used should be sufficiently diverse to represent the entire patient population.
6. Promoting AI that is responsive and sustainable. AI should be continuously reassessed to determine whether it responds adequately and appropriately to the expectations and requirements set forth. Environmental consequences should be minimized.

These guiding principles were voiced to guide not only future WHO work, but also to support efforts to ensure that the full potential of AI for healthcare is of benefit to all. Despite this position, few regulations exist to enforce these principles.

To date, there are no “guardrails” that direct AI in directions that protect patient privacy, while protecting sensitive information. There is no doubt that the technology is valuable and can be used in ways that advance medical practice and improve health outcomes. There is also little doubt that bad actors can also use this technology for nefarious purposes – as we have seen with ransomware and other sorts of cyber-attacks. Healthcare data is a huge asset, but it is also a large target.

RecordQuest’s Stance on AI and Patient Privacy

As the industry’s premium release of information (ROI) service, we consider patient privacy one of core missions. We also value our relationships with our many healthcare partners in the industry. So, while we believe adopting new technology may provide great benefits to those partners, we also temper that with a mandate to protect the patient data with which we are entrusted. We are committed to ensuring a compliant, timely, and privacy-focused response to all requests for patient information.

We actively participate in industry organizations like AHIOS to develop thought leadership and advocate for a cautious but intelligent approach to AI. We believe that the best balance can be attained by placing the patient at the center of our efforts when considering modern technologies and their impact. We strive to protect the privacy, security, and dignity of patients while simultaneously advancing the ability of the healthcare industry to embrace new and exciting technological developments.