Can AI exist next to Hipaa? How cooperation can solve the conund of technology

By John Murray” Senior director, JUICE.

From the start of the internet to the arrival of electronic health files, health care has traditionally been slow to embrace new technologies and the improvements they can make. One reason is the observed risks related to these technologies. Another are the observed costs for implementing them.

The rise of cloud computing and artificial intelligence presents care providers – traditional such as hospitals and health systems, together with care providers and other entities that meet the definition of the “provider” – presents industry with a similar technical conund. As new players join more conventional providers in reforming the patient care ecosystem, there are opportunities for them to use the cloud, AI and other tools to reinvent business processes in health care, services and patient experience.

But with those upward opportunities, potential new risks and costs, including compliance challenges with hipaa, come a law that is not easy to reconcile with technologies such as AI or Cloud Computing, which were not there when it was announced, nor with the growing diversity of entities that are now defined as patient care providers.

For this growing class of providers, the applications for AI and other intelligent technologies are indeed promising, for things such as predicting certain increased risks for patients, diagnosing problems and recommending treatments. Generative AI (Genai) Copilots Driven by large language models can support decision -making on diagnoses and treatments. Genai also shows a great promise for improving the clinician and clinical productivity. As versatile as it is, AI can also help companies manage their compliance responsibilities – and the data needed to meet them – in several areas of law.

What is more, AI shows potential for connecting the health of the patient with marketing, where, for example, based on an analysis of patient data, AI-driven possibilities recommendations for vitamins, supplements, freely available medicines, etc., etc., etc., etc. To be served when they are online in the store or shopping. This intelligent health -based marketing looks like a promising border for companies that can do well.

Risk and reward

The enormous potential of AI is clearly not lost at care companies. In one 2024 Survey or 100 US Healthcare Execs at the highest level Led by McKinsey, 72% of the respondents said their organizations are already using Genai tools or testing them. Another 17% said they intended to pursue Genai proof of concepts. And now their AI investments started to bear fruit. About 60% of those who have implemented Gen AI solutions see either already a positive ROI or expect that.

This growing embrace of AI and Cloud Computing introduces a completely new series of problems, risks and responsibilities that healthcare providers – and their supervisors – should consider. Insuring privacy and data security of the patient in accordance with Hipaa is perhaps the most urgent of those problems. Because hipaa became the law in 1996, well before Amazon, the Cloud and AI entered the technical mainstream, and well for companies of medical devices, insurers and the Walmarts of the world, provide a form of care directly to patients, its provisions are not equipped to distinguish how compliance is now shared entities and liability. As the definition of “provider” changes, companies can now touch patient data in many more industries.

The increasing use of AI by patient care providers brings new categories of associated entities into the compliance mix. This includes the hyperscalers that organize the cloud-based AI options and suppliers of large language models, the software/technology companies that build and sell these systems, and the system integrators that help providers to implement them. Who is liable for a data breach? Who possesses the risk that is accompanied by protecting patient information in this broader care ecosystem? It is a real legal swamp with few clear answers.

The perception of AI as a non -tested technology (at least in a context in health care) is also part of the risk comparison. For example, how can I tackle potential bias and hallucination risk in large language models? The costs for implementing cloud -based AI and other technical infrastructure and internal resistance to embracing these new technologies also take that comparison into account.

Maximize the potential of technology

A 2023 article in the Harvard Business Review It argues that the implementation of cloud-based AI options in a way that is compliant requires an extensive cooperation between stakeholders throughout the landscape of health care. “Payments, health systems and providers must come to a common concept about when it is appropriate to use an AI application, how it should be used and how potential side effects are identified and limited.”

That is a necessary and valuable business, concludes the author of the article. “Unfortunately, it would be ironic if the American health sector lagged behind in picking the benefits of this transforming new technology.”

The challenge here is a huge: setting up generally accepted practices, norms and guardrails around Cloud Computing and AI, so that regulations can catch up and keep pace with technology and the ethical and safety problems that it evokes, as well as with the changing patient care ecosystem.

The most viable vehicle to do this, at least here in the US, could be to set up a kind of broad stakeholder consortium, perhaps led by the US government (for example the FDA and/or HHS), and including medical colleges/boards, together with covered entities and their business partners under hipaa. The goal: Develop Consensus on how the responsibilities and liabilities in connection with HIPAA are divided and executed in the AI ​​era.

A broader embrace of the cloud and AI within the Ecosystem of Patient Care increases the universe of covered entities and business partners who are likely to touch or at least have a role, directly or indirectly, in the treatment of patient data. This in turn requires the formation of company networks, within which data can flow unobstructed, transparent and safely between relevant entities in the Ecosystem of Patient Care.

So, for example, in the case of cell and gene therapies, a company network would enable the various stakeholders to treat the treatment of a patient, from drawing a blood sample to producing, delivering and administering the actual therapy, to make a safe connection to share information and to analyze the best possible outcome. Every member of the value chain must therefore have the security and data management options to be used to participate in such a network. The same concept would also apply to clinical networks.

Technology such as AI will not stand still as discouraging as some of them. So also not members of the value chain for patient care when laying the required basis – standards, networks, etc. – to fully benefit from intelligent technologies in a way that is compliant, profitable and especially useful for patients.