Avoiding the AI Minefield: Privacy Implications for the Use of AI and Emerging Technologies in Healthcare

Abstract

Purpose: This paper aims to discuss privacy legal issues related to the utilization of emerging artificial intelligence (AI) technologies in healthcare. It will introduce recent developments in AI, briefly examine how it can further the triple aim of medicine, and discuss legal challenges related to its implementation. Finally, we will review suggestions for a statutory solution and offer practical steps healthcare providers might take to mitigate their liability until privacy law catches up with technological development. Method: Research was conducted primarily through legal and scientific databases such as LexisNexis, Westlaw and PubMed. Literature review and legal analysis show existing statutes and policies related to privacy to be outdated because of the pace of technological advancement, demonstrated by feasibility studies in which AI reidentifies individuals using anonymized data. Results: The United States healthcare system struggles to adequately achieve the triple aims of medicine while also mitigating physician burnout and moral injury. Additionally, rising healthcare costs with suboptimal health outcomes have effected the current healthcare crisis. To combat this, providers are seeking innovative ways to incorporate emerging technologies to improve outcomes and mitigate physician workload. AI can improve patient care, lower costs, and improve the work life of medical providers, but its use is accompanied by a legal morass. We discuss how big data and machine learning have yielded impressive tools being applied to fields such as dermatology, where AI can classify skin cancers with accuracy comparable to dermatologists, and emergency medicine in predicting in-hospital mortality for patients with sepsis. However, AI technology also raises legal questions related to privacy, standards of care, and malpractice. Multiple studies have demonstrated that anonymized patient accounts can be reidentified using machine learning algorithms and auxiliary data, readily available through data brokers and social media accounts. Additionally, a trend in application (App) development allows developers to collect information through the microphone of a smart-device. This can be done knowingly, such as through “Okay Google,” or unknowingly, through apps with similar triggers that collect data while running in the background. This practice led to a Federal Trade Commission warning to App developers using ‘Silverpush’ code in 2016. However, it continues, bringing personalized advertisements to users through predictive modeling. We will discuss how this technology could lead to a breach in protected patient information and provide the necessary link to deanonymize protected health information using machine learning. Such a breach could subject providers to civil and criminal penalties under HIPAA and 42 C.F.R. Part 2. Conclusion: This paper proposes that the implementation of AI in medicine should be encouraged but that healthcare providers should exercise caution when utilizing it – both as a tool in the workplace, and on any personal device carried while seeing a patient.

Ähnliche Arbeiten