Artificial Intelligence (AI) is rapidly transforming various areas of the healthcare sector through data-powered applications that can improve diagnostic capabilities, patient care, administrative efficiency, and more.

This quick guide outlines the impact of AI on the industry, including benefits and drawbacks, ethical implications, and security challenges. You’ll also learn about HITRUST’s approach to safe and sustainable use of AI, and how the HITRUST Common Security Framework (CSF) can help your organization mitigate security risks and navigate the regulatory environment.

The Transformative Power of AI in Healthcare

AI's application in healthcare spans various technologies that enable machines to undertake tasks traditionally within the realm of human intelligence. These include performing advanced data analytics, problem-solving, learning, decision-making, and providing recommendations to healthcare providers and patients.

It’s important to note that AI-powered systems don’t actually “think” in the traditional sense. Instead, they provide information and solve problems by using algorithms that analyze vast amounts of data to find patterns and make connections.

How Algorithms Work in Healthcare Applications

Software developers are integrating algorithms into numerous healthcare applications to improve patient care, support surgical procedures, streamline administrative processes, and more.

Some areas of healthcare currently using algorithms include

• Medical Imaging: Image analysis algorithms are employed in radiology software to interpret X-rays, CT scans, MRIs, and other medical images. In collaboration with healthcare professionals, these algorithms can help identify abnormalities, tumors, fractures, and other medical conditions.
• Disease Diagnosis: Algorithms are being rapidly integrated into applications that analyze clinical data, medical history, and symptoms to help in early disease detection and diagnosis.
• Drug Discovery: Researchers use software leveraging algorithms to simulate molecular interactions, identify potential drug candidates, and predict their effectiveness. Organizations also use AI to streamline clinical trials and reduce the time required to bring new treatments to market.
• Genomic Analysis: Genetic algorithms can analyze a patient's DNA to identify disease risks and recommend personalized treatment plans.
• Predictive Analytics: Predictive algorithms analyze real-time and historical data to forecast disease outbreaks, health-related resource requirements, and potential patient readmissions.
• Electronic Health Records (EHRs): Algorithms can extract, summarize, and categorize information for EHRs, making it easier for healthcare providers to assess patients and provide treatment recommendations.
• Remote Patient Monitoring: Algorithms collect and process health data from wearable devices and sensors to monitor patients and alert healthcare providers of any concerning changes.
• Administrative Workflows and Telemedicine: Software employing algorithms can streamline administrative workflows and automate some tasks for telemedicine platforms, such as virtual consultations, appointment scheduling, and preliminary assessments.
• Surgical Assistance: Robots guided by AI algorithms can assist surgeons by improving precision, reducing invasiveness, and minimizing patient risk.

Algorithms are the cornerstone of AI functionality and are fundamental to the future of AI in healthcare . As technology advances, their role in various healthcare sectors will likely expand.

Additional Components of AI Systems in Healthcare

In addition to algorithms, various other components comprise AI systems in healthcare, including

• Machine Learning (ML): A subset of AI that uses algorithms and models to “learn” from data.
• Neural Networks: Computational models inspired by the structure and function of the human brain, consisting primarily of layers of interconnected nodes. Neural networks are typically used in image analysis and speech recognition applications.
• Deep Learning: A subset of machine learning that focuses on multiple layers of neural networks.
• Natural Language Processing (NLP): A branch of AI that focuses on enabling machines to understand, interpret, and generate human language. NLP is fundamental to applications like language translators and chatbots.
• Computer Vision and Speech Recognition: Computer vision and speech recognition enable machines to interpret and understand visual and auditory information from the external world. These technologies are used primarily in applications like image recognition, facial recognition, voice assistants, and transcription services.
• Data Storage: Effective AI applications require large volumes of data, typically stored in databases or distributed file systems.
• Hardware: AI technologies require specialized hardware to accelerate computational power, such as GPUs (Graphics Processing Units) and TPUs (Tensor Processing Units).
• Cloud Computing: AI applications usually require cloud capabilities to optimize performance, scalability, and accessibility. Cloud services used by AI typically include data storage, computation, and deployment services.

These components work together to build AI systems that can perform a wide range of tasks for the healthcare industry. As they grow in size and complexity, security issues may arise concerning patient data, privacy, and system safety.

Benefits and Risks of AI in Healthcare

Like many transformative technologies, AI in healthcare has many pros and cons.

Advantages of AI in Healthcare

• Advanced Data Management: AI processes vast amounts of data from multiple sources, ensuring quick access to relevant information that helps healthcare professionals make informed clinical decisions.
• Improved Analytics: AI processes health data and medical records to predict disease outbreaks, identify new trends, and enable early interventions.
• Greater Diagnostic Precision: AI tools can improve diagnostic accuracy, enabling earlier and more precise identification of medical conditions.
• Improved Patient Accessibility: AI-enhanced wearables and sensors allow providers to monitor patients, extending healthcare accessibility to anyone regardless of location.
• Customized Patient Care: AI algorithms process genetic, clinical, and historical data and lifestyle factors to enable personalized medical treatments. AI-driven applications additionally provide individualized care recommendations and educational content to foster better patient engagement.
• Increased Surgical Precision: AI-driven robotic systems assist surgeons during procedures, enhancing surgical accuracy and reducing the risk of human error.
• Accelerated Drug Discovery: AI-enhanced applications accelerate drug development by rapidly analyzing data, designing novel drug compounds, screening potential candidates, and using predictive modeling to determine possible effects.
• Reduced Costs and Increased Administrative Efficiency: AI enables workflow automation to streamline administrative tasks such as billing, claims processing, and appointment scheduling to reduce costs and improve efficiency.

Challenges of AI in Healthcare

• Data Privacy and Security: The generation of vast amounts of sensitive patient data and the use of third-party vendors poses possible AI-related security risks for healthcare organizations.
• Data Quality Issues: Challenges related to data quality include incomplete, inaccurate, or biased information from training data. Compromised data may impact the quality of AI-generated decisions and reduce trust in the system.
• Cybersecurity Risks: Potential cybersecurity risks such as ransomware, malware, data breaches, and privacy violations typically increase as AI systems grow in size and complexity.
• Bias and Fairness Concerns: Training data may be skewed towards certain groups based on race, gender, or other population-specific characteristics. Biased training data can lead to unequal treatment, misdiagnosis, or underdiagnosis of specific demographic groups.
• Ethical Concerns: Machine-generated decisions may conflict with patient or family preferences, giving rise to ethical concerns about using AI in healthcare.
• Regulatory and Legal Challenges: The evolving regulatory landscape and lack of a standard framework presents complex legal challenges for organizations using AI-enhanced applications.
• High Development Costs: The development and implementation of AI in healthcare typically requires significant investments in software, hardware, and human resources.
• Interoperability Issues: Integrating AI into existing healthcare systems and data platforms may cause interoperability issues within and between organizations.
• Reliability and Accountability: Identifying responsibility in case of AI-related errors raises reliability and accountability concerns.
• Resistance to Adoption: A lack of trust in AI-generated recommendations may cause resistance to adoption among healthcare professionals and the general public.

Ethical Implications of AI-Enhanced Medical Care

While AI has the potential to reshape the healthcare landscape, government policymakers, medical professionals, and technology experts are raising ethical concerns that include

Patient Privacy and Data Security

The success of AI-powered applications hinges on maintaining patient data privacy and ensuring system security. Healthcare data is highly valued in the black market, making healthcare organizations prime targets for cybercriminals. Regulators must develop dedicated security frameworks, and healthcare providers must adhere to stringent data protection regulations to ensure patient privacy and system security.

Transparency and Accountability

AI models are complex, leading to a lack of transparency that may reduce trust among healthcare providers and patients. Medical professionals must develop an understanding of how AI systems work to foster confidence in the technology.

Bias and Fairness

AI algorithms can inherit biases from training data, resulting in unequal treatment, misdiagnosis, or underdiagnosis of some demographic groups. Developers should standardize training data to mitigate biases and ensure AI systems provide equitable recommendations to all patients.

Lack of Human Oversight

AI should enhance the work of healthcare professionals instead of replacing them. Training of doctors and nurses should emphasize critical thinking regarding how AI systems work instead of relying heavily on technology to make decisions.

Informed Consent

Healthcare professionals should inform patients about the use of AI in their diagnosis and treatment, and how it can impact their care. Options to opt out of AI-based healthcare should also be offered to patients who prefer traditional diagnosis and treatment methods.

Current AI Regulations in Healthcare

Automated decision-making capabilities offered by AI present numerous legal and ethical issues. Policymakers in the United States are meeting these challenges by drafting legislation, however there needs to be a current regulatory framework specific to the healthcare industry.

Until such a framework exists, healthcare organizations can gain insights by watching developments in other industries and regulatory bodies. An example on the federal level is the Blueprint for an AI Bill of Rights released by the White House Office of Science and Technology Policy.

Released in October 2022, the Blueprint for an AI Bill of Rights outlines five principles to protect citizens from AI-related risks, including

• AI development and deployment with diverse input and rigorous safety assessments.
• Protection from algorithmic discrimination.
• Data privacy protection.
• Education about how AI systems work.
• Opt-out options for users and alternatives involving human intervention if AI systems fail or produce errors.

The Biden-Harris Administration additionally secured voluntary commitments from leading AI companies that pledged to prioritize product safety and system security when developing AI systems.

NIST Artificial Intelligence Risk Management Framework 1.0

The National Institute of Standards and Technology (NIST) develops and promotes standards and guidelines that help ensure the reliability, quality, and security of various technological products and services. In January 2023, the agency issued the href="https://www.nist.gov/itl/ai-risk-management-framework">Artificial Intelligence Risk Management Framework (AI RMF 1.0) designed to provide organizations and individuals with guidelines to foster responsible design, development, deployment, and use of AI systems.

Benefits of using the framework include

• Improved procedures for governing, mapping, measuring, and handling AI risks.
• Increased testing, evaluation, validation, and verification capabilities of AI systems and associated risks.
• Guidance for making decisions regarding system commissioning and deployment.
• Establishment of policies, practices, and protocols to improve organizational accountability regarding AI system risks.
• Increased employee awareness and enhanced organizational culture regarding the importance of identifying and managing AI system risks.
• Strengthened engagement and improved information sharing within and between organizations, and other industry stakeholders.

NIST additionally launched the Trustworthy and Responsible AI Resource Center to facilitate the implementation of the AI RMF and promote global policy alignment.

The HITRUST Strategy for Secure and Sustainable Use of AI

HITRUST recently launched the HITRUST AI Assurance Program, designed to provide a secure and sustainable strategy for safe and reliable AI implementation using the HITRUST CSF.

HITRUST began incorporating AI risk management and security dimensions in October 2023 with the release of HITRUST CSF v11.2.0. These updates provide a solid foundation that AI system providers and users can use to identify risks and adverse outcomes in their AI systems. New controls and standards will be identified and harmonized into the framework through periodic updates, and will become available through HITRUST assurance reports.

HITRUST CSF version 11.2.0 currently includes two risk management sources with plans to add additional sources through 2024.

These include

• The NIST AI RMF 1.0
• ISO Risk Management Guidelines (ISO 23894)

In addition, cloud service providers like Microsoft, AWS, and Google are extending their robust security controls and certifications for AI-based applications to the HITRUST AI Assurance Program. This enables AI users to engage proactively with their technology service providers while confidently relying on shared risk management principles provided by the framework.

Learn More about the HITRUST AI Assurance Program.

The HITRUST AI Assurance Program is the first and only system focused on achieving and sharing cybersecurity control assurances for AI applications in the healthcare industry. Click here to download the strategy document and learn more about the HITRUST Strategy for Providing Reliable AI Security Assurances.