At last year’s World Medical Innovation Forum in Boston, a panel of healthcare practitioners and AI experts discussed just how fast this AI arms race is starting to take shape. According to some experts, the compound annual growth rate (CAGR) of healthcare AI will be 60% per year through 2022. That’s a blistering rate of growth. IBM and MIT, for example, have pledged nearly $250 million to build a state-of-the-art AI research lab in Boston that will focus primarily on issues relevant to IBM’s Watson Health AI system.
Future scenarios for health data privacy
Concern over health data privacy is growing primarily because data breaches at covered entities are becoming more and more common. It’s not just that hackers are going after large medical companies known to have thousands of patient records – they are also going after just about any entity with large repositories of healthcare data, including the U.S. Department of Health and Human Services (HHS). In the era of AI, what is important is the raw data. When that data can be correlated and compared against other sets of health data – that is when unique identities can be discovered.
In one scenario mentioned by researchers, employers, credit card companies and insurers might use this data to discriminate against certain classes of individuals. For example, an employer might not extend a job offer to someone if that person has a history of substance abuse. A credit card company might not extend credit to someone who is pregnant or who has a disability. Before AI, all of that information was protected by HIPAA.
At the same time, the costs of data breaches continue to mount for healthcare institutions. According to a new Ponemon Institute/IBM Security study, the average cost of a single lost or stolen health care record is $408. That’s nearly two to three times higher than the cost of data breaches in other industries. A large healthcare provider with 2,500 records, for example, would potentially be facing a $1 million cost for every single data beach. You can begin to appreciate why health data privacy is such a hot topic right now: there are very real costs involved here.
The problem, quite frankly, is that artificial intelligence is what can be called a black box technology. Researchers can guarantee what goes into that black box, but they no longer know for certain how or why an AI system comes up with a decision. If a human makes a decision, you can ask him or her how they came up with the decision. It’s a lot harder to ask a machine how it came up with a decision. Thus, AI researchers talk a lot about “poisonous” biases, or the fact that feeding the wrong data to the wrong AI system can lead to some pretty negative outcomes.
Impending regulation for health data privacy
Based on the above, it’s easy to see how both state laws and federal law will need to be re-thought and re-imagined for the AI era. For the American medical and healthcare establishment, there will need to be a modern AI version of the HIPAA Privacy Rule that will require covered entities to ensure health data privacy, no matter how intelligent AI systems become. The reality for now is that AI has opened health data privacy to attack, and something needs to be done to deter and defend against those attacks.