Properly Vetting AI Before It’s Deployed in Healthcare – Source: www.databreachtoday.com

The U.S. healthcare sector needs to closely watch government regulatory and legislative developments involving artificial intelligence, including the European Union AI Act, said Lee Kim, senior principal of cybersecurity and privacy at the Healthcare Information and Management Systems Society.

“Some technologies – they are very, very risky on the extreme end, and if those are banned, there are some limitations as to those systems,” she said.

“That’s very important because we’re starting to see that there is a link between AI and safety,” Kim said in an interview with Information Security Media Group during the HIMSS 2024 conference in Orlando, Florida.

“For example, in the military context, I don’t think we necessarily even want to fathom AI or other systems being automated in that sense, but AI is being embedded into everything. And that’s something we need to keep an eye on.”

Many generative and other AI technologies tend to “take an educated guess,” Kim said. “But what is happening is that you always have to review the output, especially in the age of social media, Tik Tok and others. You have to ask, ‘Do we still have the discernment skills where we can review something and see an error, an omission?’ Sometimes it might hallucinate something that is not true at all,” she said. “So we need to have an eye out for fake information – and what we should do about it.”

Kim said that all healthcare organizations implementing or considering AI should stand up a committee that represents key stakeholders – including legal, clinical, accounting and others – to carefully review the potential ramifications of AI in the institution.

In this audio interview with Information Security Media Group (see audio link below photo), Kim also discussed:

• Suggestions for testing AI and its accuracy;
• Privacy and security considerations involving AI in healthcare;
• How the healthcare sector can safeguard against a potential “cascade of failures” involving a major industry cyberattack such as the Change Healthcare incident.

Kim has served as a team leader of the U.S. Department of Homeland Security’s analytic exchange program and as a member of the National Cybersecurity Training and Education Center National Visiting Committee. Before joining HIMSS, she practiced law in the areas of IT, healthcare technology, intellectual property and privacy and security. She also previously worked in the healthcare technology field.