How to Think About Healthcare Data During AI Integration Planning

Stay up to date on our latest blogs and content


By Darcy Corcoran, MBA, CISSP | May 24, 2024

3 minute read Blog| IT Advisory| IT Strategy

Is your organization ready for AI? Now is the time to start answering that question in healthcare. With the introduction of artificial intelligence (AI), data-driven healthcare, sounds promising with endless potential to transform clinical workflows and bring evolved operational efficiency across diagnosis and treatment to enable clinicians to better serve patients.  

However, as healthcare organizations embark on the AI journey to adoption, healthcare leaders must grapple with navigation of the multifaceted AI landscape and all its enterprise-wide impacts, technical intricacies, cybersecurity risks, and disruptive shifts that pose multi-dimensional challenges.  

Use this checklist to guide a data centric exploration of the impacts, areas of concern and disruptions AI can introduce to a healthcare organization: 

Data:  Impacts to patient experience, diagnostics and transforming time intensive processes from hours and days to seconds and minutes is a game changer for healthcare not only for patients but for clinicians who are grappling with larger than normal patient loads and professional burn out. AI promises to improve personalized automated outputs, diagnostics and efficiency on many fronts: 

  • Personalization: AI utilizes large datasets to customize treatment plans using medical history, lifestyles, and genetic factors — all promising to optimize patient outcomes.  
  • Diagnostic accuracy: AI algorithms lean on vast datasets to analyze imaging, patient records, genomic sequences, and patient record data delivering precise and timely diagnosis. Additional AI capabilities can be harnessed around predictive diagnostic analytics based on historical patient data, identification of at-risk populations, preventative interventions and proactive healthcare measures.  
  • Efficiency: AI enabled automation of processes can simplify and streamline time intensive administrative tasks such as scheduling, billing, and record management while continuously refining and enhancing operational efficiencies and resource allocations. AI can also bring in virtual health assistance, drug discovery and development and remote monitoring options to name a few.  

Cybersecurity & Data Security: AI algorithms and models are introducing new vulnerabilities and threat vectors to healthcare by way of adversarial attacks, data poisoning, and exploitation of data. All underscore the need for rigorous testing, validation and secure implementation practices.  

Privacy: Healthcare organizations are starting to think more about how patient data would be used by AI applications. Since patient data is essentially the fuel that powers AI algorithms, healthcare leaders are watching carefully how AI is vetted and they’re developing joining criteria for the networking environment. Ensuring data privacy, integrity and maintaining HIPAA compliance all points back to the need for stringent supply chain risk management vetting processes to assure third party vendors’ software and hardware components are not introducing vulnerabilities and are aligning with security guidelines for safeguarding HIPAA data. 

Cyber Threats: Because AI has a heavy reliance on data and its interconnectedness to network systems and IoMT, the attack surface for cyber threat actors will increase exponentially from where it is today.  

  • Larger attack surface calls for more attention on identifying vulnerabilities through assessments and deploying remediation strategies quicker.  
  • Another area of concern are poisoning attacks aimed at manipulating and corrupting data to deceive AI algorithms potentially resulting in erosion of trust, misdiagnosis, and incorrect treatment plans with potentially harmful consequences for patients.  
  • As the hackers’ ecosystem grows in sophistication with out-of-the-box toolsets like malware-as-a-service, undetectable viruses coupled with the introduction of generative AI capabilities are quickly adopted by hackers. And with this, a more complex cybersecurity dimension unfolds for healthcare requiring cyber teams to take their cyber strategies to the next level. 

Bias: Within the data-driven nature of AI algorithms exist inadvertent biases that can be perpetuated around healthcare data that result in inconsistent diagnosis, treatment plans and patient outcomes. Given that bias exists, it’s necessary to ensure data-centric approaches are being employed to detect and mitigate it. Another avenue of attack hackers will consider is bias injection or discriminatory data injections into the AI training datasets to amplify the already existing minor biases across healthcare algorithms. The bias amplification can lead to unequal treatment and incongruence for specific, targeted demographic groups. Mitigation of algorithmic bias requires diligent data curation, algorithmic transparency and continuous monitoring across diverse populations to ensure fairness in AI-driven healthcare. 

More considerations: In addition to data, there are disruption challenges to consider including: 

Regulatory Complexities: The introduction of AI into healthcare will create important ethical and regulatory concerns that have yet to be fully addressed by lawmakers. Concerns include ethical usage, minimum security requirements, and the responsible use of AI algorithms in a clinical setting. Intricacies around existing requirements such as data governance, privacy and evolving AI standards coupled with the lack of prevalent use cases make development of laws around AI usage a challenge. Additionally, because law making is a slow process, the lack of direction and oversight on AI algorithms usage in healthcare will be left to the healthcare organizations’ internal knowledge bases and skillsets.  

Skills Gap: Specialized expertise in data science, data sets, machine learning and cybersecurity specific AI is required for meeting the challenge of AI introduction and interoperability. According to Microsoft, there’s a cyber security talent gap in the age of AI with more than four million cybersecurity jobs available globally and there aren’t enough people to fill those jobs.  

Interoperability: As organizations introduce AI tools into the computing environment, healthcare CIOs and CISOs need to look at this as an enterprise-wide effort and consider the implications to introduction across the entire organization. Consider the second and third order affects each time a new AI tool is introduced. Maintain a data-centric interoperability standards approach with a framework that lends consideration to how data will be collaborated, exchanged, integrated and leveraged across all systems throughout the network. 

As healthcare embarks on AI data driven modernization, careful consideration should be given to governance and oversight of data, ethics, and cybersecurity.  We recommend that healthcare organization’s CIOs and CISOs start now with driving their organization’s AI ambition by setting the strategy, framework and rules of engagement for how AI will be introduced. The impetus is not only to maintain a competitive edge in the healthcare industry, but to maintain parity with the game changing technological explosion that’s giving adversaries an incredible head start on finding new ways to defeat cybersecurity defensive measures.

About the Author:
Darcy Corcoran, MBA, CISSP

Darcy Corcoran is a Principal Consultant for Cybersecurity

Put Us to Work

Let us know how we can support your initiatives and take some of the heavy lifting from healthcare IT.