Balancing AI benefits with security and privacy risks in healthcare

To manage an environment of increasing risks and limited resources, healthcare internal audit and compliance departments must align their risk assessments and audit work plans to areas most vital to achieving the strategic goals and business objectives of their organizations, according to Kodiak.

This risk-based approach prioritizes areas of highest risk and suggests that providers spend less effort, if any, on low-risk areas. The better the alignment between the internal audit and compliance plans and the most critical risks to the organization, the greater the return on risk generated for the organization’s internal audit and compliance investment.

Top 5 management risks

Kodiak has identified five top management risk areas facing healthcare organizations that internal audit and compliance leaders should assess and keep on their radar screens as they plan for 2024.

• AI and new technologies
• Competition
• Cybersecurity and data privacy
• Financial performance
• Workforce

Kodiak defines a risk area as anything that could impede a healthcare organization’s ability to achieve its goals in critical areas like patient care, regulatory compliance, operations, strategic growth and financial performance.

“Each of these risk areas are causing significant disruption to many healthcare provider organizations’ core capabilities,” said Dan Yunker, Kodiak’s SVP, risk and compliance. “More importantly, each of these risk areas also carries the potential to ripple across the enterprise and amplify risks in other areas.”

The growing impact of AI in healthcare

AI tools, especially those based on generative AI models, are promising significant benefits for hospitals, health systems, medical practices and other provider organizations.

Though the industry has already been using smart technologies for years, as more use cases are developed and AI, along with other tools, becomes more accepted across the industry, healthcare providers could enjoy efficiency through automating aspects of many processes, faster and more accurate diagnoses and treatment decisions, thus improving outcomes, and enhancing the consumer experience for patients, such as appointment scheduling.

To unlock these benefits, healthcare provider organizations need to mitigate a host of risks, such as storing and securing enormous amounts of data that is mostly protected health information (PHI), protecting the training data for AI models from malicious actors seeking to introduce bad data, and rooting out bias that can creep into in AI algorithms because of a lack of data for gender, sexual orientation, race and ethnicity.

The benefits of AI tools

Along with the many benefits of AI and new technologies, healthcare organizations need to be aware of several security and privacy risks. As organizations obtain and store more PHI and sensitive patient data, the risks surrounding data breaches increase as these organizations become more valuable targets.

The efficiencies that can be gained from AI tools must be weighed against the costs of implementing AI and training employees to use the tools properly to gauge the overall impact on financial performance.

The benefits of AI tools can only be realized if the organization can solve the workforce challenges of recruiting employees with the right skills to manage these tools and their attendant risks, and training employees to use them. AI automation also could increase turnover as employees without the necessary skills to use these tools leave the organization, raising legal, reputational and cultural risks.

“The top risks we have identified affect each healthcare organization in its own way based on its current capabilities, the characteristics of its market and other factors,” Yunker said. “As a healthcare leader, you must evaluate how these risks impact your organization and then develop internal audit and compliance plans that allocate your limited resources to the most impactful risk areas for your organization.”