Healthcare providers and health IT vendors are increasingly facing the challenge of integrating artificial intelligence (AI) tools, such as AI assistants, to enhance patient access to medical records. As highlighted by Alisa Chestler, an attorney at the law firm Baker Donelson, it is crucial for these providers to securely share records across various healthcare organizations while ensuring patient accessibility.
The Department of Health and Human Services (HHS) is intensifying its focus on promoting patient access to electronic health information. This initiative aims to ensure interoperability between diverse digital health platforms and applications. In July, the Trump administration introduced the “Make Health Technology Great Again” initiative, advocating for improved patient access to records. Details of this initiative can be accessed through various media outlets, including a recent report from Data Breach Today.
The HHS’s strategy aims to stimulate the creation and utilization of third-party patient applications that incorporate “conversational AI assistants.” These tools are designed to provide patients with tailored insights derived from their health data, empowering them to make informed health decisions. Chestler noted that the introduction of AI into healthcare creates significant implications that require careful consideration by providers.
It is vital for healthcare providers to approach these innovations with both clarity and caution. Chestler emphasized the need for vigilance to prevent potential data breaches when managing patient data. In an interview with Information Security Media Group, she elaborated on several important topics related to data protection.
Among the subjects discussed were the recent updates to the HIPAA Privacy Rule released by HHS’s Office for Civil Rights, which pertain to disclosures to value-added care organizations and outline patients’ rights regarding their designated medical information. She also addressed potential data breach risks that healthcare organizations must navigate when sharing electronic health information.
Additionally, Chestler described the August decision by HHS to enhance the enforcement capabilities of its Office for Civil Rights concerning 42 CFR Part 2 regulations, which govern the confidentiality of substance use disorder records. This move is anticipated to further close gaps in data protection within the healthcare sector.
As chair of the data protection, privacy, and cybersecurity team at Baker Donelson, Chestler’s expertise spans privacy compliance, security measures, artificial intelligence, and information management. Her extensive background includes serving as in-house counsel and privacy officer for prominent managed care and healthcare organizations, such as CareFirst BlueCross Blue Shield.
As healthcare continues to rapidly evolve with technological advancements, stakeholders must stay informed and proactive in addressing the associated cybersecurity risks to mitigate potential threats and safeguard patient data integrity.