Medical records are the most comprehensive aggregation of a person’s medical history, archiving sensitive diagnoses, medications, blood types, and financial information. While there are millions of accesses to patient data every single day, healthcare organizations simply do not have the necessary resources to manually audit every access within their EHR.

The first half of 2018 proved that clinical drug diversion continues to threaten the ability of healthcare organizations to provide high-quality patient care and to ensure safe medication administration. Earlier this year, Protenus’ independent research team published a report of our 2017 findings on this topic, which included a detailed explanation of the report’s full methodology and scope. The first six months of 2018 offered a means to compare and contrast the current landscape to what the 2017 data revealed. In this report, we’ll examine possible explanations behind the continuities and evolutions we observed.

Artificial Intelligence (AI) is somewhat of a misnomer. It is indeed artificial, but it is not intelligent--at least not in the way a person is. The entire field of artificial intelligence grew out of research in the late 1940s and early 1950s that attempted to teach computers to play a game of chess. In 1997, this technology matured and advanced to the point where IBM’s Deep Blue supercomputer was able to beat chess Grandmaster Garry Kasparov. At a high level, computer chess engines rely on an intricate search engine coupled with a huge database of possible moves and games. Kasparov realized that this huge resource could be even more valuable when further coupled with human intelligence. This combination of human and artificial intelligence working together form a cyborg, or centaur, which represents the melding of true human intelligence with the power of advanced computational systems. These advances in technology have inspired the central role that AI plays in healthcare innovation. Specifically, in healthcare privacy, it serves as an extension of the team, better leveraging human expertise, and increasing their efficiency.  

A health data breach is always stressful, no matter the size of the breach or organization. Upon discovering that a breach has occurred, the healthcare organization must painstakingly assess the scope of the breach and its impact on the organization and affected patients. In addition to this assessment, if the breach affects more than 500 individuals, it must be reported to the Office of Civil Rights (OCR) within 60 days of discovery, usually prompting them to investigate further. The well-known costs associated with a data breach include notification, credit monitoring services, lost revenue, and reputational damage. However, In addition to these, there are also associated costs when it comes to responding to any request or investigation from OCR, including:

The cybersecurity and privacy field is currently in the midst of an “AI moment,” where every vendor, expert, and article about the future of cybersecurity describes how artificial intelligence (AI) is transforming operations and will continue to change the way cybersecurity and privacy professionals work. However, it seems that AI has taken on the life of a mysterious fix-all solution for any problem we may face - from cyber threats, to institutional confusion, and workforce shortages. What gets lost in this noise is the two AI discussions we should all actually be having - when AI can actually be useful and when AI can do more harm than good.