Importance of Data Security in the Age of Artificial Intelligence Policymakers need to look at standardization of digital health records by identifying a systematic approach to IT in healthcare

In the age of Artificial Intelligence (AI), data is power. And in a country like India, the scope for AI is colossal, especially in healthcare. From precision medicine and data management to remote diagnosis and predictive analysis, technology in healthcare is making giant strides. However, these innovations are also posing new-fangled security challenges, particularly in terms of personal health records.

According to a recent global study, more than one-third (35.6 per cent) of surveyed professionals in the Internet of Things-connected medical device ecosystem said that they had experienced an incident related to cybersecurity in the past year. For technology to truly change the way healthcare is delivered, we need to first address the issue of cyber-attacks, such as data theft and ransomware. Can AI help neutralise cyber threats without human intervention? Does the future of cybersecurity lie in the untapped potential of AI?

The Achilles heel

Traditionally, the responsibility of maintaining healthcare data in India has rested with the patients. Even today, paper-based systems are used to generate medical records, while treatment history continues to be handwritten in the majority of cases. Understandably, most of this data simply goes missing with time. Or else, in the electronic form, it is often rendered inaccessible, as it sits idle on data servers of private healthcare facilities.

What we need is a safe and seamless flow of information within the digital healthcare infrastructure that can transform the ways in which clinicians diagnose and treat patients. A centralised record-keeping system, like the Electronic Health Record (EHR), can facilitate rapid data retrieval, data sharing, as well as trend analysis. Today, these digital healthcare systems are capable of collecting data from multiple sources - hospitals, clinics, diagnostic facilities, individual healthcare practitioners. Nonetheless, the adoption of wearables and implanted sensors in preventive and emergency medical response systems, using short-distance wireless-communication techniques, are raising pertinent concerns about data security.

There are numerous instances of security breaches in the global healthcare industry. In June 2017, US pharmaceutical company Merck and healthcare provider, Heritage Valley Health Systems became the target of NotPetya ransomware attack, while recently, a Bayer MedRad device, used to assist MRI scan, was infected by WannaCry ransomware virus. With the Internet of Things (IoT), there are several points of inflow and outflow of information today - more potential soft spots - which can be targeted by unscrupulous data hackers. Data breaches in healthcare have reportedly affected millions of people causing theft of identities, monetary losses, loss of benefits, and leakage of sensitive personal data to third parties. The price of personal medical information in the conman's marketplace is believed to be 10 times higher than credit card details!

Policy decisions

As more healthcare technologies and solutions become network connected, the frequency of cyber-attacks will increase. In time, there will be an increased awareness among corporate information security officers (CISO) at the provider and payer organisations as well as healthcare technology companies to do more to protect healthcare data. Researchers are already using cognitive algorithms to learn and predict new malware behaviours; Al-based, self-learning security systems hold the promise of automatic cyber defence in the future.

Policymakers need to look at standardization of digital health records by identifying a systematic approach to IT in healthcare. Taking a cue from nations where policies are already in place, like the Health Information Portability and Accountability Act (HIPAA) in the US and the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, operational guidelines need to be drafted as a precursor to the national EHR policy. Interestingly, many countries incentivise the use and constant up-gradation of EHR systems.

With the Digital India drive and Smart Cities Mission accelerating IT adoption in healthcare, health tech companies need to up their ante on security. However, data security is not free; there are cost implications for equipment vendors. Currently, most equipment vendors leave the security issues to hospitals and insurance companies to dodge the price disadvantage in a competitive market. Yet, we need to think long-term, much like investing in a vaccine that'll prevent the spread of an epidemic.