CHIME23: Key Takeaways on AI and Security from Health IT Leaders

Event speakers explored challenges related to generative artificial intelligence adoption and the evolving cybersecurity landscape.

LISTEN

Your browser doesn’t support HTML5 audio

The healthcare industry is facing challenges including the rising cost of care, staff shortages and an increasingly complex cybersecurity landscape. To address these challenges, health IT leaders are considering collaboration, legislation, governance and new solutions such as generative artificial intelligence tools.

At the CHIME23 Fall Forum, hosted by the College of Healthcare Information Management Executives in Phoenix, speakers discussed the benefits and challenges related to generative AI adoption, their approaches to identifying AI use cases, and how policy and procedures can make a difference in the successful implementation of generative AI tools. HealthTech also spoke with a CISO about her perspective on today’s cybersecurity environment.

Click below to gain access to exclusive HealthTech content from CHIME23 and beyond.

How Should Health IT Leaders Evaluate Generative AI Use Cases?

Generative AI was a major topic of conversation at CHIME23 as health IT leaders look to see how others in the industry are handling its adoption. During a panel discussion, experts explored emerging applications and discussed how to select use cases.

Nuance uses AI and ambient listening to document patient encounters automatically. Diana Nole, executive vice president and general manager of the company’s healthcare division, said that generative AI can be applied to create prior-authorization documents. There is huge potential for the technology to augment clinical workflows. Nole also said that she sees the potential for generative AI to pull data from different silos. Those data insights can better help physicians identify the best specialists for their patients.

Deepthi Bathina, CEO and founder of RhythmX AI, agreed that generating data insights could be extremely helpful for clinicians, especially as the workforce continues to shrink. She explained that social determinants of health are the primary factor causing people to get sick faster, followed by mental health and lifestyle. However, with workforce shortages leading to clinician burnout, considering all of those factors can be a huge cognitive load, Bathina said. That’s where generative AI could come in.

AI isn’t a replacement but a co-pilot that helps clinicians do things a little faster and easier while removing some of the nonclinical work nurses have to do.”
Shakeeb Akhter

Senior Vice President and Chief Digital and Information Officer, Children’s Hospital of Philadelphia

Shakeeb Akhter, senior vice president and chief digital and information officer at Children’s Hospital of Philadelphia, represented the provider perspective on the panel. He emphasized that his organization talks about “augmented intelligence” instead of artificial intelligence because it goes over better with clinicians.

“AI isn’t a replacement but a co-pilot that helps clinicians do things a little faster and easier while removing some of the nonclinical work nurses have to do, such as prior authorizations, faxing and searching,” he said. “How can we take some of that work off their plate? That’s 10 to 20 percent of a clinician’s day, every single day. Operational efficiency is No. 1.”

He noted that clinicians spend a lot of time searching for information such as details about medical procedures and protocol. Generative AI can help clinicians with document discovery, searching and synthesis in those cases.

Panelists said that they foresee generative AI having the biggest impact on customer service operations, rote documentation, hyperpersonalization and communication between providers and payers.

Children’s Hospital of Philadelphia decided not to begin its generative AI journey in the clinical space, focusing instead on operations and administrative staff.

“Don’t start in a high-risk area. We wanted to start, and most health systems want to start, with a low-risk, high-impact use case,” said Akhter, adding that the selection process should be no different than for any other technology. However, it’s likely that there will be special considerations during deployment that require experimentation.

Nole said that healthcare should stay away from using generative AI to make clinical diagnoses. Adoption of the technology is happening rapidly, and she said that she’s surprised at how organizations are using governance to address challenges. She explained that some are worried that automated clinical documentation may make physicians too likely to sign off on them automatically without checking. Options include monitoring how long someone stays in the note as a preventive measure.

EXPLORE: Learn three keys to success with a generative AI platform.

To evaluate generative AI uses cases, Bathina suggested asking six questions:

  1. Does the use case tackle a prioritized pain for the health system?
  2. Is the use case worth it financially?
  3. What kind of training and resources are needed to drive adoption?
  4. Is the health system or payer ready to drive change management?
  5. Are regulations and compliance in place?
  6. Is it ethical, or is there bias?

No matter the use case, Akhter said, organizations must consider safety and cybersecurity factors in addition to governance. An important aspect of governance is quality. He noted that the quality of algorithms degrades overtime, especially if not maintained. Organizations must consider the maintenance cycle, check for bias and not trust outputs blindly.

“In healthcare in particular, you always need to have a human in the loop. Folks think it will be automated end-to-end, but that’s likely not the case, especially when it comes to clinical care,” Akhter said. “We need the right guardrails.”

Training Is Needed to Support Generative AI Adoption in Healthcare

During the conference, HealthTech spoke with Dr. Zafar Chaudry, senior vice president and chief digital and information officer at Seattle Children’s, about his perspective on generative AI. He said that healthcare leaders need to be careful about how it’s rolled out and plan education and training for their staffs. It’s important that users understand how to prompt the tool to get the answers that they need. Chaudry also emphasized the importance of guarding protected health information.

The next step for an organization looking to implement generative AI is to find use cases that make sense for them. Seattle Children’s created a methodology to address AI use cases. First, AI training is mandatory for everyone. Employees must take a course once a year. The organization also implemented a new use case policy, which involved the creation of an AI policy committee made up of clinicians and nonclinicians that vets proposed use cases.

While Chaudry believes that generative AI can help create workflow efficiencies for clinicians and speed up research, he doesn’t think it will ever fully replace clinicians because “people need people.”

“Generative AI is a tool. Use it and apply your level of intelligence to it and it will speed things up for you, but taking it at face value is risky, especially if you’re doing a clinical care use case,” Chaudry said, adding that healthcare professionals have the expertise to apply context and common sense to generative AI tools for them to work properly.

One of the biggest challenges in healthcare today is the cost of delivering care, and Chaudry said that this is why healthcare organizations are looking at AI. He said that he sees a real opportunity for the technology to handle rote tasks so that clinicians and other healthcare employees can bring real value.

READ MORE: Discover important security considerations for embracing AI.

Healthcare Makes Cybersecurity Strides as New Threats Arise

Cybersecurity is a full-time initiative in healthcare. As threats increase, health IT leaders must constantly assess risks and vulnerabilities and identify secure solutions. The rise of ransomware attacks on healthcare is especially alarming. One health system had to close due, in part, to the financial strain of a ransomware attack.

The threat of ransomware and other cyberthreats have become so commonplace, UNC Health CISO Dee Young said, that they’ve become kitchen table topics. Health IT leaders no longer need to explain the risks to healthcare stakeholders; the focus is now on mitigating the risks.

“I’m hopeful. I feel like we’re making some good progress with regulation and legislation. However, the threats don’t stop,” she said. “I think most of healthcare is still trying to handle the day-to-day and the threats that we have now.”

In the longer term, Young said, she hopes that healthcare can make strides in medical device security thanks to recent regulations such as the Protecting and Transforming Cyber Health Care Act, which was signed into law at the end of 2022 as part of the 2023 Consolidated Appropriations Act.

The act requires that vendors of medical devices that connect to the internet and could be vulnerable to cyberthreats monitor the devices for cybersecurity vulnerabilities, develop processes to keep the devices secure, make patches available, and comply with U.S. Food and Drug Administration requirements and regulations.

I worry that the time that we have to respond is getting less and less, so recovery is going to be more impactful.”
Dee Young

CISO, UNC Health

Young said that third-party and fourth-party vendors are some of the biggest areas of risk right now.

“Trying to mature your assessment of the risks from vendors with third-party risk management is really critical,” she said. “I still worry about some of the smaller healthcare organizations where the security person is the IT person and the end-user support. It’s still a challenge for them.”

Young recommended that those healthcare organizations look to the U.S. Department of Health and Human Services’ 405(d) program for resources to support their cybersecurity initiatives.

“Getting involved, learning from your peers, and really trying to understand what tools, mitigations, or programs you can put in your own environment is very helpful,” she said.

UNC Health conducts tabletop exercises with its executive team so that everyone understands situations that could arise and is ready to have a discussion. Young said it’s crucial for the executive team to understand that cyberattacks can impact continuity of care as well as business continuity. Partnering with organization leaders enabled her team to create downtime policies proactively. Cyberattacks are inevitable, Young said, but the impact of those attacks can be limited through preparation.

“As we move forward, the IT teams are going to need to get really good at testing to figure out what the recovery time is while the business and clinical leaders are figuring out how to take care of patients,” she added. “I worry that the time that we have to respond is getting less and less, so recovery is going to be more impactful.”

Check out this page for our complete coverage of CHIME23. Follow us on X (formerly Twitter) at @HealthTechMag and join the conversation at #CHIME23.