How Artificial Intelligence Can Overcome Healthcare Data Security Challenges and Improve Patient Trust

This report is based on a 2018 Healthcare Analytics Summit presentation given by Robert Lord, president and cofounder ofProtenus, “Privacy Analytics: A Johns Hopkins Case Study—Using AI to Stop Data Breaches.”

Some security experts claim that an individual’s medical record can be sold forten times他们的信用卡在黑市上的价格，使其成为黑客的共同目标。在当今的医疗保健行业，实施隐私分析以提高整个行业的医疗数据安全性至关重要，因为有关患者隐私和安全的问题比答案更多。

Johns Hopkinsput into practice an artificial intelligence (AI) application to produce a highly accurate privacy analytics model that reviewed every access point to patient data and detected when the EHR was potentially exposed to a privacy violation, attack, or breach. Specific techniques, including supervised and unsupervised machine learning and transparent AI methods, advanced Johns Hopkins toward its predictive, analytics-based, collaborative privacy analytics infrastructure.

Healthcare Data Security and the Struggle for Patient Trust

With a secure, analytics-driven digital health system, Johns Hopkins overcame a universal barrier to delivering quality care among health systems: patient trust. Breaches are perilous to healthcare organizations because they immediately jeopardize patient trust, resulting in patients withholding important health information from providers. Without a full picture of patient health, clinicians can’t provide holistic care to patients, resulting in a subpar healthcare experience for both those receiving and delivering care.

患者最初不愿与提供者共享信息，因为他们不知道谁可以访问他们的信息，他们不确定卫生系统如何确保患者数据的安全和保障。数据泄露在过去十年中翻了一番，这削弱了患者的信任，导致患者向另一个提供者或组织寻求治疗，随着时间的推移可能给卫生系统造成巨大损失。

EHRs and Common Security Pitfalls

According to a case study from Johns Hopkins, most data breaches in clinical systems (e.g., loss, theft, insider breaches, etc.) originate from an organization’s employees, not an outside hacker stealing data on a personal computer. The most common offenders are health system staff and clinicians who have access to the organization’s EHR.

EHRs are designed to grant access to large groups of people, which means taking aggressive measures to prevent security breaches has its challenges:

1. Checking boxes for HIPAA versus comprehensive review: Johns Hopkins leaders and clinicians were busy checking boxes to appease the regulators at the Office for Civil Rights under the U.S. Department of Health and Human Services (HHS)—the institution responsible for enforcingHIPPA-而不是彻底检查每一个标记的记录。缺乏深入、全面的审查也阻碍了组织主动寻找数据泄露事件;相反，他们必须等待，直到他们收到关于可疑活动的通知。
2. Overworked privacy and security officers: Time-consuming, laborious data security processes require the privacy and security workforce to focus on sifting through breach data rather than using their critical thinking skills and human judgment on more vital tasks, such as deciding which red flags are worthy of follow-up.
3. Concerns around expanding access: Healthcare organizations are rapidly growing and increasing their workforce, granting more people access to the EHR. Yet, in the midst of growing numbers, privacy and security measures haven’t advanced.
4. The original state of privacy programs and antiquated systems:Traditional systems have their own share of challenges, including retroactive—rather than proactive—investigations, high rates of false positives, lack of data source aggregation capabilities, slow search queries, and lack of visualization tools, that hinder an organization’s ability to explore workflows and improve the privacy breach identification processes.

A New Approach to Privacy Analytics

With its ability to accurately collate, analyze, and review mass amounts of information, AI creates a highly correct privacy model that helps organizations overcome these all-too-common healthcare data security roadblocks. The privacy analytics approach at Johns Hopkins allowed leadership to review all data logs accurately; create a collaborative, interdisciplinary initiative across the organization that eliminated data silos; and forge a sustainable path for long-term privacy analytics to transform the future of privacy analytics in healthcare.

为了实现这种更高水平的隐私分析管理，约翰霍普金斯大学仔细确定了其关键绩效指标(kpi)，并使用它们来克服阻碍大型机构变化的组织惯性。

Johns Hopkins used these five KPIs to measure success:

1. What are the threats we discover?
2. What is our false-positive rate?
3. 我们目前维护工具的负担是什么?
4. What is the investigation time?
5. What is the overall reduction in privacy threats overtime?

该组织新的隐私分析平台——旨在提高医疗数据安全性——为隐私和安全团队打开了沟通渠道世界杯厄瓜多尔vs塞内加尔波胆预测，使他们能够更紧密地合作。这种协作努力帮助了安全团队，消除了旧系统识别内部威胁、网络钓鱼和凭证共享所需的手工工作，这使隐私团队更容易完成调查和审计。

At first, Johns Hopkins employees questioned the new monitoring process and worried that leadership lacked trust in the workforce. They soon discovered, however, the new security platform actually empowered team members and even cleared up miscommunications. The positive experience with the new data platform built trust among Johns Hopkins team members, many of whom were also patients at the health system. The innovative security platform also allowed the senior leadership team at Johns Hopkins to see the big picture and work toward their real objective—to retain patients and build trust with the community.

Elements Driving Cost of Healthcare Data Security

To evaluate the total cost of ownership of the new platform, Johns Hopkins leadership evaluated the major factors affecting its healthcare data security and privacy:

• The current software cost compared to the new platform cost.
• The effect of the new platform on the current number of full-time employees (FTEs), especially the “silent” FTEs who often go unnoticed (e.g., members of the business intelligence, nursing, and legal teams).
• 外部公司在解决数据差异、响应时间延迟和违规罚款方面的成本。
• 最重要的是，由于数据泄露导致患者信任下降而失去患者的代价。

Why Compliance Analytics Is So Effective

约翰霍普金斯大学在其隐私和安全过程中看到的结果是无可辩驳的——传统的调查需要75分钟，而在新平台上进行的调查只需要5分钟，每次调查节省了一个多小时。世界杯厄瓜多尔vs塞内加尔波胆预测新平台的假阳性率从83%大幅下降到令人震惊的3%，这意味着几乎每一条通知都是真实的数据泄露。世界杯厄瓜多尔vs塞内加尔波胆预测

约翰霍普金斯大学的安全和隐私团队成员在新平台上节省的时间，以及假阳性的大幅减少，使工作流程得到了显著改善，员工有更多时间从事需要批判性思维和人类判断的项目世界杯厄瓜多尔vs塞内加尔波胆预测。

Improvements in three core components transformed the cultural and workflow challenges at Johns Hopkins:

1. Scale: Compliance analytics fosters data integration because it brings together all the information needed to solve a problem in one place. The enterprisewide solution also serves a variety of compliance interests across the health system. Most importantly, it allows the organization to review all records instead of reviewing a sliver of records.
2. Complexity: The sophisticated platform was equipped to handle the nuances of each case, making it easy to identify abnormal behaviors (e.g., the AI behavioral dashboard, Figure 1). Rather than following the rigid parameters of a rules-based system that lead to high rates of false-positives, the new system’s distribution capabilities allow organizations to focus on the most unusual threats, which they can adapt to a non-standard distribution list (common for providers who wear many hats and don’t fit one single description).

Compliance analytics are as fluid as the roles in healthcare positions across the continuum of care—from a medical assistant, physician, and nurse to a research assistant. Rather than manually assigning a team member to a role (e.g., Dr. Jones is a family practice physician), the distribution of activities in the EHR defines the role of the individual. For example, if Dr. Jones spends most of her time looking at information that would indicate that she is an OB/GYN, then the AI platform will automatically assign her the role of OB/GYN, as well as other roles based on her distribution activity.

3. Automation: Automation within the compliance analytics system didn’t remove the need for staff, but it leveraged their judgment capabilities so that team members could focus on tasks that add value, instead of wasting time on automatable tasks (e.g., sifting through false-positives).

The Power of Automation Combined with Human Judgment

The automation factor of the compliance analytics platform enables team members to apply critical thinking and judgment to improve an organization. The powerful combination of automation and team members at Johns Hopkins offers three major benefits:

1. Natural language cases:收集事实，记录案例，并将其提交给合规官员是工作人员的时间消耗。合规分析平台提供了一种自然的语言记录，包括员工向合世界杯厄瓜多尔vs塞内加尔波胆预测规报价提交票据所需的信息。当发生数据泄露时，团队成员可以直接在平台上打印门票。世界杯厄瓜多尔vs塞内加尔波胆预测这份打印出来的文件引发了调查。
2. Automated emails: The compliance analytics system can create automatic emails for whichever level of threat the system would like to flag. When there is an alert, the system autogenerates an email, versus requiring a team member to manually send one. The new system moves the autogenerated emails to a queue for a designated reviewer to approve before sending to the recipients.
3. Documentation and comprehensive logs:如果人工智能没有解释为什么它标记了某种行为，那么它就没有帮助。尖端的解决方案消除了AI的“黑箱”，并解释了为什么某些东西被标记、看起来有风险或被识别为异常行为，允许组织以一种透明的方式处理安全问题，如图1所示。

A Broader Reach: The Future of Compliance Analytics and Healthcare Data Security

Healthcare data security and privacy is an increasingly critical issue in healthcare today and, when handled poorly, can cost millions.Ponemon InstituteandIBM Securityconducted aglobal survey数据泄露给一个机构造成的平均损失高达645万美元。通过人工智能平台，医疗系统可以主动预防安全漏洞及其深远影响，为长期安全和隐私变化提供明确的解决方案。2022卡塔尔世界杯赛程表时间世界杯厄瓜多尔vs塞内加尔波胆预测

当组织系统地评估他们的隐私和安全风险时，很容易忽视最佳实践，只关注法律的“复选框”。然而，这些努力可能是徒劳的。当组织评估并遵循最佳实践时，会发生导致长期范式转变的真正变化，例如审计每个访问点，并准确地呈现案例而不是报告。

约翰·霍普金斯证明了克服多年重复、例行程序造成的隐私和安全停滞是可能的。它从基于规则的数据泄露防御系统转变为以分析为中心的范式。成功的关键包括一个有效的框架，它培养了一个遵从性分析优先的环境，以及领导识别适当的工具来评估他们自己组织环境中的隐私和安全分析的能力。

Additional Reading

Would you like to learn more about this topic? Here are some articles we suggest:

1. Customer Journey Analytics: Cracking the Patient Engagement Challenge for Payers
2. Reducing Hospital Readmissions: A Case for Integrated Analytics
3. Meaningful Machine Learning Visualizations for Clinical Users: A Framework
4. The Future of Healthcare AI: An Honest, Straightforward Q&A
5. Machine Learning in Healthcare: What C-Suite Executives Must Know to Use it Effectively in Their Organizations

---

PowerPoint Slides

你想使用或分享这些概念吗?下载突出重点的演示文稿。

Click Here to Download the Slides

How Artificial Intelligence Can Overcome Healthcare Data Security Challenges and Improve Patient Trustfrom世界杯葡萄牙vs加纳即时走地