Protecting patient data and privacy while preventing unnecessary risks
Artificial Intelligence (AI) is at the forefront of advancing technologies. It brings immense promise to healthcare through deep learning algorithms to aid diagnostics, treatment planning and research that optimizes cost-effective, high-quality care.
Cleveland Clinic is a non-profit academic medical center. Advertising on our site helps support our mission. We do not endorse non-Cleveland Clinic products or services. Policy
But this progress comes with a caveat.
As AI permeates healthcare, the current and vast data security and privacy concerns will be exacerbated by its introduction.
Vugar Zeynalov, the Chief Security Information Officer at Cleveland Clinic, underscores the delicate balance between reaping the benefits of AI and doing it safely. He emphasizes that while advanced technology — mobile, cloud computing and AI — can yield significant business value and cost efficiencies, hasty or careless implementation could lead to security risks.
“AI is not a novel technology, it’s just that now we have the computational power to harness it.” Zeynalov continues, “Consequently, AI is subject to existing cyber risks, and most strategies currently employed by cybersecurity professionals are well poised to mitigate the risks. While good guys harness AI to improve cyber outcomes, there are bad guys who will exploit it to evade detection and reduce barriers to entry. Additionally, specific threats are tailored to target AI, like data poisoning.” Among these threats, Zeynalov emphasizes the critical role of data governance.
“Data governance is designed to get the right data to the right people at the right time,” says Kevin Mooney, Esq., Senior Director, Cleveland Clinic Enterprise Data Governance. “This requires a laser focus on the data process, who has access to that data and the needed technology to enable it.”
Mooney championed a data governance/cybersecurity interlock that blends operations to build and enhance the organization’s accountability mechanism to monitor data throughout its lifecycle.
“Working with a multidisciplinary team, our data classification program is a mutually created structure that tags and tracks sensitive data to ensure accurate associations with the right people having the appropriate role-based access.” Mooney continues, “Collectively, this process, as part of a larger data hygiene process, provides safe, highly reliable, trusted data. This is a must-have when working with sensitive patient data.”
Mooney adds, “With the onset of AI, we were already prepared to apply our existing model framework with data governance oversight and cybersecurity input to follow a sound adoption and management process.”
No matter the technology or data usage, there’s a strategic framework of necessary steps that must be completed to secure access to data.
Mooney describes, “From a governance perspective, completing each step confirms the appropriate access to accurate information. Our team consistently scans metadata and builds out the data fabric, to understand the varying aspects with a 360-degree view of the data.”
“Data governance acts as the legislative branch by defining the principles and accessibility, while cybersecurity serves as the executive branch by determining how to protect our digital assets,” says Zeynalov.
Mooney continues, “On the cyber side, it’s helping to understand the user rights management program with consistent access to particular types of data; on my side, it’s taking that same information and managing the data stewardship community.”
“As cybersecurity professionals, our role is to enable our clinicians, our patients and our organization to take advantage of new technology without taking unnecessary risks,” says Zeynalov. “Our skills and experience prepared us to manage this new wave of technology just like we manage the existing risks.”
Mooney agrees: “Our success is dependent on our multidisciplinary team’s holistic approach to create a safer space to implement and innovate for any type of technology. We strive for this excellence every day to best protect and serve our patients.”
Zeynalov summarizes: “The integration of AI into healthcare signifies progress and potential. Still, it demands a meticulous approach to data security, one that is rooted in proactive measures, continuous education, and a robust governance framework. Cleveland Clinic’s initiatives serve as a testament to the commitment to providing cutting-edge healthcare while safeguarding patient data in an evolving technological landscape.”
Cleveland Clinic’s roadmap to recovering critical digital assets stems from strategic planning and preparedness
The Friends of Cybersecurity program bridges innovative technology solutions with mitigating security risks
The infant fever care path is an interactive, step-by-step tool within the electronic health record that reduces high variability among standard practices to ensure safe, quality care at all Cleveland Clinic locations
Cleveland Clinic providers shifted to one-click ordering to simplify the workflow while increasing visibility of patient-specific recommended wellness screenings
A physician-developed experiential learning elective illustrates the value and necessity for strong collaboration among clinicians and IT professionals
Cleveland Clinic Children’s implemented an automated color-coded system to escalate timely care to prevent patient deterioration
Advancing Cleveland Clinic’s clinical systems integration by creating a secure, single database designed and built to modern healthcare standards
When the COVID-19 pandemic delayed patient care, automated bulk ordering for overdue screening mammograms led to an easy, convenient online scheduling process.