Locations
America
Brazil
EnPo
Canada
Latam
Mexico
EnSp
United States
Europe
EnDe
Benelux
Germany & Austria
EnDe
Nordic
Southern Europe
EnFr
Switzerland
EnDe
United Kingdom & Ireland
Asia Pacific
Asean
Australia & New Zealand
China
Japan
EnJp
Korea
Taiwan
India & Middle East
India
Middle East
Africa
Global Site
< Cybersecurity

A Closer Look at Managing Data Privacy in AI-Based Medical Devices

comments.png fav-article
comments.png

November | 2021

Organizations across sectors have realized the role that artificial intelligence (AI) plays in people, processes and technology paradigm – deriving the business value using AI-based customer engagements. AI has been helping organizations in driving three most important aspects of business today - speed to market, value for money, and the scale of operations. As an example, a leading medical device manufacturer leverages AI to ensure product visibility across the value chain, handle rising cost of PPE equipment due to the pandemic and manage access to equipment during high demand period. Figure 1 illustrates the broad categories of AI use-cases.
A Closer Look at Managing Data Privacy in AI-Based Medical Devices

Market growth of AI

The application of AI in the healthcare sector is growing. The key factors contributing to AI’s growth in healthcare include: AI-based healthcare informatics due to large volume of patient data, a need to improve efficiency in hospital operations, and increase in the number of start-ups offering AI-based healthcare software.

Another contributing factor is the government’s support towards technology innovation in many countries such as India, Canada, US, Denmark, Hungary, China, Singapore, and many more. For example, India launched INDIAai platform in 2020, With an objective to improve collaboration among ecosystem players and spread awareness about AI across sectors. Large corporations such as Google, Microsoft, Apple and others are also developing AI based tools and software.

Commercial usage of AI, however, raises concerns around ethics and data privacy. There are numerous debates around commercialization of AI based tool such as GPT-3, which has more than scale of operations. As an example, a leading medical device manufacturer leverages AI to 175 billion parameters to base its automated decision on, but still raises question about data privacy and ethics.

Ethics and data privacy challenges become more pronounced in medical devices as it collects personal sensitive health information.

Growth of the AI market is attributed to investments by governments, as well as innovations happening in the private sector. However, AI poses significant challenges around ethics and data privacy that need to be addressed in near term.

Challenges in AI-based medical devices

Hospitals are using AI based devices for screening decision without human intervention. The algorithm provides physicians with the recommendation on the next steps after analyzing the patients. However, the greatest challenge in this field remains lack of trust and existence of privacy issues. 

A Closer Look at Managing Data Privacy in AI-Based Medical Devices

In AI-based devices/algorithm-based set-up, the patient’s consent becomes one of the leading challenges. It is challenging to understand the data flow because of unexpected correlations. A simple solution to this challenge is to work only on an anonymized dataset.

Data privacy and cybersecurity challenges also impact the big data/AI based devices. Some of the risks arising may be the result of lack of cybersecurity controls (access controls, encryption, logs), and lack of privacy controls (data minimization isn’t followed, lack of data segregation, unattended data such as individual’s preference capture due to corporate policies etc.)

While data privacy and cybersecurity challenges can be solved by implementing traditional controls, and following the regulatory guidelines, the challenges around reliable & trusted recommendation and algorithm biases are comparatively niche and hence difficult to solve. Automated decisions run “behind the scenes”, thus making it difficult to scrutinize. Thus, to minimize the biased outcomes, one must consider non-technical attributes of devices, in addition to the technical specifications and controls. Missing on either of the aspects may not help device manufacturers to solve this challenge. Other key success factor will be cooperation within industry to push for larger adoption of the AI-algorithm assessment for bias.

To overcome the data privacy and cybersecurity challenge, organizations in the healthcare sector must conduct a Data Privacy Impact Assessment (DPIA), along with assessment of the underlying algorithms for these medical devices, at the beginning of the project.

Wipro’s approach to address privacy challenges

Wipro recommends a risk-based approach to address privacy challenges. Such an approach must begin by asking a key question – why is DPIA needed in the given context? AI-based medical devices (or in general medical devices) collect and use personal data that has an impact on the privacy of individual,if mismanaged.

This becomes the key reason for carrying out a DPIA. Other reasons could be compliance requirements, building trust among stakeholders, and identifying and addressing the risks to the personal data of the patients

 An approach to solve these challenges takes 5 steps, with emphasis on how well the data is being stored and managed by medical devices. It should begin by understanding and documenting the inherent features and specifications of medical devices, controls that are in place, and potential vulnerabilities that can be exploited in the light of prevalent threats.

A Closer Look at Managing Data Privacy in AI-Based Medical Devices
Once the data pertaining to the device, potential vulnerabilities and threats have been documented, the most critical step is to carry out the Privacy Impact Assessment (PIA) and Algorithmic Impact Assessment (AIA). Regulatory agencies provide high level areas to be assessed. Ideally, involve a service provider of your choice to perform a comprehensive assessment of privacy and algorithms. Some of the common areas that must be covered in these assessments include:
A Closer Look at Managing Data Privacy in AI-Based Medical Devices

About the Author

Suneet Pahwa is a Senior Practice Manager in the Cyber Strategy & Risk Practice at Wipro Limited. He has been advising clients in cybersecurity across the globe on strategy, risk prioritization and maturity assessment. His interest areas lie in emerging technologies, their impact on data privacy and cybersecurity, Zero-Trust architecture etc. Previously, he has served McKinsey & Company and Data Security Council of India (NASSCOM). He is CISM certified, with MBA from Purdue University and B.E. from Manipal University.

Related Articles

Image not found
Cybersecurity in the Communications Sector

Cyberattacks have moved on from traditional techniques and have become more targeted and sector-specific. Attackers are operating in stealth mode, making attribution of attacks more difficult.

Image not found
Asymmetric uncertainty for Cyber Threats & its potential

Today’s Cyber defenses are focused on defending unchanging (sprawling, distributed, & untrusted) infrastructure by monitoring, detecting, preventing and remediating threats.

Image not found
Cloud Security Compliance Assurance Program

The healthcare industry is shifting focus to personalized preventive care and an increasing number of patients are expecting healthcare to be delivered as a service.

X

popup-image