By Keith Solomon, CPA, Parvesh Lal, CPA and Thomas J. DeMayo, CISSP, CISA, CIPP/US, CRISC, CEH, CHFI, CCFE
Key Takeaways
- Artificial intelligence (AI) is driving innovation in health care by improving operational efficiency and patient outcomes, with projected savings of up to 10% annually across the U.S. system.
AI tools are helping providers identify patient risks and automate administrative functions, contributing to better productivity and care delivery. - The use of AI in health care raises complex challenges related to privacy, data security and compliance with the Health Insurance Portability and Accountability Act (HIPAA).
Because AI systems rely on large volumes of protected health information, maintaining strong data governance and minimizing the risk of breaches are critical responsibilities for providers. - To use AI responsibly, health care organizations must adopt a layered security strategy, engage compliance stakeholders and vet technologies before deployment.
Collaboration across internal teams and external partners helps ensure that privacy, fairness and accountability remain foundational as the use of AI expands.
Artificial intelligence (AI) is playing an increasingly prominent role in health care, offering new tools to improve care delivery and streamline operations. From predicting patient risks to automating administrative tasks, AI is helping health care providers operate more efficiently. The National Bureau of Economic Research estimates that this new technology could reduce health care costs by up to 10% annually and save $360 billion for the U.S. health care system through favorable changes in productivity and improved outcomes.
With the potential rewards, of course, come perilous risks. Personal and financial information about individual patients often proves irresistible to hackers, identity thieves and other bad actors, which means health care organizations must work hard to ensure privacy—a challenge that frequently requires the help of experienced professionals.
The Promise of Leveraging Data
The AI tools that may enable operational efficiency and cost savings are built on machine learning, which means they’re trained on historical data sets. Typically, AI systems rely on large amounts of data to learn and function. In the health care arena, this data often includes protected health information (PHI), making it even more difficult to maintain security and privacy—and to comply with the Health Insurance Portability and Accountability Act (HIPAA), the standard for the protection of sensitive patient health information.
The Problem of Breaching Data Privacy
If these data sets aren’t properly anonymized or secured, the risk of a privacy breach increases. In fact, such breaches are widespread and growing. According to the Office for Civil Rights at the U.S. Department of Health and Human Services, there were more than 700 reported health care data breaches affecting 500 or more individuals in 2024.
Data protection is paramount to mitigating these significant risks to patient privacy as well as to institutional trust, reputation and financial strength that can be compromised by hefty penalties. Health care organizations need to take a proactive, layered approach to securing data. This includes encrypting data both at rest and in transit, implementing access controls, reviewing and recertifying access rights and conducting regular risk assessments of all systems, including systems that use AI. Protecting PHI by implementing these measures helps minimize vulnerabilities and helps ensure that sensitive patient information remains protected against increasingly sophisticated cyber threats and potential misuse within evolving AI environments.
AI in Health Care: The Future Starts Now
As this technology continues to evolve, collaboration internally at your organization and with your external service providers will be essential to maintaining HIPAA compliance. Software developers, health care staff, external auditors, legal experts and regulators all have a role to play in ensuring that AI is used responsibly. Due diligence should be conducted prior to implementing new software to ensure it aligns with privacy and regulatory requirements, a process often entrusted to external specialists.
The future of AI in health care is promising, but realizing its full potential depends on getting privacy, fairness and accountability right from the start as the patient’s privacy remains a core principle in serving patients and the most vulnerable.
Contact Us
If you have any questions, contact your PKF O’Connor Davies client service team or:
Keith A. Solomon, CPA
Partner
Health Care Practice Co-Leader
ksolomon@pkfod.com | 914.341.7078
Parvesh Lal, CPA
Supervisor
Health Care Practice
plal@pkfod.com | 914.341.7006
Thomas J. DeMayo, CISSP, CISA, CIPP/US, CRISC, CEH, CHFI, CCFE
Partner
Cybersecurity and Privacy Advisory
tdemayo@pkfod.com | 646.449.6353