- Generative AI is transforming the health care industry and positively affecting how patient-centered care is delivered.
- Understanding data risks related to privacy, bias, misinformation, and cyber vulnerabilities is crucial.
- Early integration of the organization’s enterprise risk functions is important to the long-term success of generative AI.
- When leveraged in a true advisory capacity, internal audit, compliance and legal departments provide valuable risk insight for AI governance.
The health care industry is facing unprecedented transformation in both the way care is delivered and the use of innovative technologies that enhance the patient experience. The adoption of generative artificial intelligence technologies has quickly become a priority for health care leaders across the country. Multiple use cases have been implemented to enhance clinician and patient experience including leveraging generative AI to improve processes related to inbound patient messaging, remote patient monitoring, prior authorizations from insurers for treatments and medications, clinician licensure and credentialing, and virtual care optimization.
Driven by tight labor issues and the focus of the health care industry to increase clinical quality while improving margin, new use cases are being designed and implemented each day. Exponential growth in the use of generative AI technologies delivering positive impacts across the continuum of care is expected in the months and years to come.
In an industry increasingly driven by data (health care data now makes up 30% of the world’s data), the timing couldn’t be more perfect.
“Generative AI is a very powerful tool that must be embraced and invested in for multiple reasons. Organizations must assume that their competitors are making investments in generative AI. As their customer base grows, appreciation of generative AI and its meaningful utilization will quickly become a competitive requirement,” said Manish Thakkar, RSM US Director, AI governance.
Before adopting generative AI technologies, however, organizations must understand the data that generative AI technology uses and establish a foundational governance and risk management practice to pursue their generative AI journey.
“Generative AI requires oversight because it is different than other technologies,” said Thakkar. “It evolves extremely rapidly, makes decisions on its own, and generates new and original content. It is more powerful compared to human decision making because it is more persuasive, always on, and can transmit knowledge faster.”
Understanding the key risks within the data—such as those related to privacy, bias, misinformation, and cyber vulnerabilities—is crucial to the development and deployment of responsible generative AI technologies. The following diagram outlines the key considerations organizations should address when implementing an AI governance strategy.
In addition to adopting a governance framework, several stakeholders from across the organization should have involvement in guiding the direction of AI strategies.
Fostering the responsible use of AI
A responsible governance culture will help organizations strike the right balance between putting their foot on the gas pedal to rapidly accelerate the pace of implementing innovative technologies and pumping the brakes when needed to do so in a responsible manner. Health care organizations that fail to identify or choose to ignore the risks associated with generative AI adoption may find themselves reacting and responding to privacy breaches, loss of intellectual property, and, most concerning, patients experiencing unintended negative outcomes.
“Generative AI is already transforming the delivery of clinical care and the multiple functions and back-office processes that support health care operations. The organizations that encourage meaningful participation from multiple departments beyond IT, including those who are responsible for assessing and monitoring the risks associated with generative AI adoption, will be well positioned to accelerate the benefits of the innovative technology,” said Ryan Haggerty, RSM’s national leader for the health care internal audit, regulatory compliance and enterprise risk practice.
Those health care organizations that are moving down the path of generative AI adoption shouldn’t delay inviting the internal audit, compliance, and legal departments to join them on the journey. Early integration of the organization’s enterprise risk functions is important to the long-term success of generative AI strategies. Working alongside the governance committee to recommend and stand-up effective safeguards around generative AI deployment is essential.
“When leveraged in a true advisory capacity, internal audit, compliance, and legal departments provide valuable risk insight, not acting as the voice of ‘No,’ but rather informing the organization of the risks that should be considered as strategic decisions are made,” said Haggerty.
Those who foster responsible governance practices stand to gain the most value from their AI strategy while ensuring risk is appropriately inventoried, assessed, and communicated. Health care organizations may wish to consider the following as first steps for effective and sustainable governance practices:
- Identify relevant in-house technologies and capabilities and assess the risks and opportunities focused on interoperability configurations, technology limitations, and vulnerabilities.
- Implement communication channels to govern responses and maximize value to both internal and external stakeholders.
- Establish policies and procedures that are inclusive of internal controls to prevent, detect, and correct errors or misconduct.
- Review product documentation and consult with appropriate vendors.
- Curate data utilized by AI systems and leverage lessons learned to identify and deploy additional use cases.
- Seek outside expertise from specialists experienced in both finding opportunities to leverage generative AI technologies in the health care environment and responsibly implementing AI technologies in accordance with regulatory guidance.
In the near term, the speed of generative AI innovation may likely outpace the regulatory guidance and compliance requirements related to its use. To minimize risk, health care organizations will need to remain vigilant and prioritize thorough testing of new use cases, invest in employee training, and emphasize clear communication and collaboration with key stakeholders.
Innovative technologies like generative AI are rapidly transforming the health care industry and positively affecting how patient-centered care is delivered. An increasingly competitive landscape, labor shortages, margin pressure, and expectations from clinicians and patients are necessitating investments in generative AI. This game-changing innovation should be embraced; however, generative AI strategies should include the prioritization of a strong foundational governance framework and the early and meaningful participation of key stakeholders.