3 Use Cases for AI in Security and Compliance

January 6, 2020   |   Ken Reiher

Robert Porr, CHC,  Furnace Brook HealthCare Management Advisors 

Gerry Blass, President & CEO, ComplyAssistant

Using artificial intelligence to make compliance procedures more efficient

ComplyAssistant recently contributed an article on how artificial intelligence tools can be used to make compliance procedures more efficient to the November/December 2019 issue of the Journal of Health Care Compliance. The following blog post covers some of the key points.

A 2019 report found that over 40 percent of health care executives said artificial intelligence will be the technology with the highest impact on operational performance in the next 3 years. But AI is not just for clinical use. Any repetitive, labor-intensive interaction with documentation—such as billing, legal, security, and compliance—is a candidate for the application of AI. Without artificial intelligence technology, these types of transactional activities are typically fulfilled by humans, take longer, cost more, and are more susceptible to error.

Let’s unpack three potential security and compliance use cases for AI technology.

  • Contract Lifecycle Management Health care systems are required to manage and review thousands of corporate contracts, from lease agreements to physician affiliations to purchase contracts. However, the volume and complexity of a high volume of agreements makes it nearly impossible to perform an annual review.Today, however, AI can help in areas such as:

    1. Review of multiple contracts with the same entity to uncover inconsistencies
    2. Review of contracts for compliance with federal or multi-state requirements
    3. Flagging lease contracts that are up for renewal
    4. Reviewing physician privilege contracts for renewal and update
    5. Cross-referencing physician credentials for compliance with the Stark Law

If thousands of contracts could be reviewed using AI technology, human resources can be diverted to more important, strategic tasks and decision making.

  • Vendor Risk Management Similarly, an annual review of business associate agreements (BAAs) can be performed more quickly using AI to answer these types of questions:

    1. Has the contract expired?
    2. Is the contract up to date with all security and compliance procedure rules, including recent changes?
    3. Have BAs complied with required risk assessments per the contract?
    4. Are there trends in high-level risks with certain vendors?
    5. Is the contract in compliance with state and federal regulations?
    6. Are downstream BAs covered in the contract and are their agreements up to date?

Vendor risk management, though, requires more than just an AI tool to review documentation. Health care organizations should first take inventory all BAAs and document each business associate’s inherent risk of using protected health information (PHI). For the typical health system, this inventory could mean hundreds or even thousands of contracts – using AI would certainly be an efficient method for this review process.

Once inherent risk is determined, prioritize each BA from highest to lowest risk. Artificial intelligence technology can help automate selection of which contracts and BAs require further audit controls, while a governance, risk and compliance (GRC) software solution can be used to manage action plans to reduce risk and prevent breaches.

  • Risk Modeling Security, privacy, and IT teams already use a variety of technological solutions – such as honeypots and email filters – to thwart potential security breaches. AI can go a step further to scrutinize abnormalities in behavior that may indicate potential PHI security risk.For example, machine learning can examine an EHR database to determine whether someone is logging on to the system in the middle of the night, when typical login hours are between 9:00 a.m. and 5:00 p.m. Modeling various risks in this way enables organizations to put themselves in the shoes of potential attackers, understanding where they may hit, and where weaknesses may exist in the system or network.

Is artificial intelligence right for your security and compliance procedures? Read the full article from Journal of Health Care Compliance to find out more.

AI is just one tool in your security and compliance toolbox. A functional compliance program requires a combination of executive-level governance, change management, due diligence and documentation. Find out more in our post on How a Functional Compliance Program Can Protect PHI.

To view a PDF version of the original Journal of Health Care Compliance article, Click Here.

Featured