Using AI to craft HIPAA compliant emails

The global artificial intelligence (AI) market, valued at 196.63 billion USD in 2023, is projected to expand by 37.3% annually from 2023 to 2030. The use of AI technologies can outpace legislative updates, causing some disparity in how AI can be used within niche sectors like healthcare. 

AI and HIPAA compliance 

The following statement comes from the conclusion of a 2021 research study on AI and its correlation to HIPAA’s Privacy and Security Rule:

"There has been some progress mentioned with the FDA in establishing new guidelines on how AI and ML software and devices will now be handled in healthcare. When I started this research back in 2018 there was no mention of how HIPAA would be updated, and there still is very little mention of it in the literature. Since that time the concerns of healthcare professionals have been heard when they voiced their concerns about the uses of AI in healthcare and what needed to be done from a regulatory standpoint. It is my desire that this research help foster a regulatory framework for the use of AI in healthcare from developer concept to healthcare implementation to lifecycle replacement."

AI, in its current state, is not inherently HIPAA compliant because there is no legislative framework controlling how it is applied in a healthcare setting. This lack of regulation causes a lot of concern amongst healthcare professionals and HIPAA experts alike because there is so much ambiguity around how AI should handle and protect patient data. 

The study also mentioned that healthcare professionals are particularly worried about AI's ability to protect the security of health information. The fear is that without guidelines and updated regulations, there could be unintentional breaches of patient confidentiality or unauthorized data access, ie. HIPAA violations. 

Troubleshooting the problem

In a Biology of Sport study, researchers found that, "While AI tools can undoubtedly aid scientific research in many ways, it is crucial to recognize that they should function as a supplementary aid rather than a complete substitute for human creativity and ingenuity."

Therefore, while looking at AI as a beneficial tool, human oversight is needed to work effectively. Let's take a look at how to use AI to craft HIPAA compliant email: 

• Focus the AI tool's use on generating more generic content that doesn't involve PHI, such as greeting messages, general health tips, and FAQ responses.
• Before exposing any data to the AI tool, apply deidentification techniques to remove or obscure all PHI from the dataset.
• Use AI tools to help create and refine email templates that have placeholders for PHI.
• Segregate PHI from non PHI data within your systems
• Make sure that only personnel with necessary HIPAA training can use AI tools for email creation, and limit their PHI access.
• Keep a detailed log of how AI tools are used, including who accesses the tool and for what reason.
• Create a review process where AI generated email content is checked by a human (preferably with HIPAA compliance knowledge) before being sent.

See also: Top 10 HIPAA compliant email services

Real world examples

The bipartisan AI task force

On February 20, 2024, House Speaker Mike Johnson and Democratic Leader Hakeem Jeffries announced the formation of a bipartisan Task Force on Artificial Intelligence. This came as a method of securing America's leadership in AI innovation while carefully addressing its challenges and threats. The task force, comprising members from various congressional committees, will draft a report offering principles, recommendations, and bipartisan policies to promote AI-driven economic growth and establish safeguards for national security and ethical AI development. Experts like James Manyika from Google Research have discussed the need for thoughtful, ethical AI development.

See also: U.S. House launches bipartisan AI task force

FAQs

What is AI?

It is technology designed to mimic human intelligence using machine learning and algorithms.

What makes an email HIPAA compliant? 

An email becomes HIPAA compliant when it has the necessary encryption and meets other specific standards set by HIPAA. 

How long will it take for legislation to be formed around AI?

The time it takes for legislation to be formed around AI can vary widely, the AI taskforce could stand to fast track this timeline but no set date can be provided.