Episode 36: AI and EDI in Healthcare: Enhancing Efficiency and Compliance

Transcript:

Adam
Hello, and welcome back to the HIPAA Vault show. I’m your host, Adam Zeineddine. And today we’re delighted to be diving into an intriguing topic that stands at the intersection of technology and healthcare, AI and EDI. And I’m thrilled to be joined by Gil Vidals, the CTO and founder of HIPAA Vault. 

Gil
Yeah, hi, Adam. Yeah, how’s it going? 

Adam
Good. Going good. Thanks for joining us to share your insights. So, let’s explore how the technologies of artificial intelligence and EDI can be combined to not just change the healthcare industry, but revolutionize it, hopefully. And all while, of course, maintaining HIPAA compliance, which is what we’re all about on the HIPAA vault show. So let’s get started. Gil, just to unpack the terminology here a little bit, AI and EDI, can you give the viewers and listeners an understanding of the basics of what AI and EDI is in healthcare? 

Gil
Sure. So the AI has been, of course, all over the mEDIa in the last six months, everywhere you turn. So that’s artificial intelligence, and that is the intelligence based on these large language modules that allow, or models rather that allow the computer systems to really behave like a human being. They can reason, they can give you good answers. And of course, that’s applicable in healthcare all over the place, where scientists can now use AI to help read the genomics, your genes and all of that. It used to take a long time to figure all that out, but with AI, it goes so much faster. They can figure out what genes cause, what kind of illnesses, and then EDI, electronic data interchange is the transmission of data. Typically, patient records, health information into a format that the computers can understand. 

Gil
So that’s essentially what EDI is. 

Adam
Yeah, that’s fascinating. Could you share some examples of how AI and EDI can be used in real world healthcare settings? 

Gil
Sure. So a lot. For AI in particular, you have to think about the way the world of science and healthcare works. A lot of it’s trial and error, at least in terms of how solutions are come up with. So, for example, there’s a new drug out on the market, somebody, they go through all these clinical trials, and then they come up with it. Finally, it’s passed by the FDA, and then people can buy it. But think about all the research that when it takes years and years to figure out what works, what doesn’t work well with AI, to go through these trial and errors, it can still do the same thing, but instead of doing it, the human speed, which is very slow, it can explode and do it super fast. 

Gil
So AI is essentially going much faster than a team of humans can do it. So it really just accelerates everything. And now EDI specifically, which is what HIPAA Vault. We can help customers with their EDI. That’s where you’re taking your mEDIcal records, your billing, and translating all that into this computer language, the EDI, and being able to process that information much faster than you could without as many errors, because it’s not based on human beings. When you take the human being out of the picture, you end up with a better product. Kind of reminds me what Elon Musk said. He said, someday the Tesla won’t have a steering wheel. Now, you look at that go, oh, my gosh. How can I drive the car without a steering wheel? That’s the point. Elon Musk doesn’t want you to drive the car. Why? Because you’re humans. 

Gil
Humans make mistakes, causes a lot of accidents and deaths. And so, same thing with EDI. Once you convert your processes and your workflow to EDI standards, then you’re going to have fewer mistakes and have happier clients and probably more efficient in terms of costs. 

Adam
Yeah. And also, hopefully, improve compliance with regulations. Right. So compliance is key here. How do these technologies, or how do you see these technologies aligning with HIPAA regulations, which we also specialize in? 

Gil
Well, one of the things that I think is kind of subtle, but I think it’s important is there are HIPAA breaches that happen when the wrong eyeballs look at the data for a patient. By wrong eyeballs, I mean someone that’s not really authorized to look at the data. And so when you’re talking about EDI and you’ve translated the data into electronic format, then that data is sent to whoever’s supposed to be looking at it. You don’t need to have a bunch of human eyeballs looking at it on a computer monitor. Instead, it’s sent through EDI to the right parties. And so it eliminates, I guess I can call them the looky loose, someone who might be interested in looking at a health record, and they really have no business looking at it. 

Gil
So I think that’s one subtle difference, is once everything is converted from manual to electronic, you’re able to comply better than you were before when it was all human interaction. 

Adam
Yeah, definitely. And on that point in last week’s episode, I reviewed, like, I did, a tier list of top security services for healthcare, and one of them was know security information, events management and compliance monitoring. And AI can be activated in SiEM as well. You’ve got things like Google Chronicle coming online and being used with larger organizations where you can integrate AI to pull from databases of existing vulnerabilities and almost act as like a DevSec development security professional in terms of when a vulnerability is assessed or potential breach is assessed, they can go and automatically implement proactive measures to patch those kind of things. That could certainly, I think, be implemented on the EDI front as well. If you just were to view EDI as just a subset of whatever range of services the healthcare organization’s IT department have. 

Adam
Do you see seam and AI being something that is realistic in the near future, or are you always going to have those professionals sitting and monitoring vulnerabilities and patches? 

Gil
Yeah, unfortunately, Adam, the bad actors, that’s what we call the hackers and the bad guys in this industry, we call them the bad actors. So the bad actors are already ahead. By that I mean they’re already using AI to attack the healthcare sector. Okay, so they’re using AI because criminals always gravitate towards the latest technology to gain an upper hand. And so because they’re using AI that can create a virus on the fly, can create and morph and do, the code can change on demand. Then on the good side, the good actors are still trying to fight the bad actors with the old tools. Meanwhile, the bad actors have moved on into AI. So it’s kind of a race now. The good guys have to implement AI in countermeasures. So it’s kind of interesting. Imagine a chess game between two people. 

Gil
And then, as we all know, big blue IBM machine beat the first world class russian chess player one day. So it was a machine against a human. Now imagine two machines playing each other. There’s no humans anymore. So that’s kind of like the direction we’re going. And it’s already started. We already have AI, we have a machine that’s trying to hack into the healthcare records. And so now we have to counter it with another machine. So it’s becoming machines against machines, and we’re already doing, I mean, it’s already started. This isn’t future like someday? No, this is already happening today, mainly on the bad actor side, unfortunately. But there are good actors who are also using AI. There’s already some AI countermeasure tools. 

Gil
But what’s already happening, and I know people tend to go to the vision of the Terminator, the whole world is going to implode. It’s not like that. I mean, these are AI tools that bad actors have specifically just to break into machines and grab the patient’s information, the mEDIcal records, hold it for ransomware. So that’s where we are today. The good actors have to get on the ball and make sure they’re using the powerful AI tools to. 

Adam
Well, I think we’ve covered a fair amount there. Gil, was there anything that you wanted to add? 

Gil
Well, it’s fun to talk about, or at least intriguing to talk about some of these things that are happening and all futuristic, but I always like to leave comments or leave some thoughts with our audience, something they can do, practically speaking. And that would be if you’re listening to this and you’re thinking about EDI or you’re thinking about how to increase the footprint of your EDI to become more efficient. So a couple of takeaways is make sure that the EDI, the electronic data that you have that you’re sending to a provider, you’re sending to a third party. Just make sure that it’s encrypted and make sure that whoever you’re sending to has got good encryption on their end. And if you’re not technical, it doesn’t matter. 

Gil
You can always just ask them next time you’re in a meeting, say, hey, what kind of encryption are we using for this? And that goes a long way to protect your environment just to have the encryption. And the second takeaway is also make sure that you have limited access. In other words, you don’t want everybody to have a password and a username to gain access to the systems. You want to limit it to what’s called the least privileges. And you want the minimal number of people that absolutely need to have access to your mEDIcal data you’re transferring. Make sure that you review that once in a while. You’d be surprised how many times you look at the list of people have access. You go, oh, my gosh. This guy Fred, he left two years ago, and this person was a consultant for one week. 

Gil
Delete all those people. They don’t need to be on there anymore. So, so encryption and then maintaining access controls by keeping a clean, short list of those that can access, that’s something that a business manager can do. They don’t have to be technical to do that. 

Adam
Thanks, Gil, for the valuable insights, as always, and thank you to our viewers and listeners for joining us today. So, to learn more about AI, EDI, and HIPAA compliance, check out. Head over to hipaavault.com, our website, where we have a wealth of resources to help you navigate these complex but exciting developments in healthcare technology. Don’t forget to like share and subscribe for more episodes. I’ve been Adam Zeineddine, joined by Gil Vidals, and this has been the HIPAA Vault show. Stay informed and stay compliant. And see you next time.