The Evolution of AI in Healthcare: Current Trends and Legal Considerations

Artificial intelligence (AI) is transforming the healthcare landscape, offering innovative solutions to age-old challenges. From diagnostics to enhanced patient care, AI’s influence is pervasive, and seems destined to reshape how healthcare is delivered and managed. However, the rapid integration of AI technologies brings with it a complex web of legal and regulatory considerations that physicians must navigate.

It appears inevitable AI will ultimately render current modalities, perhaps even today’s “gold standard” clinical strategies, obsolete. Currently accepted treatment methodologies will change, hopefully for the benefit of patients. In lockstep, insurance companies and payors are poised to utilize AI to advance their interests. Indeed, the “cat-and-mouse” battle between physician and overseer will not only remain but will intensify as these technologies intrude further into physician-patient encounters.

  1. Current Trends in AI Applications in Healthcare

As AI continues to evolve, the healthcare sector is witnessing a surge in private equity investments and start-ups entering the AI space. These ventures are driving innovation across a wide range of applications, from tools that listen in on patient encounters to ensure optimal outcomes and suggest clinical plans, to sophisticated systems that gather and analyze massive datasets contained in electronic medical records. By identifying trends and detecting imperceptible signs of disease through the analysis of audio and visual depictions of patients, these AI-driven solutions are poised to revolutionize clinical care. The involvement of private equity and start-ups is accelerating the development and deployment of these technologies, pushing the boundaries of what AI can achieve in healthcare while also raising new questions about the integration of these powerful tools into existing medical practices.

Diagnostics and Predictive Analytics:

AI-powered diagnostic tools are becoming sophisticated, capable of analyzing medical images, genetic data, and electronic health records (EHRs) to identify patterns that may elude human practitioners. Machine learning algorithms, for instance, can detect early signs of cancer, heart disease, and neurological disorders with remarkable accuracy. Predictive analytics, another AI-driven trend, is helping clinicians forecast patient outcomes, enabling more personalized treatment plans.

 

Telemedicine and Remote Patient Monitoring:

The COVID-19 pandemic accelerated the adoption of telemedicine, and AI is playing a crucial role in enhancing these services. AI-driven chatbots and virtual assistants are set to engage with patients by answering queries and triaging symptoms. Additionally, AI is used in remote and real-time patient monitoring systems to track vital signs and alert healthcare providers to potential health issues before they escalate.

 

Drug Discovery and Development:

AI is revolutionizing drug discovery by speeding up the identification of potential drug candidates and predicting their success in clinical trials. Pharmaceutical companies are pouring billions of dollars in developing AI-driven tools to model complex biological processes and simulate the effects of drugs on these processes, significantly reducing the time and cost associated with bringing new medications to market.

Administrative Automation:

Beyond direct patient care, AI is streamlining administrative tasks in healthcare settings. From automating billing processes to managing EHRs and scheduling appointments, AI is reducing the burden on healthcare staff, allowing them to focus more on patient care. This trend also helps healthcare organizations reduce operational costs and improve efficiency.

AI in Mental Health:

AI applications in mental health are gaining traction, with tools like sentiment analysis, an application of natural language processing, being used to assess a patient’s mental state. These tools can analyze text or speech to detect signs of depression, anxiety, or other mental health conditions, facilitating earlier interventions.

  1. Legal and Regulatory Considerations

As AI technologies become more deeply embedded in healthcare, they intersect with legal and regulatory frameworks designed to protect patient safety, privacy, and rights.

Data Privacy and Security:

AI systems rely heavily on vast amounts of data, often sourced from patient records. The use of this data must comply with privacy regulations established by the Health Insurance Portability and Accountability Act (HIPAA), which mandates stringent safeguards to protect patient information. Physicians and AI developers must ensure that AI systems are designed with robust security measures to prevent data breaches, unauthorized access, and other cyber threats.

Liability and Accountability:

The use of AI in clinical decision-making raises questions about liability. If an AI system provides incorrect information or misdiagnoses a condition, determining who is responsible—the physician, the AI developer, or the institution—can be complex. As AI systems become more autonomous, the traditional notions of liability may need to evolve, potentially leading to new legal precedents and liability insurance models.

These notions beg the questions:

  • Will physicians trust the “judgment” of an AI platform making a diagnosis or interpreting a test result?
  • Will the utilization of AI platforms cause physicians to become too heavily reliant on these technologies, forgoing their own professional human judgment?

Surely, plaintiff malpractice attorneys will find a way to fault the physician whatever they decide.

Insurance Companies and Payors:

Another emerging concern is the likelihood that insurance companies and payors, including Medicare/Medicaid, will develop and mandate the use of their proprietary AI systems to oversee patient care, ensuring it aligns with their rules on proper and efficient care. These AI systems, designed primarily to optimize cost-effectiveness from the insurer’s perspective, could potentially undermine the physician’s autonomy and the quality of patient care. By prioritizing compliance with insurer guidelines over individualized patient needs, these AI tools could lead to suboptimal outcomes for patients. Moreover, insurance companies may make the use of their AI systems a prerequisite for physicians to maintain or obtain enrollment on their provider panels, further limiting physicians’ ability to exercise independent clinical judgment and potentially restricting patient access to care that is truly personalized and appropriate.

Licensure and Misconduct Concerns in New York State:

Physicians utilizing AI in their practice must be particularly mindful of licensure and misconduct issues, especially under the jurisdiction of the Office of Professional Medical Conduct (OPMC) in New York. The OPMC is responsible for monitoring and disciplining physicians, ensuring that they adhere to medical standards. As AI becomes more integrated into clinical practice, physicians could face OPMC scrutiny if AI-related errors lead to patient harm, or if there is a perceived over-reliance on AI at the expense of sound clinical judgment. The potential for AI to contribute to diagnostic or treatment decisions underscores the need for physicians to maintain ultimate responsibility and ensure that AI is used to support, rather than replace, their professional expertise.

Conclusion

AI has the potential to revolutionize healthcare, but its integration must be approached with careful consideration of legal and ethical implications. By navigating these challenges thoughtfully, the healthcare industry can ensure that AI contributes to better patient outcomes, improved efficiency, and equitable access to care. The future of AI in healthcare looks promising, with ongoing advancements in technology and regulatory frameworks adapting to these changes. Healthcare professionals, policymakers, and AI developers must continue to engage in dialogue to shape this future responsibly.

Electronic Medical Record Provider Pays $930,000 in First Civil Cyber-Fraud Initiative Settlement

For the first settlement as part of the Department of Justice’s Civil Cyber-Fraud Initiative, DOJ settled a case against medical services government contractor Comprehensive Health Services, LLC (CHS) for $930,000.  This settlement resolves allegations brought forth in two qui tam lawsuits, where four whistleblowers filed suit on behalf of the government under the qui tam provision of the False Claims Act.  Three of the whistleblowers received $15,000, in addition to attorneys’ fees, and one relator received $127,050 for reporting fraud.

“This settlement serves notice to federal contractors that they will be held accountable for conduct that puts private medical records and patient safety at risk,” said the United States Attorney for the Eastern District of New York.

CHS, as part of the medical services they provided to the U.S. government, was paid to implement a secure electronic medical record (EMR) system as part of contracts with the State Department and Air Force at various U.S. consulate and military locations in Iraq and Afghanistan.  The EMR system housed personal health information and medical records for anyone who received medical treatment at the locations CHS served, including U.S. service members, diplomats, officials, and contractors.  According to the allegations, CHS did not consistently store patients’ medical records on the secure EMR system and indeed left scans on a network drive which non-clinical staff could access.

As part of several contracts to which CHS was a party, CHS was supposed to provide medical supplies, including controlled substances subject to U.S. Food and Drug Administration (FDA) or European Medicines Agency (EMA) approval.  According to the allegations, CHS “knowingly, recklessly, or with deliberate ignorance” submitted claims for payment for controlled substances that they obtained by means not sanctioned by these contracts.  Not only did CHS lack a Drug Enforcement Agency license to export controlled substances, but CHS also obtained controlled substances by having their U.S.-based subsidiary request that a South African physician prescribe controlled substances, according to the allegations.  The South African physician prescribed these controlled substances, absent FDA or EMA approval, and a shipping company from the same country imported the substances to Iraq.

Government contractors are supposed to adhere to the terms of their contracts in order to receive reimbursement from the U.S. government.  This medical services provider ignored procurement guidelines to obtain controlled substances, undermining safety controls and misrepresenting their adherence to contract terms in providing medical services to U.S. military personnel.  The DOJ’s Civil Cyber-Fraud Initiative brings the power of the False Claims Act to bear on contractors whose job is to protect sensitive information and critical systems.  Representing that data is secure when it is, in fact, not is a violation of the False Claims Act and constitutes cyber-fraud.  As the Special Agent in Charge of the U.S. Department of State OIG, Office of Investigations noted, “…this outcome will send a clear message that cutting corners on State Department contracts has significant consequences.”

Whistleblowers raised data privacy concerns to CHS, but the contractor failed to implement better cybersecurity protocols in response to their concerns.  The Department of Justice has rewarded its first whistleblowers as part of the Civil Cyber-Fraud Initiative, and they’re just getting started.

© 2022 by Tycko & Zavareei LLP
For more articles about digital health, visit the NLR Health Care Law section.

Health Care Companies Agree to “Core Commitments” to Improve Access to EHR

Last month, the Department of Health and Human Services (HHS) announced that a number of large health care companies and providers had “agreed to implement three core commitments” to improve access to electronic health records (EHR).  HHS touted the commitments as a significant step toward increased EHR interoperability.

The three core commitments to which the health care entities agreed are as follows:

  1. Consumer Access: To help consumers easily and securely access their electronic health information, direct it to any desired location, learn how their information can be shared and used, and be assured that this information will be effectively and safely used to benefit their health and that of their community.

  2. No Blocking/Transparency: To help providers share individuals’ health information for care with other providers and their patients whenever permitted by law, and not block electronic health information (defined as knowingly and unreasonably interfering with information sharing).

  3. Standards: Implement federally recognized, national interoperability standards, policies, guidance, and practices for electronic health information, and adopt best practices including those related to privacy and security.

HHS highlighted the number and importance of the entities that have agreed to this “Interoperability Pledge.”  According to HHS, the nation’s five largest private health care systems signed the Interoperability Pledge, as well as “[v]endors who provide 90 percent of hospital electronic health records used nationwide.”

Notably, the three commitments in the Pledge are not enforceable.  At most, the Interoperability Pledge represents an agreement by its signatories that access and interoperability are key goals of EHR use.

 

© 2016 Covington & Burling LLP

Full Speed Ahead for Meaningful Use re: Medicare and Medicaid Electronic Health Records

Sheppard, Mullin, Richter & Hampton LLP

On Friday, March 20, 2015, the Centers for Medicare and Medicaid Services (“CMS”) issued a proposed rule which would make significant changes to the federal Medicare and Medicaid Electronic Health Records (“EHR”)Incentive Programs (collectively the “Meaningful Use Program”).

The Meaningful Use Program operates in 3 stages, with providers required to demonstrate increasing use/metrics at each stage to continue to receive payments.  Under the Meaningful Use Program, eligible professionals, eligible hospitals and critical access hospitals can receive incentive payments for demonstrating Meaningful Use of certified EHR technology.  Furthermore, starting in 2015, health care providers who are eligible to participate in the program, but choose not to participate or are not able to demonstrate Meaningful Use, may see downward payment adjustments to the amounts reimbursed by Medicare.  Thus, the Meaningful Use Program has been a source of additional income to some providers, but for many others it has been a serious concern due to the significant capital outlays required to demonstrate Meaningful Use of certified EHR and potential penalties that may be forthcoming.  The proposed rule from last Friday has some providers even more concerned about the feasibility of meeting Meaningful Use standards and the push to achieve Meaningful Use when so many are struggling.

Under the proposed rule, CMS will make several changes to the Meaningful Use Program.  The following are descriptions of some of CMS’ important proposals:

  • Stage 3 Meaningful Use will have an optional year in 2017 and starting in 2018, all providers will report on the same definition of Meaningful Use at Stage 3, regardless of prior participation. CMS intends this requirement to respond to stakeholder input re the complexity of the program, success to date and to set a long-term sustainable foundation for the Meaningful Use Program.

  • In order to align the Meaningful Use Program with other CMS incentives, such as the Physician Quality Reporting System or PQRS, CMS will require all providers to report on a calendar year EHR reporting period beginning in 2017.

  • CMS desires to promote improved patient outcomes and health information exchange in Stage 3 and thus the rule focuses on patient engagement. For example, providers must meet two of the following three requirements for patient engagement: (i) patients view, download or transmit their health information; (ii) secure messaging between providers and patients; and (iii) patient generated health data from a non-clinical setting is incorporated into a certified EHR.

While CMS sets forth many goals in support of its proposed rulemaking (e.g., the triple aim), one message comes through clearly, CMS is pushing forward with EHR and is not slowing down due to sluggish adoption by health care practitioners.  Accordingly, providers and their industry groups have been lamenting the onerous burdens of the Meaningful Use Program and the fact that less than 35% of hospitals and only a small fraction of physicians have met Stage 2 requirements. Furthermore, providers who fail to meet the minimum use thresholds could be subject to hundreds of millions of dollars in penalties.

Contrary to providers, those in the health information technology or digital health industry should be quite pleased with the rule as it may provide them with additional customers and markets as providers try to interface with and collect data from patients’ health wearables (e.g., smart watches with heart rate sensors).

In sum, the proposed rule clearly signifies that CMS is planning to take a stringent approach to ensure that providers are meaningfully compliant by 2018.  Providers can take steps to mitigate their exposure to penalties by investing in certified EHR, perhaps in conjunction with applying for hardship exemptions from the Meaningful Use Program’s requirements, to delay the date where they must comply or be subject to penalties.  Health information technology vendors generally and EHR vendors specifically should plan to modify and ensure that their technology is compliant and sufficiently differentiated to provide value to health care providers that must comply with the Meaningful Use Program’s requirements.

ARTICLE BY