The Department of Health and Human Services (HHS) has left artificial intelligence regulation open for discussion in its latest HIPAA Security Rule proposal. Meanwhile, a study from Cambridge researchers indicates that healthcare organizations are increasingly adopting AI technologies.
While the December 2024 proposal introduces several cybersecurity updates, HHS has chosen to seek additional input on AI and machine learning governance rather than establishing specific regulations. This approach comes as healthcare organizations try to figure out how to implement AI solutions while maintaining HIPAA compliance.
Read more: What to know about the changes to the HIPAA Security Rule
The decision to delay AI regulation creates uncertainty for healthcare organizations already using or planning to implement AI solutions for patient care, data analysis, and administrative functions. This regulatory gap becomes more prominent as AI adoption in healthcare accelerates.
Related: Support the HHS's AI strategic plan with HIPAA compliant email
The intersection of AI and protected health information (PHI) raises unique challenges:
President Trump's recent announcement of a $500 billion private sector AI infrastructure investment partnership could reshape the healthcare AI landscape. This investment might influence future HHS decisions on AI regulation within the HIPAA framework.
Organizations should apply existing HIPAA security and privacy requirements while maintaining detailed documentation of AI systems' interaction with PHI.
Organizations should implement data protection measures, including encryption, access controls, and audit trails for AI systems handling protected health information.
The investment could accelerate AI adoption in healthcare while potentially influencing future regulatory frameworks for AI governance under HIPAA.