-
Journal of Medical Internet Research Aug 2023ChatGPT has promising applications in health care, but potential ethical issues need to be addressed proactively to prevent harm. ChatGPT presents potential ethical...
ChatGPT has promising applications in health care, but potential ethical issues need to be addressed proactively to prevent harm. ChatGPT presents potential ethical challenges from legal, humanistic, algorithmic, and informational perspectives. Legal ethics concerns arise from the unclear allocation of responsibility when patient harm occurs and from potential breaches of patient privacy due to data collection. Clear rules and legal boundaries are needed to properly allocate liability and protect users. Humanistic ethics concerns arise from the potential disruption of the physician-patient relationship, humanistic care, and issues of integrity. Overreliance on artificial intelligence (AI) can undermine compassion and erode trust. Transparency and disclosure of AI-generated content are critical to maintaining integrity. Algorithmic ethics raise concerns about algorithmic bias, responsibility, transparency and explainability, as well as validation and evaluation. Information ethics include data bias, validity, and effectiveness. Biased training data can lead to biased output, and overreliance on ChatGPT can reduce patient adherence and encourage self-diagnosis. Ensuring the accuracy, reliability, and validity of ChatGPT-generated content requires rigorous validation and ongoing updates based on clinical practice. To navigate the evolving ethical landscape of AI, AI in health care must adhere to the strictest ethical standards. Through comprehensive ethical guidelines, health care professionals can ensure the responsible use of ChatGPT, promote accurate and reliable information exchange, protect patient privacy, and empower patients to make informed decisions about their health care.
Topics: Humans; Artificial Intelligence; Reproducibility of Results; Data Collection; Disclosure; Patient Compliance
PubMed: 37566454
DOI: 10.2196/48009 -
Annals of Biomedical Engineering Jun 2024The application of artificial intelligence (AI) in the field of medicine has revolutionised various sectors of the health care system, including robotics surgery,... (Review)
Review
The application of artificial intelligence (AI) in the field of medicine has revolutionised various sectors of the health care system, including robotics surgery, biotechnology, pharmaceutical, evidence-based medicine and advanced research and transplantation techniques. By offering improved 3D imagery of the various organs involved in surgery and perfectly minimising the chances of error, AI aid made complicated surgical procedures more efficient and highly effective, requiring less hands-on. Further, the AI tool helps plastic surgery and aesthetic surgeons in anticipating prognostic surgical markers and post-operative consequences. In addition to enhancing accurate and rapid diagnosis, AI has played a pivotal role in the development and discovery of new drugs. Nevertheless, the application of AI in health care also raises significant challenges and concerns. Incorrect drug recommendations, failure to identify tumours and lesions on imaging modalities and potential bias in data entry and its automatic can risk the life of patients on a large scale. Additionally, breaching patient data privacy may raise concerns about cybersecurity issues, further compromised by growing dependency on AI which can result in massive unemployment. In short, AI has played a pivotal role in health care; however, addressing the in-transparencies is critical to ensure safe, ethical and more effective implementation in the dynamic field of medicine.
Topics: Artificial Intelligence; Humans; Delivery of Health Care
PubMed: 37548817
DOI: 10.1007/s10439-023-03343-6 -
Cureus Jun 2023Background Coronavirus disease 2019 (COVID-19) isolation protocols in India restricted family members of COVID-19 patients from visiting them in hospitals and in...
Background Coronavirus disease 2019 (COVID-19) isolation protocols in India restricted family members of COVID-19 patients from visiting them in hospitals and in intensive care units, especially during the peak of the pandemic. This along with the elaborate personal protective equipment (PPE) created challenges for intensivists and nurses in COVID ICUs in effectively communicating with patients and patients' families, especially in shared decision-making processes. Methods This article is the outcome of a qualitative study using in-depth one-on-one interviews with 10 intensivists and four intensive care nurses in two teaching hospitals in Bengaluru, South India. Each participant, purposively selected till data saturation was reached, had spent extensive periods of time in a COVID ICU during both COVID-19 waves in 2020 and 2021. A framework of descriptive phenomenology led to the design of the study in which varied experiences and insights of participants were captured using an interview guide to understand their lived reality. The interviews were conducted online or in person between July 2021 and October 2021 and were audio recorded and transcribed verbatim. Coding of transcripts using the NVivo 12 (Burlington, MA: QSR International Pty Ltd) software helped with the thematic analysis. This was guided by interpretive phenomenological methods that derived meaning from participants' life experiences. Results Four themes involving challenges in effective communication in the COVID ICU emerged as follows: physical barriers, emotional and mental stressors, infrastructural challenges, and ethical and moral dilemmas. Sub-themes included personal protective equipment as a barrier, reduced energy levels, and isolation of family from patients under the domain of physical challenges; fears of the unknown, handling death of patients in isolation, and the frustrations of families were challenges under the emotional and mental domain. Infrastructural/systemic challenges included poor connectivity and insufficient mobile phones, and the absence of rules to handle interruptions. Privacy breaches, taking consent over the phone, end-of-life discussions, and medico-legal risks emerged as the subthemes under the domain of ethical and moral challenges. A mobile phone communication policy specifying usage times and operating methods, a mandatory communication and counseling training module for intensivists and intensive care nurses, and a set of protocols for highly restrictive, intensive care units in pandemic situations were recommendations and lessons learned. Conclusions The lack of face-to-face interactions was a serious barrier to communication between ICU staff and patients and their caregivers. It had a bearing on trust levels and had emotional and ethical consequences for healthcare teams to handle. Opportunities for self-care, venting of anxiety and distress, and opportunities to celebrate and reward special efforts and cooperation between consultants, residents, nurses, and technicians in stressful environments like a pandemic ICU were important to sustain empathy and keep care and communication humane.
PubMed: 37503489
DOI: 10.7759/cureus.40961 -
Journal of Medical Internet Research Aug 2023The health care industry has faced various challenges over the past decade as we move toward a digital future where services and data are available on demand. The... (Review)
Review
The health care industry has faced various challenges over the past decade as we move toward a digital future where services and data are available on demand. The systems of interconnected devices, users, data, and working environments are referred to as the Internet of Health Care Things (IoHT). IoHT devices have emerged in the past decade as cost-effective solutions with large scalability capabilities to address the constraints on limited resources. These devices cater to the need for remote health care services outside of physical interactions. However, IoHT security is often overlooked because the devices are quickly deployed and configured as solutions to meet the demands of a heavily saturated industry. During the COVID-19 pandemic, studies have shown that cybercriminals are exploiting the health care industry, and data breaches are targeting user credentials through authentication vulnerabilities. Poor password use and management and the lack of multifactor authentication security posture within IoHT cause a loss of millions according to the IBM reports. Therefore, it is important that health care authentication security moves toward adaptive multifactor authentication (AMFA) to replace the traditional approaches to authentication. We identified a lack of taxonomy for data models that particularly focus on IoHT data architecture to improve the feasibility of AMFA. This viewpoint focuses on identifying key cybersecurity challenges in a theoretical framework for a data model that summarizes the main components of IoHT data. The data are to be used in modalities that are suited for health care users in modern IoHT environments and in response to the COVID-19 pandemic. To establish the data taxonomy, a review of recent IoHT papers was conducted to discuss the related work in IoHT data management and use in next-generation authentication systems. Reports, journal articles, conferences, and white papers were reviewed for IoHT authentication data technologies in relation to the problem statement of remote authentication and user management systems. Only publications written in English from the last decade were included (2012-2022) to identify key issues within the current health care practices and their management of IoHT devices. We discuss the components of the IoHT architecture from the perspective of data management and sensitivity to ensure privacy for all users. The data model addresses the security requirements of IoHT users, environments, and devices toward the automation of AMFA in health care. We found that in health care authentication, the significant threats occurring were related to data breaches owing to weak security options and poor user configuration of IoHT devices. The security requirements of IoHT data architecture and identified impactful methods of cybersecurity for health care devices, data, and their respective attacks are discussed. Data taxonomy provides better understanding, solutions, and improvements of user authentication in remote working environments for security features.
Topics: Humans; Confidentiality; Telemedicine; Pandemics; COVID-19; Internet; Computer Security
PubMed: 37490633
DOI: 10.2196/44114 -
JMIR Human Factors Jul 2023Patient portals can facilitate patient engagement in care management. Driven by national efforts over the past decade, patient portals are being implemented by hospitals...
Adult Patients' Experiences of Using a Patient Portal With a Focus on Perceived Benefits and Difficulties, and Perceptions on Privacy and Security: Qualitative Descriptive Study.
BACKGROUND
Patient portals can facilitate patient engagement in care management. Driven by national efforts over the past decade, patient portals are being implemented by hospitals and clinics nationwide. Continuous evaluation of patient portals and reflection of feedback from end users across care settings are needed to make patient portals more user-centered after the implementation.
OBJECTIVE
The aim of this study was to investigate the lived experience of using a patient portal in adult patients recruited from a variety of care settings, focusing on their perceived benefits and difficulties of using the patient portal, and trust and concerns about privacy and security.
METHODS
This qualitative descriptive study was part of a cross-sectional digital survey research to examine the comprehensive experience of using a patient portal in adult patients recruited from 20 care settings from hospitals and clinics of a large integrated health care system in the mid-Atlantic area of the United States. Those who had used a patient portal offered by the health care system in the past 12 months were eligible to participate in the survey. Data collected from 734 patients were subjected to descriptive statistics and content analysis.
RESULTS
The majority of the participants were female and non-Hispanic White with a mean age of 53.1 (SD 15.34) years. Content analysis of 1589 qualitative comments identified 22 themes across 4 topics: beneficial aspects (6 themes) and difficulties (7 themes) in using the patient portal; trust (5 themes) and concerns (4 themes) about privacy and security of the patient portal. Most of the participants perceived the patient portal functions as beneficial for communicating with health care teams and monitoring health status and care activities. At the same time, about a quarter of them shared difficulties they experienced while using those functions, including not getting eMessage responses timely and difficulty finding information in the portal. Protected log-in process and trust in health care providers were the most mentioned reasons for trusting privacy and security of the patient portal. The most mentioned reason for concerns about privacy and security was the risk of data breaches such as hacking attacks and identity theft.
CONCLUSIONS
This study provides an empirical understanding of the lived experience of using a patient portal in adult patient users across care settings with a focus on the beneficial aspects and difficulties in using the patient portal, and trust and concerns about privacy and security. Our study findings can serve as a valuable reference for health care institutions and software companies to implement more user-centered, secure, and private patient portals. Future studies may consider targeting other patient portal programs and patients with infrequent or nonuse of patient portals.
PubMed: 37490316
DOI: 10.2196/46044 -
International Journal of Medical... Sep 2023Widespread electronic health information exchange (HIE) across hospitals remains an important policy goal for reducing costs and improving the quality of care....
OBJECTIVE
Widespread electronic health information exchange (HIE) across hospitals remains an important policy goal for reducing costs and improving the quality of care. Meanwhile, cybersecurity incidents are a growing threat to hospitals. The relationship between the electronic sharing of health information and cybersecurity incidents is not well understood. The objective of this study was to empirically examine the impact of hospitals' HIE engagement on their data breach risk.
MATERIALS AND METHODS
A balanced panel dataset included 4,936 US community hospitals spanning the period 2010-2017, which was assembled by linking the American Hospital Association annual survey database and the Information Technology (IT) supplement, and the Department of Health and Human Services reports of health data breaches. The relationship between HIE engagement and hospital data breaches was modeled using a difference-in-differences specification controlling for time-varying hospital characteristics.
RESULTS
The percentage of hospitals electronically exchanging information has more than tripled (from 18% to 68%) from 2010 to 2017. Hospital data breaches increased concurrently, largely due to the rise in hacking and unauthorized access. HIE engagement was associated with a 0.672 percentage point increase in the probability of an IT breach three years after the engagement. Hospitals actively engaging in a health information organization and exchanging data with outside providers were associated with a higher risk of IT related breaches in the long run; however, hospitals actively engaging in HIE and exchanging data with inside providers were not associated with any significant risk of IT related breaches.
DISCUSSION
Over time, the increasing amount and complexity of patient information being exchanged can create challenges for cybersecurity if data protection is not up to date. Additionally, data security depends on the weakest link of HIE, and providers with fewer resources for data governance and infrastructure are more vulnerable to data breaches.
CONCLUSION
Moving toward widespread health information exchange has important cybersecurity implications that can significantly impact both patients and healthcare organizations.
Topics: United States; Humans; Health Information Exchange; Hospitals; Computer Security; Information Technology; Electronic Health Records
PubMed: 37453177
DOI: 10.1016/j.ijmedinf.2023.105149 -
Journal of Bioethical Inquiry Jun 2023The recently passed Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 (Cth) introduced important changes to the Australian Privacy Act 1988 (Cth)... (Review)
Review
The recently passed Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 (Cth) introduced important changes to the Australian Privacy Act 1988 (Cth) which increase penalties for serious and repeated interferences with privacy and strengthen the investigative and enforcement powers of the Information Commissioner. The amendments were made subsequent to a number of high profile data breaches and represent the first set of changes to the Privacy Act following the review of the Act commenced by the Attorney-General in October 2020. The submissions made to the review emphasized the need for more effective enforcement mechanisms to increase individuals' control over their personal information and as a form of deterrence. This article reviews the recent amendments to the Privacy Act and explains their effect. It comments upon the relevance of the amendments for health and medical data and other data collected in the context of healthcare, and refers to the Attorney-General's Department's review of the Privacy Act regarding other proposals relating to enforcement which have not as yet been put into effect in legislation.
Topics: Humans; Privacy; Australia; Personally Identifiable Information; Confidentiality
PubMed: 37432509
DOI: 10.1007/s11673-023-10249-4 -
Neurologic Clinics Aug 2023Advances in electronic health record technology, the ever-expanding use of social media, and cybersecurity sabotage threaten patient privacy and render physicians and... (Review)
Review
Advances in electronic health record technology, the ever-expanding use of social media, and cybersecurity sabotage threaten patient privacy and render physicians and health care organizations liable for violating federal and state laws. Violating a patient's privacy is both an ethical and legal breach with potentially serious legal and reputational consequences. Even an unintentional Health Insurance Portability and Accountability Act of 1996 (HIPAA) violation can result in financial penalties and reputational harm. Staying complaint with HIPAA requires vigilance on the part of both individuals with legitimate access to protected health information (PHI) and the organizations handling that PHI.
Topics: United States; Humans; Health Insurance Portability and Accountability Act; Privacy; Social Media; Confidentiality
PubMed: 37407103
DOI: 10.1016/j.ncl.2023.03.007 -
JMIR Formative Research Jun 2023Over the last decade, the frequency and size of cyberattacks in the health care industry have increased, ranging from breaches of processes or networks to encryption of...
BACKGROUND
Over the last decade, the frequency and size of cyberattacks in the health care industry have increased, ranging from breaches of processes or networks to encryption of files that restrict access to data. These attacks may have multiple consequences for patient safety, as they can, for example, target electronic health records, access to critical information, and support for critical systems, thereby causing delays in hospital activities. The effects of cybersecurity breaches are not only a threat to patients' lives but also have financial consequences due to causing inactivity in health care systems. However, publicly available information on these incidents quantifying their impact is scarce.
OBJECTIVE
We aim, while using public domain data from Portugal, to (1) identify data breaches in the public national health system since 2017 and (2) measure the economic impact using a hypothesized scenario as a case study.
METHODS
We retrieved data from multiple national and local media sources on cybersecurity from 2017 until 2022 and built a timeline of attacks. In the absence of public information on cyberattacks, reported drops in activity were estimated using a hypothesized scenario for affected resources and percentages and duration of inactivity. Only direct costs were considered for estimates. Data for estimates were produced based on planned activity through the hospital contract program. We use sensitivity analysis to illustrate how a midlevel ransomware attack might impact health institutions' daily costs (inferring a potential range of values based on assumptions). Given the heterogeneity of our included parameters, we also provide a tool for users to distinguish such impacts of different attacks on institutions according to different contract programs, served population size, and proportion of inactivity.
RESULTS
From 2017 to 2022, we were able to identify 6 incidents in Portuguese public hospitals using public domain data (there was 1 incident each year and 2 in 2018). Financial impacts were obtained from a cost point of view, where estimated values have a minimum-to-maximum range of €115,882.96 to €2,317,659.11 (a currency exchange rate of €1=US $1.0233 is applicable). Costs of this range and magnitude were inferred assuming different percentages of affected resources and with different numbers of working days while considering the costs of external consultation, hospitalization, and use of in- and outpatient clinics and emergency rooms, for a maximum of 5 working days.
CONCLUSIONS
To enhance cybersecurity capabilities at hospitals, it is important to provide robust information to support decision-making. Our study provides valuable information and preliminary insights that can help health care organizations better understand the costs and risks associated with cyber threats and improve their cybersecurity strategies. Additionally, it demonstrates the importance of adopting effective preventive and reactive strategies, such as contingency plans, as well as enhanced investment in improving cybersecurity capabilities in this critical area while aiming to achieve cyber-resilience.
PubMed: 37389934
DOI: 10.2196/41738