Trusting Technology is Not the Same as Trusting its Architects

Has Virtual assistant AI Technologies Earned that Reliance?!

Originally Published by Data Driven Investor on Medium

Image by HeikoAL from Pixabay

The idea of health information privacy and Health Insurance Portability and Accountability Act (HIPAA) violation is one of the major concerns on using Virtual Assistant Artificial Intelligence (AI) Technologies. (VAAIT)

Some government administrations favor the utility of VAAIT in healthcare, hoping that by integrating them in the medical care arena, the technology will reduce the human burden, thus will improve efficacy and subdue healthcare costs. However, the opponents of that measure are concerned about its potential security and privacy flaws.

The critique of extreme penetration of technology in the medical space by the Big data industry is also a matter of concern. That is an issue, if overlooked, that can have deleterious upshots.

The types of challenges expected are diverse, yet the most prominent are data storage, data ownership, quality and validity of algorithms castoff, and information security and HIPAA (The Health Insurance Portability and Accountability Act of 1996) compliance.

One of the most commonly used terms by the public to voice ‪concerns relating to health information is, in fact, HIPAA. We often observe people using the latter phrase liberally for matters that have nothing to do with health information security and privacy. For that reason, we must educate every user about the variance between, Personal Information security, health information security, privacy, data, and HIPAA compliance.

Technically, any information, irrespective of its landscape, utility, and contents considered data or, in particular, "metadata."

Typically, every domain defines its particular Data or Metadata. For example, health information represents the summary of data generated, used, and analyzed within the healthcare domain.

The concept of defining the accurate definitions of types of data is the key, as it will help expose some ambiguities behind its misunderstandings and loopholes that most corporations use to take advantage of and legitimize their intention for accessing private and valuable information.

In computing works, data is the information virtually in its most (also called raw data). Protecting digital data, within the database, from destructive forces and the undesirable actions of unauthorized entities or people, like a cyberattack or a data breach, are collectively referred to as data security.

Personal information is the personal identifying entropy deemed sensitive and confidential. A subcategory of the latter is the Health information, employing the profile of data and the personal information associated with the individual's personal medical history, including symptoms, diagnoses, procedures, and outcomes.

President Bill Clinton signed the accountability Act bill of 1996 or HIPAA, primarily focused on modernizing the flow of health information.

HIPAA stipulated how "Personal Identifiable Information" is maintained, protected from fraud and theft by the healthcare organizations, and hash out limitations on insurance coverage.

It is imperative to realize the definitions and their standing within the legal system and how the corporations and big industries use the current reports to find leeway to navigate such a vastly growing yet partially regulated space.

For instance, despite what is propagated, strengthening the HIPAA rules will have little or no oversight on corporate entities on data abuse or even limit their access to patient privacy information. Because they are interested in the raw data, something they can access without breaching HIPAA rules. Practically they can do so without disclosing the "identity of the patient." Under the original ruling concealing the patient identifying personal information, including name, address, or social security number, would suffice to prevent the consequent profiling of that patient. Still, under the modern digital information technologies sophisticated algorithms, IP addresses would make unsealing the traditional identifying information unnecessary and redundant. In short- the system with artificial intelligence support can extract personal information and match it with the identity by connecting the dots over cyberspace.

Since the passage of the HIPAA bill was intended initially for paper-based medical records and information handling, it will fail to cover the scope of its modern applications and fall short of keeping up with the scientific sophistication. No doubt, large corporations are moving faster and wiser on Big data expansion and conquering citizens' information than lawmakers can keep up with the information security policies. In all probability, they could if they would take time off political games and away from the corporate lobbyist.

Is VAAIT Going to Violate HIPAA?

The short and simple answer would be yes! — But to refine further will need to refer back to the definitions I shared earlier about data and data privacy. When initially implemented, the primary scope of HIPAA was to prevent inappropriate use of patient privacy information.

Today, patient info such as smoking history is recorded with a simple click of a mouse or spoken word through VAAIT and matched with their identifying information and IP addresses. Subsequently, the collected information can be shared with the insurance companies for a fee. Whether legal or not, that can affect the person's healthcare premium solely based on that transaction.

Given the current technological advances, to support optimal data privacy- it is necessary more than ever for the algorithm designed by the tech industry to be transparent. One needs to keep in mind that enforcing the transparency on proprietary algorithms will open up the door to more challenges relating to intellectual property rights and proprietary laws. However, Misleading the public and lawmakers and the convenience of the algorithms used to extract every aspect of public information from the centralized database guarantees the corporate entities the upper hand over the governments.

HIPAA does not bind tech companies under not being considered a healthcare entity and not having access to the ripe patient identity or disclosing patient identifying information. But they indeed indirectly invade user privacy and jeopardize the patient's interest. Hence this means nothing short of double standard within the current data privacy scandal.

Can you Trust Technology?

In other words, can you trust VAAIT listening to your conversation and sharing your health information with the centralized system, thus mathematically enabled to analyze further, distribute and do actions that are meant for profiteering? Those who are often exposed to daily news must have noticed the distrust healthcare holds towards the technology. This growing attitude is irrelevant to the actual problem, as technology is nothing but a sophisticated instrument. It functions through what was aimed by their architects. Under the current trend of corporatism, it would be more justified to place the burden of distrust on technology innovators. Without high-level transparency and accountability towards their tactical mission, the innovators are inclined to pivot the business model by strategizing their tasks to focus solely on maximizing the revenue stream. Trusting technology or technocracy has developed significant appeal among millennials. Still, it has suffered a significant backlash among the baby boomers over the past decades- A possible cause, the discrepancy between expectations, knowledge, and policies.

Tightening Regulations

Increasing regulations and implementing harsh punishment without the proper scope of regulatory process resembles protecting a house from theft by guarding the front door access while leaving the rare door wide open for the thief to enter the premises. That Signifies that tighter regulation is not identical to superior rule. The traditional HIPAA regulation enforcement is irrelevant to preventing data piracy.

The essence of the problem is not necessarily insufficient regulation or poor regulation per se. In an open competitive market, excessive regulation is utterly counterproductive. What is compulsory is closing lobbyist loopholes and misinterpretation of what implies the invasion of patient sovereignty. Flawed interpretation of HIPAA, information, and health data diverges attention from the actual issue.

Centralization vs. Decentralization why is it important?

Suppose we consider an industry having complete control over storing, maintaining, and analyzing your data, even if they carry out the most significant security possible through layers of technologies. In that case, it will flop to prevent hackers from accessing the information. Besides, the centralized nature of the stored data makes it attractive to hacking, like holding millions of dollars in a central bank. Centralization, irrespective of security, would still serve as one hard stop shop for data hackers. Now imagine dividing the same volume of data among one thousand of its legitimate owners! For a hacker or the corporation to access the same quantity of information, they must access the data through individual owners or users. Irrespective of the security level hacking, the decentralized system carries less inducement as it takes extra effort.

Centralize with Government-run Technology

In a country or a system where the government administration is fully controlled by its healthcare and database, the centralized system could be a practical choice as long as the government adopts and manages its technologies because it will cut the data breach and abuse. But if the same administration creates a hybrid model by partnering with a private for-profit entity, then the public must have a significant cause of concern. Sharing important data without individual citizen control and consent is considered a severance of individual rights.

The decentralized system giving the ownership of the data to its sovereign owners is the most efficient approach, even though considered imperfect, but is the most workable choice. It Increases personal value by transferring the worth of data earning potential to the patient. Decentralization is a tool because it motivates patients to increase their earnings by staying healthy and contributing to the empowerment of global healthcare.

The Vital shows transparency at all technology algorithms and holds the stakeholders accountable for breaching what somebody envisioned their system to do or pivoting for an alternate purpose. Empowering the domain owner of discipline by engaging them in the business process, validation, quality assurance is vital, equally so for the functional requirement for that particular industry is as important. Within that concept, the government's obligation would be to oversee corporate business strategies and their deviations by making sure proper adherence to predefined tactical approach.

The public's insufficient basic knowledge of technologies is far more damaging than inadequate technology because it would resemble operating a machine gun without learning how to use it. Indeed, it would be like shooting oneself in the foot. That is what we are facing today on health information security and public perception of data science. Data security and HIPAA — The responsibility is on us, as corporate entities have one mission, profiteering that includes but is not limited to the VAAIT technology.

0 views0 comments