Leveraging AI in Your GI Practice AI Workshop | September 2025-Current and Future Issues in Compliance and Risk

Pdf Summary

The presentation by Neil Gupta, MD, MPH, FASGE, addresses current and future compliance and risk issues related to data privacy and security in gastroenterology, with a focus on the regulatory framework and real-world challenges of incorporating Artificial Intelligence (AI).<br /><br />Key regulatory foundations include the Health Insurance Portability and Accountability Act (HIPAA) and its Privacy and Security Rules, which govern the protection of Protected Health Information (PHI). HIPAA balances the need for healthcare data use with patient privacy, granting patients rights such as access to records, amendment requests, and disclosure notifications. Permitted uses without authorization include treatment, payment, and healthcare operations. Enforcement is led by the U.S. Department of Health & Human Services Office for Civil Rights.<br /><br />The presentation highlights complexities with AI in healthcare, such as AI scribes, chatbots, and AI-assisted diagnostic tools, stressing that even non-clinical inputs like symptoms entered into scheduling apps can become PHI requiring protection under HIPAA. Common pitfalls involve vendors allegedly de-identifying data but transmitting raw PHI, improper data handling by vendors without appropriate Business Associate Agreements (BAAs), and security lapses like unencrypted temporary storage.<br /><br />Security requirements extend to technological safeguards, including encryption, multi-factor authentication, network segmentation, and consistent risk analysis. Endoscopy equipment connected to networks is considered IT assets and must follow these protections.<br /><br />The 21st Century Cures Act mandates sharing of all electronic health information (EHI), including AI-generated content, posing additional compliance demands.<br /><br />Due diligence with vendors is critical, ensuring HIPAA-compliant BAAs, clarity on data storage location, training data use, breach notification, and data disposition upon contract termination. Data governance practices include access control, audit trails for AI usage, and transparency with patients about AI involvement in care.<br /><br />In summary, the evolving regulatory landscape strives to empower patients while enabling healthcare advances like AI. Proactively safeguarding data, maintaining rigorous vendor oversight, and embracing transparency are essential to manage compliance and risk in modern gastroenterology practice.

Asset Subtitle

Neil Gupta, MD MPH FASGE

Keywords

Neil Gupta

data privacy

data security

gastroenterology

HIPAA

Artificial Intelligence in healthcare

Protected Health Information

Business Associate Agreements

21st Century Cures Act

vendor compliance