Health’s journey to AI requires verifiable trust
Our goal is to make AI everyday, everywhere, and for everyone in the health industry. Why? Because AI holds the keys to achieving the quadruple aim. The analyst firm, Frost & Sullivan, thinks AI has the potential to improve healthcare outcomes by 30- 40 percent and reduce the cost of treatment by as much as 50 percent in the next 7-10 years.
More importantly, our customers tell us every day that the health industry runs on trust – and that trust must be earned by cloud service providers, like Microsoft. That’s why nearly 10 years ago we set our goal to be the trusted data steward and cloud partner of choice for the health industry. Earning that trust begins by offering the most comprehensive set of compliance offerings of any cloud service provider.
In the past 6 months alone, we’ve added another 31 attestations and certifications, including health-specific ones like HIPAA and HITRUST in Azure Cognitive Services and will continue to add more in 2019. Think of Azure Cognitive Services as a set of intelligent tools to help developers build intelligent applications that can augment and automate human behaviors and skills without having direct AI or data science skills or knowledge. Azure Cognitive Services enable developers to easily add cognitive features such as emotion and video detection; facial, speech, and vision recognition; and speech and language understanding into their applications.
Translating AI potential into tangible advantages with Azure Cognitive Services
Now that these Azure Cognitive Services help support HIPAA and HITRUST compliance requirements, our enterprise customers and partners can now leverage them to redefine their business models, processes, and design new models and experiences of care. They’ll also be able to use them to help build tools that could prevent medical errors and free the minds of health professionals for higher-level, top of license interactions and problem solving by offloading repetitive, lower-level cognitive functions.
Since up to 80 percent of health data is believed to “hidden” in the form of unstructured text, handwritten notes, forms, and scanned PDFs, text analytics could conceivably enable health systems to “see” observations, insights, risks, diagnoses, clinical trial candidates, and missed follow-ups “hidden” inside EHRs and document stores.
Trust, but verify – with HITRUST
Our health & life science customers have told us time and time again that, when it comes to cloud compliance, earning trust requires transparency, accountability, and, most important, verifiability. In other words, the “trust but verify” adage is mission critical for most health systems in choosing a cloud and AI provider they can trust.
That’s why we, like our customers, have concluded that HIPAA Business Associate Agreements (BAAs), alone, while necessary, are insufficient to give our customers the assurances they need to move their data and applications to the cloud. The fundamental problem with the HIPAA BAA is that it’s effectively a self-attestation by the business associate that they meet HIPAA requirements. This places the burden (and the time and cost) of verification on the customer.
HITRUST, on the other hand, gives the customer independent, 3rd party verified evidence of how the cloud provider meets or exceeds the baseline and/or addressable privacy and security safeguards under HIPAA.
With HITRUST, an independent third party auditor effectively opens up and examines what’s in the black box and assigns an objective score benchmarked against a recognized controls framework (Common Security Framework (CSF)) designed to fully address the letter and spirit of HIPAA.
What’s even better about the HITRUST CSF is that it actually goes far beyond just HIPAA because it maps ISO 27001, NIST, HIPAA, PCI, COBIT and other compliance standards in a way that makes it easier and faster for health systems to see how their cloud vendors support a broad range of attestations and HIPAA compliance as well as other standards that matter to them.