Accredited by the Joint Commission? Know what's expected with AI

Rachel V. Rose, JD, MBA

Joint Commission (JC), a non-government organization, accredits approximately 15,000 healthcare organizations, while verifying and certifying “over 4,600 programs across the continuum of care in the United States.” The types of health care organizations that JC inspects include hospitals, nursing care facilities, ambulatory surgery centers, home health agencies, laboratories, and pharmacies. The fundamental purposes of the inspection are to assess quality and safety throughout the care continuum.

Years ago, while working as a hospital operating room aide and dietary aide during college, I was fortunate to participate in a variety of aspects of the JC inspection process. There are a variety of areas that are assessed – ranging from hallways being clear to medical equipment that is sterilized not being expired to billing and coding accuracy.

Recently, artificial intelligence (AI) has made its way into the JC lexicon. The JC issued guidance - The Responsible Use of AI in Healthcare (RUAIH) in conjunction with CHAI. While the potential of AI in healthcare exists, the utilization of AI must be balanced with legal, ethical and safe deployment. For lawyers, the risk of filing hallucinated briefs which opposing counsel and judicial clerks check, may have implications on one’s law license; however, the action can be corrected. For medical professionals, who also have licenses, more is at stake than a complaint to the licensing board – adverse patient outcomes, including death is the ultimate consideration.

Lawyers and HIPAA covered entities (and business associates) have a duty to protect the privacy and security of the data that is stored, whether attorney-client information or individually identifiable health information (IIHI). Maintaining confidentiality, integrity and availability of these types of information is an elementary requirement. But, how might an AI algorithm impact legal and ethical requirements if the data is not de-identified, is captured from different patient charts or client files and combined? Moreover, what if the data is used to refine an algorithm and sold to third parties? We have already seen the Federal Trade Commission and other government agencies sound the alarm and initiate enforcement actions.

Here is what the JC lists as top risks when utilizing AI in healthcare settings:

• AI errors, including hallucinations, which can arise from data inaccuracies or unforeseen interactions;
• Lack of transparency in the AI decision-making process (aka “black box”);
• Data privacy and security; and
• “AI-enabled software or devices … validated and/or approved by the Federal [sic] Drug Administration, the integration of AI into existing healthcare system can be challenging requiring significant adjustments in clinical workflows, which may disrupt established processes and lead to errors and create resistance among healthcare professionals.”

The potential for billing and coding fraud, as well as a potential False Claims Act case were not even mentioned. Both of these should be included in an effective compliance program (42 CFR § 483.85).

What steps can healthcare entities going under a JC inspection take? The White House Blueprint for an AI Bill of Rights provides a sage framework to incorporate into a compliance program. There are five components: (1) safety (includes security); (2) non-discriminatory impact; (3) confidentiality; (4) disclosure of use; and (5) human check process.

In sum, AI is a tool. There are many landmines that need to be navigated to ensure patient safety, a good JC inspection outcome and safe, legal and ethical AI deployment. Understanding the AI that is being utilized is the first step.