In the final part of his Pharma Commerce video interview, Matt Hawkins, CaryHealth’s Chief Technology Officer, comments on the importance of mitigating security risks, along with ways to take action.
PC: How can data, privacy, and security risks in the pharma sector be mitigated?
Hawkins: From a security and privacy perspective, AI has obviously brought a lot of focus into that area, and it's brought a lot of challenges—both from a communication perspective—to businesses and individuals on how their data is being used. And I think a lot of the same principles apply in terms of the way that we've been storing data securely in our environments for a very long time, and we all do our industry certifications every year—whether that be SOC 2, whether that's HITRUST—those principles still apply in the way that we store and provide access to data, to third parties, and to customers, suppliers, partners, etc.
I think what AI brings to the table is an extra layer of transparency and accountability that we haven't seen before. Let's touch on a couple of those. With transparency, I think it's super important that we, as organizations, are transparent on how data is being used in an AI scenario. Making patients aware of how their data will be used and what it will be used for, and giving them the choice to opt in or opt out of those scenarios. That's something that we do. Everything that we provide to patients—we're very transparent about how we do that, and what we try and do as much as possible is detach the data from the individual. We don't need to know personal identifiable information to look at things like medical history, to look at things like your fill history; that is a separate piece of information from what identifies you as a person. I think being very transparent with how we communicate on what we're doing with data, and also making sure that we're auditing ourselves both internally and providing ways for external organizations to audit us as well. We look at anything that we're doing with AI. We're aware and continually monitor for things like bias. Are we showing bias in the way that we're dealing with individuals or customers? Are we producing unfavorable results? We constantly monitor internally how our data analytics and how our AI is performing, and we also subscribe to external organizations in the way that they put forward guidelines and recommendations.
I think it's important to be part of the conversation there, and not just waiting to have legislation put on top of you, but instead, being part of the conversation shaping how AI can be used safely and ethically moving forward in order to enhance the patient's experience, all through that kind of supply chain. Because if we go back to the logistics and the operational efficiency, that at the end of the day is still having an impact on the patient, because the pharmacy itself is more efficient internally. For me, it's transparency, it's ethics, and it's consistently providing a feedback loop internally and externally to both internal and external audits.