HomeMalware & ThreatsHHS Requesting Feedback on Cybersecurity and AI for Potential Laboratory Regulations Update

HHS Requesting Feedback on Cybersecurity and AI for Potential Laboratory Regulations Update

Published on

spot_img

Agentic AI,
Artificial Intelligence & Machine Learning,
Healthcare

Experts Say Clinical Laboratory Improvement Amendments Are Seriously Outdated

HHS Requesting Feedback on Cybersecurity and AI for Potential Laboratory Regulations Update
The U.S. Department of Health and Human Services is considering updating clinical laboratory regulations to better reflect technological changes over the years, including with cyber and AI. (Image: Getty Images)

The U.S. Department of Health and Human Services (HHS) has initiated a public feedback request concerning cybersecurity practices and the application of artificial intelligence (AI) in anticipation of modernizing rules that govern clinical laboratories in the United States. These guidelines, formally known as the Clinical Laboratory Improvement Amendments (CLIA), were established more than three decades ago, in 1992, and have since become significantly outdated in light of technological advancements.

In a joint announcement, the Centers for Medicare and Medicaid Services and the Centers for Disease Control and Prevention, both under HHS, are urging stakeholders to provide insights on updating CLIA regulations. The focus of this inquiry includes modern advancements in laboratory AI, cybersecurity, and biosecurity, among other relevant areas. As noted by HHS, the landscape of clinical laboratories has undergone a remarkable transformation in recent years, leaving the existing regulations lagging far behind current practices.

Experts in the field have expressed significant concern regarding the inadequacies of the current CLIA regulations, highlighting that they do not adequately address aspects related to cybersecurity or AI. Regulatory attorney Jordan Cohen, a partner at Akerman LLP, emphasized, “CLIA barely speaks to cybersecurity at all. It primarily concentrates on test accuracy and quality, overlooking critical areas such as data protection and evaluation of diagnostic algorithms.”

Cohen further elaborated, stating, “The regulations were established in the 1990s, a time long before the introduction of clinical AI technologies. Therefore, there exists no regulatory framework for validating AI algorithms utilized in testing or result interpretation.” Despite this lack of formal structure, many clinical laboratories across the United States have started to adopt AI tools to improve their testing accuracy and efficiency.

The urgency for regulatory reform is underscored by the increasing frequency of cyberattacks targeting clinical labs, including incidents of ransomware and data breaches. A widely reported case involved the Medusa ransomware gang’s attack on Colorado-based Summit Pathology Laboratories, where the personal information of over 1.8 million individuals was compromised. This included sensitive data such as names, addresses, medical billing information, Social Security numbers, and financial information, amplifying the need for enhanced cybersecurity measures within laboratory environments.

Experts argue that while most U.S. laboratories must comply with the Health Insurance Portability and Accountability Act (HIPAA) concerning privacy and security, CLIA regulations do not sufficiently cover emerging cybersecurity threats. Cohen suggests that any potential updates to CLIA guidelines should focus on addressing the gaps that exist in HIPAA, particularly regarding how to protect laboratory AI systems from corruption and cyber vulnerabilities such as prompt injections.

HHS is actively seeking input from laboratories specifically on several pertinent issues related to AI. This includes inquiries about the use of algorithms or AI tools during post-analytical processes, how such tools are utilized for interpreting test results, and the methods employed to verify the performance and accuracy of these AI instruments. Moreover, HHS is inviting feedback on cybersecurity protocols, exploring how laboratories safeguard patient data and operational functionality. Specific areas of concern include:

  • Identity and access management;
  • Internet access restrictions;
  • Cyber incident response plans;
  • Cybersecurity training for personnel;
  • Job roles responsible for laboratory cybersecurity.

The public comment period for this important initiative will remain open until September 14, providing an opportunity for stakeholders to voice their opinions and suggestions. Should HHS proceed with revisions to the CLIA regulations, experts emphasize the importance of establishing clear guidelines that are practical and not onerous for smaller laboratories. Cohen advises, “There should be coordination with other regulatory bodies, such as the Food and Drug Administration, to avoid creating conflicting rules. The regulations must be designed to adapt as technology evolves, which is a challenging but essential task.”

Source link

Latest articles

How Mapping Security Controls Eases the Compliance Burden

In the evolving landscape of cybersecurity, Chief Information Security Officers (CISOs) and their teams...

CISA Requires Immediate Update for Actively Exploited Fortinet Vulnerabilities

Fortinet's FortiSandbox Faces Exploitation Threats: CISA Issues Urgent Warning The U.S. Cybersecurity and Infrastructure Security...

Black Duck Introduces AI-Enhanced Triage and CRA-Ready Checks for Coverity Static Analysis

Black Duck Enhances Coverity with AI and Compliance Features Amid Changing Regulations In a significant...

More like this

How Mapping Security Controls Eases the Compliance Burden

In the evolving landscape of cybersecurity, Chief Information Security Officers (CISOs) and their teams...

CISA Requires Immediate Update for Actively Exploited Fortinet Vulnerabilities

Fortinet's FortiSandbox Faces Exploitation Threats: CISA Issues Urgent Warning The U.S. Cybersecurity and Infrastructure Security...

Black Duck Introduces AI-Enhanced Triage and CRA-Ready Checks for Coverity Static Analysis

Black Duck Enhances Coverity with AI and Compliance Features Amid Changing Regulations In a significant...