Attorney Jordan Cohen of Akerman Addresses AI Challenges in Healthcare
In a rapidly evolving landscape where health organizations increasingly rely on artificial intelligence (AI) technologies, attorney Jordan Cohen of Akerman LLP has emphasized the importance of stringent data oversight to ensure compliance with regulations like HIPAA. As the legal environment surrounding AI and healthcare tightens, Cohen asserts that organizations must engage in thorough data inventory practices to ascertain what data can be legally utilized.
Cohen, a leading figure in the field of digital health law, articulated the critical nature of understanding data flows in a detailed interview with Information Security Media Group (ISMG). His insights highlight that the deployment of agentic AI technology brings forth unique challenges, especially concerning the management of protected health information (PHI).
The core of Cohen’s argument is simple yet profound: organizations must have a solid grasp of their data landscapes. Failure to comply with permissible use categories can lead to severe repercussions, including reportable breaches if PHI is mishandled. "If you fall outside of a permissible use, then technically, if protected health information is involved, that can be considered a reportable breach," Cohen noted.
He further elaborated that the preparatory steps required for implementing AI systems within HIPAA-regulated enterprises are not necessarily unique to AI. Rather, they are rooted in established data management practices long advocated within the sector. For example, he emphasized the importance of creating a comprehensive data flow inventory. This involves diagramming how data is ingested, processed, stored, and ultimately disseminated through systems. Understanding vendor interactions with this data is equally crucial.
Cohen stressed the potential ramifications of ignorance surrounding data management: "If you don’t know what data you have, where it lives, who’s accessing it, then it’s really difficult to secure it and to protect patient privacy." The need for meticulous tracking and oversight becomes even more pressing in an era when AI technologies are gaining traction.
As Cohen points out, many of the practices emphasized in the context of AI have been staples in data protection discussions for years. However, in the context of agentic AI and other advanced technologies, adherence to these practices is more essential than ever. "These are practices that we’ve been discussing for years," he reiterated, noting that the introduction of AI requires an urgent reassessment of existing data management practices.
During the ISMG interview, Cohen also explored several interconnected topics that healthcare organizations must consider when deploying AI technologies:
-
Current Applications of Agentic AI: Cohen discussed the prevalent uses of agentic AI within healthcare settings, including both clinical and administrative operations. This includes an analysis of data types typically leveraged, such as electronic health records (EHRs) and other forms of PHI.
-
Legal and Regulatory Considerations: The conversation shifted to various legal dimensions impacting AI utilization in healthcare. Cohen indicated that understanding these frameworks is vital for organizations seeking to integrate AI responsibly.
-
Technical Safeguards: He brought attention to necessary safeguards, emphasizing the significance of incident response plans and continuous monitoring—tasks that require vigilant oversight and transparency.
- Enhancing Data Privacy and Security: Finally, Cohen highlighted the promising role AI could play in bolstering data security and privacy, suggesting that technology could provide innovative solutions to longstanding issues within healthcare data management.
As a partner at Akerman LLP and the leader of the firm’s digital health practice, Cohen’s expertise positions him as a vital resource for healthcare providers navigating the complexities of data security and privacy regulation. In his capacity, he offers guidance on various transactions involving healthcare entities, legal compliance concerning federal and state laws, and adherence to specifics of the HIPAA framework, including its Privacy, Security, and Breach Notification Rules.
By illuminating the multifaceted challenges organizations face when implementing AI technologies, Cohen underscores the paramount importance of proactive compliance measures in safeguarding patient privacy and maintaining the integrity of healthcare systems. As AI continues to reshape the methodologies employed within healthcare, ongoing dialogue and education surrounding these themes will be crucial for all stakeholders involved.

