HHS releases AI strategic plan, roadmap for AI in healthcare

Overview of HHS' AI strategic plan

The AI strategic plan centers around four primary goals:

• Catalyze health AI innovation and adoption to unlock new ways to use AI to improve people's lives.
• Promote trustworthy AI development and ethical and responsible use to avoid potential harm.
• Democratize AI technologies and resources to promote equitable access for all.
• Cultivate AI-empowered workforces and organizational cultures to allow staff to make the best use of AI.

In the plan's opening letter, HHS Deputy Secretary Andrea Palm expressed optimism about the power of AI and its potential applications across HHS and the healthcare sector. The benefits of AI, according to HHS, include improving clinical outcomes, enhancing safety, improving equity, accelerating scientific breakthroughs and forecasting risks.

"However, our optimism is tempered with a deep sense of responsibility," Palm stated in the letter.

"We need to ensure that Americans are safeguarded from risks. Deployment and adoption of AI should benefit the American people, and we must hold stakeholders across the ecosystem accountable to achieve this goal."

The AI strategic plan is nearly 200 pages in length and offers a detailed framework consisting of seven domains -- medical research and discovery, medical product development, safety and effectiveness, healthcare delivery, human services delivery, public health, cybersecurity and critical infrastructure protection and internal operations.

Within each domain, the plan outlines trends in AI, potential use cases and risks and an action plan for using AI within this domain.

How HHS is approaching AI and cybersecurity

In addition to focusing on the ethical use of AI and its applications in clinical settings, the AI strategic plan addressed the role of cybersecurity risks and safeguards in relation to AI.

Within this domain, HHS proposed several actions to improve the sector's ability to manage cybersecurity.

First, the strategic plan outlined its goal of addressing the shortage of skilled cybersecurity workers to fill roles in health and human services. In the near term, HHS said it plans to develop a sector-specific cybersecurity training program for leaders outside cybersecurity teams and evaluate opportunities to enhance workforce development for under-resourced healthcare organizations.

HHS' long-term plan in this domain includes integrating new cybersecurity requirements into HHS grants and increasing threat-sharing efforts across HHS and the sector.

Second, HHS stressed the importance of standardizing best practices and cybersecurity governance. In the short term, HHS said it plans to update existing regulations and guidelines on AI adoption to include best practices for maintaining cybersecurity.

Other focus areas for HHS include encouraging health IT developers to implement privacy and security by design into their products and balancing the need for privacy and security with broader goals of expanding AI use in the sector.

"Cybersecurity is a fundamental capability for any organization in the broader HHS ecosystem that is looking to expand its use of AI applications responsibly and effectively. However, as noted above, despite widespread awareness of the threat and increased focus on cybersecurity, organizations are struggling to keep pace with potential attackers," the plan's text stated.

"There remains significant opportunity to improve skillsets of cybersecurity talent, establish and promote standards for best practices and governance, reduce the complexity of implementing new capabilities, and assist organizations in balancing questions of cybersecurity and privacy."

Overall, the strategic plan provides healthcare stakeholders with a roadmap for how HHS plans to tackle AI risks and opportunities while safeguarding patient safety.

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.