Responsible AI Transparency Report

Responsible AI Transparency Report

Imprivata

Date: January 2025

Introduction

This AI Transparency Report outlines the key aspects of the artificial intelligence (AI) technology embedded in our suite of healthcare products. Our goal is to provide clear, transparent information on how AI is used in the products, including the data sources, model development, decision-making processes, and ethical considerations. This report is intended for healthcare professionals, patients, regulatory bodies, and other stakeholders to ensure a clear understanding of the product's capabilities, limitations, and adherence to ethical and legal standards.

Overview of the Portfolio

Our portfolio of products leverage AI and machine learning (ML) models to provide insights that support regulatory compliance decision-making, patient care optimization, and operational efficiency. The products are designed to analyze healthcare data, such as electronic health records (EHR), user and patient demographics, and clinical access behaviors, to identify patterns, predict outcomes, and offer recommendations.

Key capabilities include:

  • Predictive analytics for user and entity behavior.
  • Retroactive user access review to identify anomalous workflows.
  • Data-driven insights to optimize hospital operations.

Data Sources

The AI models in our products rely on a variety of healthcare data sources. These include:

  • Electronic Health Records (EHR): Structured data, such as diagnoses, medications, encounter and appointment history.
  • Authoritative User Data: Up-to-date employee data, including title and department, care team designation, and access history.
  • User Access Logs: Entity data for workstations, mobile devices, and applications used by clinicians, admins, internal privileged users, and third party affiliated privileged users.
  • Patient Data: Information such as age, patient location, and medication order history.
  • Real-Time Data: User access logs and device information track user behavior as it occurs.

Data Privacy & Security:

All data used in the product complies with data protection regulations such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States, and the General Data Protection Regulation (GDPR) in the European Union. We employ robust encryption and anonymization techniques to safeguard patient privacy. We adhere to the principle of Privacy by Design, ensuring all products are built to ensure patient privacy and enable safeguards by default.

AI Model Development and Methodology

Our AI models are developed through the following steps:

  • Data Preprocessing: Data from various sources is cleaned, anonymized, and standardized before being fed into the model.
  • Feature Engineering: Key features that contribute to predictive accuracy are identified and extracted from the data.
  • Algorithm Selection: Candidate machine learning algorithms are selected as appropriate on a per-application basis, considering criteria such as the type of task, the nature and availability of training data, computational budget, and explainability requirements.
  • Model Training: The model is trained on historical data, using labeled datasets when possible. Cross-validation and hyperparameter tuning are used to optimize performance.
  • Model Evaluation: The models are rigorously tested using separate validation datasets, with performance metrics such as accuracy, precision, recall, F1 score, and area under the receiver operating characteristic (ROC) curve being monitored.
  • Model Transparency: We provide stakeholders with explanations of how specific models arrive at predictions or recommendations. Our products include explainable AI (XAI) features, which allow users to view the factors influencing a particular recommendation or prediction.

Decision-Making and Recommendations

The AI models in our healthcare products are designed to assist healthcare professionals by providing evidence-based insights, but are not intended to replace human decision-making. The system offers:

  • Risk Scores: Based on historical and real-time data, our products generate risk scores for user behavior, including the likelihood of specific user-patient interactions resulting in incidents.
  • User Behavior Analysis: The system provides data-driven explanations, such as reasons for potential anomalous behavior or weighted features contributing to a user’s risk.
  • Predictive Alerts: The products generate alerts to compliance and IT teams when they detect patterns or risks that require attention, such as potential patient privacy violations, drug diversion incidents, or inappropriate user access to sensitive clinical systems.

The ultimate responsibility for decisions remains with the consumer of Imprivata products, who should use AI insights as an additional tool for identifying and explaining anomalies rather than as the sole basis for decisions.

Model Performance & Limitations

We continuously monitor and evaluate the performance of our AI models to ensure their accuracy and reliability. Key metrics include:

  • Accuracy: The overall percentage of correct predictions.
  • Precision & Recall: The ability of the model to correctly identify positive cases while minimizing false positives and false negatives.
  • Bias & Fairness: We actively work to identify and mitigate any biases in the model related to gender, ethnicity, socioeconomic status, or other factors that could impact fairness. We use techniques such as fairness-aware machine learning and bias correction algorithms.
  • Generalizability: Our models are validated on diverse datasets to ensure they perform well across different populations, settings, and conditions.

Despite rigorous testing, the AI models are not infallible. Limitations include:

  • Data Quality: Incomplete or inconsistent data may impact the accuracy of predictions.
  • Model Interpretability: Complex models, particularly deep learning models, may be difficult to fully explain in terms of decision-making processes.
  • Contextual Factors: AI models may not always account for nuanced clinical factors, such as the specific circumstances of a patient’s care or provider judgment.

Ethical Considerations

We take several steps to ensure the ethical use of AI in healthcare:

  • Transparency: We are committed to providing clear explanations of how AI models work, how decisions are made, and how data is used.
  • Privacy by Design: We adhere to the principles of Privacy by Design, limiting data collected to the minimum necessary and building privacy into our products from Design to Development to Deployment.
  • Bias Mitigation: We actively work to identify and eliminate any sources of bias in our data or models that could lead to disparities in healthcare outcomes.
  • Accountability: We have established clear accountability mechanisms for model performance and the use of AI in healthcare. Any errors or issues are promptly addressed and corrected.
  • Configurability: We incorporate our AI in products in a way that requires the customer to configure their risk tolerance and ultimately make any decisions regarding the anomalies identified. The AI requires human oversight and feedback to take action.

Compliance with Regulations

Our portfolio of products complies with relevant healthcare, privacy, and AI regulations and standards, including:

  • HIPAA (Health Insurance Portability and Accountability Act) for patient data privacy and security.
  • GDPR (General Data Protection Regulation) for the handling of personal data in the European Union.
  • AI Act (Artificial Intelligence Act) for the safety of AI systems in the European Union.
  • SOC 2 Type 1 & Type 2: Imprivata products are certified by an external auditor to demonstrate our organization’s security, availability, processing integrity, confidentiality, and privacy controls.
  • ISO 27001:2022 and ISO 27701:2019: Adherence to standards for establishing, implementing, operating, monitoring, reviewing, and maintaining an Information Security Management System (ISMS) and Privacy Information Management System (PIMS).

Ongoing Research and Development

We are continuously working to improve our AI models by integrating new research, expanding the diversity of datasets, and refining our algorithms. This includes:

  • Collaborations with academic institutions and healthcare providers to stay on the cutting edge of AI and healthcare innovations.
  • Incorporating feedback from healthcare professionals to refine model predictions and user interfaces.
  • Regular audits and updates to ensure compliance with evolving regulations and standards.

Conclusion

Our suite of healthcare products are powerful tools designed to ensure clinical access for healthcare professionals is fast and secure. We are committed to transparency, fairness, and ethical practices in the development and deployment of AI technology. By providing clear insights into how our AI models work and ensuring continuous monitoring and improvement, we aim to foster trust and support better healthcare outcomes.

For more detailed information, please contact the Artificial Intelligence Committee at AICommittee@imprivata.com.