Electronic Health Records (EHRs) have become common in the health systems of many countries across the globe. They assist physicians and hospitals in storing and exchanging patient data within a short period of time. The rise of EHRs usage, however, has also raised the chances of data breaches and cyberattacks. Hackers create a threat to the healthcare data, and insiders may abuse it as well. Conventional security systems do not necessarily work in identifying these threats. Due to this reason, there has been increased usage of artificial intelligence (AI) to detect abnormal or suspicious activity in the EHR systems. Most of the literature concentrates on the level of AI detection of anomalies and lacks legal and regulatory risks. This review unites the studies on the topic of AI-based anomaly detection and the laws related to healthcare data protection. It points out major differences between technical security and legal compliance. A basic structure combining AI detection and legal-risk assessment is also suggested in the paper because it would enhance data protection and decrease legal risk.
Keywords
EHRs, Anomaly detection, Cybersecurity, Healthcare, Legal risk, Data privacy, AI
