AHLA's Speaking of Health Law
The American Health Law Association (AHLA) is the largest nonprofit, nonpartisan educational organization devoted to legal issues in the health care field. AHLA's Speaking of Health Law podcasts offer thoughtful analysis and insightful commentary on the legal and policy issues affecting the American health care system.
AHLA's Speaking of Health Law
Preparing Health Care Compliance Programs for AI-Driven Enforcement
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Drew Hoffman, Partner, Pinnacle Healthcare Consulting, speaks with Darren Skyles, Partner, Nelson Mullins, and Adam Tarosky, Partner, Nixon Peabody, about how health care organizations can best position themselves given regulatory agencies’ plans to utilize artificial intelligence (AI) and machine learning in their enforcement efforts. They discuss how regulatory agencies are using AI in practice, what this means for health care organizations, and concrete steps organizations can take to make their compliance programs AI ready. Sponsored by Pinnacle.
Watch this episode: https://www.youtube.com/watch?v=_bnF50mLDSk
Learn more about Pinnacle: https://askphc.com/
Essential Legal Updates, Now in Audio
AHLA's popular Health Law Daily email newsletter is now a daily podcast, exclusively for AHLA Comprehensive members. Get all your health law news from the major media outlets on this podcast! To subscribe and add this private podcast feed to your podcast app, go to americanhealthlaw.org/dailypodcast.
Stay At the Forefront of Health Legal Education
Learn more about AHLA and the educational resources available to the health law community at https://www.americanhealthlaw.org/.
This episode of AHLA Speaking of Health Law is sponsored by Pinnacle Healthcare Consulting. For more information, visit askphc.com.
SPEAKER_01Welcome everybody. Thanks for joining this AHLA podcast. I'm Drew Hoffman. I'll be your host for today's conversation. Preparing compliance programs for AI-driven enforcement. This discussion will combine AI and fraud and abuse enforcement, which are two topics that are likely very top of mind for all of us these days. Hopefully, this will bring a new, a little bit of a fresh perspective and angle to these topics. I'm joined today by two terrific guests, Darren and Adam, who spend their time advising clients on exactly these issues. Over the course of the discussion, we'll explore, you know, several different things, how regulatory agencies are using AI in practice, what that means for healthcare organizations, and some concrete steps organizations can take now to get their compliance programs AI ready, so to speak. So, you know, let's start things off with some quick intros and backgrounds. Darren, why don't we start with you?
SPEAKER_03Absolutely. Thank you, Drew. My name is Darren Scottles. I'm a partner at the law firm of Nelson Mullins. We are a nationwide law firm with a very large healthcare group. We have about 70 plus of us. I'm on the transactional regulatory side of healthcare. So I advise clients on setting up compliance programs, which were obviously more traditional around HIPAA, fraud and abuse, et cetera. Bringing in the AI question today is very exciting because I see this process is really broken open in a lot of ways. So when I'm talking to you, I'm talking to you from the perspective of your regulatory and transactional attorney who advises clients in-house and helps them as they set up their programs and as they have issues along the way, trying to avoid some of the problems they they would have down the road when you need to hire Adam to step in and uh defend you.
SPEAKER_02I'll take the handoff. Thank you. Adam Taroski, I'm a partner at Nixon Peabody in Washington, D.C. Um, like Nelson Mullins, we're a nationwide practice. Um we have a large healthcare group, although I am technically part of our government investigations and white-collar group, even though almost all of my clients are in the healthcare industry. Um I lead the firm's False Claims Act team. Uh, I guess my claim to fame was my time at the Justice Department in the civil fraud section, which is the section of the department that investigates and prosecutes False Claims Act cases nationwide. Um, my current practice, of course, is a defense practice. I defend False Claims Act investigations. Um, occasionally they make their way to litigation, in which case I litigate False Claims Act cases. Um, but I also do what I call my day job. So, in between subpoenas and civil investigative demands, I do compliance counseling. Um, and I work with institutional clients of the firm to develop compliance programs that hopefully avoid government scrutiny, or if there is government scrutiny, what positions them well to kind of respond to that.
SPEAKER_01Great. Well, thank you both. And um, like I said, I'm Drew Hoffman. I'm a partner with Pinnacle Healthcare Consulting. Um, I work on Pinnacle's compensation valuation team. So um I am not an attorney, but um work very closely with in-house outside counsel on compliance matters around um fair market value, commercial reasonableness, and all types of um provider compensation, transaction support. Um, we do compensation plan design, um, you know, policy and procedure development, all with a you know compliance, uh compliance focused. I think um, you know, I think said well there to you know either prevent uh prevent compliance issues or get ahead and help tell the you know, have a good documentation, good story ready for when when things might be questioned. So I'm really excited for the um you know the discussion today. I think the three of us really bring um a well-rounded perspective um to this issue. So let's go ahead and dive in. So um, you know, when when we say um when we say AI-driven enforcement and healthcare, what what does that actually mean from your perspective? And how is it different from you know traditional enforcement, traditional data analytics that agencies like DOJ, OIJ, OIG have used for years? Um Adam, maybe we'll start with you given your um given your kind of background in that space.
SPEAKER_02Sure. So the traditional model when it comes to fraud, waste, and abuse investigation and enforcement is often referred to as pay and chase. The government pays claims based on what providers submit, trusting that those claims are 100% accurate, and it pays claims on that basis. After the fact, it may determine through routine audit or post-payment review that there were problems with the claims, and then it will sort of pursue recruitment of the funds associated with those claims. Where I think we're moving to is something the government calls detect and prevent. And I think that AI is going to enable the government to essentially review claims prior to paying them for markers of fraud and abuse, and to be able to investigate or determine whether there are problems with those claims before it pays them. And this is something that when it comes to AI, the government refers to as always on AI, that there's going to be this sort of constant um, you know, mechanism that is reviewing incoming claims and maybe even decisioning them prior to payments so that the government is moving away from this model of paying things and then accusing people of fraud, um, uh to the more efficient model, frankly, of looking at these things up front, um, determining if there's problems, if there are addressing them, maybe even collecting medical records along with claims and having the AI tool review the medical record to determine if the claim is in fact supported before it's paid. Again, the traditional model would be to collect those medical records after the fact if there's a concern and have a clinician review the records and determine if they support the claim. But the AI tools I think will become so powerful that that will be able to be done on the front end. So I think for me, a major shift, one major shift, probably among many, is the move away from pay and chase and toward detect and prevent.
SPEAKER_03Yeah, and and so I take that from the perspective of the client and terms of what they need to be thinking about. Uh, but also um understanding that the government is using these tools, but we're using these tools in ways that we need to be knowledgeable. We need to understand in-house um how our own AI tools work in terms of billing and collecting our revenue cycle management. We need to understand with our vendors what they have put together for us to make sure that they're putting something in place that is free of bias, is uh managing claims properly, et cetera. But also at the same time, I think we need to be sophisticated enough when we, because what I'm hearing from you, Adam, is they're going to prevent these claims earlier, right? They're going to get on it earlier because they have the tools to do so. But we also have to be vigilant on our end by questioning their methods, also, right? We have to be educated as to how AI works, how it's working on their end to the degree we can know. And I would, I would imagine we're going to get into disputes over the quality of the technology that's being used. Is that fair to say?
SPEAKER_02Yeah, I mean, absolutely. And because this is an AI podcast, I asked AI the question: how is the government using AI? Yeah. Circular. Um, but I got a really interesting answer. I learned something new. So there was a 2020 executive order and a 2025 OMB memo that requires each federal agency um to report at a regular interval how it's using AI. Either how it's already deployed AI or how it's planning to deploy it in the future. Um and just two months ago, the Department of Justice, my former office, the Civil Fraud Section, published its AI inventory, which was very interesting. And HHS, at the same time period, published its AI inventory. And what the Civil Fraud Section said is sort of what I think we predicted that um they are developing AI models that can bolster the DOJ's mission to prevent fraud, waste, and abuse. And specifically, what they say is um they want to build on existing Medicare data feeds. Um, they want to feed the algorithm with previous False Claims Act healthcare enforcement analytics. Um, and they want to the goal being to increase early identification of false claims and recover dollars more quickly and sort of make investigations go more quickly. And then the key field in this spreadsheet that I encourage everybody to look at is it says deployment timeline. Um, and the phrase they use is pre-deployment. So it's like they're working on this, they're developing it, it's coming, it's not quite here yet. Um, and so now is the time, as you said, Darren, for our clients to be in that pre-deployment phase themselves. Um, my sort of rule of thumb with government investigations is I want my clients to know what the government knows before the government knows it. Um, I want them to be able to know what the government's gonna look at and what the data is gonna show. Because often there's a perfectly reasonable explanation for data anomalies that the government might not have or be aware of. And so, sort of getting proactively at that, I think, is really important. But, you know, in terms of the question of um what is the government using AI for, and then sort of reverse engineering that to what our clients can use AI for, a great place to look are these AI inventories that just got published across all federal agencies in January of 2026.
SPEAKER_03Yeah, it's it's it's it's good guidance. Um what what concerns me from what I'm seeing with clients today is the the need for education in terms of being more uh knowledgeable about the technology, how technology works, what questions that need to be asked of your IT team if you have an IT team. But not only that, um, and I've been to a number of workshops where the um concern has been raised about vendors themselves, that you have so many vendors now that are startups in the AI space, and they will, you know, um pedal their you know, their product to you, and they'll seem like they really know what they're talking about. But I've I've I've heard and I've read many articles about the fact that so many of them don't even understand how their technology works or what it's supposed to do. So two things. One is you have to know how your technology works, but number two, what is the question you're trying to answer for our client? Does the client know that? And has have they communicated to that to the vendor? Does the vendor know how to meet what that identified need is? So the reason I'm saying that is if if you don't understand the AI from that perspective that you're implementing into your own system, how are you going to be able to ask these questions as you're you know, advising on down the road when you get into trouble with the government to be able to ask them? Right. So I'm I'm trying to raise the, I guess, the alarm bell in that sense that we all have to be much more involved in ways that I think we haven't had to be before in understanding these things on a very sophisticated level with the people that can help us get there.
SPEAKER_02Yeah, I mean, I know this isn't an ethics CLE, um, but it almost goes to a lawyer's duty of competence that to truly competently represent our clients in our fields in this day and time, we've got to know more than the average bear about how the AI systems work that we're using. Um, and it's hard because the concept of AI and artificial intelligence is that it's a black box, that the neurons get connected in ways that we really can't recreate.
SPEAKER_03Right.
SPEAKER_02Um and yet, of course, we have to understand what's going into the black box, what's educating the black box, um, and have some idea of what comes out. Um, you know, internally at my law firm, I've had some recent experience with this because we've developed a proprietary AI system that protects our client confidences within the tent of the law firm to protect the privilege and so on, um, but they can still pull in publicly available external resources, for example, case law, um, to help us analyze legal matters and of course do briefwriting and research and all that kind of thing. Um, but it's been a really interesting process because as a partnership, we have a duty to protect our client confidences and to understand how that model, you know, what's feeding that model, um, so that when we use it, we can be confident in the output. And of course, we've all seen cases where the output, for whatever reason, has been hallucinated or you know, problematic and judges have gotten very upset about that. So I think it's a great point, Darren, that you know, we we can't just sort of let this pass us by, um, no matter what stage we are in our career, or frankly, no matter how old we are, um, we've gotta, we've gotta learn this.
SPEAKER_01Yeah.
unknownYeah.
SPEAKER_01Yeah, that's really interesting. And Adam, you know, something I wanted to uh follow up on and get, you know, Darren in your thoughts as well. We we did talk about this concept of you know AI being sort of a black box. And I think, you know, a reasonable, you know, a reasonable, you know, healthcare organization and a best practice for compliance programs is to really kind of think like a regulator and kind of understand and get ahead, like you said, you know, understand kind of what the government will be looking at, um, you know, have that same information, that same perspective. And so, you know, organizations can, you know, reasonably be expected to start rolling out their own AI tools and start doing this type of analysis. So, you know, in the event of a dispute, you know, how do you see that you know going down? Because I imagine if you, you know, if the government has a proprietary, you know, AI, you know, AI tool, hospital, you know, health system has their own AI tool, they put similar inputs in but get different, you know, different outputs, you know, how does that, you know, how does that play out from a you know dispute perspective or a legal perspective?
SPEAKER_02Yeah, well, the the traditional model, I think, if you're at least if you're talking about Medicare or Medicaid claims and some dispute about whether they're medically necessary or whether the services were actually rendered or whether they were coded properly, you know, all the sort of normal claims that the government might investigate, whether they were tainted by a financial relationship, you know, a kickback or a STARK relationship. Um the traditional method to investigate would be for the government to sample the claims, probably in a statistically valid random method, um, and then to have a human being or several human beings review them and review the support for them and make a determination about whether they're supported or not. Um, one could see that process being short-circuited by AI, um, you know, by an AI-enabled medical record review, for example. Um, you know, as a defense attorney, when I'm presented with evidence like that from the government, I hire my own expert to do an independent review of the record and make sure, you know, if they agree with the government, so be it. Maybe we argue that it's not fraud or whatever, but we at least acknowledge an obligation to return some amount of money. Um, but the future of that is probably we're gonna have our own, you know, AI review or AI-enabled review at least. Um, and then you're right, Drew, it sort of comes down to, well, whose AI is more reliable? Um, and I'm not sure how that's gonna play out. I think the other thing it's gonna change, though, is what I started with the idea that you need to sample claims to identify fraud and abuse or to prosecute fraud and abuse. Because I think there will be the ability to review very large volumes of data and claims. And so instead of reviewing a sample, we're just we're just reviewing the universe. Um, and so, you know, and and not having fights about extrapolation and whether we've proved the falsity of each individual claim, you know, versus relying on statistics. Um, so you know, the traditional means of investigating sampling and expert clinical record review, uh, I think are maybe both going to be replaced by AI. But when it comes down to that dispute about whose AI is better, that goes to Darren's point. We need to be the sponsors and the ambassadors of our own, you know, whatever system we're using, and we need to understand it well enough to say we cast a way broader net than you, or for some reason our results are more would be more persuasive to a fact finder, you know, if it ultimately came down to a trial.
SPEAKER_03Yeah, and and I see this heading also, you know, somewhere in the not too distant future, uh, more transparency that's going to be required in healthcare providers and the AI programs that they're using. So you you mentioned the black box, Adam. And to what degree do we as providers understand how we arrived at our conclusions? We being relying upon the AI we're using, right? And that we're gonna have to be at some on some level transparent and open and how we arrive at these conclusions. But I would think likewise with the government, I I I would presume in your world that you might get into arguments about, well, show me your work, right? Show me the the program that you're using and how you arrived at those conclusions, which uh is that going to get in us into too much granularity, or is it gonna become that thing that's just inevitable? Because you, if you're making this assertion, you're making it based upon something where you're relying upon your technology, and I have to trust the technology you're using is valid and reliable, and I might I may have questions about that, and vice versa for what what we're using. So I I would think that that would work both ways.
SPEAKER_02Yeah, I think so. I mean, and and hopefully we'll see some of these cases progress toward trial and maybe get some Daubert motions on um the reliability of um of AI to do some of these functions.
SPEAKER_03Yeah.
SPEAKER_02You know, and I we really haven't seen that yet. Um there was, I wanted to note, since this is an AI podcast, a really interesting recent decision from Judge Rakoff in the Southern District of New York, um, where he essentially found that a criminal defendant who sought legal advice from AI waived the attorney client privilege such that the government could discover the questions that he asked the AI, um, on the theory that it's it's such a black box and such an open universe that you're talking to, um, that there really is no expectation of confidentiality or privacy. Uh, you know, I'm sure it's a fact-specific inquiry, but you know, I think there will be a litigation over how do you, when you use AI in a legal practice, how do you protect the attorney client privilege um, you know, so that there's not like an automatic waiver if you do use uh an AI system like that.
SPEAKER_03That that was a yeah, I saw that as well. That's a fascinating case. And I think about you know what we advise our clients on when they're using AI, right? If you're not within a closed system and you're using Chat GPT, right? Um, it should be common sense that somebody doesn't just take a patient data table and throws it into Chat GPT and asks it to do whatever. You would think that people would would know that, uh, but that is something that's very important in your policies and procedures, right? That's that's a no-no. But this here, that that's just a totally different question, right? I mean, people go to Chat GPT or whatever program they're using for all sorts of things. And that I think that's a sobering case. That's something that really needs to be emphasized. That don't say anything or ask anything on Chat GPT or other, you know, systems that aren't closed because you're only putting your yourself and the uh potential defense of the system at risk.
SPEAKER_02And Darren, have you thought about HIPAA implications with you know with with your clients and their programs when we're using AI to either, you know that's part of a compliance program or to advise healthcare clients?
SPEAKER_03Yeah, uh undoubtedly we uh we have that discussion all the time. Obviously when you're talking healthcare, you know, patient information is always going to be involved in almost all the time in the AI program that you're you're talking about. And so we we talk with clients a lot about nothing changes when you're using patient information but understand that you are providing this into something that's not in any way static and it's it's we very much need to look at where are your vulnerable points right in terms of you know do you have a BAA in place? Do you in that agreement do you is there an agreement for them to be allowed to use your protected health information to train their own system that has issues to it right I've seen issues with um in the research arena where somebody wants um through AI to mine the data that two systems use together. And so we have to really analyze that and break that down for them as to you know how are we going to do this in a way that's protected? Do we need to get patient authorization, etc. So it is an ongoing battle um and it is something that's very much a part of a compliance program. Some things that have not changed but because it's AI and these questions like I was raising earlier, you know, are you are you managing it within a controlled environment? Is that vendor using your PHI for training?
SPEAKER_01Is do others have access to it, etc through with your client yeah that's that that's all you know all very you know very important you know areas of focus and you know Darren I think you touched on a lot of them um you know in in that um in that overview but you know putting myself in the shoes of a you know general counsel chief compliance officer at a client organization you know this this industry is moving very fast um you know we know that organizations are resource stretched you know people are being asked to do more with less all of the financial manpower challenges you know it it can be overwhelming so you know what were what would you be you know what would your recommendation be for areas to kind of focus on you know what are the big you know areas steps clients can take in the you know in the next say 12 to 18 months um to kind of best position themselves in this in this type of environment in terms of um being compliant in with a your AI program. Yeah with your AI program and with the understanding that you know you may there may be you know slightly different uh slightly different angles of enforcement with AI tools um from agencies as well I think I think you know both are relevant as we discussed you know I think uh a key you know a key strategy for organizations is to deploy their own AI to be ready for that so I totally agree that their own AI readiness program is a is a key um foundation for this just to you know make sure that you're not putting the organization at risk through a you know a compliance effort and you're you're creating risk through a you know a compliance activity well my my two things that I always emphasize to clients up front you know healthcare systems are notoriously siloed right you have many different areas with competing interests so you have the clinical end you have the administrative end you have HR you have so many different parties coming together um you know in one system to to provide patient care um it's very important when you're putting together a compliance program that for AI that you have a an AI governance committee you know that has real tea that can make authorized decisions about AI is a gatekeeper.
SPEAKER_03And I would probably the the the fewest number of decision makers among that committee is probably best because you really I I don't think you can be um uncertain on some of these questions that have to be answered, right? Somebody has to eventually make the decision as to whether for example you're going to allow your employees on the front line to use chat GPT you know outside your system or what have you so there are a lot of technical questions that have to be answered. It's very important that systems understand even before they implement AI in any significant sense because we all know AI is being used all over the place it would be naive not to think so, right? But to understand where is AI residing in your processes today you know both uh in terms of how it's used in your different clinics how is it used administratively um how are again how are employees how are they able to access it within their day-by-day jobs and then really talk about what is your mission as an institution with the AI program that you want to implement what's important to you you know some some clients are more conservative than others some are very closed like we're not going to allow access to any of these tools during the workday if they do they have to you know get on their phone or what have you but everything within our environment is going to be a closed set this is how we're going to do it. Some are much more liberal in that in terms of okay well we'll take care of a lot of that by policy and procedure. They know what they're supposed to do. We trust our employees that kind of thing so those decisions have to be made um and then a process for when a new AI application is introduced there needs to be a way to introduce it to vet it and probably most important than anything else is your legal and compliance team really need to be involved in the process. They don't need to be involved at the back end when everything's ready to go and say here's the contract we want to get this done in the next 24 hours they need to be involved in the process too because they can poke holes at those issues like Adam was raising about privacy and security very important. So they'll be able to note things that others on the team won't and be the responsible parties in terms of saying we we've got to maintain our highest in legal ethical purposes here.
SPEAKER_02Yeah I mean I think just like the government now has an AI inventory of all the use cases within an agency, most of our clients should probably have the same thing. I mean they need to know how they're using AI and as they bring new use cases online they need to have a record of that so that they can monitor it. The use cases pop up so often even the term use case was new to me you know a year ago and now I now we talk about it all the time. And so it that list is just going to continue to grow and and I think having your arms around it is important. One of the observations that that I wanted to make is that you know the the government does put out guidance on corporate governance and corporate controls for healthcare companies and it does it in several forms. OIG actually has a a publication that's a little dated now but it's called Practical Guidance for Healthcare Governing Boards on Compliance Oversight. That one's probably due for an update but a lot of the concepts in there are derived from the seven elements of an effective compliance program. And then the other major source are corporate integrity agreements that HHS you know makes organizations enter into often when they've settled a false claims act case the idea being your compliance program wasn't quite up to snuff going forward we want to make sure that it is improved so you don't have another false claims act case and this is how we're gonna kind of jumpstart your compliance program. So I think those two sorts of guidance already have concepts in them that can be adapted to AI. And I think going forward we'll start to see the concept of AI actually being incorporated expressly into them. For example with corporate integrity agreements the current system is to hire an independent review organization which is effectively a monitor to do an annual review of claims or if it's you know if the settlement was about financial arrangements to review a random you know sample of financial arrangements um but but we could see a lot of those functions being at least augmented by AI. The other major piece of a corporate integrity agreement is it sort of outlines what you need to do to have an effective compliance program. You have to have a compliance officer obviously you have to have a way that employees can report concerns without fear of being retaliated against. You have to have policies and procedures um one prediction I have is that before too long it's going to say you have to have these certain AI capabilities because at least right now they're not terribly costly and they're they're really effective. So I I think we should really watch that space um the old model of sort of the board doesn't really have too much of an affirmative duty to you know have its fingers in the organization the way that Delaware Chancery Court puts that is you don't have to operate a corporate system of espionage for fraud if you're a board member it's not that onerous um conversely you can't be a clam like passive instrumentality that just sort of soaks in whatever might float past there is some affirmative duty um but it's pretty limited and I and I think we'll see that uh evolve I mean I think there will be more because there's a there's an ability to monitor more I think there will be an expectation that boards management monitor more um you know when it comes to compliance functions so so Adam on that point if I may ask um and I like what you said about you know nothing's changed in a way this these are we still have to follow the same compliance principles that we've had good guidance on for years and and I agree with you 100% it's the translating it to the to the AI right that we got to think about what we're using and the power of the technology and we need to be careful not to allow the technology to drive us right we have to drive the technology and I I read an article recently about the um that we're probably going to see problems down the road where there's going to be more of a forensic accounting of what our AI is doing, right?
SPEAKER_03So for example if you have a revenue cycle management system that is billing in a certain way that catches the government's attention right um and the determination is well we see fraud occurring here and and they start bringing their accusations it you you're not going to be able to take the position that well I hired a vendor to do this and it's operating a certain way and that was the technology's fault I would think that there's going to be an expectation as we move further along that you need to know how that's operating again what we were emphasizing before you need to understand how the technology works.
SPEAKER_02You need to know what it's doing you need to be monitoring it and adjusting it along the way so you've got to find some real-time way to do that and there are there are options coming into play and I think we're gonna see that more and more over the next several years technologically speaking you're gonna see integration right that's going to become a big issue um but I'd like to hear your thoughts on that I mean I have a great example of that that I'm dealing with now on several matters actually um when it comes to uh what we call evaluation and management coding so that's generally speaking how you code an office visit when you go see your doctor and there are five levels um both for a new patient visit and a returning patient visit and the levels are really determined by how much is done during the office visit. You know how much of an examination was it really and how long did it take my personal view is that coding can be quite subjective in part because physicians don't always write down everything they did, but also because correlating what they did to one of the these five levels of coding has some play in the joints. And I'm sure Drew and Pinnacle have dealt with this issue you know many times and you can find false claims at cases about over you know upcoding of ENM visits, office visits um what some folks are doing now is saying okay we're gonna take make it totally objective as follows we're gonna have an AI you know we're gonna plug in the visit note and we're gonna have an AI tell us what the level should be, what the ENM code should be um but what I'm seeing so far is that is absolutely not good enough. Especially if the level that the AI is spitting out is not consistent with historic billing or if it becomes clear, you know, a case I have right now it's sort of becoming clear that like there's one particular thing that recurs in the medical record that triggers a certain ENM code that maybe is not the right ENM code. And so there's still going to be an obligation to like identify issues like that and correct them and go to the vendor and say okay you know we like this algorithm you know it takes some of the guesswork out of it but we think in this one category of instances it's getting it wrong and and you need to work with us to to fix that. So I I just I think that's a good example of what you're just saying Darren where it's not going to be enough to just say okay well AI said you know this is what it should be and so how could I be committing fraud? I totally turned this over and relied on this vendor this AI algorithm you know there's still going to be questioning of did you reasonably rely on it and did you have reason to think it was getting it wrong especially if it was getting it wrong to your pecuniary benefit. And when you knew that why didn't you do something about it?
SPEAKER_03Yeah and and think about how that's changed the way we do business uh with our vendors right we we have to be much more um assertive with them when we're negotiating our terms that we can we can get to that point with them where we say this is required of you in our relationship with you how do you build that into the agreement with yeah I was just gonna say on the transactional side that's liability I would want to push as much as possible onto the vendor.
SPEAKER_01Right. Yeah you know yeah that I mean that's a great point. I think you know the the standard today we found you know working with a lot of you know software as a service companies you know all of the liability gets pushed onto the user you know the company you know effectively takes zero liability so you know an example today like if there is a you know a HIPAA breach of patient information is breached through no fault of the healthcare provider they're still on the hook for that so I think you know definitely a lot of precedent and something for folks to focus on um moving forward. So um you know want to be sensitive to everybody's time um you know I think really great discussion um really covered a lot of great ground um you know Adam Darren if we wanted to maybe just kind of bring it back and you know give give the listeners maybe one you know one or two concrete takeaways um from from this conversation what would it what would it be?
SPEAKER_02Darren do you want to go first?
SPEAKER_03Well I want to gather my thoughts a little bit about that but um I I think what I have been emphasizing with my clients is you really need to pause and take a step back and understand the magnitude of this process and what you're entering into because there's so much pressure that we're all feeling I mean you know Adam and I feel it in the legal world in terms of AI that's introduced to our space and how do you utilize it how do you utilize it in a way that allows you to give the you know the the highest and best use of your skills to your client and efficiently and and helps them realize you know the the benefit of that as well. Same thing in the healthcare space you know you've got physicians I'll pick on physicians who come in with clinical AI that they want to use and they may have seen it at a workshop somewhere or a conference and they say this is the greatest thing in the world and maybe they're an important you know person within that environment and their voice carries a lot of weight and then everybody gets pressured into saying okay what do we need to do how do we do this etc but there's so many questions that have to be answered when you're introducing a new application into an existing system right again you have to know what is it that you want to accomplish do you have the right tool to do that what is the system and how it operates that you're introducing it into how's it going to interact do you have the proper security measures in place you know have are do you have the right terms in the agreement there's so many things that you you really have to think about and you have to know what your overall purposes are as you as you send forth your your AI program. So I I think it's to really take a step back think through what you're doing and and do this organically as you build your AI program. You you know what your strengths and weaknesses are you know who are the right people to put in the right positions but give people the authority to make decisions on the AI program because I think the more that you do that on the front end the less problems you're going to have at the back end when you have something for example that's not operating the way you want it to that could be a contractual issue where you say gosh we've got this 10 year agreement with this vendor we have no way out we have no way to fix this right that goes back to did I negotiate the right terms um or you could implement in a way where you didn't take the proper steps ahead of time and you have a breach of patient information et cetera so uh I I think let's just not feel like we have to give in to the pressure because it's it's moving fast technology is moving fast but sometimes I just think we're like right here how do we close that gap in a way that that makes sense yeah I mean I guess I'll start with like the sort of threshold issue that like AI is here to stay and the story that I think everybody has a version of is when I started practicing law, there was this partner who you know would review documents in paper and he would go to the library and pick out the books to find his case law.
SPEAKER_02And I knew how to use West Law and I knew how to use relativity and I did everything on the computer and I just couldn't imagine how this person could possibly do this job using that old technology. And so I learned the new technology and I'm much more efficient for it. Well we're now on the stage of we have to learn AI. We absolutely have to do it. It's maybe going to be even more powerful than you know some of the things I just mentioned the move away from paper or the use of electronic databases to review documents, et cetera, probably is going to be more powerful than that. So you have to be AI forward um no matter how old you are you know I was born just at the cusp of the millennial generation I was a technology immigrant I didn't grow up with it but I was open to it um which I think is important we have to be open to it so so that's my sort of you know high level pitch. And but then it can seem very overwhelming. And so for me at least in in my practice my guiding principle is I want to know at least as much as the government knows. I kind of started with that concept and I want my clients to be at least as far on their compliance programs as the government is. And so I'm going to carefully monitor that and and make sure that's the case. And you know that's sort of the baseline obviously clients with more resources are going to be able to surpass that um that that goal but you know I I think really paying attention to how is the government using AI, look at these inventories look at what it's saying in its corporate governance and guidance documents look at what it's saying in its corporate integrity agreements um understand how it's using it and then be able to deploy that technology internally we do a lot of internal investigations be able to deploy that internally under the cloak of the privilege you know if there's a problem identify it and and you know and then self disclose it I mean get ahead of it you know avoid a fraud charge. So I think actually AI is going to be really helpful both to the government and to um healthcare industry participants because you know we're gonna you know we're let like I said the model's gonna be more let's detect things quicker um before they balloon into million dollar problems that we need to cover up um and and detect them quicker and and fix them quicker. So that that's my hope for AI and you know like I said my advice to clients would be try to know at least as much as the government does.
SPEAKER_01Great. Yeah no I think I think both um you know both both very very good advice and you know Adam I think just for me building on on what you mentioned um you know for me personally AI has been to your to your point overwhelming and it feels like staring at a blank page a little bit um very broad term so you know looking at the AI inventory um published by the different agencies and and that that type of thing just feels like a very concrete way you know very good starting point to get to that place where you know you can understand as much as as the government um from that perspective so that's you know I I wasn't aware um of those publications coming in prior to these discussions so um that's my personal takeaway so I really appreciate well as I said ai informed me of them so yeah we can we can thank the machine yeah and now and now we're sharing sharing that with the a the AHLA community which is great so um really appreciate um both of you joining me today again fantastic discussion um really appreciate everybody tuning in uh to the AHLA podcast as well um and hope um you know hope you took something helpful away if you enjoyed this episode be sure to subscribe to AHLA Speaking of Health Law wherever you get your podcasts for more information about AHLA and the educational resources available to the health law community visit americanhealthlaw.org and stay updated on breaking healthcare industry news from the major media outlets with AHLA's Health Law Daily Podcast exclusively for AHLA comprehensive members to subscribe and add this private podcast feed to your podcast app go to americanhealthlaw.org slash daily podcast