Privacy of Patient Information

Privacy of Patient Information

It is of utmost importance that patient confidentiality is maintained throughout the system. This is particularly important when it comes to using an external AI Model. Even though the AI Model we are using in the Proof Of Concept, Anthropic’s Claude Haiku 3.5 , is a non-learning model we were adamant that the identity of the patient is not exposed to the model at any point. However, the AI Model, which is controlling the conversation, needs to be able to query the identity of the patient so that when the model performs some functions for the patient, such as making an appointment, it is being made for the right patient.

We resolved this dilemma with the use of pseudo patients. The Clinical System Firewall generates the pseudo patients and maintains the mapping of pseudo patients to real patients. Pseudo patients are generated dynamically for the current active conversations, as required. Each pseudo patient has a pseudo ID and a pseudo name which map to the real practice ID and name.

The AI Model only ever knows the pseudo patient ID and name. When the AI Model performs a service for the patient, such as making appointment, it calls the Firewall with the pseudo ID. The Firewall then converts this to the actual ID before making the appointment with the Clinical System. The pseudo name is used by the AI Model when it confirms the patient name with the patient. How this works is shown in the diagram below.

Process flow showing actions to establish the Patient ID where the actual patient identifiers are never exposed to the AI Model.