Protecting privacy and security of user data during speech and text processing: FosterHealth AI
FosterHealth AI’s HIPAA compliant AI-powered scribe generates fact-checked clinical notes based on conversations between patients and physicians.
To transcribe patient-physician conversations and generate clinical notes, our application uses state-of-the-art transformer architecture based AI models to perform speech processing and language processing related tasks. These large AI models contain billions of parameters and require GPU hardware for data processing. In order to ensure that physicians can use our application on any device they want (laptops, tablets, phones), whenever they want, we host our AI models on remote GPUs. Since the data our application processes involves sensitive patient health information, the technological infrastructure should ensure data privacy and implement the right security measures to protect patient health data.
Our approach
Every healthcare operator must find our application trustworthy. They should feel comfortable and confident every time they use our application to get help with documentation related tasks. To achieve this design goal, we made three design choices:
- Ensure we have full control over the AI infrastructure — be it the model, where it is hosted or how we process and transfer the data
- Implement robust technical safeguards to protect patient health information
- Be a responsible AI partner and not use patient data to train our models
Full control over the AI infrastructure
We made a conscientious choice not to use any closed-source models (example: OpenAI’s GPT-4) in our AI service. Applications employing closed source models are bound by the terms of service dictated by the providing company, which may change as and when they want. This does not align with our values and beliefs.
We use a combination of fine-tuned open source models and our proprietary AI algorithms for speech processing and language processing related tasks. This design choice ensures that we have full control over our AI infrastructure. Our AI infrastructure does not retain data after processing — input and output data are deleted from the GPU infrastructure after the processing tasks are completed.
Robust safeguards to protect patient health information
To transcribe patient-physician conversations, our application transmits audio data from the physician’s device to the remote GPU. The GPU processes it, transcribes it and sends text data back to the physician’s device. To generate clinical notes, our application transmits transcript data from the physician’s device to the remote GPU. The GPU processes it, generates clinical notes and sends text data back to the physician’s device. The GPU systems delete data after processing the data.
The data transmission between the physician’s device and remote GPU is done via a secure connection. The data stays encrypted in the transmission channel. This implementation mitigates man-in-the-middle attack related risks, as the data in the transmission channel is not in a human readable format.
Responsible AI Partner: We do not use your data to train our models
At FosterHealth AI, we believe that user data should belong to the user- we should not use user data for model training without a clear consent from the user. We made a conscious choice to use only publicly available datasets for training our models. The technical, administrative and organizational controls we enforced ensure that no one at FosterHealth AI can access user data.
Our goal is to deliver the state of the art technology in a reliable and trustworthy manner. We are constantly talking to our users, collaborating with leading research institutes and healthcare experts and continually improving our service. If you have any additional questions or if you want to partner with us, please contact us here.
FosterHealth AI team
