The Privacy Risks of Embedded, Shadow AI in Healthcare

Artificial Intelligence & Machine Learning , Healthcare , Industry Specific The Privacy Risks of Embedded, Shadow AI in Healthcare Attorney Elizabeth Hodge of Akerman LLP on Taking Action Marianne Kolbasuk McGee (HealthInfoSec) • May 7, 2026     19 Minutes    Credit Eligible Get Permission Audio Player 00:00 00:00 Use Up/Down Arrow keys to increase or decrease volume. Attorney Elizabeth Hodge of law firm Akerman LLP (Image: Akerman LLP) Artificial intelligence stealthily embedded into newer editions of software and other technology tools is a risk on par with shadow AI, said regulatory attorney Elizabeth Hodge with the law firm Akerman LLP. "There are applications, software, tools or services that vendors are providing that historically did not incorporate AI, but now they have," Hodge said. Sometimes the vendors will inform the customers, but sometimes they don't, she said. So it's important to ask and scrutinize where vendors might be incorporating AI into their products, she said. "Consider doing a risk analysis of which of those applications, products, services, etc. potentially use the most data, or would pose the greatest risk to the organization if data was used improperly," she said. "Focus on those vendors - reach out to them, have your information security team or contracts team review periodically your vendors," she said. "Have them answer questions about their use of AI, so you have a better understanding of the risk." In the interview (see audio link below photo), Hodge also discussed: Risk considerations involving shadow AI; Privacy issues involving the use of de-identified patient data in AI tools - including the risk of re-identification; HIPAA and other reportable data breach considerations involving AI. Hodge is a partner in law firm Akerman's healthcare and data privacy practices. She focuses on compliance and regulatory issues affecting healthcare providers, payers and employer-sponsored health plans. Hodge is also the chair of the American Health Law Association's Health and Information Technology Practice Group, an author and frequent speaker on healthcare law.