aamc.org does not support this web browser.

    Protect Data Privacy

    Attention to data privacy is critical across the myriad uses of AI in medical education. Some specific considerations include:

    Admissions: Sensitive applicant data should be protected with robust security measures and compliance with privacy regulations. Institutions should utilize data encryption and access controls and include education about data ethics for those involved in the admissions process. Refer to the Protect Data Privacy principle in the Principles for Responsible AI in Medical School and Residency Selection for more on this context.

    Classroom-based teaching and learning: Student performance data should be managed securely and must comply with privacy regulations, including the Family Educational Rights and Privacy Act (FERPA). Instruction on protecting student data privacy should be provided to educators, staff, and learners.

    Workplace-based teaching and learning: In addition to secure management of student performance data in the clinical setting, patient data should also be safeguarded in the context of clinical education. Any use of patient data in clinical care or learning should be protected and comply with privacy regulations, including the Health Insurance Portability and Accountability Act (HIPAA). Instruction on protecting student and patient data privacy should be provided to educators, staff, and learners.

    Assessment and evaluation: Student data should be protected when AI is used in the assessment process. The methods of ensuring data protection should be transparent to educators, staff, and learners. Similarly, when AI is used in the context of program evaluation, data regarding learners, educators, and sensitive institutional information must be protected.

    From Principle to Practice

    Apply this principle to your practice using the following strategies:

    • Provide learners access to their data. Institutions should ensure that learners have access to their own data to provide transparency about assessment and educational outcomes. Institutions should implement secure portals where learners can manage their data, track their learning measures, and make informed decisions about their education. Providing access to data in this way builds trust between learners and institutions to promote a collaborative educational environment.
    • Teach educators, staff, and learners about data privacy. Education should be provided to educators, staff, and learners about the importance of data privacy and the measures that need to be taken to protect it. Institutions should offer education and training that cover topics such as data encryption, access controls, and ethical data handling. It is incumbent upon institutions to ensure that all stakeholders are equipped to handle sensitive information responsibly.
    • Ensure compliance with data privacy regulations. Compliance with data privacy regulations, such as FERPA and HIPAA, is essential to protect sensitive personal information. Institutions should implement policies and procedures that promote data security and align with these regulations. This includes measures such as deidentifying data, encrypting data, establishing access controls, and regularly reviewing and updating privacy practices.
    • Conduct regular audits. The output of AI tools is unpredictable due to their probabilistic algorithms and frequent updates to their underlying technology and/or knowledge base. Regular audits are vital to maintaining the integrity and security of data systems. Institutions should implement periodic reviews of their data-handling practices, security measures, and compliance with privacy regulations. These audits can identify potential vulnerabilities and ensure that policies are being followed to help the institution find opportunities for improvement and maintain high standards for data security and privacy.
    • Balance data privacy with collaboration. Institutions should strive to balance the imperative of data privacy with the need for collaborative data workflows that enhance educational and assessment processes. Transparent policies should be established to enable secure data sharing among stakeholders, such as educators, learners, and administrators, while adhering to privacy regulations. By fostering a culture of collaboration grounded in privacy safeguards, institutions can optimize data-driven workflows (e.g., assessment), thereby ensuring both efficiency and ethical stewardship of sensitive information.