Twelve Requirements for a Distributed AI infrastructure in Healthcare and Life Sciences
A distributed AI cloud infrastructure will need to satisfy a unique constellation of requirements that include technology, clinical partnerships, governance and a scalable business model.
Here are twelve requirements:
1
Secure Distributed Compute & Storage Services
2
Secure Network Services
3
Distributed Real-time Data Services
4
Distributed Offline Data Services
5
Distributed AI Application Control
6
Real-Time Inference Service
7
Privacy Preserving: Fine-Grained Data Sharing
8
Privacy Preserving Image Sanitization
9
Privacy Preserving Distributed Learning Services
10
Clinical Partners
11
Privacy Governance
12
Business Model
1
Secure Distributed Compute & Storage Services
Centralized cloud services today are delivered from a handful of data centers where physical access to the building is strictly enforced. Servers placed in hospitals, clinics or ambulances cannot realistically require the same level of physical access control.
Therefore, unable to rely on physically access control, a distributed AI cloud infrastructure needs to implement features necessary to protect the compute & storage in the absence of physical security.
2
Secure Network Services
One of the main reasons the distributed AI cloud infrastructure needs to be in the building is the healthcare machines creating the data are in the building, and the only way to communicate with those data-generating machines is to be on the same secure, managed network. So network service must support intra-zone (in-the-building) communications, as well as secure extra-zone (outside of the building) communications.
3
Distributed Real-time Data Services
While there is useful data in the electronic medical record (EMR) or electronic health record (EHR), there is far more data in the imaging machines, blood analyzers, drug infusion pumps, ventilators, and gene sequencers. A distributed AI cloud infrastructure must support access to the static data (e.g. machine serial number), environmental data (e.g. location), dynamic data (e.g. laser power level of the gene sequencer) and finally, the “nomic” data (e.g. echo cardiogram, EEG, MRI scan, gene sequence or blood analysis).
4
Distributed Offline Data Services
While valuable real-time data is important there is also data in the PACS and EMR. The distributed AI cloud infrastructure needs to be able to provide applications access to this data as well.
5
Distributed AI Application Control
A distributed AI cloud infrastructure should also offer a rigorous process for allowing distributed AI applications in the building. This process should include security vulnerability testing, application security review, and defined white lists for any external communication.
6
Real-Time Inference Service
The architecture should support real-time AI inference. Regardless of where an AI application’s training takes place (using a distributed or a centralized architecture), the servers at the point of care must ultimately be able to execute locally on that learning (i.e., execute the resulting AI application) without having to rely on or make use of servers outside of the building.
7
Privacy Preserving: Fine-Grained Data Sharing
One of the fundamentals of privacy is purpose limitation. The distributed AI cloud infrastructure needs to allow for fine-grained data sharing so that a machine owner should be able to choose specific, distributed AI applications with which to share data, as well as which ones not to). Doing so will clearly define not only which data can be shared and with whom, but also for which specific purpose(s)
8
Privacy Preserving Image Sanitization
Given the intent to share medically related images outside of the hospital or clinic, the infrastructure should support what is referred to as “image sanitization.” In other words, it needs to be able to automatically identify and redact any personally identifying information (PII) present on the images.
9
Privacy Preserving Distributed Learning Services
The distributed AI cloud infrastructure should be optimized for privacy-preserving, network-preserving, distributed learning. The centralized model where the data is aggregated for learning will not work in healthcare and life sciences. Much of the early work in consumer computing (Siri, Google keyboard) can be leveraged, but there are unique differences in healthcare and life sciences including larger data sizes, aggregation strategies and the question of how to get labeled data.
10
Clinical Partners
Technology is necessary, but not sufficient. Access to real-time machine and offline PACS and EMR data requires clinical support from key clinicians interested in pushing the state of the art as well as the administrations that support these efforts. See Distributed AI Lab for Healthcare and Life Science Clinical Partner document for a list of leaders who support completing a Distributed AI Lab.
11
Privacy Governance
Healthcare and life sciences data requires a unique form of governance. Contracts and agreements with the distributed AI cloud infrastructure service provider will simplify the work and reduce the cost for any distributed AI application provider. These contracts and agreements include the Master Services Agreement (MSA); Business Associate Agreement (BAA – US only); Data Protection/Privacy Impact Assessment (DPIA/PIA); Data Transfer Agreement (DTA - EU only) and the Security Addendum (SA attached to the DPA + DTA)
12
Business Model
The distributed AI cloud infrastructure service requires a simple business model, not based on selling data, which will allow distributed AI applications to have a business model suitable to their application and market.
Today anyone building AI applications is required to implement and manage the full stack from network connections to data management. It’s as if companies like Lyft or Uber seeking to build a ride-hailing application had to first build a cell phone and a cell phone network before they could build the application.
By providing a usage-based business model for the infrastructure, applications both do not have to worry about the underlying compute, storage, data and networking; as well as can settle on their own business models whether that is per seat, per scan or outcome based pricing.
