IAPP Artificial Intelligence Governance Professional (AIGP) — Question 105

CASE STUDY -
Please use the following to answer the next question:
A mid-size US healthcare network has decided to develop an AI solution to detect a type of cancer that is most likely to arise in adults. Specifically, the healthcare network intends to create a recognition algorithm that will perform an initial review of all imaging and then route records to a radiologist for secondary review pursuant to agreed-upon criteria (e.g., a confidence score below a threshold).
To date, the healthcare network has:
Defined its AI ethical principles.
Conducted discovery to identify the intended uses and success criteria for the system.
Established an AI risk committee.
Assembled a cross-functional team with clear roles and responsibilities.
Created policies and procedures to document standards, workflows, timelines and risk thresholds during the project.
The healthcare network intends to retain a cloud provider to host the solution. It also intends to retain a large consulting firm to supplement its small data science team and help develop the algorithm using the healthcare network’s existing data and de-identified data that is licensed from a large US clinical research partner.
The most significant risk from combining the healthcare network’s existing data with the clinical research partner data is?

Answer options

Correct answer: A

Explanation

The correct answer is A, Privacy risk, because merging data from different sources can lead to potential violations of patient confidentiality and data protection regulations. While security, operational, and reputational risks are also important, the primary concern in this scenario revolves around the privacy of the patient data being shared and analyzed.