Patient Privacy in the Age of AI: A Mohs Surgeon's Perspective
The Trust Relationship
Mohs micrographic surgery involves an unusually intimate clinical relationship. The patient trusts you not only with their diagnosis and treatment, but with the physical appearance of their face. A patient undergoing Mohs for a nasal tip basal cell carcinoma is placing extraordinary trust in your hands -- trust that extends to every tool you use, every system that touches their data. When we introduce AI into this workflow, we inherit an obligation to protect that trust with the same rigor we apply to sterile technique.
What Patients Do Not Know
Most patients have no idea how their clinical data flows through modern health IT systems. They assume -- reasonably -- that their images stay in your clinic. They do not know that a cloud-based AI tool might route their dermoscopy image through servers in three different countries. They do not know that an image uploaded for analysis might be retained for model training. They trust you, and that trust implies a duty to understand and control the data pipeline end to end.
The Israeli Privacy Protection Law
Israel's Privacy Protection Law (1981, amended) provides a robust legal framework for health data protection. The law requires that personal data be collected for a defined purpose, stored securely, and not transferred without consent. The Privacy Protection Authority has issued specific guidance on health data processing, emphasizing the principle of data minimization -- collect only what you need, store only what you must, and delete what you can. For AI tools in clinical practice, this means the simplest compliant architecture is one where data never leaves the clinic.
Air-Gapped AI as an Ethical Standard
An air-gapped AI system is one that operates without any network connection to external services. In practice, this means running models in Docker containers on local hardware, with no outbound network access. This is not just a privacy measure -- it is an ethical standard. When a patient consents to AI-assisted analysis of their clinical images, an air-gapped system ensures that consent is respected in the most literal possible way: the data physically cannot leave the room.
Practical Implementation
Implementing air-gapped AI in a Mohs surgery practice is more straightforward than it sounds. A dedicated workstation running Docker containers handles all AI inference. The workstation connects to the clinic's local network for image transfer from the dermatoscope, but has no internet access. Model updates are applied manually via USB drive after verification. This setup adds a few minutes to the model update workflow but eliminates the entire category of data exfiltration risk.
Beyond Compliance: Privacy as Care
Privacy protection in clinical AI should not be framed as a compliance burden. It is an extension of clinical care. When a Mohs surgeon maintains meticulous sterile technique, we do not call it regulatory compliance -- we call it good medicine. The same standard should apply to data handling. Protecting patient data with local, air-gapped AI is not about checking a box on an audit form. It is about maintaining the trust that makes the surgical relationship possible in the first place.
Related Project
MohsPediaClinical decision support for Mohs micrographic surgery — 7 interactive tools