As the healthcare community increasingly harnesses the power of generative artificial intelligence (AI), critical issues of security, privacy and regulation take centre stage. In this paper, we explore the security and privacy risks of generative AI from model-level and data-level perspectives. Moreover, we elucidate the potential consequences and case studies within the domain of ophthalmology. Model-level risks include knowledge leakage from the model and model safety under AI-specific attacks, while data-level risks involve unauthorised data collection and data accuracy concerns. Within the healthcare context, these risks can bear severe consequences, encompassing potential breaches of sensitive information, violating privacy rights and threats to patient safety. This paper not only highlights these challenges but also elucidates governance-driven solutions that adhere to AI and healthcare regulations. We advocate for preparedness against potential threats, call for transparency enhancements and underscore the necessity of clinical validation before real-world implementation. The objective of security and privacy improvement in generative AI warrants emphasising the role of ophthalmologists and other healthcare providers, and the timely introduction of comprehensive regulations. Data sharing not applicable as no data sets generated and/or analysed for this study. Not applicable.

中文翻译：

---

眼科医疗保健中的监管生成人工智能：安全和隐私的角度


随着医疗保健界越来越多地利用生成人工智能 (AI) 的力量，安全、隐私和监管等关键问题成为焦点。在本文中，我们从模型级和数据级的角度探讨了生成式人工智能的安全和隐私风险。此外，我们阐明了眼科领域内的潜在后果和案例研究。模型级风险包括模型的知识泄漏和人工智能特定攻击下的模型安全性，而数据级风险则涉及未经授权的数据收集和数据准确性问题。在医疗保健领域，这些风险可能会带来严重后果，包括潜在的敏感信息泄露、侵犯隐私权和对患者安全的威胁。本文不仅强调了这些挑战，还阐明了遵守人工智能和医疗保健法规的治理驱动的解决方案。我们主张针对潜在威胁做好准备，呼吁提高透明度，并强调在实际实施之前进行临床验证的必要性。生成式人工智能的安全和隐私改善的目标需要强调眼科医生和其他医疗保健提供者的作用，并及时引入全面的法规。数据共享不适用，因为本研究没有生成和/或分析数据集。不适用。