HITRUST this week released a new AI Risk Management Assessment, which the company claims is a comprehensive assessment approach to mitigate the risks of artificial intelligence adoption in healthcare and other organizations.
Why is this important?
The assessment aims to ensure that organizations have established appropriate governance around the implementation of AI tools and that companies can effectively communicate those guidelines to management and the board of directors.
HITRUST says its approach is aligned with standards issued by both NIST and ISO/IEC and is supported by an assessment framework and SaaS platform so adopters can demonstrate that AI risk management outcomes are being met.
“Tackling risk management at scale can require weeks or months of effort just to design and maintain an assessment approach, disseminate that approach, and prepare for the assessment effort itself,” added Bimal Sheth, EVP of Standards Development and Assurance Operations at HITRUST. “Still, questions about completeness and quality can arise, and the work can be daunting if an organization wants to comply with multiple industry standards.”
The framework is designed for any organization using tools such as machine learning algorithms and large-scale language models for generative AI, and is designed to help healthcare and other leaders examine their approach to risk management for these rapidly evolving technologies.
“The AI RM solution can be used as a self-assessment and benchmarking tool, and companies can also work with one of HITRUST’s more than 100 external assessment firms to validate and verify their implementation,” Jeremy Hubal, HITRUST chief innovation officer, said in a statement.
Larger trends
The new risk management tool comes less than a year after HITRUST announced its AI Assurance Program in October 2023. The project offers an approach inspired by the HITRUST Common Security Framework and aims to help healthcare organizations develop a strategy for safe, sustainable and trustworthy AI models.
HITRUST also said it plans to release a new AI security certification program toward the end of the year that will include AI-specific control specifications built into the HITRUST CSF, as well as enhancements to the company’s assurance methodology, systems and ecosystem.
Earlier this month, another organization, NIST, launched an open source platform for AI safety assessments. Called Dioptra, the free tool aims to help developers understand and mitigate data risks inherent to AI and machine learning models.
Be on record
“Standards for AI risk management are rapidly evolving, and it is critical that companies approach these principles with a thoughtful and comprehensive approach,” Robert Booker, chief strategy officer at HITRUST, said in a statement announcing the AI risk management assessment. “Governance of this important and powerful capability is essential to unlocking the potential that AI offers, and risk management is essential to implementing AI responsibly.”
Mike Milliard is editor-in-chief of Healthcare IT News.
Email the author: mike.miliard@himssmedia.com
Healthcare IT News is a HIMSS publication.
The HIMSS AI in Healthcare Forum is scheduled to take place in Boston on September 5-6. More information and registration available here.
