This week, HITRUST released its new AI Risk Management Assessment, which it describes as a comprehensive assessment methodology to mitigate risks when implementing artificial intelligence in healthcare and other organizations.
WHY IT MATTERS
This assessment is intended to help ensure organizations have the governance capabilities to deploy AI tools and that companies can effectively communicate those safeguards to management teams and boards.
HITRUST says its approach aligns with standards issued by both NIST and ISO/IEC and is supported by an assessment framework and SaaS platform to help adopters demonstrate that AI risk management outcomes have been met.
“The entire effort to address risk management at scale can take weeks or months of work just to design and maintain the assessment methodology, socialize it, and prepare for the assessment itself,” adds Bimal Sheth, executive vice president of standards development and assurance at HITRUST. “Even then, there can be questions about completeness and quality, and the work can be very taxing when an organization wants to align with multiple industry standards.”
Designed for any organization using such tools — including machine learning algorithms and large language models for generative AI — the framework is designed to help healthcare and other leaders validate their approach to risk management for these rapidly evolving technologies.
“The AI RM solution can be used as a self-assessment and benchmarking tool, or companies can hire one of HITRUST’s 100+ external assessment firms to validate and verify the implementation,” Jeremy Huval, director of innovation at HITRUST, said in a statement.
THE BIGGER TREND
The new risk management tool comes less than a year after HITRUST announced its AI Assurance Program in October 2023. That project aims to provide an approach inspired by HITRUST’s Common Security Framework, to help healthcare organizations develop strategies for secure, sustainable, and trustworthy AI models.
HITRUST said the company also plans to release a new AI Security Certification Program — which includes AI-specific control specifications built into the HITRUST CSF and improvements to the company’s assurance systems, methods, and ecosystem — later this year.
Earlier this month, another organization, NIST, announced an open-source platform for assessing AI safety. The free tool, called Dioptra, aims to help developers understand and mitigate some of the unique data risks associated with AI and machine learning models.
ON THE RECORD
“AI risk management standards are evolving rapidly, and it is important that companies address these principles with a comprehensive and thoughtful approach,” Robert Booker, chief strategy officer at HITRUST, said in a statement announcing the AI Risk Management Assessment. “Robust management of this important capability is critical to unlocking the potential that AI offers, and risk management is critical to deploying AI responsibly.”
Mike Miliard is executive editor of Healthcare IT News
Email the author: [email protected]
Healthcare IT News is a publication of HIMSS.
The HIMSS Healthcare AI Forum is scheduled for September 5-6 in Boston. Learn more and register.
