Ep. 15 – Implementing AI and Mitigating Compliance Risks – Part II

Every day, new articles extol the benefits of artificial intelligence (AI) within the healthcare industry. If you aren’t already using generative AI tools, it’s likely only a matter of time. To effectively manage the unique risks posed by generative AI, healthcare providers should have a clear, consistent approach to its implementation with clearly delineated roles and responsibilities. 

This week on our podcast, we outline a 10-step approach for implementing generative AI in a way that mitigates compliance risks, including:

1. Understanding the organization’s approach to AI and identifying who internally will lead its implementation.
2. Determining what generative AI is already being used within or on behalf of the organization.
3. Reviewing and updating relevant policies to address how you are currently using generative AI.
4. Building a process to evaluate and approve generative AI technology before its purchase or use.
5. Adding identification of generative AI technology into your contract review process, implementing additional contract requirements, and reviewing if generative AI is included.
6. Identifying the individual(s) responsible for implementing an approved generative AI technology, including evaluating what policies may need to be updated or additional protocols which may need to be implemented.
7. Incorporating the generative AI technology approved for use into your compliance work plan.
8. Training generative AI technology users on the specific technology, including training on specific risks posed by the technology and the organization’s risk mitigation strategies, including those risks and mitigation measures identified by your compliance and privacy officers.
9. Implementing a regular reporting strategy to update groups internally, including committees and your governing body, on the use of generative AI by the organization.
10. Providing for periodic review and assessment of generative AI technology which is being used within the organization.

Generative AI is only likely to become more and more commonplace. Providers should build the appropriate implementation processes now, understanding that these processes will need to evolve as technology and the regulation of that technology evolves. Check out our sample AI policy and supplemental contract checklist for generative AI here.