Governance & Program Info

AI-assisted clinical documentation and ambient scribe — Governance

Cross-builder institution context and per-item ownership, due dates, status, and next actions for the governance-relevant checklist items in this builder.

← Back to checklist
Institution context
Program info
Applies across every builder in the app. Stored locally; nothing leaves the browser.
Checklist governance
Items (0 of 17 marked complete)
Annotate ownership, due date, status, and next action. Items on the left come from the builder's governance / compliance phases.
05 · Governance & Compliance
Execute HIPAA BAAs at every pipeline layer
required
ASR vendor, LLM vendor, audio capture vendor, storage, and any analytics partner — every layer that touches PHI requires a BAA.
05 · Governance & Compliance
Complete HIPAA Security Rule §164.308 risk analysis
required
Formal risk analysis covering administrative, physical, and technical safeguards for the ambient scribe stack.
05 · Governance & Compliance
Document minimum-necessary policy for audio and context
required
45 CFR 164.502(b) minimum-necessary applies to audio retention, context retrieval, and any secondary use of encounter data.
05 · Governance & Compliance
Configure OCR-aligned audit logging
required
Access, creation, modification, and disclosure of AI-generated notes logged per OCR audit-control guidance.
05 · Governance & Compliance
Assign HTI-2 DSI governance owner
required
A named accountable role — not a committee — responsible for the DSI inventory, disclosure surfaces, and bias evaluation cadence.
05 · Governance & Compliance
Maintain Predictive DSI inventory and source-attribute catalog
required
Living inventory required by HTI-2 §170.315(b)(11) — scribe deployment, every prompt template variant, every model version.
05 · Governance & Compliance
Formal bias evaluation cadence
required
Documented schedule for subgroup performance evaluation, triggered by every material model or prompt change.
05 · Governance & Compliance
Clinician-facing disclosure surface
required
Every AI-generated draft is labeled to the clinician, with a link to the model card and intended-use disclosure.
05 · Governance & Compliance
Patient-facing disclosure policy
recommended
Defined policy for how patients are informed that AI is used in documentation — consistent with state and institutional rules.
05 · Governance & Compliance
Define clinician accountability policy for AI-generated notes
required
Written policy that the attesting clinician bears accountability for accuracy of any AI-generated note, matching CMS guidance.
05 · Governance & Compliance
Billing-code specificity and E/M alignment monitoring
required
Monitor E/M code tier distribution pre- and post-ambient-scribe to catch inadvertent upcoding.
05 · Governance & Compliance
RAC / payer-audit readiness package
recommended
Per-note provenance, model card, and hallucination telemetry assembled on demand for payer audit response.
05 · Governance & Compliance
Clinical governance committee ownership
required
Ambient scribe program reports to a clinical governance body (not only IT steering) — disclosure, bias, and adoption metrics reviewed on a cadence.
05 · Governance & Compliance
Medicolegal review of AI-documentation workflow
required
Risk management and legal counsel sign-off on the attestation workflow, disclosure language, and evidence retention posture.
05 · Governance & Compliance
21 CFR Part 11 applicability review
recommended
If the ambient scribe output feeds research or regulated trials, confirm 21 CFR Part 11 electronic record and signature applicability.
05 · Governance & Compliance
EU AI Act and GDPR exposure mapping
recommended
For multi-national systems: confirm whether ambient scribe falls within EU AI Act high-risk scope and GDPR Article 22 automated-decision framing.
05 · Governance & Compliance
NIST AI RMF 1.0 alignment assessment
recommended
Map the program against NIST AI RMF 1.0 Govern / Map / Measure / Manage functions — increasingly referenced by HHS guidance.