Governance & Program Info
Medical Imaging AI Inference — Governance
Cross-builder institution context and per-item ownership, due dates, status, and next actions for the governance-relevant checklist items in this builder.
Institution context
Program info
Applies across every builder in the app. Stored locally; nothing leaves the browser.
Checklist governance
Items (0 of 14 marked complete)
Annotate ownership, due date, status, and next action. Items on the left come from the builder's governance / compliance phases.
05 · Governance & Compliance
Map HIPAA Privacy and Security Rule controls to the AI stack
Identify which of the 45 CFR 164 Subpart C / E controls apply to training data, model artifacts, inference runtime, and audit logs.
05 · Governance & Compliance
Confirm BAA coverage for every AI vendor
Every vendor who touches PHI needs a current, signed Business Associate Agreement — including AI SaaS vendors and cloud inference providers.
05 · Governance & Compliance
Implement access control and audit logging for model artifacts
Model weights, training data, and inference logs are sensitive artifacts — role-based access, MFA, and audit logging apply.
05 · Governance & Compliance
Encrypt PHI at rest and in transit end-to-end
DICOM in transit, training datasets at rest, model weights, and inference logs — all encrypted with enterprise-managed keys.
05 · Governance & Compliance
Map EU AI Act high-risk obligations if applicable
Regulation (EU) 2024/1689 classifies diagnostic medical AI as high-risk Annex III — conformity assessment, risk management, and post-market monitoring obligations apply.
05 · Governance & Compliance
Adopt NIST AI RMF 1.0 Govern / Map / Measure / Manage functions
NIST AI Risk Management Framework 1.0 is the de facto US reference framework — map institutional AI governance against Govern / Map / Measure / Manage.
05 · Governance & Compliance
ONC HTI-1 / HTI-2 interoperability obligations
ONC Health Data, Technology, and Interoperability rules shape AI-assisted clinical decision support transparency, bias testing, and source attribution.
05 · Governance & Compliance
21 CFR Part 11 electronic-records compliance for AI decisions
When AI outputs are part of the medical record, Part 11 audit-trail, integrity, and time-stamping requirements apply.
05 · Governance & Compliance
Implement explainability / decision-rationale surfacing
Saliency maps, bounding boxes, or attention overlays surfaced to the radiologist — not just a score. Required for clinical trust and for some regulatory contexts.
05 · Governance & Compliance
Bias and fairness assessment across protected classes
Performance stratified by sex, race/ethnicity where available, age, and payer — disparate performance is a safety finding, not a cosmetic issue.
05 · Governance & Compliance
Human oversight and override workflow
Radiologist as final decision-maker, with explicit override capability and structured capture of override rationale.
05 · Governance & Compliance
Patient disclosure and consent posture
Define how patients are informed that AI participates in their imaging interpretation — consent posture varies by jurisdiction and algorithm risk class.
05 · Governance & Compliance
Institutional AI governance committee
Cross-functional committee (radiology, IT, compliance, legal, patient safety) approves new algorithms, reviews monitoring data, and owns decommissioning decisions.
05 · Governance & Compliance
Malpractice and liability framework
Liability posture when AI misses a finding or generates a false positive — hospital risk, radiologist, vendor, and insurance carrier all need alignment.