Governance & Program Info

Medication Safety & Adverse Drug Event Prevention — Governance

Cross-builder institution context and per-item ownership, due dates, status, and next actions for the governance-relevant checklist items in this builder.

← Back to checklist
Institution context
Program info
Applies across every builder in the app. Stored locally; nothing leaves the browser.
Checklist governance
Items (0 of 15 marked complete)
Annotate ownership, due date, status, and next action. Items on the left come from the builder's governance / compliance phases.
05 · Governance & Compliance
Map HIPAA 45 CFR 160/164 controls across the ML stack
required
Administrative, physical, and technical safeguards identified across training, feature store, inference, and audit log.
05 · Governance & Compliance
Confirm Business Associate Agreement coverage
required
Every vendor in the ML stack that touches PHI must be covered by a BAA — including inference infrastructure, reference knowledge, and monitoring.
05 · Governance & Compliance
De-identification strategy for training and evaluation data
required
Training data de-identified under Safe Harbor or Expert Determination unless a documented reason requires PHI in training.
05 · Governance & Compliance
Document FDA CDS carve-out conformance
required
Formal documentation that the model meets the four 21st Century Cures §3060 CDS carve-out criteria.
05 · Governance & Compliance
Publish ONC HTI-1 / HTI-2 DSI disclosures
required
Predictive DSI source attributes, intended use, and performance characteristics published per ONC certification requirements.
05 · Governance & Compliance
IEC 62304 software lifecycle documentation
optional
If the model exits the CDS carve-out, IEC 62304 medical device software lifecycle documentation applies.
05 · Governance & Compliance
21 CFR Part 11 electronic records compliance
recommended
If the model produces electronic records relied on for regulatory decisions, 21 CFR Part 11 controls apply — audit trail, e-signature, validation.
05 · Governance & Compliance
Map CMS Conditions of Participation medication management
required
CMS 42 CFR §482.25 medication management controls — documented conformance required as condition of reimbursement.
05 · Governance & Compliance
Joint Commission NPSG.03.06.01 conformance (anticoagulant safety)
required
Anticoagulant safety program conformance — AI must be audit-trailed and validated, not a black box.
05 · Governance & Compliance
ISMP high-alert medication list alignment
recommended
Model severity classes aligned to ISMP high-alert medication list — not a separate internally-invented severity schema.
05 · Governance & Compliance
Apply NIST AI RMF 1.0 functions across the model lifecycle
required
GOVERN, MAP, MEASURE, MANAGE functions explicitly documented for the medication-safety model.
05 · Governance & Compliance
Independent model validation
required
Second-line or external independent team validates model logic, data, assumptions, and performance claims. Must be independent of development.
05 · Governance & Compliance
Model change management and versioning
requiredtrinidy
Who approves model updates, what testing is required, how changes are versioned and rolled back, what the audit trail is.
05 · Governance & Compliance
Bias and disparate-impact assessment across demographics
required
Sensitivity and PPV measured across age, sex, race/ethnicity, and preferred-language segments — medication dosing models have documented bias risk.
05 · Governance & Compliance
Explainability / reason-code infrastructure for every alert
required
SHAP or equivalent reason-code output per alert — required for HTI-1 DSI transparency, NPSG audit, and clinician trust.