Governance & Program Info

Surgical AI & Intraoperative Decision Support — Governance

Cross-builder institution context and per-item ownership, due dates, status, and next actions for the governance-relevant checklist items in this builder.

← Back to checklist
Institution context
Program info
Applies across every builder in the app. Stored locally; nothing leaves the browser.
Checklist governance
Items (0 of 18 marked complete)
Annotate ownership, due date, status, and next action. Items on the left come from the builder's governance / compliance phases.
05 · Governance & Compliance
Confirm FDA 510(k) pathway and predicate device
required
Identify the 510(k) predicate and intended-use claim for the surgical AI overlay.
05 · Governance & Compliance
Adopt FDA SaMD framework classification
required
Classify the device under FDA Software as a Medical Device risk categorization (Class II most common for advisory overlays).
05 · Governance & Compliance
File Predetermined Change Control Plan (PCCP)
required
FDA PCCP guidance (finalized Sep 2025) allows pre-authorized model updates without a new 510(k). Critical for an ML product that improves over time.
05 · Governance & Compliance
Comply with IEC 62304 software lifecycle
required
Medical device software lifecycle standard — risk classification, verification, validation, post-market surveillance.
05 · Governance & Compliance
Maintain ISO 13485 quality management system
required
Medical device QMS standard — required for both FDA and CE mark pathways.
05 · Governance & Compliance
Apply 21 CFR Part 11 for electronic records
required
Electronic records and signatures for model audit trails, training records, and validation reports.
05 · Governance & Compliance
Classify as high-risk AI system under EU AI Act Annex III
required
Intraoperative decision support falls under EU AI Act (Regulation 2024/1689) high-risk classification.
05 · Governance & Compliance
Build technical documentation file (EU AI Act Article 11 / Annex IV)
required
Required technical file covering design, training data, validation, risk management, and intended use.
05 · Governance & Compliance
Implement human oversight measures (Article 14)
required
Document the surgeon-in-the-loop override mechanism, alert acknowledgment, and override logging.
05 · Governance & Compliance
Establish post-market monitoring (Article 72)
requiredtrinidy
Continuous collection of real-world performance data for the lifetime of the device.
05 · Governance & Compliance
Register device in EU high-risk AI database
required
High-risk AI systems must be registered in the EU database before placing on the market.
05 · Governance & Compliance
Classify surgical video as PHI (HIPAA 45 CFR 160/164)
required
Surgical video is PHI under HHS OCR guidance — triggers full HIPAA Privacy and Security Rule obligations.
05 · Governance & Compliance
Execute Business Associate Agreements with all vendors
required
Every vendor touching surgical video (annotation, cloud training, model serving) requires a BAA.
05 · Governance & Compliance
Enforce on-premises PHI sovereignty
requiredtrinidy
Surgical video and derived data remain within the institution's perimeter.
05 · Governance & Compliance
Map GDPR obligations for EU deployments
required
GDPR applies to any EU patient data processing — data subject rights, lawful basis, data protection impact assessment.
05 · Governance & Compliance
Adopt NIST AI Risk Management Framework 1.0
recommended
NIST AI RMF 1.0 as the enterprise-wide governance baseline — Map, Measure, Manage, Govern.
05 · Governance & Compliance
Board-level AI governance reporting for surgical AI
recommended
Surgical AI performance, incidents, and override rate reported to the board clinical quality committee.
05 · Governance & Compliance
Adverse event reporting (MedWatch / EUDAMED / Vigilance)
required
Reporting channels for AI-implicated adverse events to FDA MedWatch and EU EUDAMED.