HCAIRA

Evaluate your organization's AI governance readiness across four critical domains. Complete the 12-question assessment and receive a scored Executive Report with a prioritized remediation roadmap.

12 Questions · ~10 MinutesFree AssessmentConfidential

Domain 1·Element 1·NIST GOVERN

AI Governance, Culture & Shadow AI

Foundational oversight mechanisms and cultural risks of unmanaged AI adoption

Q1.Has your organization established a formal, cross-functional AI governance committee or designated an existing committee to oversee AI adoption?

Q2.Does your organization maintain a centralized, actively managed inventory of all AI tools currently in use across clinical and back-office operations?

Q3.Is there a documented, mandatory risk classification and approval process that must be completed before any new AI tool or AI-embedded software is procured or deployed?

Domain 2·Elements 2 & 3·NIST GOVERN, MAP

Data Privacy, Security & Cyber Threats

Protection of PHI, AI-specific cyber threats, and patient transparency

Q4.How does your organization ensure that third-party AI vendors comply with HIPAA Privacy and Security Rules and defend against AI-specific cyber threats?

Q5.Do your vendor contracts and Data Use Agreements explicitly prohibit the use of your organization's data (including de-identified data) for training the vendor's foundational AI models without explicit consent?

Q6.Has your organization implemented a mechanism to notify patients when AI tools are used in ways that directly impact their clinical care or when their data is used to train AI models?

Domain 3·Elements 4 & 6·NIST MAP, MEASURE, MANAGE

Risk, Equity & Quality Monitoring

Algorithmic bias, equity risks, and post-deployment performance monitoring

Q7.Before deploying a clinical or operational AI tool, does your organization require vendors to provide documentation (e.g., AI Model Cards) detailing how the model was trained, its known limitations, and how equity risks and bias were evaluated?

Q8.Does your organization have a defined process to test AI tools against local, representative patient data to ensure the model performs equitably across your specific patient populations?

Q9.Once an AI tool is deployed, is there a continuous monitoring program in place to detect performance degradation, "model drift," or emerging biases over time?

Domain 4·Elements 5 & 7·NIST MANAGE

Clinical Reliance, Incident Reporting & Training

Automation bias, safety event reporting, and AI literacy programs

Q10.How does your organization address the risk of "automation bias" — where clinicians or staff over-rely on AI outputs, degrading clinical skills or situational awareness?

Q11.Does your organization participate in voluntary, blinded reporting of AI safety-related events to an independent organization (e.g., a Patient Safety Organization or Joint Commission sentinel-event process)?

Q12.Does your organization provide foundational AI literacy training for all staff, as well as role-specific training for clinicians and employees who directly interact with AI tools?

0/12 questions answered

12 questions remaining.