Healthcare AI Governance Framework
Hydrog7n
The most fundamental and important element in Healthcare AI Governance.
A proprietary 7-tier governance framework mapped to NIST AI RMF, ISO/IEC 42001:2023, and the OECD AI Principles. Reviewed regularly as regulation evolves.
Governance Tiers
7
Board → Model level
Total Controls
34
Across all tiers
Frameworks
5
NIST, ISO, OECD +
Lifecycle Gates
5
Initiation → Production
Filter by framework
NIST RMF
ISO/IEC 42001
OECD AI Principles
IBM Auto AI Gov
HIPAA / FDA / HL7
No results found.
Tier 1
Board of Directors / Governing Body
Ultimate accountability: strategic mandate & ethical tone
Core Responsibilities
AI Strategy Charter
Approve the organisation's AI vision, risk appetite statement, and investment thresholds. Establish AI as a board-level agenda item, minimum monthly.
ISO 42001 §4OECD P1
Ethical Principles Resolution
Pass a formal resolution encoding safety, transparency, fairness, and human oversight as non-negotiable principles for all AI systems deployed by the organisation.
OECD P2NIST Map 1.1
Risk Appetite Declaration
Define categorical risk tolerances: which AI use cases are prohibited (e.g., autonomous life-critical decisions without human override), high-risk, and permissible.
NIST GovernISO §6.1
Accountability & Fiduciary Duty
Designate the C-suite officer accountable for AI governance (typically CTO or CMIO). Ensure D&O insurance covers AI-related liabilities. Annual board AI literacy briefing required.
ISO §5.1HIPAA §164
Key Outputs / Artefacts
AI Governance PolicyRisk Appetite Statement
Ethics ResolutionBoard AI Scorecard (annual)
Accountability Matrix (RACI)
Tier 2
Executive Leadership (C-Suite)
Strategy execution: AI governance program ownership
Roles & Ownership
Chief AI Officer / CMIO
Program owner for AI governance. Chairs the AI Governance Committee. Reports directly to CEO with board visibility. Owns the AI system inventory and risk register.
ISO §5.3IBM Auto Gov
Chief Risk Officer
Integrates AI risk into enterprise risk management (ERM). Owns the organisation-level AI risk register. Escalation path for Tier 4 risk exceptions.
NIST GovernISO §6.1
Chief Compliance Officer
Ensures AI programs comply with HIPAA, FDA SaMD regulations, state AI laws, and emerging EU AI Act obligations. Owns regulatory horizon scanning.
HIPAAFDA 21 CFR
Chief Information Security Officer
AI-specific cybersecurity: model supply chain security, adversarial attack protection, PHI leakage prevention in LLMs, and AI vendor security assessments.
NIST AI RMFHIPAA §164.312
Executive Decisions
AI Investment & Portfolio
Approve AI project portfolio, allocate resources, set go/no-go criteria for AI program initiation. Minimum monthly portfolio review.
IBM Auto Gov
Incident Response Authority
Authority to suspend or terminate any AI system. Own the AI-specific incident response plan. Define escalation thresholds that trigger board notification.
NIST RespondISO §10.2
Tier 3
AI Governance Committee
Cross-functional oversight body: policy, standards & portfolio review
Committee Composition
CAIO / CMIO (Chair)Legal Counsel
Clinical LeadershipIT / Data Engineering
CompliancePatient Safety Officer
Privacy OfficerEthics Board Rep
Cybersecurity
Governance Functions
AI Use Case Registry
Maintain a central inventory of all AI systems: intended use, risk tier, data sources, clinical context, vendor, deployment status. Based on IBM OpenScale asset catalog concept.
IBM Auto GovISO §8.4
Risk Classification & Triage
Apply a 4-tier risk classification (Critical, High, Medium, Low) to every AI use case. Map to FDA SaMD risk framework for clinical systems. Drives depth of review required.
NIST MapFDA SaMD
Policy & Standards Ownership
Author and maintain AI-specific policies: algorithmic fairness, explainability requirements, human oversight minimums, training data governance, and model retirement.
ISO §8.1OECD P3
Vendor & Procurement Review
Third-party AI vendor assessment: model cards, bias audits, explainability support, HIPAA BAA compliance, contractual AI-specific SLAs and audit rights.
NIST Govern 6.1HIPAA BAA
Ethical Review Panel
High-risk use case ethical review: patient autonomy impacts, equity analysis, community representation in training data, and marginalised population impacts.
OECD P2, P4ISO §4.4
Escalation & Exception Management
Defined escalation paths from Tier 5 model teams. Authority to approve risk exceptions, require additional controls, or block deployment pending remediation.
NIST RespondIBM Auto Gov
Meeting Cadence
Full committee
Monthly
Risk subcommittee
Bi-weekly
Use case intake SLA
10 business days
Executive report
Quarterly
Tier 4
AI Program Management Office (AI PMO)
Operationalising governance: lifecycle gates & standards enforcement
AI Lifecycle Gate Framework
Every AI system passes through mandatory governance gates. The AI PMO owns gate criteria, evidence collection, and go/no-go authority for Tiers 4–5. Critical-risk systems require Tier 3 sign-off.
Gate 1: Initiation
Use case registration, clinical need validation, risk pre-classification, data availability assessment, regulatory pathway identification (FDA, CE Mark).
ISO §8.2NIST Map
Gate 2: Design & Data
Data governance plan, bias risk assessment for training data, privacy impact assessment (PIA), model architecture review, explainability approach selection.
NIST MeasureIBM AI Facts
Gate 3: Validation
Independent technical validation, clinical validation (for SaMD), fairness testing across demographic subgroups, adversarial robustness testing, performance benchmarks.
FDA §510(k)NIST Measure 2
Gate 4: Pre-Deployment
Final risk sign-off, clinical workflow integration review, staff training completion, human override mechanism verified, monitoring plan activated, rollback plan confirmed.
ISO §8.6OECD P5
Gate 5: In-Production Review
Scheduled post-deployment reviews (30/90/180 day), drift detection triggers, incident review integration, model lifecycle decision (maintain/retrain/retire).
IBM OpenScaleNIST Monitor
PMO Standards & Tools
AI Risk Register Template
Standardised risk register format: hazard, likelihood, severity, current controls, residual risk, owner, and review date. Required for all High and Critical systems.
NIST RMFISO §6.1.2
Model Card Standard
Mandatory model documentation: intended use, out-of-scope uses, training data summary, performance metrics by demographic group, known limitations, and contact.
IBM AI FactsOECD P3
Algorithmic Impact Assessment
Structured template evaluating fairness, safety, privacy, explainability, and environmental impact. Required at Gate 2. Severity-scaled depth of assessment.
OECD P2NIST Measure
Tier 5
Clinical & Operational AI Teams
Domain ownership: responsible deployment within clinical context
Team Roles
Clinical AI Product Owner
Clinician who owns the AI tool within their service line. Accountable for clinical workflow integration, staff training, and escalating adverse outcomes. Named on model card.
OECD P5ISO §5.3
AI Champion (Clinical)
Senior clinician embedded in the team who bridges AI outputs and clinical decision-making. Runs pre-deployment simulations and post-deployment case reviews.
NIST Govern 4
Operational AI Lead (IT / Data)
Technical owner for integration, infrastructure, monitoring pipelines. Manages EHR/FHIR integration, alert thresholds, and model version management.
IBM Auto GovHL7 FHIR
Operational Controls
Human-in-the-Loop Protocol
Document the minimum required human review step for every AI-generated output before it influences a clinical decision. Critical systems: clinician must affirmatively accept, not just dismiss.
OECD P5FDA AI/ML Action Plan
Staff Competency & Training
Role-based AI literacy training: what the model does, what it doesn't do, how to interpret outputs, when to override, and how to report issues. Annual recertification required.
ISO §7.2OECD P3
Near-Miss & Incident Reporting
Integrate AI incidents into existing patient safety reporting systems. Track AI-specific event types: false positives causing harm, missed diagnoses, alert fatigue, automation bias.
NIST RespondISO §10.1
Patient Communication Standard
When and how to disclose AI involvement in care. Consent workflows where required. Patient right to request human-only review. Plain-language AI disclosure templates.
OECD P2HIPAA Notice
Tier 6
AI Engineering & Data Science Team
Technical stewardship: build, test, monitor, retrain
Technical Governance Controls
Responsible AI Development Standards
Coding standards for ML: reproducible training pipelines, versioned datasets and models (DVC/MLflow), mandatory peer review for model architecture changes, and documented hyperparameters.
IBM Auto GovISO §8.4
Data Governance & Lineage
PHI de-identification protocols (Safe Harbor / Expert Determination). Data lineage tracking from source EHR to training set. Synthetic data generation policy. Data minimisation standard.
HIPAA §164.514NIST Measure 2.5
Bias & Fairness Testing Suite
Mandatory fairness metrics by protected class (race, sex, age, disability status, payer type). Disparate impact ratio, equalized odds, calibration across subgroups. Threshold defined per use case.
NIST Measure 2.2OECD P2
Explainability Implementation
Match explainability method to use case: SHAP/LIME for tabular clinical data, attention visualisation for NLP, saliency maps for imaging AI. Document method and limitations in model card.
OECD P3IBM AI Explainability
Security & Adversarial Testing
Adversarial attack testing (FGSM, PGD for imaging models), membership inference attack testing for PHI leakage, model inversion risk assessment, and prompt injection testing for LLMs.
NIST Measure 2.6HIPAA §164.312
Model Monitoring Pipeline
Automated drift detection (data drift, concept drift, prediction drift). Performance degradation alerts. PSI / KS-test baselines. Retraining triggers and approval workflow integration.
IBM OpenScaleNIST Monitor
Toolchain Standards
MLflow / DVC (versioning)
IBM OpenScale (monitoring)
SHAP / LIME (explainability)
Fairlearn / Aequitas (bias)
Weights & Biases (experiment tracking)
FHIR R4 (interoperability)
DICOM (imaging)
Tier 7
Model-Level Controls & Continuous Monitoring
Embedded safety: the model as a governed artefact
Per-Model Governance Requirements
Model Card (mandatory)
Intended use, out-of-scope uses, training data (source, size, date range, demographics), validation performance (overall + subgroup), known failure modes, version, owner, and expiry date.
IBM AI FactsOECD P3
Risk Tier Label
L1 / L2 / L3 / L4, embedded in model registry. Drives required monitoring frequency, human oversight level, retraining frequency, and escalation path.
NIST Map 1.5FDA SaMD Class
Confidence Thresholds & Abstention
Models below a defined confidence threshold must surface an "uncertain" output and escalate to human review rather than returning a low-confidence prediction without a flag.
OECD P5NIST Measure 2.7
Audit Log (tamper-evident)
Every inference logged: timestamp, input hash, output, confidence, version, user context. Retained per HIPAA data retention schedule. Accessible for post-hoc incident analysis.
HIPAA §164.312(b)ISO §9.1
Automated Performance Monitoring
Real-time dashboards: AUC/AUROC, sensitivity/specificity, fairness metrics per subgroup, throughput, latency. Automated alert to Tier 6 team on threshold breach. Weekly performance digest.
IBM OpenScaleNIST Monitor
Model Expiry & Retirement
Every model has an explicit expiry date (max 24 months; less for high-risk). Retirement requires documented handoff, clinical owner notification, and archive in model registry for 7 years.
ISO §8.7NIST Govern 5.2
Monitoring Thresholds by Risk Tier
L4 monitoring
Real-time + daily review
L3 monitoring
Hourly alerts + weekly review
L2 monitoring
Daily alerts + monthly review
L1 monitoring
Weekly digest + quarterly review
Drift detection window
14-day rolling baseline
Retraining trigger
>5% AUC degradation
AI Lifecycle Framework
Lifecycle Gates
Five mandatory governance checkpoints every AI system must clear before advancing. Gates apply across all risk levels (L1 to L4) with depth scaled to risk. No system proceeds without a documented go decision from the gate authority.
G1
Initiation
Register & scope
G2
Design & data
Plan & assess
G3
Validation
Test & verify
G4
Pre-deployment
Final sign-off
G5
In-production
Monitor & review