Strategy & Leadership
2 questions
AI vision tied to business outcomes; exec sponsorship; budget; AI ownership; clear business alignment
Our organization has a written AI strategy endorsed by the board, CEO, or CMIO.
AI initiatives have a named executive sponsor (e.g., CMIO, CIO, COO) and dedicated budget separate from general IT.
Use-Case Portfolio
2 questions
Inventory + prioritization; opportunity matrix; ROI cases; AI-type fit
We maintain an inventory of candidate AI use cases classified by risk tier (administrative / clinical-adjacent / clinical decision support).
Each candidate use case has a documented clinical or operational owner and a measurable value hypothesis (time saved, denials reduced, no-shows avoided, etc.).
Data Foundations
2 questions
Quality, accessibility, lineage, governance, integration, labeling
Clinical and operational data (EHR, claims, scheduling, RCM) is accessible for AI workflows through documented data extracts or integration patterns.
We track data quality metrics (completeness, accuracy, timeliness) on the datasets that feed AI use cases.
Technology & Infrastructure
2 questions
Cloud, APIs, integrations, security architecture, MLOps/LLMOps, model hosting
We have a defined approach for AI workloads — cloud strategy, model hosting, FHIR/HL7 integration patterns — endorsed by IT.
MLOps / LLMOps practices (versioning, environment isolation, monitoring) are in place for any AI moving toward production.
Security & Privacy
2 questions
Information security, data protection, vendor/3rd-party risk, ePHI / FERPA / PII controls
All AI vendors processing PHI are covered by current Business Associate Agreements (BAAs) and our HIPAA Security Rule review.
PHI flow mapping is documented for each AI use case, with de-identification (Expert Determination or Safe Harbor) applied where appropriate.
Talent & Culture
2 questions
AI literacy, skills, training, change management, adoption appetite, resistance risk
AI literacy training is available and required for clinicians and operational staff who will work with AI-augmented workflows.
We have identified physician champions and an engagement model that brings clinicians into AI design before deployment.
Process Maturity
2 questions
Workflows documented; repetitive / high-friction / measurable tasks identifiable
Core clinical and administrative workflows targeted for AI are documented (SOPs, swim-lanes, or process maps) with cycle-time baselines.
We have change-management practices for technology rollouts that include clinician feedback loops, training plans, and rollback triggers.
Governance, Risk & Responsibility
2 questions
Policies, AI inventory, risk tiering, human oversight, bias testing, explainability, audit trails
An AI governance committee with clinical, IT, compliance, and legal representation reviews AI use cases before deployment.
We have documented human-in-the-loop policies for AI decisions affecting patient care, utilization management, or prior authorization (per CA SB 1120 / similar).
Vendor & Procurement Readiness
2 questions
Build/buy/partner decisioning; vendor DD; contract templates; BAAs/DPAs; tool sprawl control
Vendor due-diligence includes algorithmic transparency (model cards, training data, validation evidence) — not just security and price.
For certified-EHR AI features, we have an HHS HTI-1 DSI source-attribute review process and annual attestation tracker.
Implementation Capacity & Operations
2 questions
Can the org actually pilot, buy, build, deploy, train, monitor? Post-deploy monitoring; shadow-AI discovery
We have a track record of moving AI from pilot into operational use, with explicit go-live criteria and clinical validation evidence.
Production AI is monitored post-deployment for drift, bias/equity, and shadow-AI use (staff using personal/unsanctioned LLM accounts on PHI).