News: New HSCC guidance for healthcare organizations addresses AI cyber risk, governance
The Health Sector Coordinating Council (HSCC) released its latest installment in a series of AI-specific publications aimed at helping healthcare organizations securely adopt AI. Its new guidance document focused on AI risk and governance framework implementation, acknowledging how responsible AI adoption in healthcare requires strong governance structure.
The 87-page publication is part of a series of complementary AI-specific cybersecurity guidance developed by the HSCC’s AI cyber governance task group. The task group will continue to publish guidance in the coming months.
The publication’s content spans clinical safety and ethics, specific cybersecurity and privacy controls, generative AI, and large-language model risks, AI supply chain and concentration risks, and AI-specific incident response.
HSCC notes that the guidance specifically pertains to the cybersecurity components of an AI governance framework and that it should not be used in isolation. Instead, organizations should use the framework alongside existing organizational governance activities.
Additionally, the HSCC recommended that organizations establish an AI cyber governance committee, consisting of program leads, physician leaders, IT and security teams, legal experts, and patient advocates.
"Without proper AI governance, AI systems can leak data, disrupt operations, perpetuate biases, adversely affect populations, or fail catastrophically—ultimately compromising patient care, causing direct harm, and damaging organizational reputation," the document stated.
The HSCC AI cyber governance task group stressed the importance of managing AI governance throughout the entire AI lifecycle. This ranges from strategy and policy to procurement and contracting, patching incident response, and the decommissioning of tools.
The guidance overall seeks to provide insight into the reality of AI adoption in healthcare. To safely do so, it requires organizations to consider not just cyber risk, but operational and patient care risks as well.
"With the ever-changing healthcare ecosystem, effective management of AI is critical to patient safety," the HSCC stated.
Editor’s note: To read the full guidance document, click here. To read additional coverage by TechTarget, click here.