Evaluation of an AI-Enabled Clinical or Administrative Tool
Company Information & Core Requirements
Are there clinical professionals on the leadership team?
Does the company attest that the tool is HIPAA compliant (or compliant with applicable data privacy laws)?
Does the company provide a business associate agreement (BAA)?
Does the company encrypt personal / user data (at rest and in transit)?
Is there clinical evidence to support the tool's safety and effectiveness?
Does the company have any additional technology related certifications (e.g., SOC 2, ISO 27001)?
Practice Needs & Usability
Does the tool fit your practice needs related to (select all that apply):
Data Privacy & Control
What personal data does the company collect?
Please note: Collection of PHI triggers HIPAA/BAA requirements.
Does the company allow a user to delete, correct, and/or amend data?
How long is data retained? (Refer to company's policy)
Where is data stored? (e.g., USA, EU, specific cloud provider)
Does the company share data with third parties (e.g., for marketing, research)?
Does the company sell data?
Does the tool provide guidance regarding obtaining patient informed consent for data use (if applicable)?
AI Considerations
If the tool uses AI, is user data and/or your company data used to train the underlying AI model?
Evaluation Summary
This checklist is provided for informational purposes and as a potential resource. It does not constitute legal or definitive ethical advice. Practitioners should always consult relevant professional guidelines, legal counsel, and use their professional judgment when evaluating and implementing any new technology.