Healthcare Organizations Get Guidance on Managing Third-Party AI Risks
The Health Sector Coordinating Council has released a 109-page guide to help healthcare organizations manage the security risks of AI tools supplied by outside vendors. The guidance addresses a practical problem: hospitals and health systems increasingly depend on third-party AI services-from natural language processing in electronic health records to remote monitoring devices-yet struggle to verify the security practices and integrity of those systems.
Healthcare organizations often cannot see the full scope of AI components built into the products they buy. Vendors source these components through layered supply chains involving subcontractors, offshore development, and open source software, making it difficult to identify hidden dependencies and potential failure points.
What the Guide Covers
The Health Industry Third Party AI Risk and Supply Chain Transparency Guide draws from established frameworks including the NIST AI Risk Management Framework and adapts existing cybersecurity best practices for AI for Healthcare supply chains.
The guide is designed for organizations of any size and at any stage of AI adoption. Risk managers, compliance teams, and procurement officers can use the entire document or select sections relevant to their operations.
Key tools in the guide address:
- Identifying AI-specific risks in third-party products
- Closing gaps in discovery and disclosure processes
- Defining accountability expectations across vendor relationships
- Setting performance standards for AI components in the supply chain
A Glossary for Consistent Terminology
The HSCC also published an AI Cyber Glossary to establish standard definitions for AI terminology across the healthcare sector. The glossary will serve as a foundation for future guidance materials from the organization's AI Task Group.
Healthcare organizations should distribute the guidance to senior business and technical leaders and evaluate their current third-party risk management practices against the standards outlined in the document.
Your membership also unlocks:
