Managing Risks:

NIST AI RMF

History and overview

The NIST AI Risk Management Framework (AI RMF) was released in January 2023 by the U.S. National Institute of Standards and Technology. It aims to provide voluntary guidance to organizations developing or deploying AI systems, focusing on promoting trustworthy and responsible AI.

Why is it relevant?

Healthcare AI systems are often high-stakes and safety-critical. NIST AI RMF promotes:

– Risk-informed deployment

– Transparency and reliability of algorithms

– Cross-functional accountability and documentation

Scope of Application

AI RMF is voluntary but widely adopted by both private and public sectors. It applies to:

– AI developers and researchers

– Healthcare organizations using AI

– Vendors integrating AI into medical products

Key Obligations and Requirements

Govern: Establish AI risk policies, roles, and governance structures

Map: Understand the context and intended use of the AI system

Measure: Assess and monitor risks such as bias, robustness, explainability

Manage: Prioritize and respond to risks throughout the AI lifecycle

Documentation and Governance Requirements:

– Conduct internal reviews of AI impact on patient outcomes

– Document training datasets, assumptions, and design choices

– Implement risk logs and measurement protocols

Risks and Challenges

– Not enforceable, relies on organizational maturity

– Lack of standardized metrics for AI risks

– Coordination gaps between technical and clinical teams

Best Practices for AI Developers and Healthcare Organizations

– Adopting structured risk management processes

– Aligning with HIPAA, ISO, and FDA guidance

– Establishing AI review boards for healthcare deployment

Future Developments

– NIST plans sector-specific profiles, including healthcare

– Potential integration with emerging U.S., Canadian AI regulations

Alignment with Other Standards

HIPAA: For privacy and PHI security

ISO/IEC 42001: Governance framework

OECD AI Principles: Ethical AI practices