AAISM · Question #224
A hospital adopts an AI solution from an external vendor to help diagnose rare diseases. Which of the following BEST demonstrates the verification of security requirements for this technology?
The correct answer is D. Integrate requirements for sensitive data aligned with healthcare regulations.. Aligning the AI system's sensitive data handling with healthcare regulations provides a legally mandated, comprehensive security baseline that directly verifies security requirements are met.
Question
A hospital adopts an AI solution from an external vendor to help diagnose rare diseases. Which of the following BEST demonstrates the verification of security requirements for this technology?
Options
- ARequire contractual clauses stipulating periodic information security reviews.
- BPreview contractual clauses of mandatory security AI software update.
- CPerform regular in-depth vulnerability scans on the AI system.
- DIntegrate requirements for sensitive data aligned with healthcare regulations.
How the community answered
(62 responses)- A13% (8)
- B6% (4)
- C3% (2)
- D77% (48)
Why each option
Aligning the AI system's sensitive data handling with healthcare regulations provides a legally mandated, comprehensive security baseline that directly verifies security requirements are met.
Contractual clauses for periodic security reviews schedule future assessments but do not verify that the system currently meets defined security requirements.
Mandatory update clauses address patch cadence for known vulnerabilities but do not comprehensively verify the system's adherence to sensitive data security requirements.
Vulnerability scans identify technical weaknesses but do not verify that the overall system design and configuration align with applicable regulatory security requirements.
Integrating requirements for sensitive data aligned with healthcare regulations such as HIPAA is the best demonstration of security verification because it ensures the AI solution satisfies mandatory legal standards for protecting protected health information, including access controls, audit logging, breach notification, and data minimization. This creates a formal, auditable security baseline rooted in regulatory obligation rather than general best practice. It also ensures the vendor's implementation is evaluated against standards that carry legal accountability.
Concept tested: Healthcare AI security requirements aligned with regulatory compliance
Source: https://www.hhs.gov/hipaa/for-professionals/security/index.html
Topics
Community Discussion
No community discussion yet for this question.