Practical governance, risk, and compliance resources for managing emerging technology risks in healthcare environments, with a focus on HIPAA privacy compliance.
- AI Acceptable Use Addendum — A policy addendum addressing the use of Generative AI tools by healthcare workforce members. Covers PHI protections, approved vs. unapproved tools, human oversight requirements, and incident reporting procedures. Includes scenario-based guidance for common use cases.
- AI Vendor Risk Assessment Checklist — A structured checklist for evaluating AI vendors prior to organizational adoption. Covers Business Associate Agreement requirements, data handling practices, access controls, vendor security posture, and output reliability.
These resources were developed to address the growing intersection of healthcare privacy compliance and AI adoption. They reflect practical experience in information governance, privacy policy development, and institutional risk management.
Jose Ruiz-Vazquez — LinkedIn Profile