This guide is educational and must be reviewed against local organizational policy, legal, privacy, security, and compliance requirements before use.
Purpose
The goal is to help teams ask better questions before using AI in healthcare operations work. This guide is not a substitute for local policy or formal review.
Practical Questions
Before using AI, ask:
- What data is being used?
- Could the content identify a patient, employee, provider, facility, system, or internal process?
- Is the data synthetic, de-identified, public, internal, or sensitive?
- What tool will process the data?
- Who can access the input, output, and logs?
- What human review is required before use?
- What local approval or review is needed?
Public-Safe Reusable Material
Reusable public examples should use:
- Synthetic examples
- De-identified scenarios
- Generic templates
- Educational descriptions
- No internal logs, screenshots, tickets, or records
Escalate For Local Review
Pause and seek appropriate local review when a workflow involves:
- Patient-identifiable information
- Employee-identifiable information
- Internal incident details
- Non-public system configuration
- Contractual, legal, financial, or security-sensitive content
- Unclear platform retention, access, or logging behavior
Human Review Standard
AI output should be treated as a draft. The accountable human reviewer should verify facts, remove unsupported claims, check data boundaries, and decide whether the output can be used.