All courses
Say yes to AI tools — defensibly

AI Security & Governance for Healthcare

For the leader whose organization is adopting AI scribes, ambient documentation, or embedded EHR AI faster than anyone is governing it. Inventory the AI you actually have, put boundaries around it, and build the governance cadence that keeps the answer current.

4 modules · 8 lessons~3.8 hoursCompletion certificate

Early-access pricing — final pricing set at launch. Secure checkout via Stripe.

Who this is for

Practice/hospital leaders rolling out clinical AI; healthcare-tech teams adding AI features

What you walk away with

  • A shadow-AI discovery method for browser, SaaS, and EHR surfaces
  • A per-tool intake covering BAA, audit logs, NPP, and patient consent
  • An AI acceptable-use policy mapped to NIST AI RMF that staff won't route around
  • A quarterly governance cadence you can actually sustain

Curriculum

Module 1

Finding the AI You Actually Have

Sanctioned is not inventoried. Discovery across browser, OS, SaaS, and the EHR — and the interview technique that surfaces shadow tools without a witch hunt.

  • Shadow-AI Discovery

    Run a discovery pass that finds embedded and unsanctioned AI before it finds you.

    30 min
  • The Data-Flow Map

    Trace what each tool ingests, retains, and shares — down to the subprocessor layer.

    30 min

Module 2

The Intake Discipline

One intake per tool, per vendor: BAA coverage, §164.312(b) audit-log validation, NPP language, and the consent script the front desk can actually deliver.

  • BAA Gaps in AI Contracts

    Find the silence in AI vendor agreements: prompt logs, QA transcripts, training use, subprocessors.

    30 min
  • Audit Logs and Patient Consent

    Validate exportable audit evidence and stand up the six-question consent script.

    30 min

Module 3

Governance That Holds

The AUP staff won't route around, the approved-tool catalog, and the quarterly cadence — mapped to NIST AI RMF and the Generative AI Profile.

  • Policy and the Approved-Tool Catalog

    Write an AI acceptable-use policy with a sanctioned alternative for every real need.

    30 min
  • The Quarterly Cadence

    Run the standing review that catches new AI surface before it becomes load-bearing.

    25 min

Module 4

If You Ship AI: Product-Side Basics

For teams putting LLMs in front of patients or customers: the OWASP LLM Top 10 threat classes and what a pre-launch review must exercise.

  • LLM Threat Classes That Matter

    Recognize prompt injection, data exfiltration, and agent scope creep in your own architecture.

    30 min
  • The Pre-Launch Review

    Scope a product security review that tests the failure modes your users will actually hit.

    25 min

Early-access pricing — final pricing set at launch. Secure checkout via Stripe.

AI Security & Governance for Healthcare — Diallo Security Advisors Academy