Where does your healthcare organization stand on AI governance? Get set up in 5 minutes.
Auditors, carriers, and boards are asking healthcare leaders to prove their AI is governed. The PHI Readiness Assessment runs your team through scenario-based questions, then maps your organization's posture against the controls these evaluators look for and shows you exactly where the gaps are.
How it works
Your team takes a scenario-based assessment
Clinicians and staff answer scenario-based questions covering PHI identification, safe AI usage, policy awareness, and incident response. Your team interacts with the Three Gates detection engine as they go.
You get an anonymized readiness report
Results are aggregated with k-anonymity protections and regulatory citations. The report is ready when 5 employees complete. No individual scores are ever exposed.
Each gap maps to a specific requirement
Each gap maps to a specific governance requirement, with a clear remediation path. Share the report with leadership to justify action.
What you get
Every organization that completes the assessment gets a report like this, with readiness scores, supporting citations, and recommended next steps.
AI Readiness Report. Sample
Overall Readiness: 74/100
This organization shows developing readiness across four assessed categories. Two categories fall below their regulatory targets.
Not Ready
0–39
Emerging
40–59
Developing
60–79
Proficient
80–100
Category Breakdown
Scores vs. HIPAA-derived targets. Each target reflects minimum competency for the cited regulation.
Baseline Measurement
These scores reflect your team's existing knowledge. Before any training or intervention. Use them to measure the true impact of your remediation efforts.
Priority Findings
PHI Identification below §164.502(a) target
62% of clinical staff correctly identified PHI in AI prompt scenarios, against an 85% target derived from the HIPAA minimum necessary standard. Recommend targeted training on PHI boundaries in AI interactions.
Policy Awareness exceeds target
84% of staff demonstrated awareness of organizational AI policies. Above the 75% target. Current training and policy communication are effective in this area.
What the assessment covers
The assessment looks at the governance controls a healthcare organization needs in place before deploying AI around patient data.
PHI handling
Whether staff can identify sensitive identifiers before they enter AI workflows.
AI access controls
Whether your organization can explain who is allowed to use AI, for which work, and under which policies.
Audit trail readiness
Whether AI interactions produce records your compliance, security, and incident-response teams can use.
Vendor governance posture
Whether AI tools and providers are reviewed, approved, and routed according to your risk model.
Training and oversight
Whether staff know what to do when AI touches patient data and when a human must review the output.
Incident response readiness
Whether your team can respond when sensitive data is handled incorrectly by an AI system.
Who should take this
The PHI Readiness Assessment is designed for healthcare organizations handling PHI, including hospitals, health systems, large practices, and digital health companies. It is most useful when completed by someone with visibility into your organization's AI use and policies, such as a CISO, compliance leader, CMIO, or security architect.