CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 11, 2026

Joint Commission Certification Targets Healthcare AI Risks

Data Breach Today Archived Jun 11, 2026 ✓ Full text saved

Program Focuses on AI Governance, Safety, Privacy, Bias and Transparency Accreditation organization Joint Commission is rolling out a voluntary program for certifying the "responsible" deployment and use of artificial intelligence technologies by U.S. healthcare provider organizations, including governance, safeguards, monitoring processes and education.

Full text archived locally
✦ AI Summary · Claude Sonnet


    Artificial Intelligence & Machine Learning , Data Security , Next-Generation Technologies & Secure Development Joint Commission Certification Targets Healthcare AI Risks Program Focuses on AI Governance, Safety, Privacy, Bias and Transparency Marianne Kolbasuk McGee (HealthInfoSec) • June 11, 2026     Share Post Share Credit Eligible Get Permission A new Joint Commission certification program looks to recognize healthcare organizations for "responsible" AI use, including governance, risk management and patient safety. (Image: Joint Commission) Artificial intelligence tools are rolling out in healthcare delivery systems for clinical and operational uses faster than many organizations can account for. A new Joint Commission certification program recognizes healthcare organizations that demonstrate they "responsibly" deploy and use AI, including effectively managing privacy, security and safety risks. See Also: AI Fuels New Wave of Browser-Based Cyberattacks The program doesn't scrutinize or validate specific AI products or tools - but rather certifies healthcare providers that establish "the safe, reliable, transparent and ethical use of AI," the Joint Commission said. The recently announced Responsible Use of AI in Healthcare, or RUAIH, certification program builds upon AI guidance the Joint Commission and industry group the Coalition for Health AI issued last September. RUAIH certification standards are focused on five critical AI areas: governance; effective data management; risk and bias reduction; monitoring, evaluating and validating safety performance; and transparency, education and training. "At its core, RUAIH recognizes that responsible AI use is not only a technology issue - it is a patient safety, quality, governance, privacy and trust issue," the Joint Commission said. Some experts said the new certification program and the attention given to AI governance and risk issues by the 75-year old healthcare accreditation body comes at a crucial time. An American Medical Association survey in March found that more than 80% of physicians report using AI tools professionally. The most frequent uses were summarizing medical research and providing clinicians with updates on standards of care. "Healthcare organizations are already experimenting with and deploying AI across clinical, operational, administrative and care-support workflows, but the governance around those tools is often uneven," said Dave Bailey, vice president of consulting and strategy at healthcare privacy and security consultancy Clearwater. "A voluntary certification from the Joint Commission gives the industry a recognizable framework for asking the right questions: Who owns AI risk? How are models approved? How are data privacy, security, bias, safety, performance and patient transparency addressed? How is AI monitored after deployment?" Tom Walsh, founder of healthcare privacy and security consultancy twSecurity, said the Joint Commission's "strong focus" on AI governance in healthcare is significant. "It has been my experience that the leadership of hospitals and healthcare systems already know they need to establish controls and governance over AI before it is too late," he said. Hospitals and health systems recognize the need to address growing concerns raised by both patients and board members about the safe use of AI, especially when it comes to patient treatment and care, he said. "Having the Joint Commission certification may provide leverage for implementing the governance needed. If the guidance for AI governance comes from an independent third party like the Joint Commission as an industry standard, it may have more clout than if the governance structure originated as a homegrown or internal effort," he said. The Joint Commission said the AI certification program examines several critical issues including whether a healthcare provider has a formal governance structure to support and manage the use of health AI across the organization, as well as processes to safeguard patient data from unauthorized access or theft. Certification also considers whether resources are in place to securely develop, deploy and manage health AI systems and processes to identify and mitigate risks and biases in AI tools. Other requirements for certification include having processes to monitor and evaluate the safe and effective performance of health AI tools throughout their life cycle; internal and external reporting processes for health AI safety-related events; AI tool education and training for staff; and patient and family transparency involving the use of AI. Despite the growing popularity of healthcare AI and the Joint Commission's clout, Walsh predicted that adoption of the certification will be "slow at first," mainly due to resource limitations. "However, if there is pressure from the board - asking for some type of assurance that AI is being properly addressed, then we may begin seeing an increase in certifications," he said. "Even if only a few larger healthcare organizations initially obtain the certification, it could eventually become the prevailing practice in healthcare, even for organizations that are not currently Joint Commission accredited." The Joint Commission did not immediately respond to ISMG's request for additional details about how the AI certification program will work. The commission's certifications are typically evidence-based and tied to survey and accreditation processes, Bailey said. "Organizations seeking certification will likely need to demonstrate documented governance practices, policies, oversight mechanisms, monitoring activities and accountability structures rather than simply completing a maturity assessment," he said. "That emphasis on operational proof can help move AI governance from theory into practice."
    💬 Team Notes
    Article Info
    Source
    Data Breach Today
    Category
    ◇ Industry News & Leadership
    Published
    Jun 11, 2026
    Archived
    Jun 11, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗