Establishing Responsible Artificial Intelligence-Use Among Healthcare Institutions Through ISO IEC 42001 Artificial Intelligence Management System
摘要
Healthcare organizations continuously improve efficiency in care operations by integrating technology solutions that improve quality of care with the limited human resources available in their work setting. Technologies such as chatbots used in teleconsultation have improved the healthcare providers interact with patient needs. Concurrently, the European Council has adopted the European Union Artificial Intelligence (AI) Act in May 2024 to manage risks associated with the use of AI-enabled tools in different direct patient care and back-office operations. The International Organization for Standardization has also published the artificial intelligence management system requirements to allow any organization worldwide to create a Statement of Applicability that organizations will use based on the AI controls that they justify for inclusion as it applies to their workflow and AI-enabled information and communication technology assets. Hence, this paper focuses on presenting the policy development guidelines that organizations need to understand when they evaluate their organization’s compliance to applicable AI controls. Healthcare organizations can better identify responsible AI use by understanding in detail control objectives and controls such as (1) Policies related to AI, (2) Internal organization, (3) Resources for AI systems, (4) Assessing impacts of AI systems, (5) AI system life cycle, (6) Data for AI systems, (7) Information for interested parties of AI systems, (8) Use of AI systems, and (9) Third-party and customer relationships. Ultimately, the commitment of administrators and management team in selecting, implementing, and continually improving selected AI controls will be essential in ensuring that technology rollouts will comply with responsible AI use that provides efficient healthcare service while adopting an acceptable level of risk in known privacy issues in processing client data.