Healthcare AI Certification Program

What are the eligibility requirements?

To obtain or maintain certification, an organization must:

• Be in full compliance with CIHQ certification policies
• Be in full compliance with CIHQ certification standards or have developed and implemented an acceptable plan of correction to come into compliance in areas of deficient practice
• Pay certification fees in a timely manner
• Permit access by AnalytAIX staff to policies, procedures, AI systems, and other sources of information necessary to perform the certification assessment
• Submit an annual attestation, signed by the organization’s Chief Executive Officer, confirming continued adherence to AI-Trust™ Standards

What exactly does this certification address?

This certification program systematically assesses the key domains of AI trustworthiness:

• AI governance and accountability structures – how oversight of AI is organized (e.g. committees, leadership responsibility)
• Data provenance, privacy, and PHI handling – how data used by AI is sourced, managed, and protected
• Model lifecycle management and change control – how AI models are developed, validated, updated, and retired
• Human-in-the-loop safeguards and escalation pathways – how human oversight is implemented and how issues with AI are escalated
• Transparency, explainability, and disclosure practices – how AI use and limitations are communicated internally and externally
• Bias detection, drift monitoring, and post-deployment controls – how the AI’s performance is monitored for bias or degradation over time and controlled
• Incident response and continuous oversight mechanisms – how AI-related incidents are handled and how ongoing compliance is maintained
• Third party AI and vendor governance – how externally developed or hosted AI systems are evaluated, monitored, and contractually governed
• Research and advanced analytics governance – how AI systems used in research, advanced analytics, and model-driven insight generation are governed, documented, and protected

What are the standards based on?

The certification standards are based on the following:

• National Institute of Standards & Technology (NIST) Artificial Intelligence Risk Management Framework
• Organization for Economic Co-operation and Development (OECD)
• General Data Protection Regulation (GDPR)
• IS International Organization for Standardization O/IEC 42001
• Health Insurance Portability and Accountability Act (HIPAA)
• Personal Data Protection Law (PDPL)

How are requirements under each standard assessed?

Each certification standard contains one or more requirements. Each requirement is classified under one of the following categories:

• Core – These requirements establish the minimum structures and processes necessary for an AI trustworthy organization
• Level I – These requirements represent advanced structures and processes necessary for an AI trustworthy organization
• Level II – These requirements address optimal structures and processes for an AI trustworthy organization

Does this program certify specific AI models or vendors?

Certification does not:

• Certify individual AI products or algorithms
• Validate clinical, technical, or operational efficacy
• Constitute regulatory authorization or approval
• Serve as legal compliance determination
• Transfer liability from the certified organization

How long is certification good for?

Certification is awarded to an organization for a maximum of 36 months. Prior to the 36-month expiration, the organization must undergo another full assessment to maintain its status. For initial surveys, the date of certification will be the date that a submitted plan of correction has been accepted by CIHQ to address any identified deficiencies.

What are the levels of certification?

Provisional Certification
Provisional certification is granted when an organization meets all Core requirements either at the time of the validation survey or submits / implements an acceptable plan of correction for identified deficiencies within 30 days following the survey.

Full Certification
Full certification is granted when an organization meets all Level I and Level II requirements either at the time of the validation survey or submits / implements an acceptable plan of correction for identified deficiencies within the following timeframes:

• Level I Requirements – within 90 days following survey
• Level II Requirements – within 180 days following survey

What information about our certification is disclosed to the public?

CIHQ may, at its discretion, make the following information available to the public:

• Verification that the organization is certified or is seeking certification
• The organization’s current certification status
• The dates of the organization’s initial or last assessment
• The expiration date of the organization’s current certification

How much does the certification cost?

The fee is determined by the scope and degree of AI integration into an organization’s structures and practices, as well as the scope and complexity of the organization services. The higher the level of AI integration and scope the more time and resources are necessary to adequately perform the assessment. Hence, fees are adjusted based on this fact. It is anticipated that most assessments will be performed virtually. However, if an on-site survey is required, the organization will be billed for usual and customary travel expenses.