AI Governance Framework
S·A·F·E
The four-layer AI governance model built for healthcare
AI Adoption Assessment
AuthenTech AI
Safe AI adoption.

Most healthcare organizations are not ungoverned. They're uncoordinated. This assessment maps where your organization stands across all four layers of the SAFE Framework. Score each question honestly. The gaps you find are where your real AI risk lives. Score each statement: 0 = Not in place  |  1 = Partially in place  |  2 = Fully in place

Score Guide
High Risk
0 – 13 points
Partial Coverage
14 – 27 points
Strong Foundation
28 – 40 points
Each section max: 10 pts  |  Total max: 40 pts
S
Systems: Technology Layer
Do you know what AI is running inside your organization, and can you control where it goes?
We have a current inventory of all AI in use: tools we sanctioned, AI embedded in the clinical and operational systems we purchased, and tools staff use on their own devices.
When staff use an approved AI tool, PHI is automatically detected and protected before it reaches the model.
We can block or limit unapproved AI tools on our network, not just recommend against them.
We continuously detect new and unapproved AI as it appears, rather than relying on a point-in-time inventory.
We know which AI can access PHI and what each does with that data, and no new AI reaches a clinical or operational setting without a formal approval.
S: Systems Score
/ 10
A
Acquisition: Procurement Layer
Are you watching what your vendors are turning on?
Before we sign or renew with a vendor, we review specifically for AI features: what data they use, model transparency, and BAA coverage.
We are notified when a vendor switches on a new AI feature inside a product we already own, which re-triggers our BAA and privacy review.
We review P-card and AP spend to catch AI tools that were purchased without going through procurement.
We require BAA flow-down to our AI subprocessors, including the model providers themselves, not just the vendor we contract with.
We require vendors to disclose any AI feature that processes PHI, and procurement, IT, legal, and compliance all weigh in before the contract is signed.
A: Acquisition Score
/ 10
F
Frontline: People & Processes Layer
Do your staff know what they can and cannot do with AI?
We have a written AI Acceptable Use Policy that covers clinical and operational staff, not just IT.
Staff have received training on what AI tools are approved, how to use them safely, and what to do if they are unsure.
We have approved AI tools that solve the problems staff are already trying to solve, so the sanctioned path is easier than reaching for a personal-device or consumer-AI workaround.
Compliance is involved in AI policy decisions before incidents occur, not only after.
We have a clear escalation path for staff who encounter an AI-related situation they are unsure how to handle.
F: Frontline Score
/ 10
E
Executive Oversight: Strategic Layer
Does anyone own the full picture: both the risk and the return?
A single person or function is accountable for AI governance across all departments, not just IT or compliance in isolation.
Our board or executive team receives regular reporting on AI that covers both risk and value: governance status and the measurable return our approved AI tools deliver.
We measure the value our approved AI delivers (time saved, cost avoided, capacity gained), and our AI roadmap weighs expected return alongside risk tolerance and organizational goals.
IT, legal, HR, and compliance coordinate on AI decisions rather than each managing their piece independently.
A current board-level report exists that shows, on one page, our AI governance status and the measured return our AI delivers, and we could hand it over today.
E: Executive Score
/ 10
TOTAL SAFE SCORE
/ 40
Add your four section scores above. Bring this sheet to your 20-minute call.
Know your score. Know your risk.
Schedule a free 20-minute call with Chance Sassano to walk through your results and see what SAFE governance looks like at your organization's size. No pitch. Just a look at what the gaps mean for you.
Book a 20-Min Call → authentech.ai/safe