10 questions to ask health tech AI vendors before signing on the dotted line

The request for proposal process for health technology has always been rigorous — and it should be. But as artificial intelligence capabilities become central to member engagement, clinical navigation and benefits administration, the stakes are even higher. Insurers, health plans and healthcare entities are under increasing scrutiny from regulators, boards and the members they serve.

The technology market right now presents a "Goldilocks" situation for healthcare entities.

Newer "AI-native" platforms targeted at the health industry may arrive with sophisticated AI governance frameworks and compelling demos, but without the organizational muscle memory that comes from years of actually handling protected health information at scale. The block-and-tackle of protected health information stewardship — trained engineers, mature incident response, audited controls, clean compliance histories — takes years to build and can't be shortcut. 

On the other hand, well-established vendors whose focus is on "general purpose" AI may not be willing to cover organizational requirements and healthcare specific obligations may be considered a hindrance, rather than core to their service.

Finally, entrenched "legacy" healthcare technology organizations may have solid foundational security and privacy credentials but lack the nimbleness to govern AI responsibly as they bolt new capabilities onto legacy architectures. 

These profiles are not where organizations want to entrust member data and deploy the latest AI features customers want responsibly and safely, or both.

The questions below are designed to expose these failure modes. Ask them in writing, in the RFP itself, or download a compliance checklist to workshop through with vendors.

What is the vendor's HITRUST Certification status, and which certification type does it hold?

Not all Health Information Trust Alliance compliance certifications are equal. The r2 — risk-based, two-year validated assessment — is widely considered the gold standard.