DEMO MODE · Anonymized composite data. Fictional client: Meridian Health Group.
Sherlock
Governance Builder
Demos  ›  Governance Builder
← Demos
Module 05 · Governance Builder

The policies, committees, and gates
that make AI defensible.

Sherlock spins up Meridian's entire AI governance operating system in three weeks — policies aligned to NIST AI RMF and HHS guidance, committees with named members and charters, a four-tier risk model, and an approval workflow the board can audit.

Framework
NIST AI RMF · HHS SDOH · HIPAA · CMS Interop
Policies live
6 approved · 2 draft
Committees seated
3 chartered
Last board attestation
June 12, 2026

Policy library

Every AI activity at Meridian is governed by one of these eight instruments. Selected policy shown at right.
AI
AI Acceptable Use Policy
Live
MR
Model Risk Management
Live
DP
Data & PHI Handling
Live
VD
AI Vendor Due Diligence
Live
HL
Human-in-the-loop Standard
Live
IR
AI Incident Response
Live
GA
GenAI & Ambient Recording
Draft
BS
Bias & Fairness Testing
Draft
AI Acceptable Use Policy v3.1
Owner: Chief AI Officer Approved 2026-04-18 Reviewed quarterly Applies to 100% of AI activities
✓ Board-attested
Defines the permitted uses of AI across Meridian's 5 hospitals, 900-provider medical group, and captive Medicare Advantage plan — plus the prohibited uses (autonomous denial of care, unattested clinical recommendations, member surveillance). Every AI initiative is mapped to a section of this policy before it enters the priority engine.
§1
Permitted use categories
Clinical decision support (attested), administrative automation, member navigation, revenue cycle, quality analytics. All must be mapped to a §1 subclause before funding.
§2
Prohibited uses
Autonomous denial of medically necessary care, unattested treatment recommendations, member behavior scoring for coverage decisions, non-consented ambient recording of clinical encounters.
§3
Attestation & human-in-the-loop
Any AI touching a clinical decision requires a named licensed clinician attester before the recommendation is released to the care team. Attestation is logged with the decision.
§4
Vendor obligations
All third-party AI vendors must sign the Meridian AI BAA addendum, provide model cards, and submit to annual bias & performance audits per §7 of MRM policy.
Risk-tier model
Every initiative auto-classified · gates fire from tier
Tier 4
Board-reserved
Board + CMO + Legal
Autonomous PA denial, mortality prediction, coverage exclusion scoring
Tier 3
Steering-reserved
AI Steering + CMO + Compliance
Prior auth AI, risk adjustment, ambient scribe, sepsis alerting
Tier 2
Ops-approved
AI CoE + Domain lead
Contact-center summarization, member portal chatbot, coding assist
Tier 1
Low-risk
AI CoE self-certifies
Internal doc search, meeting notes, back-office productivity tools
Committees & charters
Named members · quarterly attestation to board
AI Steering Committee
Monthly · 90 min
Chair: CEO
Members: COO, CMO, CFO, CIO, Chief AI Officer, Chief Compliance Officer, Chief Medical Informatics Officer
Sets AI portfolio priorities, approves Tier 3 initiatives, resolves cross-BU conflicts, owns the annual AI investment envelope.
Model Risk Committee
Biweekly · 60 min
Chair: Chief AI Officer
Members: Head of Model Risk, Chief Compliance Officer, Chief Data Officer, VP Clinical Quality, VP Actuarial
Reviews validation dossiers, sets go/no-go for model deployment, monitors drift, ownership of bias & fairness testing under §7 MRM.
Clinical AI Ethics Board
Monthly · 60 min
Chair: Chief Medical Officer
Members: Physician chairs (IM, EM, OB, Peds), Chief Nursing Officer, Chief Bioethicist, Patient Advocate, External clinical ethicist
Owns the human-in-the-loop standard, reviews any Tier 3+ clinical AI before Steering vote, patient consent framework.
RACI matrix · regulated AI activities
Auto-generated from policy library · single source of truth
Activity CAIO CMO Compliance Steering Ethics Bd Board
New Tier 3 clinical AI initiative approval R A C C C I
Model validation & go-live sign-off A C C I R I
Bias & fairness testing (annual) A C R I C I
AI incident containment & disclosure R C A I C C
Vendor AI due diligence & contracting A I C I I I
Quarterly AI board attestation R C C C I A
R Responsible
A Accountable
C Consulted
I Informed
Approval workflow · Tier 3 initiative
Median 22 days to production · every gate logged & auditable
1
Intake & triage
AI CoE PM
SLA: 3 days
2
Model Risk review
Model Risk Cmte
Gate · 7 days
3
Ethics review
Clinical AI Ethics Bd
Gate · 5 days
4
Steering vote
AI Steering Cmte
Gate · 5 days
5
Go-live & monitor
CAIO + Domain Owner
Continuous
"Explain the governance stack in one paragraph"
Auto-generated regulator memo · one click

“Meridian Health Group governs artificial intelligence through eight policies aligned to the NIST AI Risk Management Framework and HHS AI guidance, three chartered committees (Steering, Model Risk, Clinical Ethics) with named executive members and quarterly board attestation, and a four-tier risk model that automatically routes every initiative through the appropriate gates. Tier 3+ initiatives (any clinical AI touching a patient decision) require validated model dossiers, Ethics Board review, and Steering approval before production; the median cycle time is 22 days with 100% of gates logged in Sherlock. The framework was approved by the Board of Directors on April 18, 2026, and re-attested June 12, 2026.”