Skip to main content

AI Gateway Service — Service Risk Register

Status: populated Owner: TBD Last updated: 2026-04-18 Companion: Service Template · FAILURE_MODES · SECURITY_MODEL

1. Risk register

ID	Risk	Likelihood	Impact	Severity	Owner	Mitigation	Residual
RISK-AIGW-01	AI-assisted clinical content accepted into chart without `AIProvenance` tag	Low	Critical	CRITICAL	Tech Lead	INV-01 enforced in domain; `AcceptAIChunk` rejects without `provenanceId`; mandatory integration test	Very low
RISK-AIGW-02	Provider API key leakage from consumer service	Medium	Critical	CRITICAL	Security Lead	Phase 1 migration revokes all consumer keys; vault-only storage; CI secret scan	Low
RISK-AIGW-03	Prompt injection attack via malicious patient-supplied text	Medium	High	HIGH	AI Safety Lead	Pre-moderation classifier; input length caps; injection pattern regex; adversarial test suite	Medium
RISK-AIGW-04	PHI leakage into external provider logs	Medium	Critical	CRITICAL	Compliance Officer	PHI minimisation pre-processing; DPIA required before PHI route goes live; prompt stored hashed	Low after DPIA
RISK-AIGW-05	HITL reviewer queue backlog causes clinical workflow delay	Medium	High	HIGH	Clinical Informatics	Auto-reject timeout per feature; reviewer workload alerting; surge escalation runbook	Medium
RISK-AIGW-06	Moderation false positives block legitimate clinical content	Low–Medium	Medium	MEDIUM	AI Safety Lead	Threshold tuning; logged override workflow; audit trail of all blocks	Low
RISK-AIGW-07	Provider outage causes cascading failures across AI features	Medium	High	HIGH	SRE	Circuit breaker per provider; fallback routing; graceful 503 with user message	Low
RISK-AIGW-08	Tenant quota misconfiguration permits runaway spend	Low	High	HIGH	Platform Eng	Redis hard cap; spend alerts at 80 % and 100 % window; admin quota dashboard	Low
RISK-AIGW-09	`AIProvenance` row tampered or deleted post-write	Very Low	Critical	CRITICAL	DBA	DB role UPDATE/DELETE revoked; append-only enforced at DB engine; monthly chain-hash verification	Very low
RISK-AIGW-10	Cross-tenant data leakage via prompt payload	Low	Critical	CRITICAL	Security Lead	RLS on all tables; tenant extracted from JWT only; cross-tenant ref returns `CROSS_TENANT` error	Very low
RISK-AIGW-11	Model version change breaks prompt template compatibility	Medium	Medium	MEDIUM	Platform Eng	`PromptTemplate` semver-versioned; routing rule pins model version; bumps require template review	Low
RISK-AIGW-12	Clinical AI feature accepted autonomously without HITL	Low	High	HIGH	Clinical Informatics	`HITLPolicy` defaults `required_for_phi`; explicit `none` requires CMO sign-off in Readiness Gate 6	Low
RISK-AIGW-13	On-prem model unavailable at offline clinic	Medium	Low	LOW	SRE	Assist returns graceful unavailable; UX falls back to manual entry	Very low
RISK-AIGW-14	Uncontrolled prompt template proliferation	Low	Medium	MEDIUM	Platform Eng	Template registry with review workflow; tenants cannot publish without platform approval	Low

2. Clinical safety risks (AI-specific)

ID	Scenario	Control
CS-01	Clinician accepts hallucinated diagnosis without review	HITL required for differential-diagnosis feature; reviewer must explicitly accept
CS-02	Radiology pre-read suggestion treated as final read	Feature key `radiology.preread.*` always `HITLPolicy=required`; output watermarked "AI DRAFT — NOT FOR CLINICAL USE UNTIL REVIEWED"
CS-03	Drug interaction narrative contains incorrect information	`medication.interaction_narrative` has HITL + pharmacist reviewer; source cited in provenance
CS-04	Triage suggestion under-triages high-acuity patient	`portal.triage` severity bounded to recommendation; human escalation mandatory for severity ≥ 3

3. Compliance risks

ID	Risk	Regulation	Mitigation
CR-01	AI-generated content in chart creates liability without clear authorship	HIPAA analogue / MoPH	`AIProvenance` links to clinician acceptor; immutable
CR-02	Data sent to foreign AI provider without DPIA	GDPR / MoPH data-residency	Provider routing blocked for PHI features until DPIA signed per provider
CR-03	Audit trail insufficient for regulator inquiry on AI decisions	MoPH audit mandate	All `ai.*` events stored in audit-service; `AIProvenance` queryable for 7 years

4. Risk review cadence

Activity	Frequency	Owner
Full register review	Quarterly	Tech Lead + Compliance Officer
CRITICAL/HIGH risk status update	Monthly	Service Owner
Post-incident risk addition	Within 5 days of incident	On-call SRE + Tech Lead
AI safety risk review	Before each new feature key activation	Clinical Informatics + AI Safety Lead

1. Risk register
2. Clinical safety risks (AI-specific)
3. Compliance risks
4. Risk review cadence