Healthcare Regulatory Compliance: A Generative AI Framework for Identifying and Mitigating Risks

Nafissatou NDIAYE; Johanna FOKUI; Julie ABOUEM; Diarra GNINGUE; Mounina TOURE; Anuradha Kar

Previous Article in event

Impact of smartphone ownership on improved access to digital menstrual health information and accurate fertility cycle tracking among Liberian women: Evidence from 2020 Demographic and Health Survey

Next Article in event

Digital Engagement and Positive Youth Development: A Systematic Review.

Healthcare Regulatory Compliance: A Generative AI Framework for Identifying and Mitigating Risks

Nafissatou NDIAYE

Johanna FOKUI

Julie ABOUEM

Diarra GNINGUE

Mounina TOURE

Anuradha Kar

¹ Department of AI and Data science, aivancity School of AI & Data for Business & Society, Paris Campus, Villejuif, 94800, France

Academic Editor: James Chow

Published: 20 March 2026 by MDPI in The 1st International Online Conference on Healthcare session Digital Health Adoption and Innovation—A Vision for the Future of Healthcare

Abstract:

Introduction:
As healthcare organizations increasingly rely on AI systems for clinical decision support, ensuring regulatory compliance has become a critical challenge. We propose an AI-powered compliance framework that supports data-driven regulatory risk assessment in healthcare AI workflows. By combining information retrieval, generative reasoning, and interactive visualization, the framework enables early identification of potential compliance risks directly from dataset characteristics and intended clinical use.

Methods:
The framework was evaluated using a scenario-based, data-driven test design based on a hospital readmission prediction dataset comprising ten years of longitudinal patient records with clinical measures, which was used with an AI-based readmission prediction model. Regulatory risk inference was derived directly from dataset characteristics and the intended use of the AI model. The evaluation followed four steps: (i) automated dataset characterization to identify sensitive health attributes, quasi-identifiers, temporal scope, and variables relevant to readmission prediction; (ii) GDPR-orientated risk inference by mapping data properties to requirements related to anonymization, data minimization, and data retention; (iii) classification of the intended use case as a high-risk AI system under the EU AI Act, with inference of obligations for training data governance and documentation; and (iv) dataset and model level screening for potential bias and representativeness issues across demographic and clinical subgroups.

Results:
Using the hospital readmission dataset, the framework identified elevated re-identification and retention risks under GDPR linked to longitudinal data. Variables with limited relevance to readmission prediction were highlighted as potential data minimization concerns. The system classified the use case as a high-risk AI system under the EU AI Act and detected subgroup imbalances indicative of potential regulatory and ethical risks. A review by data governance experts confirmed the relevance of the generated findings.

Conclusions:
The proposed framework supports early-stage regulatory risk assessment for healthcare AI systems, promoting compliance-by-design and trustworthy AI development.

Keywords: AI for Health; Generative AI; Retrieval-Augmented Generation (RAG); Compliance; Regulatory Risk Detection

View Poster

0 Reads
0 Recommendations