← Policy gallery

cms_sensitive_data_compliant_tool

ai-risk-management security pure_temporal ai-governancecmsfederalhealthcaredata-protectionrag-red

PHI / sensitive PII and other sensitive data are used only with AI tools that meet HHS/CMS cybersecurity & privacy standards.

Formula

G(sensitive_data_use → approved_tool)

Why it matters

CMS BR-AI-1: sensitive data (PHI, SPII, etc.) may only be used with AI tools and services that meet HHS and CMS cybersecurity standards.

Examples

passes the CMS AI rule's evidence is present

fails the required control is absent

Use it

ponens policies add cms_sensitive_data_compliant_tool --into ./trace.json
ponens trace check ./trace.json