Navigating Trust and NAIC Compliance: DigitalOwl's Approach to AI in Insurance

Implementing AI in the insurance industry offers numerous benefits, such as enhanced efficiency, accuracy, and consistency in medical record reviews. While the advantages of AI are widely recognized, concerns about the trustworthiness and reliability of AI in insurance remain. 

Issues like transparency, privacy, and accountability are at the forefront of these discussions, especially as regulations evolve. Some insurers hesitate to adopt AI solutions due to fears of regulatory fines, security issues, and other potential problems.

At DigitalOwl, trust is more than just a checkbox, it’s at the heart of everything we do. Although DigitalOwl is not an insurance company and is not obligated to adhere to the NAIC Model Bulletin, we voluntarily choose to align with its guidelines. 

This proactive approach highlights DigitalOwl’s commitment to providing the highest level of service and assurance, ensuring that our clients can trust us as their AI provider in navigating these complex regulatory landscapes.

This blog provides a high-level overview of the governance, risk management controls, and internal audit functions that DigitalOwl implements throughout its AI system life cycle in accordance with the NAIC Model Bulletin adopted in December 2023.

AI Governance

At DigitalOwl, we are committed to leading the way in AI governance, ensuring that our technologies are used responsibly and ethically within the insurance industry. Our comprehensive governance framework is designed to uphold transparency, fairness, and accountability throughout the lifecycle of our AI systems.

• AI Governance Framework–We have developed an AI Governance toolkit that describes how transparency, fairness, and accountability are maintained throughout the design and implementation of our AI system. This is a comprehensive guide designed to help AI experts and governance committees evaluate DigitalOwl's AI solutions for use in the insurance industry, with a specific focus on their Natural Language Processing and Generative AI technologies for medical data analysis. 

‍

• Proprietary and trade secret information Protection–DigitalOwl is contractually obligated not to use any information provided by a third party for any purpose other than providing its services.

• Policies and procedures–DigitalOwl has created policies and procedures that encompass all aspects of privacy and security throughout the AI System lifecycle. This includes robust measures such as a Risk Management Policy, Data Security Policy, Vulnerability Management Policy, and comprehensive Data Management Policy and Procedures.

‍

• Compliance with Policies–DigitalOwl has established a comprehensive Compliance Program featuring an experienced security team, employee awareness training, internal and external audits, vulnerability assessments, and annual reviews of risks and policies.

• Interdisciplinary Governance–DigitalOwl enforces Interdisciplinary Governance, ensuring extensive cross-departmental collaboration across all stages of AI system lifecycle including development, maintenance, and governance, with predefined roles, comprehensive monitoring, auditing, policy enforcement, and annual training for all employees.

Risk Management and Internal Controls

At DigitalOwl, we prioritize comprehensive risk management and maintain rigorous internal controls to safeguard our AI technologies and ensure they meet the highest standards of security and compliance. Our multi-faceted approach includes everything from system development oversight to protection of non-public information, ensuring that all facets of our operations are secure and efficient.

• Risk Management – DigitalOwl conducts an annual risk assessment across various domains including AI, following its Risk Management Policy to ensure comprehensive risk evaluation and mitigation strategies are in place.
• System Development Oversight – DigitalOwl maintains stringent oversight throughout all phases of system development to ensure quality and compliance with established standards.
• Security and Development Standards – Developers at DigitalOwl adhere to applicable OWASP guidelines, including the OWASP Top 10, to maintain integrity in the Software Development Life Cycle (SDLC), with segregation of development, testing, and operational environments, and continuous system monitoring.
• Vulnerability and Change Management – DigitalOwl performs vulnerability scans following industry best practices, applying a robust Change Management Policy covering all product and engineering systems. It also conducts strict due diligence on third-party systems before engagement and annually thereafter.
• Data Practices and Accountability – DigitalOwl employs stringent processes for data management, ensuring full visibility from data extraction to decision-making, with regular audits and diverse training data to mitigate biases and ensure fair AI practices.
• Validation and Testing – DigitalOwl's multi-layered validation approach includes statistical regression tests, real-world scenario testing, expert verification, and continuous monitoring to ensure AI models' efficacy and accuracy.
• Protection of Non-Public Information – DigitalOwl prioritizes data security by implementing access controls, security tools like IDS and DLP, and adhering to GDPR and HIPAA standards, complemented by annual employee training on data protection policies.
• External Third Party Management – DigitalOwl rigorously evaluates external third parties in accordance with its External Suppliers Procedure, ensuring data security and compliance through thorough documentation and management approval.

DigitalOwl's steadfast commitment to AI governance, risk management, and compliance aligns seamlessly with the evolving demands of the insurance industry. We go beyond merely fulfilling regulatory requirements to setting a benchmark for trust and transparency in AI deployment. Our proactive measures, including rigorous internal controls and a holistic governance framework, ensure that our AI solutions are not only efficient but also ethically sound and compliant with international standards.

For more insights into the reliability of AI in medical record analysis, download our white paper, Evaluating AI’s Reliability in Medical Record Analysis.