all labs
Module 04 · Risk Assessment & Data Governance
Building Your First AI Risk & Data Governance Registry
You are a Project Manager at 'HealthLink,' a telehealth provider. Your team is launching an AI 'Symptom Checker.' To prevent legal and operational disasters, you must audit your data quality, fill out an AI Risk Register, and prioritize which risks to fix before launch.
60 minBeginner 3 outcomes 7 steps · 3 checkpoints
lab progress0/10 · 0%
Check my work
Not sure if you're doing it right? Paste what you've written or done so far and get instant feedback scored against this lab's rubric.
Dataset
healthlink_ai_audit.csv
8 identified risks for the HealthLink Symptom Checker, including failure mode category, data lineage, ownership, and consent verification.
Rows with 'No' in consent_verified are immediate Legal failure modes. R004 (Data Hoarding) requires Data Minimization.
| risk_id(string) | description(string) | category(string) | data_lineage(string) | consent_verified(string) |
|---|---|---|---|---|
| R001 | Historical gender bias in training symptoms | Fairness | Public dataset 2014 | No |
| R002 | AI gives incorrect triage during off-hours | Operational | Internal logs | Yes |
| R003 | PII leak via prompt injection in chat UI | Security | User session | Yes |
| R004 | Data hoarding of full medical history | Legal | EHR export | No |
| R005 | Model drift after seasonal flu surge | Operational | Internal logs | Yes |
| R006 | Vendor API stores queries on EU residents | Regulatory | Third-party API | No |
| R007 | Lack of audit log for clinician overrides | Operational | Internal logs | Yes |
| R008 | Race proxy via ZIP code in symptom weighting | Fairness | Public dataset 2014 | No |