Sold by: Kriv AI
Kriv AI delivers a 4-week fixed-fee Healthcare AI Governance Assessment across Azure, AWS, and GCP. Tri-cloud PHI data-flow mapping, AI use-case inventory, and gap analysis against HIPAA Security Rule §164.308/310/312/316, HITRUST CSF v11.2 AI Security Assessment, NIST AI RMF 1.0 + AI 600-1 GenAI Profile, ISO/IEC 42001:2024, ONC HTI-1 DSI transparency, Colorado SB 24-205, and Texas TRAIGA HB 149. AWS controls (Bedrock Guardrails, HealthLake, CloudTrail, Config, Security Hub, Macie, KMS, S3 Object Lock, Comprehend Medical) + Azure (Purview, Defender, Sentinel, Foundry, AI Content Safety) + GCP (Vertex AI guardrails, DLP API, Healthcare API, Security Command Center, Chronicle). Three tiers ($25K Foundation / $40K Standard / $60K Enterprise) plus optional $10K 90-day Follow-up. Delivered by Kriv AI — AWS Select + Databricks + Anthropic CPN.
Overview
Healthcare AI governance is now existential — and no other AWS Marketplace listing delivers a tri-cloud assessment in a single SKU.
HHS OCR resumed active HIPAA enforcement through 2024–2026 with multi-million-dollar settlements for risk-analysis failures, PHI exposure, and inadequate audit logging. ONC HTI-1 brought predictive decision support intervention (DSI) transparency into the certified-EHR program. HITRUST released the AI Security Assessment (v11.2, Oct 2024). NIST AI RMF 1.0 + AI 600-1 Generative AI Profile (Jul 2024), ISO/IEC 42001:2024, Colorado SB 24-205 (effective 30 Jun 2026), and Texas TRAIGA HB 149 (effective 1 Jan 2026) layer on top. Boards now ask CISOs, CCOs, CIOs, CMIOs, and CDOs every 60 days: can we defend our AI posture to OCR, the payer, the auditor, and the board, across every cloud we run?
Most health systems can't answer that in a single document because their AI workloads span Azure (payer/EHR integrations, Fabric, Foundry, Azure OpenAI), AWS (HealthLake, Bedrock, SageMaker, Comprehend Medical), and GCP (Vertex AI, MedLM, Healthcare API, BigQuery). Big-4/Big-SI advisory runs $150K–$500K and 3–6 months with single-cloud deliverables. Single-cloud Marketplace listings stop at the AWS boundary. Nothing on AWS Marketplace today delivers a fixed-fee, tri-cloud healthcare AI governance assessment in 4 weeks. This listing closes that gap.
The methodology is anchored to Kriv's Microsoft-Healthcare-Governance Azure flagship reference architecture — a seven-agent governed AI platform covering intake, policy, PHI detection, model routing, audit, red-team, and reporting — extended with AWS-native controls (Bedrock Guardrails, Comprehend Medical PHI redaction, HealthLake, CloudTrail, Config, Security Hub, Macie, KMS, S3 Object Lock) and GCP-native controls (Vertex AI Model Registry + Model Garden guardrails, DLP API PHI de-identification, Healthcare API audit logs, Cloud Audit Logs, Security Command Center, Chronicle).
4-week structure. Week 1 — Scoping + AI inventory (CISO, CCO, CPO, CIO, CMIO, CDO, Privacy, Legal, Internal Audit, Clinical Informatics; tri-cloud AI use-case inventory; PHI data-flow mapping with cross-cloud hand-offs; BAA + subprocessor inventory). Week 2 — Control mapping per cloud (HIPAA §164.308/310/312/316; HITRUST CSF v11.2 AI Security; NIST AI RMF 1.0 + AI 600-1; ISO 42001 clauses; Azure + AWS + GCP service-by-service mapping; cross-cloud identity + KMS + audit-log reconciliation; CO SB 24-205 / TX TRAIGA overlay). Week 3 — Findings + prioritized roadmap (per-cloud + cross-cloud; AI Governance Committee charter + RACI + 90-day cadence; model-risk tiering; AUP scaffolding; HITL threshold matrix; vendor/BAA review checklist; AI Incident Response Runbook template; OCR-response readiness checklist; HITRUST AI Security pre-submission checklist; 12–15 slide board pack). Week 4 — Executive readout + handover.
Three tiers. Foundation $25K (single legal entity; up to 2 clouds; up to 10 AI use cases; HIPAA + NIST AI RMF + ISO 42001) — regional health systems $500M–$2B. Standard $40K (up to 3 entities OR 1 entity tri-cloud; up to 20 AI use cases; HIPAA + HITRUST AI + NIST AI RMF + ISO 42001 + 1-jurisdiction state-law overlay + AI IR Runbook) — health systems $2B–$5B. Enterprise $60K (IDN tri-cloud; up to 40 AI use cases; full framework stack + HITRUST AI Security pre-submission + 2-jurisdiction state-law overlay + OCR-response readiness + Internal Audit/Legal debrief) — large health systems $5B–$10B+, top-50 IDNs, national payers. Optional 90-Day Follow-up Check-in $10K.
Important disclosures. AWS, Azure, GCP infrastructure billed separately by respective cloud providers. Kriv is not a covered entity, business associate of Customer's patients/members, HIPAA-attestation firm, HITRUST-authorized external assessor, or licensed legal/clinical/regulatory advisory firm. Kriv issues no HIPAA / HITRUST / ISO 42001 / NIST AI RMF / HTI-1 certifications. Customer owns BAAs, HIPAA posture, HTI-1 response, HITRUST submission, NIST AI RMF conformity, and all regulator interactions (HHS OCR, state AGs, ONC, FDA, CMS, foreign regulators). Anthropic CPN membership (April 9, 2026) does not constitute Anthropic endorsement. Customer retains all PHI, member data, clinical records, model artifacts, and operational responsibility. Not legal, clinical, regulatory, tax, compliance, or medical-device advice.
Highlights
- 4-week tri-cloud healthcare AI governance assessment — Azure + AWS + GCP — covering HIPAA §164.308/310/312/316, HITRUST CSF v11.2 AI Security, NIST AI RMF 1.0 + AI 600-1, ISO/IEC 42001:2024. Tri-cloud PHI data-flow map with cross-cloud hand-offs. Cross-cloud identity + KMS + audit-log reconciliation. State-law overlay for Colorado SB 24-205 (eff. 30 Jun 2026) and Texas TRAIGA HB 149 (eff. 1 Jan 2026). One artifact for board + OCR + HITRUST + payer + cyber-insurance.
- First-of-kind multi-cloud healthcare SKU on AWS Marketplace — single-cloud listings stop at the AWS boundary; Kriv does not. AWS controls: Bedrock Guardrails, HealthLake, CloudTrail, Config, Security Hub, Macie, KMS, S3 Object Lock, Comprehend Medical. Azure: Purview, Defender, Sentinel, Foundry, AI Content Safety. GCP: Vertex AI guardrails, DLP API, Healthcare API audit logs, Security Command Center, Chronicle. Big-4/Big-SI charges $150K–$500K and 3–6 months — Kriv delivers in 4.
- AWS Select + Databricks + Anthropic CPN partner — anchored to the Microsoft-Healthcare-Governance Azure flagship portfolio (seven-agent governed AI platform). Three tiers: Foundation $25K (1 entity, 2 clouds, 10 use cases) for regional systems and digital health Series B–C; Standard $40K (tri-cloud, 20 use cases, HITRUST AI pre-submission, state-law overlay) for $2B–$5B systems and Series C–D; Enterprise $60K (IDN tri-cloud, 40 use cases, OCR readiness) for top-50 IDNs.
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Resources
Support
Vendor support
Primary contact. info@kriv.ai · +1-732-433-5564 · https://kriv.ai/support
Response SLA. First response within 2 US business days (Mon–Fri 9 am – 6 pm ET, ex-US federal holidays). Active engagements: Engagement Lead within 4 business hours weekdays.
Onboarding SLA. First customer contact within 2 US business days of buyer inquiry / private-offer acceptance. Kickoff within 2–3 weeks of SOW.
Escalation. (1) Engagement Lead (named in SOW) → (2) Practice Director (info@kriv.ai ) → (3) CEO Abhinav Dangri (info@kriv.ai ).
Communication. Dedicated Microsoft Teams channel; weekly 60-min video checkpoint; Friday written status. Customer SMEs 3–5 hrs/week (CISO, CCO, CPO, CIO, CMIO, CDO, Legal, Internal Audit, Clinical Informatics). Read-only IAM/RBAC into Azure + AWS + GCP tenants.
Handoff. Word/Excel/PDF in customer secure share; PHI data-flow map as .drawio + PNG (Azure + AWS + GCP); gap matrix as Excel mapped to HIPAA + HITRUST CSF v11.2 AI + NIST AI RMF + ISO 42001 + state-law overlay; board pack as PowerPoint.
Out of scope. Kriv issues no HIPAA / HITRUST / ISO 42001 / NIST AI RMF / HTI-1 certifications; performs no HIPAA attestation; is not a HITRUST-authorized external assessor; renders no legal, clinical, regulatory, or medical-device advice. Customer retains BAA execution with all subprocessors.
Cloud-side billing. AWS, Azure, and GCP infrastructure billed by the respective cloud provider.
Holiday coverage. Closed on US federal holidays; schedule adjusted at SOW execution.