Relevant Results
Sorry, there are no results matching your search.
Autocomplete suggestions are available. Use up and down arrows to review and enter to select.
See more results

Guiding a healthcare agency to a secure AI journey

How KPMG helped a state Medicaid agency develop a robust new framework for Trusted AI adoption

Client

State healthcare agency

Industry

Government

Primary Goal

Framework for secure adoption of AI

Leading the way on technology means moving rapidly, boldly, and responsibly. Our client, a state Medicaid agency, is a proven first-mover on technology innovation. As the agency began to explore promising new artificial intelligence (AI) opportunities, leadership knew it needed to enhance its technology governance and ensure it had the appropriate guardrails in place to guide trusted, secure adoption. Here’s how KPMG helped the agency make the difference by establishing a framework for AI security and governance that positions the agency to harness this rapidly evolving technology’s dynamic potential.

KEY OUTCOMES

Making a measurable difference

  • Established generative AI (GenAI) governance committee to evaluate acceptable use cases
  • Developed core principles of Trusted AI
  • Updated acceptable usage policies with expanded AI guidelines
  • Established security review process to prioritize AI/GenAI use cases

Client transformation journey

Click on each part of the journey to learn more about our client’s transformation.

Our client has always been comfortable moving quickly on new technology initiatives. AI, though, presented some unfamiliar new territory. They turned to KPMG to leverage our established experience setting up leading-edge, secure AI frameworks. In less than a year, we helped them quickly deploy a strong foundation for AI development and adoption that has kept them moving forward. 

Mark Maitland

Principal, Advisory, Health and Government Solutions, KPMG US

How KPMG helped the agency map out its AI framework

The agency’s leadership noted the emergence of a GenAI pilot that would benefit from enhanced security and privacy policies. KPMG was engaged to help, and the project quickly evolved into a larger evaluation of the agency’s overall approach to AI. Over the course of 10 months, KPMG led a two-phase initiative that focused on (1) assessing the agency’s current state of AI readiness and defining a go-forward vision and strategy and (2) enabling that vision and strategy through newly created governance structures. During the project, KPMG deployed a multidisciplinary team, drawing on our experience in areas that included AI strategy and development, cybersecurity, health and government services, data management, technology innovation, and project management and governance. Here’s a closer look at each phase of ourwork.

Establishing the vision: A strategic foundation for AI

This first phase was focused on assessing the agency’s current AI landscape—existing policies, procedures, and projects already in the roadmap—and then creating an overall guiding vision for AI. Key steps included:

  • Workshops: Led executive strategy sessions with cross-functional teams to create a common foundation of awareness around AI risks and leading practices. In addition to the chief information officer (CIO) and chief information security officer (CISO), C-suite representation included leadership from data, privacy, technology, governance, and legal.
  • Acceptable usage policy (AUP): Drafted proposed addendum to the existing AUP to bring enterprise governance of AI technologies in line with the organization’s risk tolerance and documented AI use cases.
  • Security framework: Developed an initial AI security framework, based on established AI guidelines from the National Institute for Standards and Technology (NIST), but then tailored to meet the agency’s unique requirements and risk tolerances in both the short term and long term.

Empowering governance: Making it operational

The second phase focused on establishing an operational foundation for AI that aligned with the agency’s overall technology infrastructure. Key steps included:

  • GenAI Steering Committee (SteerCo): Established a SteerCo to oversee AI going forward, which includes the CIO, CISO, and key stakeholders from privacy, data, and legal. Group meets at least monthly to ensure alignment with the new AI framework and make adjustments when needed.
  • AI intake process: Created an AI intake form to help the SteerCo prioritize AI use cases by evaluating their potential risks versus their potential opportunity to meaningfully enhance the agency’s services.
  • Core principles: Established foundational guidelines to govern the responsible use of Al, with periodic review and updates by the SteerCo.
  • Risk assessment: Operationalized an Al risk assessment framework that enables the SteerCo to vet the risks of each potential use case across multiple functions. For example, in looking at potential AI models, the CISO might look at security issues, legal can identify possible bias risks, and the privacy officer can evaluate data transparency concerns.
  • Data provenance standards: Updated enterprise data standards to include new requirements around AI, ensuring clear documentation around the origin and evolution of data throughout the AI lifecycle.

Taking a pause to stay ahead of the pack

The agency is accustomed to leading the way on technology, but that doesn’t mean racing ahead on AI without the proper guardrails. With a robust new AI governance foundation now in place, the agency’s entire organization is moving ahead with innovation on all fronts—rapidly, capably, and responsibly.

Meet the team that is empowering innovation through Trusted AI

At KPMG, we combine our deep industry experience and modern technical skills to help businesses harness the power of AI in a trusted manner—from strategy to design through to implementation and ongoing operations. Join us on a bold, fast, and responsible AI journey, turning vision into value. You can with AI.

Image of Mark Maitland
Mark Maitland
Principal, Advisory, C&O Health & Government, KPMG US
Read bio
Image of Katie Boswell
Katie Boswell
Managing Director, Cyber Security & Tech Risk Management, KPMG US
Read bio
Image of David Rodriguez
David Rodriguez
Principal, Advisory, Health and Government , KPMG US
Read bio
Image of Kristy Hornland
Kristy Hornland
Director Advisory, Cyber Security Services, KPMG US
Read bio
Image of Mark Maitland
Mark Maitland
Principal, Advisory, C&O Health & Government, KPMG US
Read bio
Image of Katie Boswell
Katie Boswell
Managing Director, Cyber Security & Tech Risk Management, KPMG US
Read bio
Image of David Rodriguez
David Rodriguez
Principal, Advisory, Health and Government , KPMG US
Read bio
Image of Kristy Hornland
Kristy Hornland
Director Advisory, Cyber Security Services, KPMG US
Read bio

Explore more insights

Insight
Webcast Replay Webcast Upcoming Listen Now

You Can With AI US

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now

An Illustrative AI Risk and Controls Guide

Start designing practical controls to manage your organization's AI risks.

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now

Can government agencies trust AI to handle zero trust?

AI promises make zero-trust security a reality. We look at what you might be missing.

Read more

Explore services tailored to your business

Service
AI Trust services
Read more
Industry
State and local government
Read more

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2025 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP\'s . Privacy Statement

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline