Skip to main content

Responsible by Design: Building AI Governance That Actually Works

April 11, 2025
Image: [image credit]
Oversight meets innovation: a visual exploration of governance at the intersection of medicine and artificial intelligence.
Viewing: 5
Mark Hait
Mark Hait, Contributing Editor

If artificial intelligence is to fulfill its promise in healthcare—to help detect disease earlier, reduce disparities, and personalize care—then it must be governed with as much care as it is built. That means AI can’t just be powerful. It must also be responsible.

The trouble is, “responsible AI” has become something of a buzzword—thrown into mission statements, polished onto press releases, and treated like a PR safeguard. Meanwhile, real risks—algorithmic bias, privacy violations, clinical hallucinations, data misuse—keep surfacing.

We don’t need more declarations. We need structures. We need transparency. And above all, we need AI governance that actually works—in the clinic, in the boardroom, and in the workflows where lives are on the line.

The Problem with “Trust Us”

Most health systems now have some flavor of an AI strategy. A growing number are piloting clinical models, embedding AI into documentation workflows, or automating backend operations. But ask who’s overseeing those models, how they’re being validated, or what happens when things go wrong, and the answers get fuzzy.

Many organizations rely on vague internal vetting processes, opaque vendor relationships, or post-hoc performance monitoring. That’s not governance. That’s wishful thinking.

The phrase “responsible AI” only means something if it’s backed by enforceable standards, clinical oversight, and operational accountability. Otherwise, we’re trusting machines to guide care without anyone truly at the wheel.

Governance Starts at the Source

Effective AI governance begins before the model is deployed—and continues long after.

A working governance structure should address every stage of the AI lifecycle:

  1. Model Development & Acquisition

    • Was the model trained on diverse, representative data?

    • Does the developer disclose limitations, performance benchmarks, and known biases?

    • Are there human-readable documentation and audit trails?

  2. Validation & Testing

    • Has the model been tested in the specific care setting where it will be used?

    • How does it perform across different populations (race, age, sex, comorbidities)?

    • Are clinicians part of the validation process?

  3. Deployment & Monitoring

    • Who owns the decision to go live?

    • Is there continuous performance monitoring in place?

    • Can the model be paused, updated, or withdrawn if it underperforms?

  4. Auditability & Explainability

    • Can clinicians understand the model’s recommendations?

    • Can the system explain its reasoning in ways that support—not undermine—clinical judgment?

    • Is that explainability maintained after updates or retraining?

  5. Accountability & Feedback

    • Who is responsible if the model fails?

    • Is there a clear escalation path for clinicians to flag concerns?

    • Are patients informed when AI influences their care?

In other words, AI governance isn’t a feature. It’s a workflow—one that must be embedded into the organizational structure, not stapled on at the end.

Build the Right Oversight Bodies

To move from theory to practice, healthcare organizations need dedicated AI governance bodies with real authority. These groups should be multidisciplinary and cross-functional, combining perspectives from:

  • Clinical leadership

  • Data science and IT

  • Legal and compliance

  • Ethics and equity officers

  • Patient advocates

Together, these teams can evaluate not only whether an AI model “works,” but whether it should be used at all.

At forward-looking organizations, we’re already seeing the emergence of:

  • AI Model Review Boards, modeled after IRBs, that approve or reject deployment requests

  • Clinical-AI Liaison Committees that help translate technical outputs into care recommendations

  • Bias Surveillance Units that test model outputs for disparate impact on vulnerable populations

These aren’t bureaucratic add-ons. They’re safeguards against harm.

Transparency Is Non-Negotiable

One of the defining features of responsible AI is transparency—not just internally, but externally.

That means health systems should be publishing:

  • Which models are in use and in what settings

  • What data those models were trained on

  • Known limitations, risk thresholds, and error rates

  • Steps taken to mitigate bias or prevent harm

Just as clinical trials report adverse events, AI systems should disclose where they fall short. If your health system can’t answer those questions—or refuses to share—then you’re not practicing responsible AI.

Governance Is Culture, Not Just Policy

Policies don’t implement themselves. For AI governance to succeed, it must be part of the organizational culture—a shared belief that safety, fairness, and transparency matter as much as efficiency or cost savings.

That means:

  • Training clinicians to ask critical questions about AI tools

  • Encouraging IT teams to push back on opaque vendor claims

  • Incentivizing departments to report performance anomalies

  • Making ethical AI use a leadership KPI, not just a compliance checkbox

Responsible AI is not a department. It’s a discipline. And it must be woven into every corner of healthcare’s digital future.

What’s at Stake

The potential of AI in healthcare is enormous. But without governance, we risk repeating the worst patterns of past health IT rollouts—tools that overpromise, underdeliver, and create new forms of harm under the banner of innovation.

Done right, responsible AI can increase trust, reduce inequity, and truly enhance care. But that outcome isn’t automatic. It must be designed, monitored, and governed into existence.

We don’t need AI that just works. We need AI that works responsibly.

And we need leaders with the courage to say: if we can’t govern it, we won’t deploy it.