6 pointers to make sure the hospital legal team is appropriately engaged in AI governance, oversight
Hospitals and other provider organizations are trying out new AI tools faster than many organizations can formally evaluate them.
As a result, legal and compliance teams have to serve as sentinels sizing up potential legal exposure points without turning into needlers who only slow down clinical innovation.
Attorneys at the Sheppard law firm consider the challenge and related matters in an April 29 blogpost.
The post draws from comments made at a forum hosted by the firm’s AI team earlier in April. Led by Sheppard partner Carolyn Metnick, JD, the team convened panel discussions and breakout sessions with insurance and legal leaders.
The conversations aimed at identifying best practices for “leveraging AI to drive innovation in research and clinical operations while safeguarding patient trust, safety, quality and privacy,” according to the blog.
In the post, Metnick and colleagues share a number of insights from the gathering, including these six.
1. AI governance cannot be siloed within IT or compliance functions alone.
Instead, effective governance requires collaboration across legal, compliance, clinical, operational and executive leadership teams, the blog authors suggest. Also important is physician involvement in governance discussions, “particularly when AI tools directly impact patient care, clinical decision-making, quality initiatives or medical records management.”
2. Current privacy frameworks, including HIPAA, were not designed to account for ways AI systems ingest, process and learn from data.
As a result, organizations are often operating in areas of legal uncertainty, the authors point out. This reality makes “strong internal governance, ongoing risk assessment, workforce education and thoughtful patient engagement and consent practices essential.”
3. AI vendor relationships now require legal teams to move beyond traditional contract review.
These specialized teams “need to engage in broader, cross-functional risk assessment alongside business and operational stakeholders,” Metnick and co-authors write.
4. In evaluating new AI tools, legal teams are increasingly helping assess long-term privacy, cybersecurity, compliance and operational risks.
Related contributions include pressure-testing vendors with limited track records such as early-stage or pilot solutions, the authors note.
5. Legal teams must evaluate proposed solutions within the organization’s broader AI governance framework.
Legal specialists are looking at products’ intended use, clinical versus non-clinical application and scope of data, all “while ensuring timely, multidisciplinary engagement across relevant stakeholders.”
6. Legal and compliance specialists should enable responsible innovation rather than function exclusively as gatekeepers.
“A reflexive ‘no’ to AI adoption can ultimately impede organizational progress” rather than mitigating risk, the authors point out.
Metnick and colleagues report that a central theme emerged from the April forum: “Successful AI adoption in healthcare depends not only on technology but also on fundamentally human considerations.”
These considerations include transparency, communications, ethical considerations and strategic planning.
