本文目前仅提供英文版本。
AI in Healthcare: Board Obligations, Clinical Governance, and the Regulatory Framework Executives Need to Understand
Healthcare boards approving AI deployment in clinical settings are taking on governance obligations they may not understand. From TGA regulation of AI medical devices to the intersection with privacy law and clinical governance standards, here is what healthcare executives need to know.
Key Takeaways
AI diagnostic tools are medical devices in most jurisdictions — TGA (Australia), FDA (US), CE marking under MDR (EU). Deploying an AI diagnostic tool without the appropriate regulatory approval is deploying an unapproved medical device.
Clinical governance obligations — duty of care, informed consent, professional accountability — apply to AI-assisted clinical decisions. The AI does not substitute for clinical judgment; it creates additional obligations to document how AI outputs were considered.
Healthcare boards that approve AI deployment in clinical settings without specific clinical governance oversight are taking on personal liability for patient safety failures that occur because of inadequate AI governance.
The automation bias risk in clinical AI is well-documented: clinicians who are trained to defer to AI recommendations produce worse outcomes than those trained to critically evaluate them. Governance must address training and culture, not just technology.
Privacy law creates specific obligations for health data used in AI — in Australia, the Privacy Act's health information provisions; in the EU, GDPR special category data rules; in the US, HIPAA. These apply to training data as well as operational data.
"仅供参考。本文不构成法律、监管、财务或专业建议。如需具体指导,请咨询合格专家。"
The regulatory framework healthcare executives often miss
Healthcare AI operates at the intersection of medical device regulation, data protection law, clinical governance standards, and professional accountability frameworks. Each of these is a distinct regulatory domain, enforced by different regulators, with different standards and different consequences for non-compliance. Healthcare executives who understand one of these domains — typically either data protection or medical device regulation — often have significant gaps in the others.
The most common gap is the medical device dimension. Executives leading clinical AI deployments are frequently unaware that the AI system is a regulated medical device — not just a software tool, but a product subject to regulatory approval, post-market surveillance obligations, incident reporting requirements, and in some cases mandatory registration before deployment. In Australia, the TGA regulates software that qualifies as a medical device. In the EU, the MDR applies to software intended for medical purposes. In the US, the FDA has a specific framework for Software as a Medical Device (SaMD). Deploying AI that qualifies as a medical device without the appropriate regulatory clearance is deploying an unapproved medical device — a serious regulatory breach regardless of the AI's clinical benefit.
Clinical governance and AI: the board's specific obligations
Healthcare boards have well-established clinical governance obligations — ensuring safe, effective, and person-centred care. When AI is deployed in clinical settings, these obligations do not change; they require specific application to the AI context. A board that approves AI deployment in radiology, pathology, or clinical decision support without ensuring that clinical governance structures have been applied to that AI is failing its clinical governance obligations.
Specific clinical governance questions boards should require answers to before approving AI deployment: What is the evidence base for this AI system's clinical effectiveness in our specific patient population? How does this AI system interact with clinical accountability — who is responsible if the AI contributes to a misdiagnosis or adverse outcome? What training are clinicians receiving, and does it address automation bias? What monitoring is in place for adverse events potentially associated with AI outputs? These are not technology questions — they are clinical governance questions that boards are equipped and obligated to ask.