The healthcare industry is only just starting to chip away at the surface of what AI means for patient care and service management. AI is already described as an “antidote to bureaucracy,” with 67% of healthcare executives believing it could improve payer-provider coordination.
Yet, adoption has been fairly sluggish for understandable reasons: AI has also faced resistance across the sector. Understandable concerns around compliance, safety risks, and mistrust from the patient and practitioner side. A recent report from McKinsey iterates that payers have been comparatively slow to adopt AI tools for these very reasons.
A path forward exists, and it starts with the proper governance. Not a rigid rulebook, but a living governance framework, grounded in continuous oversight. This approach is rooted in three key pillars: federated oversight, trustworthy assistants, and fair and explainable models, for payers and providers to modernize responsibly.
Existing gaps are apparent. Static AI frameworks simply cannot keep pace with evolving regulations and privacy laws. Providers also lack the resources to manually update systems every time regulations shift. A living governance framework closes these gaps.
From Complex to Consistent
Healthcare compliance is fragmented. Healthcare providers navigate multiple layers of regulatory pressures, with standards that differ from federal to state to even the organizational level. Meanwhile, digitized care now relies on numerous AI models across a broad set of use cases, predictive analytics, fraud detection, billing, patient outreach, triage support, clinical decision support, symptom assessment, and physician note transcription. These tools also help automate prior authorizations and support claims of adjudication.
The efficiency gains across these workflows are undeniable but only when they remain compliant. With so many rules, systems, and use cases in play, coordination becomes difficult and scalability nearly impossible.
A living governance framework solves this by embedding rules directly into the backbone of AI systems.
Policy-as-Code for Scalable, Automated Compliance
Instead of documenting rules and enforcing them manually, policy-as-code makes them executable. Embedded policies apply consistently across departments, states, and platforms.
A HIPAA-mandated encryption requirement becomes a coded rule. A policy engine, such as Open Policy Agent, automatically blocks any dataset containing PHI from being used unless encryption is enabled. Updating the rule once propagates it everywhere, eliminating manual checks and reducing compliance drift.
This establishes centralized yet federated governance; core policies are defined and enforced centrally, while execution happens consistently across all operational environments.
Making Assistants Trustworthy
PHI handling remains a top concern. Surveys show 95% of patients worry about medical record breaches. AI assistants have long supported administrative tasks, patient communication, and clinical workflows, but a single error, whether an unsafe recommendation or a data-handling misstep has serious consequences.
A living governance framework strengthens the trustworthiness of AI assistants by ensuring every interaction is fully auditable. Time-stamped logs capture what happened, who initiated it, and when, creating clear traceability and accountability across clinical and administrative workflows.
At the same time, human-in-the-loop oversight remains essential. Every AI-supported process must include escalation points where clinicians and staff can review, correct, or override recommendations whenever judgment or ambiguity is involved. This level of visibility is particularly important for payers managing prior authorizations, where decisions must be transparent and defensible to regulators, internal stakeholders, and patients.
Eliminating Bias, Facilitating Fairness
ML models that support authorizations, claims, and risk adjustment are vulnerable to biased data. GIGO: garbage in, garbage out, remains a real threat. Many providers lack sufficiently diverse datasets, leading to uneven outcomes.
A Yale study found that race adjustments in common eGFR formulas artificially inflated Black patients’ kidney function estimates, delaying eligibility for transplant lists.
A living governance approach embeds fairness testing and explainability into system design rather than treating them as optional layers. Fairness is another critical dimension. Continuous data-quality monitoring helps detect bias early, while automated fairness audits ensure potential disparities are addressed before they affect patient outcomes. Standardized explainability tools, such as SHAP and LIME, make model reasoning transparent and understandable. Aligning these systems with established frameworks like the NIST AI Risk Management Framework, ISO 42001, and model cards ensures that fairness, accountability, and compliance are embedded into the design rather than treated as afterthoughts.
This strengthens payer and provider trust and reduces regulatory exposure.
Data Management Is Foundational
Underlying all of this is strong data management. Healthcare organizations must maintain interoperability across systems so data remains complete and secure as it moves between platforms. Strict access controls safeguard sensitive patient information, reinforcing trust in digital health tools. With end-to-end traceability in place, every data origin and destination is fully auditable, supporting transparency and reliable governance.
Safe and scalable Healthcare AI
With EHRs and clinical systems becoming increasingly digitized, these guardrails are non-negotiable. Just as a surgeon would not enter an operating room without scrubbing in, healthcare organizations should not deploy AI without a living governance framework. Adaptive governance accelerates innovation while protecting compliance, trust, and patient safety; ultimately enabling scalable transformation across the entire healthcare ecosystem.
Peter Hesse
Peter Hesse is a Partner with 10Pearls.
