Artificial intelligence now drives nearly every aspect of healthcare, from automating documentation to supporting diagnosis and managing claims. According to a recent joint report by Microsoft and Healthcare Dive, 79% of healthcare organizations report some level of AI use today.
You may assume your existing coverage already accounts for these systems. However, that assumption is increasingly risky. While these technologies promise greater accuracy and efficiency, they also raise a critical question: When something goes wrong, who's responsible — you, your vendor, or the algorithm itself?
AI's rapid expansion redefines risk management. What once felt futuristic is now used in the healthcare sector daily.
AI in healthcare: emerging liability risks for providers
Most AI tools today are designed by vendors and developers to assist, not replace, human judgment. However, as the technology becomes more autonomous, the potential for exposure grows.
This pattern has played out before. When cyber risk first emerged, insurers treated it as part of professional liability coverage. But as breaches became more frequent and costly, they introduced dedicated cyber policies with tighter underwriting and exclusions. AI-related exposures are expected to follow a similar path — initially covered under existing policies, then evolving into dedicated AI liability coverage as claims emerge.
Right now, most insurers still treat AI-assisted care as part of professional services, but that may change quickly. The first AI-related malpractice or data claim could trigger a rapid shift in how insurers define and cover these risks.
If your organization uses AI-assisted tools, ask your broker whether your current malpractice policy explicitly accounts for them. Few policies currently specify how AI-related decisions fit into malpractice coverage, leaving ambiguity around who bears financial responsibility.
Recent analyses of AI performance in clinical environments have documented cases where algorithms misdiagnosed conditions, such as incorrectly flagging or missing heart attacks or recommending inappropriate cancer treatments, illustrating how AI-driven decisions can create both clinical and legal exposure when oversight is insufficient.
Who is liable when AI makes a mistake?
Healthcare's liability framework has always depended on clear lines of accountability: a physician provides care, a hospital oversees standards, and an insurer assumes financial risk.
AI complicates that structure. If an algorithm misclassifies a patient's condition, is the physician at fault for relying on it? Is the hospital responsible for implementing it? Or does the liability fall to the software vendor that built it?
The American Medical Association is advancing new liability frameworks that place responsibility on the party best positioned to mitigate risk, often the developer or data owner. Until regulators and courts set clearer standards, accountability will remain shared and uncertain.
The first AI-related lawsuit will likely test this "blame gap," the uncertainty around how responsibility is divided between humans and machines when something goes wrong. This gap underscores the lack of clear legal or regulatory guidance on whether liability falls to the provider, the institution, or the software vendor.
To reduce ambiguity, address the following in contracts with AI vendors:
- Who owns and can use shared data, including how it may be stored or reused for model training
- How often algorithms are validated, by whom, and using what performance or bias benchmarks
- Who is financially responsible if a model error results in harm, bias, or data exposure
- What documentation and reporting obligations vendors have following system failures or anomalies
Establishing these terms early helps prevent disputes later and clarifies where accountability truly sits.
Insurance market response: how carriers are adapting to AI risk in healthcare
Insurers are exploring how AI risk fits into their underwriting models. A few carriers already offer hybrid policies that combine professional liability, cyber, and technology errors and omissions coverage.
Traditional malpractice policies may not fully address harm linked to algorithms, leaving potential gaps. Carriers are also examining operational readiness and asking questions such as:
- How is your organization documenting where and how AI is used in care delivery and operations?
- Are staff trained and tested regularly on how to validate AI outputs before relying on them in patient care?
- What AI governance framework or oversight committee exists to track model updates, vendor accountability, and compliance reviews?
Expect more AI-specific questions during renewal, much like today's cyber questionnaires. Prepare documentation now to demonstrate readiness and reduce coverage uncertainty.
Operational and cyber risks tied to AI use in healthcare
Liability is only part of the challenge. AI introduces new operational risks, particularly around data. Healthcare data remains a prime target for cybercriminals, and AI systems rely on vast amounts of it, increasing exposure to breaches and misuse.
Taking a security-first approach helps reduce these risks. Key actions include:
- Conducting quarterly security audits that test both internal and vendor system vulnerabilities, including algorithmic access points
- Reviewing and updating incident response plans to address AI-related misuse, data leaks, or system errors
- Training staff regularly on responsible data handling, including how AI models use and store patient information
- Including detailed data-protection, breach-notification, and remediation clauses in all vendor contracts
Even with strong controls, human error remains a leading cause of data incidents. Many breaches stem from poor training or oversight, areas that warrant the same attention as technical safeguards.
Reputational damage often precedes financial loss. A single AI failure, even from a vendor system, can quickly erode public trust and draw regulatory attention. Communicate proactively with patients, partners, and regulators about how algorithms are validated and monitored to demonstrate accountability. Visible leadership and clear lines of responsibility build confidence and set the stage for stronger education frameworks.
Managing data risk is only part of the equation. Long-term resilience depends on strengthening the people and processes behind the technology.
Building education and governance frameworks for AI risk management
As AI becomes more integrated into clinical and administrative workflows, education and oversight play a central role in reducing risk.
Many healthcare organizations underestimate how deeply AI is embedded in daily systems, from Electronic Health Records (EHRs) to billing. Educating teams on when to rely on AI insights, and when to lean on clinical knowledge, helps strengthen decision-making and documentation.
Effective education includes:
- Scenario-based training: Equip staff to identify when AI recommendations may not reflect patient realities
- Documentation discipline: Require clinicians to record when they override or follow algorithmic guidance, and why
- Continuous refreshers: Update training and model validation protocols at least annually, or whenever new systems are introduced
- Role-specific instruction: Tailor sessions for clinicians, IT, compliance, and leadership to address distinct exposure points
- Awareness of vendor dependencies: Maintain an updated inventory of third-party algorithms in use and document their validation and audit cadence before deployment
Formal review adds another layer of protection. Establish an AI governance committee with cross-functional representation, including legal, compliance, and clinical leaders, to review performance metrics, bias testing, and vendor accountability.
Transparency also matters. Patients want their care to feel human. Clearly communicating how AI supports, rather than replaces, clinical skill reinforces trust and demonstrates responsible innovation.
Extend education beyond clinical staff. Leadership teams and boards play a key role in shaping how AI is deployed, documented, and reported across departments. Aligning governance and frontline teams can turn policy into practice.
Preparing your organization for AI-driven liability and coverage shifts
The outcome of early AI malpractice cases will shape how liability evolves. Now is the time to map where AI is used, update vendor contracts, and document decision-making processes.
As AI transforms care delivery, it will also reshape how insurers assess and price risk. Organizations that track algorithm performance and maintain open communication with carriers will adapt more quickly as regulations evolve.
Taking proactive steps today helps protect your reputation, strengthen governance, and position your organization ahead of emerging liability challenges.
The growth of AI is creating new exposure points
AI is reshaping liability faster than traditional frameworks can adapt, which makes early action essential. To assess your exposure and strengthen your risk posture, connect with the Brown & Brown Healthcare team.
About the author
Sharon Scheuermann has over 30 years of experience in healthcare insurance brokerage. She specializes in creating insurance and alternative risk programs for healthcare organizations, including hospitals, physician groups, and senior living facilities.