Artificial intelligence now drives nearly every aspect of healthcare, from automating documentation to supporting diagnosis and managing claims. According to a recent joint report by Microsoft and Healthcare Dive, 79% of healthcare organizations report some level of AI use today.
You may assume your existing coverage already accounts for these systems. However, that assumption is increasingly risky. While these technologies promise greater accuracy and efficiency, they also raise a critical question: When something goes wrong, who's responsible — you, your vendor, or the algorithm itself?
AI's rapid expansion redefines risk management. What once felt futuristic is now used in the healthcare sector daily.
Most AI tools today are designed by vendors and developers to assist, not replace, human judgment. However, as the technology becomes more autonomous, the potential for exposure grows.
This pattern has played out before. When cyber risk first emerged, insurers treated it as part of professional liability coverage. But as breaches became more frequent and costly, they introduced dedicated cyber policies with tighter underwriting and exclusions. AI-related exposures are expected to follow a similar path — initially covered under existing policies, then evolving into dedicated AI liability coverage as claims emerge.
Right now, most insurers still treat AI-assisted care as part of professional services, but that may change quickly. The first AI-related malpractice or data claim could trigger a rapid shift in how insurers define and cover these risks.
If your organization uses AI-assisted tools, ask your broker whether your current malpractice policy explicitly accounts for them. Few policies currently specify how AI-related decisions fit into malpractice coverage, leaving ambiguity around who bears financial responsibility.
Recent analyses of AI performance in clinical environments have documented cases where algorithms misdiagnosed conditions, such as incorrectly flagging or missing heart attacks or recommending inappropriate cancer treatments, illustrating how AI-driven decisions can create both clinical and legal exposure when oversight is insufficient.
Healthcare's liability framework has always depended on clear lines of accountability: a physician provides care, a hospital oversees standards, and an insurer assumes financial risk.
AI complicates that structure. If an algorithm misclassifies a patient's condition, is the physician at fault for relying on it? Is the hospital responsible for implementing it? Or does the liability fall to the software vendor that built it?
The American Medical Association is advancing new liability frameworks that place responsibility on the party best positioned to mitigate risk, often the developer or data owner. Until regulators and courts set clearer standards, accountability will remain shared and uncertain.
The first AI-related lawsuit will likely test this "blame gap," the uncertainty around how responsibility is divided between humans and machines when something goes wrong. This gap underscores the lack of clear legal or regulatory guidance on whether liability falls to the provider, the institution, or the software vendor.
To reduce ambiguity, address the following in contracts with AI vendors:
Establishing these terms early helps prevent disputes later and clarifies where accountability truly sits.
Insurers are exploring how AI risk fits into their underwriting models. A few carriers already offer hybrid policies that combine professional liability, cyber, and technology errors and omissions coverage.
Traditional malpractice policies may not fully address harm linked to algorithms, leaving potential gaps. Carriers are also examining operational readiness and asking questions such as:
Expect more AI-specific questions during renewal, much like today's cyber questionnaires. Prepare documentation now to demonstrate readiness and reduce coverage uncertainty.
Liability is only part of the challenge. AI introduces new operational risks, particularly around data. Healthcare data remains a prime target for cybercriminals, and AI systems rely on vast amounts of it, increasing exposure to breaches and misuse.
Taking a security-first approach helps reduce these risks. Key actions include:
Even with strong controls, human error remains a leading cause of data incidents. Many breaches stem from poor training or oversight, areas that warrant the same attention as technical safeguards.
Reputational damage often precedes financial loss. A single AI failure, even from a vendor system, can quickly erode public trust and draw regulatory attention. Communicate proactively with patients, partners, and regulators about how algorithms are validated and monitored to demonstrate accountability. Visible leadership and clear lines of responsibility build confidence and set the stage for stronger education frameworks.
Managing data risk is only part of the equation. Long-term resilience depends on strengthening the people and processes behind the technology.
As AI becomes more integrated into clinical and administrative workflows, education and oversight play a central role in reducing risk.
Many healthcare organizations underestimate how deeply AI is embedded in daily systems, from Electronic Health Records (EHRs) to billing. Educating teams on when to rely on AI insights, and when to lean on clinical knowledge, helps strengthen decision-making and documentation.
Effective education includes:
Formal review adds another layer of protection. Establish an AI governance committee with cross-functional representation, including legal, compliance, and clinical leaders, to review performance metrics, bias testing, and vendor accountability.
Transparency also matters. Patients want their care to feel human. Clearly communicating how AI supports, rather than replaces, clinical skill reinforces trust and demonstrates responsible innovation.
Extend education beyond clinical staff. Leadership teams and boards play a key role in shaping how AI is deployed, documented, and reported across departments. Aligning governance and frontline teams can turn policy into practice.
The outcome of early AI malpractice cases will shape how liability evolves. Now is the time to map where AI is used, update vendor contracts, and document decision-making processes.
As AI transforms care delivery, it will also reshape how insurers assess and price risk. Organizations that track algorithm performance and maintain open communication with carriers will adapt more quickly as regulations evolve.
Taking proactive steps today helps protect your reputation, strengthen governance, and position your organization ahead of emerging liability challenges.
AI is reshaping liability faster than traditional frameworks can adapt, which makes early action essential. To assess your exposure and strengthen your risk posture, connect with the Brown & Brown Healthcare team.
Sharon Scheuermann has over 30 years of experience in healthcare insurance brokerage. She specializes in creating insurance and alternative risk programs for healthcare organizations, including hospitals, physician groups, and senior living facilities.