These days, there’s a certain quiet urgency that permeates discussions with healthcare IT executives. It’s not quite panic. It’s more akin to the atmosphere in a hospital hallway prior to receiving a challenging diagnosis; everyone is aware that something is amiss, but no one has yet to voice it aloud. Sunil Dadlani stated it aloud.
Like most healthcare executives, Dadlani, executive vice president and chief information and digital transformation officer at Atlantic Health in Morristown, New Jersey, has been watching artificial intelligence advance through his healthcare system with cautious optimism, sporadic excitement, and growing concern that the underlying governance structures haven’t kept up. AI accountability frameworks will become as commonplace as HIPAA compliance, according to his straightforward assessment of the future. Health systems will take the lead if they construct that infrastructure now. Regulatory, reputational, and clinical repercussions await those who fail to do so.
That is not a far-off forecast. It describes what is already beginning to take shape on the horizon.
It’s worth pausing to consider the HIPAA analogy. Many health systems viewed the Health Insurance Portability and Accountability Act, which went into effect in the late 1990s, as a bureaucratic burden that IT departments would discreetly handle as a compliance checkbox. Before the culture truly changed, it took years and a few unpleasant enforcement actions. Dadlani appears to think that AI governance won’t take that long. The risks are too obvious, the technology is advancing too quickly, and public and regulatory pressure is increasing simultaneously from too many angles.
Instead of treating this as a collection of parallel pilots, Atlantic Health has responded by treating it as an enterprise operating model. It may not seem important, but that distinction is crucial. When things go wrong, it’s easy to celebrate pilots and ignore them. Clinical leadership, compliance, privacy, security, and operations all sit together before anything comes into contact with a live workflow in an operating model, which means accountability is ingrained in the structure. Each AI implementation has a designated clinical owner, specified success metrics, and a monitoring strategy. The majority of health systems aren’t currently doing this.
The disparity between what Dadlani describes at Atlantic Health and what’s taking place in the larger environment is difficult to ignore. According to a 2025 survey of 200 U.S. health systems, only after putting particular governance tools in place did 85% of them improve their HIPAA AI compliance posture, indicating that the majority were functioning without sufficient structure prior to that. In the meantime, more than 40 AI-related congressional bills introduced since 2023 have failed, and federal regulation is still dispersed across agencies that only partially cover healthcare AI. Some of that gap is being filled by the states, but even well-resourced systems would find it difficult to comply with the patchwork laws from Texas, Illinois, and California.
Weak governance has practical repercussions that are not theoretical. It has been demonstrated that care management algorithms, which use healthcare spending as a stand-in for medical need, consistently underestimate the disease burden among Black patients. Patients with darker skin have experienced higher rates of false negative results from melanoma screening tools trained on non-diverse datasets. These are documented failures that occurred without the kind of oversight structures Dadlani is describing; they are not edge cases. After more than ten years and approximately four billion dollars, IBM’s Watson for Oncology developed a system that clinical teams eventually reported for producing dangerous treatment recommendations. Rebuilding trust after it has been damaged in this manner is costly.
Dadlani’s counsel to other health IT executives swiftly breaks through the institutional jargon. Give up viewing AI as an IT issue. Assign real accountability to clinical owners, executive sponsors, and owners of privacy and compliance risks. Because concerns about algorithmic bias and patient consent for AI-assisted care are no longer hypothetical, start the ethics discussion early. You can’t build a dependable intelligence layer on an unreliable data layer, so invest in the data foundation before the ambition surpasses the infrastructure. There’s a hint of frustration in the last one, as though he’s witnessed that specific error multiple times.
When federal AI accountability frameworks do eventually materialize, it’s still unclear exactly what they will look like and how quickly enforcement teeth will follow. One model—tiered risk categories, clear patient rights to challenge automated decisions, and future compliance requirements—is provided by the EU’s AI Act, which went into effect in August 2024. There is currently nothing comparable in the United States. However, pressure from state legislatures, patients, regulators, and health systems that have already paid for ungoverned AI failures is pointing in the direction of something more formal and required than the current guidelines indicate.
Infrastructure for governance is being built by systems that do more than just protect against future regulations. They are creating the kind of institutional trust necessary for AI to be truly beneficial on a large scale. That may be the stronger case for avoiding this than any compliance framework.
