When you read a policy document and realize it was released roughly two years too late, you feel a certain kind of dread. Sitting with the American Medical Association‘s recently published framework on AI-generated physician deepfakes makes me feel that way—not because the document is flawed, but rather because the issue it attempts to address has been quietly spreading for so long that it now takes seven formal policy principles to start untangling it.
The framework was released this year by the AMA’s Center for Digital Health and AI. It stands out in a field full of guidance memos, advisory statements, and white papers that often say a lot but commit to very little. It’s particular. It has a point. Additionally, it identifies the threat without hiding it: malicious actors are using artificial intelligence to create videos, audio clips, and pictures of actual doctors in order to promote fraudulent health products, endorse phony treatments, and give medical misinformation a false sense of legitimacy. The faces are authentic. The words aren’t.
When the document was released, AMA CEO John Whyte, MD, did not soften the framing. He referred to physician impersonation deepfakes as “a public health and safety crisis”—language that seemed purposeful, almost direct, coming from a non-alarming organization. The gradual accumulation of incidents seems to have finally crossed some internal threshold within the AMA’s leadership, shifting the tone from cautious concern to something more urgent.
The architecture of the suggested solution is what distinguishes the framework, not just the recognition of the issue. Protecting a doctor’s name, image, likeness, and voice as formal rights; requiring explicit opt-in consent before any AI-generated content uses a doctor’s identity; requiring plain-language disclosures and digital watermarks on synthetic medical content; and, crucially, extending accountability beyond individual physicians to the platforms, hospitals, health systems, and AI vendors that currently operate in a kind of responsibility vacuum are all areas covered by the seven core policy principles.
The final section is more important than it might seem. For many years, the people who are being impersonated have been largely responsible for handling online impersonation. Although it’s still unclear if the majority of tech platforms have the institutional will to change that on their own, the AMA is at least making an effort to generate the push by advocating for quick takedown procedures, audit logs that are preserved, and strengthened federal enforcement. As this develops, it’s difficult to ignore how long those mechanisms have existed in other settings and just haven’t made the transition to the healthcare industry.
The stakes are highest in the patient safety dimension. A convincing video of a doctor—a real doctor whose face they might recognize from a clinic visit—recommending an unproven supplement or discouraging a necessary vaccination is shown. The production is flawless. There isn’t any damage. One fake endorsement at a time, deepfake technology is subtly undermining the public’s trust in the practitioners of evidence-based medicine.
The framework as written may encounter the well-known friction of platform resistance and regulatory lag. The gap between what Congress actually enacts and what the American Medical Association advocates has historically been substantial, and policy principles are not yet legally binding. However, the act of clearly identifying the threat, mapping accountability throughout the entire ecosystem, and refusing to treat physician identity as an unprotected asset in the document itself seems to be the kind of institutional foundation that significant reform typically requires before it occurs.
