The debate over autonomous clinical AI is no longer theoretical. Neither is the AI governance gap it exposes.
A regulatory battle is unfolding across healthcare — one that has little precedent and no obvious resolution. On one side, federal officials are working to address clinical workforce shortages, including assessing the potential for AI to increase access to care by diagnosing, prescribing, and therefore treating patients with limited physician oversight.
On the other, state medical boards and attorneys general are pushing a much more cautious approach that protects against the unmeasured risk of errors from this nascent technology. Health systems, payers, and clinical organizations sit between these two forces, largely without the governance infrastructure to manage either outcome.
Whatever position one takes on the merits of autonomous clinical AI, the institutional challenge this creates is real, immediate, and independent of how the AI policy debate resolves.
A first-of-its-kind state pilot in Utah allows an AI system to autonomously process prescription renewals — with federal support. More than $50 million in research funding has been directed toward conversational AI tools for cardiovascular care. An expedited approval pathway now exists for digital health AI products, reducing the pre-market scrutiny that previously applied to this category of technology. And a regulatory pathway for what is being described as independent AI physicians is currently in development.
The FDA's January 2026 guidance reinforced this direction, narrowing the definition of what constitutes a regulated medical device and signaling that many AI tools assisting clinicians — if a physician can independently review the recommendations — may not require clearance at all. The agency's stated goal is to reduce barriers to deployment.
The significance of this moment for healthcare leaders isn’t solely about policy outcomes, but also about what the friction itself reveals.
Health systems are the environment in which these decisions will play out. Regardless of whether federal deregulation accelerates autonomous clinical AI deployment, or whether state policymakers slow it, the tools are already arriving. Vendors are actively pitching AI clinical decision support — and, increasingly, semi-autonomous clinical AI — to hospitals and health systems today. Many tools are already in use: in the EHR, in administrative workflows, and in the consumer applications clinicians are using on their own initiative. While clinical decision support requires a licensed provider to review and accept suggestions generated by the applications, what does this look like as clinicians are asked to increase productivity?
The liability architecture is shifting in real time. Courts and regulators are beginning to establish the legal theory of what it means for an AI system to practice medicine without a license. Pennsylvania's lawsuit, whatever its outcome, puts every health system on notice that deploying or tolerating AI tools that cross into clinical decision-making — without proper oversight, documentation, and policy controls — carries meaningful legal exposure. That exposure doesn’t depend on whether the federal government eventually sanctions autonomous AI physicians. It exists now, under current state medical practice law.
There’s also a patient safety dimension that operates independently of the regulatory environment. The Utah pilot's own third-party red team assessment identified potential vulnerabilities under adversarial usage conditions before the program reached its second phase. Cybersecurity researchers separately demonstrated significant exploits in the underlying AI system. These findings did not halt the program, but they illustrate a broader principle: AI clinical tools can fail in ways that are neither predictable nor visible without active monitoring.
Health systems that cannot see what AI is doing in their clinical workflows cannot catch those failures before they reach patients.
Finally, there’s the workforce dimension. Clinicians at every level — physicians, nurses, pharmacists, care coordinators— are using AI tools to support their work, often without formal organizational sanction. This is a predictable response to productivity pressure and the ready availability of capable tools. But it creates a category of risk that no policy document alone can address: AI tools entering clinical workflows through individual staff adoption, outside any formal procurement, review, or oversight process.
It’s tempting to frame this moment as a technology problem — a question of which AI tools are safe and which are not, which vendors are trustworthy and which are not. That framing is incomplete. The more consequential gap is structural.
The organizations best positioned to manage what comes next aren’t necessarily those that have been most cautious about AI adoption. Rather, they’re those that have built the infrastructure to know what’s happening — and to enforce policy around it.
Governance, in this context, means three things:
Most health systems currently lack all three. They have policies but not enforcement. They have vendor contracts but not visibility. They have awareness of the headline-grabbing AI tools but not the dozens of others operating in the background.
The federal government's push toward autonomous clinical AI makes this gap more consequential. If the regulatory floor drops — if the bar for what constitutes a medical device rises, if approval pathways accelerate, if federal policy treats AI prescribing as a legitimate modality — then the volume of AI clinical tools seeking entry into health systems will increase substantially.
Organizations without governance infrastructure will face those decisions without the information they need to make them well.
Conversely, if state-level resistance intensifies and enforcement actions expand, health systems will increasingly be required to demonstrate that they knew what AI was in their environment and had meaningful controls around it.
Governance infrastructure is how that demonstration is made.
The AI physician debate won’t resolve quickly. The federal-state tension is structural, the legal questions are novel, and the clinical evidence base is still forming. Health system leaders cannot wait for resolution before acting.
The organizations that will navigate this period well are those that treat AI governance as an operational priority rather than a compliance checkbox.
That means conducting a rigorous inventory of AI tool usage across clinical and administrative functions — including tools deployed by staff, not just those procured centrally.
It means establishing and enforcing policies that define what AI can and cannot do in clinical workflows, with meaningful oversight for tools that approach clinical decision-making.
It means building the audit infrastructure to document and defend those decisions.
None of this requires taking a position on whether AI physicians are desirable. It requires recognizing that autonomous clinical AI is moving from pilot to policy — and that the governance infrastructure to manage it must be built before the tools arrive in force, not after a safety incident or an enforcement action makes the need undeniable.
The window for proactive action is open. The organizations that use it will be far better positioned than those that do not.
At Vitea, we work with healthcare organizations to build that governance layer — providing the visibility, policy enforcement, and audit capability that health systems need to manage AI safely and with accountability. If your organization is assessing its readiness, we're glad to be a resource. Click to contact our team.
.png)
.png)
.png)
