Four governance layers.

Most institutions have built two.

Layer 4 has no name.

This week's post laid out the architecture.

Data Governance. AI Governance.
Healthcare AI Governance.
Clinical AI Governance.

Most institutions have built the first three
in some form.

Layer 4 stays unnamed.

This issue answers the question
that surfaced in the comments.

Why.

Layer 4 has no name because the institution
does not know who to name.

The first three layers map to functions
that already exist.

Data Governance has Stewards,
Architects, IT, Security.

AI Governance has Legal,
Risk, Ethics, Product.

Healthcare AI Governance has Operational
Leadership, Compliance, Quality.

Each of those layers is staffed by people
whose job descriptions already include
the work.

Layer 4 is different.

Clinical AI Governance protects the patient
decision at the bedside.

It does not map to an existing
job description.

It maps to a clinical executive seat
that is currently doing other work.

The CMO. The CMIO.
The Chief of the relevant clinical service.

These leaders sit in three different
reporting lines.

They answer to different committees.

Their performance is measured
on different outcomes.

None of them was hired to own
AI accountability at the bedside.

The institution must create the role
before it can name the owner.

That is the structural move most health
systems have not made.

They are looking for an existing executive
to absorb the responsibility.

The role the responsibility requires
does not yet exist.

The result is what surfaced at the
academic medical center governance
committee last quarter.

A board member asked who owns the clinical
AI decision at the bedside.

The room went quiet.

No name on the charter.
No name in the room.

Not because the leaders in that room
were unwilling.

Because the role they were being asked
about did not exist yet.

Three failures show up when Layer 4
stays unbuilt.

The audit fails first.

When a regulator or payer asks who owned
the clinical AI decision,
no name surfaces.

The audit trail stops at the clinician.

The liability follows.

Without a named owner, the legal exposure
flows to the front-line clinician
who acted on the recommendation.

The institution carries the harm.
Not the accountability.

The clinician absorbs both.

They are asked to carry decisions
the institution has not formally
assigned to anyone.

Layer 4 stays unbuilt
and the cost lands on the people
with the least power in the room.

Three questions every CMO must be able
to answer before the next deployment.

Does the charter name a person,
or does it name a function?

Does that person have signing authority
on clinical AI deployments,
or does signing authority sit elsewhere?

If an AI recommendation reaches a patient
and harm follows, does the named owner
appear in the audit trail,
or does the audit trail stop
at the clinician?

If any of those answers is unclear,
Layer 4 is unbuilt.

The accountability gap lives in
the missing layer.
The missing layer is where the named
owner has to live.

For every clinical AI deployment
currently live in your institution,
a regulator who asked who owns Layer 4
today should get a name.

Not a function.
Not a committee.
Not a title.

A name.

If producing that name requires a meeting,
the role does not exist yet.

And if the role does not exist,
Layer 4 stays unbuilt.

MedicoVigilance™ is published every two weeks by Mo Johnson, MD MBA, founder of GPe Research. Each issue teaches one piece of the clinical AI accountability discipline your institution needs before the next deployment decision.

Forward this to a colleague whose institution is running on output no one has been named to own.

Keep Reading