Strategic Guide for Responsible AI in Healthcare
The organizations that will lead in healthcare AI are not those that adopt it fastest. They are those that have built the governance foundation to scale it responsibly – to make AI not just powerful, but safe to scale.
Co-Authored By:
Monica Kedzierski
Head of Responsible AI, Claritev
Kristen Lambert-Kennedy, JD, MSW, FASHRM
Chief Compliance and Chief Privacy Officer, Claritev
JR Riding
Vice President, Chief Information Security Officer, Claritev
Executive Summary
Artificial intelligence (AI) is reshaping healthcare faster than most governance structures were designed to manage. Across the industry, organizations are deploying AI in claims adjudication, utilization management, care coordination, and population health analytics — often with genuine strategic intent, and often without the structural foundations that determine whether that deployment creates lasting value or accumulates invisible risk.
The pressure to move quickly is real. So is the cost of moving without structure.
Healthcare leaders navigating this moment face a question that is fundamentally not technical, but rather organizational. What kind of AI program are we building: one that delivers results we can stand behind, or one that delivers results we cannot fully explain, govern, or defend?
This strategic framework argues that the answer to that question is not found in the sophistication of the models an organization deploys. It is found in the governance architecture those models operate within.
Responsible AI in healthcare is not a compliance obligation layered on top of an innovation strategy. It is the operational infrastructure that makes innovation trustworthy; and trustworthy innovation is the only kind that endures in a regulated environment where the consequences of AI failure are measured not in reputational headlines but in clinical outcomes, financial integrity, and patient trust.
At Claritev, that infrastructure has been built deliberately and cross-functionally — from security architecture to compliance and privacy to AI governance — into a working system capable of carrying production weight at enterprise scale. This paper reflects the perspectives of three leaders who, in partnership together, are responsible for that system: the Chief Information Security Officer, the Chief Compliance and Privacy Officer, and the Head of Responsible AI.
This strategic guide examines why AI adoption is accelerating across healthcare, what risks leaders must actively manage as agentic capabilities expand, and how a cross-functional governance architecture converts those risks into a durable competitive advantage. The framework is not theoretical. It is operational at Claritev today.
The Accelerators: Why AI Adoption is Accelerating Across Healthcare
Complexity is driving cost and friction
At Claritev, where AI touches hundreds of thousands of healthcare decisions annually — across claims adjudication, payment integrity, utilization management, and benefits analytics — the forces accelerating AI adoption are not abstract trends. They are operational realities that arrive in the data every day.
U.S. healthcare spending is approaching $5 trillion, with a significant portion driven by inefficiency and administrative complexity, accounting for between 15–25% of total U.S. healthcare costs. That administrative drag is slowing workflows and creating friction across the system. The friction, fragmented data, manual processes, and misaligned incentives create:
- Delays in care and payment decisions
- Increased operational strain
- Higher costs for payers, employers, providers and patients
When decisions are made without shared, objective information, inefficiency compounds and affordability suffers.
Rapidly emerging technologies
In healthcare, unreliable AI does not simply produce bad outputs. It produces bad outcomes. That distinction shapes everything about how Claritev approaches AI adoption; not as a capability race, but as a discipline of applied rigor.
AI is evolving into a critical capability in healthcare, one that can help address efficiency and operational challenges by strengthening decision-making, not replacing it. The value of AI is realized when it is applied with that rigor: where it amplifies human judgment, surfaces patterns at scale, and accelerates action on insight that would otherwise take weeks to generate.
AI systems can:
- Analyze large, complex datasets quickly
- Identify patterns and emerging risks
- Prioritize high-impact actions
- Reduce manual, repetitive work
When applied responsibly, AI helps organizations work faster and more efficiently, focus resources where they matter most, and make decisions with greater clarity and confidence. But none of that value is realized — and significant risk can result — when AI operates without the governance infrastructure to make it trustworthy.
The Risk: When AI Moves Faster Than Governance
“The real risk with AI isn’t just incorrect answers — it’s unintended actions. As we move toward more autonomous, agent-driven systems, we have to assume those systems will do what is necessary to complete the job we asked for, but not necessarily in the way that we intended or expected. That gap is where the risk lives.”
JR Riding, Vice President, Chief Information Security Officer | Claritev
AI is not just expanding the enterprise attack surface, it is introducing systems that can act on behalf of users. As organizations adopt more agentic capabilities, the risk shifts from “what the model says” to “what the system does,” creating a fundamentally different security challenge where autonomy and speed can outpace traditional controls.
Key inherent security risks include:
- Data exposure and leakage: Sensitive data (Protected Health Information (PHI), proprietary data, credentials) can be unintentionally exposed through prompts, memory, tool use, or downstream integrations often outside traditional monitoring boundaries.
- Model behavior and output risk: AI outputs can be incorrect, biased, or manipulated (e.g., prompt injection), creating risk when outputs are trusted or operationalized without sufficient validation.
- Agentic overreach and unintended actions: As AI systems move from passive assistants to active agents, they can take actions beyond what was explicitly intended, executing tasks, modifying systems, or interacting with data in ways that exceed user expectations or policy constraints.
- Loss of control in multi-step / autonomous workflows: When agents chain tools, APIs, and decisions together, small errors or adversarial inputs can propagate into larger, unintended outcomes, often without clear visibility or intervention points.
- Third-party and model supply chain risk: AI capabilities increasingly depend on external models, plugins, and orchestration layers, introducing risk around data handling, model behavior, and unclear trust boundaries.
- Shadow AI and decentralized adoption: Rapid enterprise adoption continues to outpace governance, creating blind spots in how AI, and especially agentic workflows, are being used.
- Accountability and explainability gaps: As decision-making becomes more distributed across agents and systems, it becomes harder to determine ownership, trace actions, and audit outcomes.
Real-world examples highlight these risks
- Agent executing unintended destructive actions: Early agent frameworks and experimental environments have demonstrated scenarios where agents, given broad goals, delete files, modify environments, or take irreversible actions when guardrails are insufficient or poorly defined.
- Tool chaining leading to unintended outcomes: Agent-based systems may chain file access, APIs, and execution steps; where a single malformed instruction or adversarial input leads to cascading, unintended system changes.
- Prompt injection in agent workflows: External content (documents, webpages, datasets) may manipulate agents into exfiltrating sensitive data or executing unauthorized actions, particularly when agents have access to tools or privileged context.
- Data leakage through AI-assisted workflows: Associates using copilots or agents to summarize, analyze, or generate content may inadvertently expose sensitive data to external systems or ways that are not well understood.
- Third-party model / platform risk: Use of external AI tools where data handling, retention, or training practices are unclear may create regulatory, contractual, and security exposure.
Understanding precisely where AI fails and why is the prerequisite for building the architecture to prevent it. At Claritev, that architecture begins with a foundational conviction that responsible AI is not a governance layer applied after the fact, but an operational system designed from the ground up to carry production weight.
A Proven Framework for Responsible AI
“Responsible AI is not a governance layer you apply to innovation. It is the operating system that makes innovation worth trusting.”
Monica Kedzierski, Head of Responsible AI | Claritev
Healthcare is not a forgiving environment for AI failures. Decisions touch claims, care pathways, and the financial wellbeing of health plan members, which means the cost of getting AI wrong is not measured in reputational headlines alone. It is measured in real consequences for real people.
This reality demands more than a governance policy and good intentions. It demands architecture; systems deliberately designed to ensure that as AI scales across an enterprise, the structures protecting against failure scale with it.
At Claritev, Responsible AI is built on a foundational conviction: that innovation and accountability are not opposing forces. The organizations that will define the next era of healthcare AI are those that treat governance not as a checkpoint at the end of a development cycle, but as load-bearing infrastructure embedded throughout it – from the first intake conversation to post-deployment monitoring to audit-ready traceability.
That conviction is operationalized through six governance layers, as shown:
L1 | AI Inventory & Model Risk Governance (Foundation)
Governance begins with visibility. The first governance layer is an enterprise-wide registry of every AI system in development or production with named owners, formal risk scorecards, and structured lifecycle management from intake through retirement. In a healthcare technology environment where AI touches utilization management, claims processing, care coordination, and population health analytics across multiple business units, ungoverned or shadow AI is not a nuisance. It is an organizational liability. The inventory layer ensures that no system operates outside the governance structure – and that accountability is assigned before deployment, not discovered after an incident.
L2 | Policy Enforcement (Controls)
Responsible AI principles are only meaningful when they are enforced at the point where decisions are made. The second governance layer operationalizes policy technically: embedding PHI and Personally Identifiable Information (PII) filtering, role-based access controls, and regulatory guardrails at the Application Programming Interface (API) level, before output reaches an end user or downstream system. This is where governance moves from statement of intent to structural reality. Healthcare’s regulatory obligations – including HIPAA, state privacy, and other applicable regulations, as well as contractual accountability to payers and employers – do not allow for after-the-fact remediation. They require controls that are built in, not bolted on.
L3 | Agent Governance (Agentic)
Agentic AI systems — those capable of planning, reasoning, and chaining actions across tools, data sources, and workflows — present a fundamentally different risk profile than traditional model deployment. The relevant question is no longer what did the model output? It is what did the system do, and on whose behalf? The third layer addresses this directly: every agentic use case undergoes pre-deployment review against a purpose-built agentic development framework.
Runtime guardrails define and constrain the scope of permissible agent action. Formal escalation paths activate when agent behavior approaches defined boundaries. This layer does not retrofit model governance onto agentic deployment because they are different problems and conflating them creates the precise governance gaps that produce unintended outcomes at scale.
L4 | Runtime Monitoring (Live)
Deployment is not the conclusion of a governance process; it is the beginning of the most consequential phase. In production, AI systems drift. Model behavior shifts as data patterns evolve. Edge cases surface that no pre-deployment evaluation anticipated. The fourth layer runs continuous telemetry across deployed systems: real-time anomaly detection, behavioral signal monitoring, and drift identification designed to surface issues before they generate business or clinical impact.
In healthcare, where an undetected drift in a prior authorization or payment integrity workflow carries direct consequences for payers, providers, and members, runtime monitoring is not optional operational overhead. It is a governance obligation.
L5 | Intervention Mechanisms (Response)
Every mature AI governance program must answer one question with clarity and specificity: if something goes wrong, what happens next? The fifth layer defines that answer in advance; not in response to an incident, but as a structural feature of how AI systems are deployed. Formal shutdown protocols. Human-in-the-loop escalation pathways calibrated to risk level. Incident response procedures with remediation tracking that produces an auditable record of what occurred and how it was resolved. The goal of this layer is not to assume AI will fail. It is to ensure that when failure occurs — as it does in any complex system operating at scale — the organization’s response is governed, traceable, and restorative rather than reactive and ad hoc.
L6 | Audit Traceability (Assurance)
Healthcare operates within a framework of accountability obligations that do not pause for the pace of AI adoption. Regulators, clients, and the members and patients whose data flows through the systems are entitled to know that AI-driven decisions can be explained, examined, and stood behind. The sixth governance layer ensures the immutable event logging across AI systems, full decision-path traceability, and audit-ready data retention aligned to applicable regulatory standards. This is not a compliance exercise appended to a functioning AI program. It is the evidentiary foundation that makes the entire program defensible: to a board, to a regulator, to a client, and to the public.
Together, these six layers constitute what Claritev’s Responsible AI program calls governance architecture; the operational system running beneath every AI use case the organization deploys. It is not a framework designed for a single point in time. It is designed to carry production weight, adapt to emerging risk, and scale alongside the AI portfolio it governs.
In healthcare, responsible AI is not a constraint on innovation. It is the condition that makes innovation trustworthy — and trustworthy innovation is the only kind that endures.
Compliance, Privacy, and the Governance Imperative
“Responsible AI is a continuous, governed, and cross-collaborative process essential to maintaining compliance, ethical use, and patient trust in healthcare.”
Kristen Lambert-Kennedy, JD, MSW, FASHRM, Chief Complaince and Chief Privacy Officer | Claritev
Compliance and privacy are not the finish lines that an AI program crosses once and leaves behind. They are ongoing disciplines that must be woven into how AI is designed, deployed, and governed from the beginning, not reviewed after the fact. In healthcare, the regulatory environment is not static: laws evolve, court interpretations shift, and the expectations of regulators, clients, and patients are rising in direct proportion to AI’s expanding role in consequential decisions.
Organizations that treat legal and privacy requirements as constraints to be managed will find themselves perpetually reactive. Those that treat them as design principles will find themselves consistently ahead.
In practice, that means AI adoption anchored in six disciplines:
- Ensuring adherence to legal, compliance, and privacy regulations
- Establishing cross-functional governance structures with clear accountability
- Defining use cases tied to measurable outcomes, not just capability demonstrations
- Ensuring human-in-the-loop validation at risk-appropriate thresholds
- Monitoring regulatory and legal developments as a continuous function, not a periodic review
- Investing in scalable, secure data infrastructure that can support responsible AI at enterprise scale
Implementation considerations
In two decades of compliance and privacy leadership, the pattern is consistent: organizations that treat governance as an afterthought spend far more time, and far more capital, remediating problems that structure would have prevented. AI accelerates this dynamic. The speed at which AI systems are deployed, the volume of decisions they influence, and the sensitivity of the data they touch in healthcare means that governance gaps do not stay small. They compound.
Responsible AI implementation requires organizations to build governance in before the pressure to move fast makes it feel optional. That means monitoring regulatory requirements as a continuous discipline rather than a periodic audit, ensuring that bias, model performance, and data integrity are evaluated at intake — not after deployment — and maintaining the cross-functional accountability structures that ensure no single function owns AI risk in isolation. In healthcare, the standard is not compliance. It is trust; and trust is built through the decisions an organization makes before anything goes wrong.
Benefits of Responsible AI
The case for responsible AI is sometimes framed purely as a risk mitigation argument — a reason to slow down, add oversight, and protect the organization from its own ambitions. That framing misses the point entirely.
When implemented with genuine rigor, responsible AI does not constrain organizational performance. It enables it by removing the friction, uncertainty, and hidden costs that accumulate when AI systems operate without adequate governance.
At Claritev, four measurable benefits define what responsible AI delivers in practice.
Stronger decision making at speed and scale
Healthcare decisions are only as reliable as the information that informs them. AI systems that operate without governance introduce a specific and underappreciated failure mode: they produce outputs that appear authoritative but carry unvalidated assumptions, undetected bias, or model drift that has gone unmonitored since deployment. The result is faster decision-making with a hidden accuracy problem.
Responsible AI architecture addresses this directly. When AI systems are governed through structured risk categorization, continuous runtime monitoring, and human-in-the-loop validation at defined thresholds, the outputs those systems produce carry a fundamentally different level of organizational confidence. Decision-makers at every level — clinical, operational, financial — can act on AI-generated insight with the assurance that the system producing it is performing within governed parameters. The goal is not just faster decisions. It is better ones.
Trust that is earned and maintained
Trust in AI is not established at deployment. It is built over time through the consistent, auditable demonstration that AI systems behave as designed, that their decisions can be explained, and that the organization governing them takes accountability seriously.
In healthcare, where AI decisions intersect with patient care pathways, claims adjudication, and the financial interests of payers, employers, and members, trust is not an abstract value. It is the condition under which clients renew contracts, regulators accept programs, and associates engage with AI tools rather than circumventing them. Responsible AI governance — transparent, cross-functional, continuously monitored — is the mechanism through which that trust is built systematically rather than assumed. Accountability structures do not slow innovation. They are what allow innovation to be trusted.
Reduced friction across the enterprise
A significant and frequently unmeasured cost of ungoverned AI adoption is the organizational friction (rework, escalations, legal reviews, implementation delays) that accumulates when AI systems are deployed without adequate structure and must be remediated retroactively.
Shadow AI, undocumented use cases, inconsistent vendor evaluation, and ad hoc responses to compliance questions do not represent the absence of governance work. They represent governance work done reactively, at higher cost, under greater organizational pressure than if the structure had existed from the start. Responsible AI governance — with clear intake processes, pre-deployment review, and embedded policy enforcement — removes this friction systematically. Teams move faster not despite governance, but because the path through it is defined, predictable, and designed to be traversed efficiently.
Improved affordability through structural integrity
Healthcare’s affordability crisis is, in measurable part, an information problem. Inefficiency compounds when decisions are made without shared, objective insight: when cost drivers are identified retrospectively rather than anticipated, when administrative complexity is absorbed as a fixed cost rather than addressed as a solvable one, and when AI systems that could surface actionable intelligence operate without the governance structures that make their outputs reliable enough to act on.
Responsible AI creates conditions under which AI-generated insight can be operationalized with confidence. When data infrastructure is trusted, when AI outputs are validated and monitored, and when governance enables rather than delays deployment, the result is AI that genuinely removes cost from the healthcare system rather than shifting it between stakeholders. That is the promise of AI in healthcare and responsible governance is what makes it a promise an organization can keep.
Conclusion
The healthcare system is not short on intelligence. It is short on the structural conditions that allow intelligence — human or artificial — to move reliably from insight to action without introducing new risks faster than existing ones are resolved.
That is the problem AI governance exists to solve.
Not to slow innovation down. Not to introduce friction where none is needed. But to build the organizational infrastructure that allows AI to do what its proponents promise it will do: reduce administrative complexity, improve decision quality, expand access to insight, and remove cost from a system that can no longer afford to carry it.
The organizations that will define the next decade of healthcare are not those that experimented with AI earliest. They are those that operationalized it most responsibly — those that treated governance not as a checkpoint at the end of a development cycle, but as load-bearing infrastructure embedded throughout it. Those that understood that security, compliance, and responsible AI are not three separate disciplines applying independent brakes to the same vehicle. They are three dimensions of a single organizational capability: the capacity to deploy AI that can be trusted.
Trust, in this context, is not a sentiment. It is a structural outcome produced by systems that are visible, governed, monitored, and auditable. They are by organizations where the people responsible for security, compliance, and responsible AI governance are not working in parallel silos but in genuine cross-functional alignment, with shared accountability for the AI systems the organization deploys.
The framework presented across security architecture, compliance and privacy, and responsible AI governance reflects a shared commitment: in healthcare, the stakes are too high for AI without accountability, and the opportunity is too significant for accountability without AI.
The path forward is not a choice between innovation and responsibility. It is the recognition that in a regulated, high-consequence industry like healthcare, responsibility is the operating system that makes innovation at scale sustainable.
Monica Kedzierski
Head of Responsible AI, Claritev
Monica Kedzierski is the Head of Responsible AI at Claritev, where she leads the strategy and governance that ensures AI is developed and deployed with safety, trust, and real-world impact.
Kristen Lambert-Kennedy, JD, MSW, FASHRM
Chief Compliance and Chief Privacy Officer, Claritev
With more than two decades of leadership in law, compliance, risk, and privacy, Kristen serves as the Chief Compliance and Chief Privacy Officer at Claritev, overseeing enterprise-wide compliance initiatives, ensuring adherence to applicable laws and regulations, and promoting a culture of ethics and integrity across the organization.
JR Riding
Vice President, Chief Information Security Officer (CISO), Claritev
JR Riding is the Vice President, Chief Information Security Officer at Claritev, a leading provider of data analytics and technology-enabled cost management solutions for the U.S. healthcare industry.
