AI in the Boardroom
Artificial intelligence consistently ranks among the top emerging priorities for governing boards. Yet only about one-third of governing boards have adopted a formal AI governance framework according to a recent NACD survey. AI is no longer a distant innovation to monitor, it is already embedded in existing clinical workflows, administrative and governance processes and common productivity tools. Hospital governing boards have a fiduciary responsibility to ensure that safeguards and governance structures are in place to protect the organization, its workforce and its patients.
A trustee’s fiduciary duties of Care, Loyalty, and Obedience provide a clear foundation for board oversight of AI:
- Duty of Care: Trustees must be reasonably informed before making decisions. This includes understanding how AI systems are used within the organization and ensuring adequate governance and risk‑management measures.
- Duty of Loyalty: Trustees must act in the best interests of the hospital and its patients, including protecting data and mitigating cybersecurity, operational, and reputational risks associated with AI tools.
- Duty of Obedience: Trustees must ensure compliance with laws, regulations, accreditation standards, and ethical obligations. As AI regulations expand, boards must also anticipate and prepare for future requirements.
AI adoption in health care is outpacing regulation. Federal and state agencies are actively developing guidance on AI in clinical decision support and patient data use. This creates an important window for boards to set a governance structure before compliance becomes reactive, and align AI use with organizational mission and strategic priorities.
A consistent struggle in AI governance is toeing the line between what is board responsibility and what is management and operations.
| The Board | Approve policies and frameworks governing AI ethics, safety, privacy, and risk management.Ensure compliance with legal and regulatory requirements.Allocate resources through budget approval.Incorporate AI strategy into broader strategic plan.Ensure alignment with mission. |
| Management | Operationalizing AI within the organization.Monitor and mitigate risks.Evaluate and determine AI tools.Ensuring funding and resources are being distributed appropriately. |
The board should ensure that all AI use is protecting organizational and patient data – and that includes information provided in board reports. Easily accessible generative AI platforms like ChatGPT or Gemini utilize the input of information to continuously grow it’s brain bank. That means that any information that a user were to upload could potentially be pulled and used as data for a prompt submitted by a user in the future. Similarly, many notetaking AI tools have public and private functionality and should be monitored to determine that information collected is safeguarded for security and privacy. Considering this as a starting point, hospital boards should first ask the questions:
- Are the AI tools that our organization is using complying with HIPAA regulations or other regulatory requirements?
- Do we have policies in place for board members on the use of AI tools with board materials or data?
- Do we have policies in place for staff on the use of AI tools with board materials or patient data?
Committee Involvement
As your hospital builds its AI governance structure, it is important to have all the right expertise and perspectives at the table. Existing committees—or an ad hoc AI task force—can provide the structure needed to connect trustees with legal counsel, compliance officers and risk management, IT and cybersecurity staff, and clinical staff. Committee work should support the development or endorsement of policies, monitoring regulatory changes, reviewing dashboards or reports and assuring alignment with mission and strategic objectives.
Trustees do not need to become AI experts, but they must be engaged, informed stewards of the organization’s strategic direction. Continuous education will be vital in an area with such rapid growth and change.
AI Governance Education
Texas Healthcare Trustees is offering a variety of AI governance-related education sessions at the upcoming Healthcare Governance Conference on June 4-6 in San Antonio. Both in-person and online registration options are available. Visit the conference webpage here: www.tht.org/hgc.
References
National Association of Corporate Directors. (2024). Preparing for five crucial board balancing acts in 2025. Retrieved from https://www.nacdonline.org/all-governance/governance-resources/governance-research/outlook-and-challenges/2025-governance-outlook/preparing-for-five-crucial-board-balancing-acts-in-2025/
Hassan, M., Borycki, E. M., & Kushniruk, A. W. (2024). Artificial intelligence governance framework for healthcare. Healthcare Management Forum, 38(2), 125–130. https://doi.org/10.1177/08404704241291226