Key Takeaways
- The Joint Commission and the Coalition for Health AI released a new framework, the Responsible Use of AI in Healthcare (RUAIH), to guide safe, ethical adoption of AI tools in clinical and operational settings.
- As AI tools rapidly enter health care workflows, they bring both promise and risk. Without clear oversight, organizations may face challenges like algorithmic bias, data misuse and erosion of clinician trust.
- Health care organizations should review the RUAIH framework’s seven core principles and take steps to build governance structures, training protocols and safeguards that align AI use with patient-centered care.
On September 17, 2025, the Joint Commission (TJC), in collaboration with the Coalition for Health AI (CHAI), released its Guidance on the Responsible Use of Artificial Intelligence in Healthcare (RUAIH). This marks the first formal framework from a U.S. accrediting body aimed at helping healthcare organizations safely, effectively and ethically integrate AI technologies into clinical and operational practice.
The Joint Commission’s partnership with CHAI reflects the growing recognition that AI will play a transformative role in care delivery. While currently voluntary, the guidance is intended to serve as a foundation for internal governance, risk management and quality oversight, and will likely inform future accreditation and certification pathways related to AI use.
The guidance outlines seven foundational elements that health care organizations should adopt to ensure AI tools are deployed responsibly and integrated into existing governance and compliance systems. This article summarizes those recommendations and explores what they mean for health systems, patients and regulators.
The Promise and Perils of AI in Health Care
AI is poised to transform how health care is delivered. AI tools can identify subtle patterns in imaging scans, forecast disease progression, optimize treatment plans and automate time-consuming administrative tasks, like collecting or connecting patient information, scheduling and coding patient visits and managing health insurance claims and billing. When used effectively, AI tools can enhance diagnostic accuracy, reduce clinician workload and improve operational efficiency, and potentially even save lives.
But the risks are also significant. The RUAIH framework flagged several critical concerns:
- Algorithmic bias and error: AI relies on massive datasets, creating risks that inaccurate or unrepresentative data can lead to misdiagnosis or inappropriate treatment recommendations.
- Transparency challenges: The “black box” nature of many AI systems undermines clinician trust and patient understanding.
- Data privacy and security: AI tools will receive, process and disclose patient data — creating the risk of unauthorized use, breaches and commercial exploitation.
- Workflow disruption: Integrating AI tools into established clinical environments can strain operations and generate resistance among staff.
- Overreliance: Dependence on AI tools could erode clinician judgment and depersonalize patient care.
While the risks are real, they aren’t, on their own, a reason to rule out AI tools in patient care. The RUAIH framework emphasizes the need to manage those risks responsibly, through structured policies, safeguards and oversight.
Seven Elements of Responsible Use of AI in Health Care
The RUAIH framework outlines seven key elements that health care organizations should consider when deploying or managing AI systems.
- AI Policies and Governance Structures
Health care organizations should establish a formal governance framework integrated with existing compliance, risk and patient safety structures. Multidisciplinary oversight (including clinical, technical, legal and patient perspectives) is strongly recommended.
- Establish a multi-disciplinary governance body to lead and monitor the selection, implementation and use of AI tools;
- Develop policies covering selection, implementation, lifecycle management and compliance for both in-house and third-party AI tools;
- Align the use of AI tools with external regulatory compliance and ethical frameworks; and
- Provide regular updates to the hospital’s senior leadership and governing board regarding the use, outcomes and potential adverse events of AI tools.
- Patient Privacy and Transparency
Health care organizations should build on existing HIPAA and other privacy initiatives to address AI-specific issues such as secondary data use, model transparency and vendor accountability.
- Develop policies governing the access, use and protection of patient data, consistent with federal and state data privacy laws and regulations;
- Disclose to patients when AI tools are being used and educate patients about the way that AI tools are used in their care; and
- Incorporate mechanisms to obtain informed consent when AI tools are used to assist or directly influence clinicians’ treatment decisions.
- Data Security and Data Use Protections
Health care organizations must ensure that their data security standards and protocols are applied consistently to AI tools, using both technical and contractual safeguards.
- Ensure that all patient data is encrypted in transit and at rest and establish permission-based access controls with audit logs to limit exposure;
- Conduct regular vulnerability assessments and penetration testing;
- Develop a comprehensive incident response plan and identify appropriate incident response resources to prepare for a potential data breach incident; and
- Enter into appropriate data use agreements with vendors that define permissible uses, govern the use of identified and de-identified data and establish audit rights.
- Ongoing Quality Monitoring
AI tools should be treated as dynamic systems requiring continuous oversight rather than static technologies.
- Validate each proposed AI tool prior to deployment by reviewing each vendor’s testing, validation and bias assessments;
- Establish feedback channels that encourage routine reporting of errors, performance issues and concerns to the AI governance team, organization leadership and vendors; and
- Develop systems to track the performance, outcomes and adverse events from using AI tools.
- Voluntary Reporting of AI Safety-Related Events
The Joint Commission encourages health care organizations to adopt confidential reporting structures for AI tool-related safety issues in the same manner as other patient safety incidents.
- Use existing channels such as Patient Safety Organizations (PSOs) or Joint Commission sentinel-event processes;
- Submit de-identified reports of AI near-misses, unsafe recommendations or performance failures; and
- Contribute to initiatives like CHAI’s Health AI Registry, which aggregates blinded safety reports for cross-industry learning.
- Risk and Bias Assessment
AI tools can inadvertently amplify inequities if not carefully managed. Health care organizations should evaluate AI tools for potential risks and biases before and after implementation.
- Require vendors to disclose known risks, limitations and bias in their AI tools;
- Validate the AI tools using accurate and representative patient data; and
- Use standardized tools to capture and track risk information and monitor patient outcomes when using AI tools to continually identify any disparities.
- Education and Training
The guidance highlights workforce training and user education as a core component of responsible AI adoption.
- Conduct role-specific training for clinicians and staff on the functionality, limitations and safe use of AI tools;
- Deploy AI literacy initiatives to build a baseline understanding of AI concepts, risks and terminology; and
- Train on AI policies and procedures used within the organization.
Looking Ahead
Although the RUAIH framework is voluntary at present, it signals the Joint Commission’s likely approach to incorporating AI governance into future accreditation surveys. Providers should begin documenting AI oversight policies, governance structures, validation procedures and staff training. Surveyors may soon request evidence that AI systems are governed with the same rigor as other safety-critical technologies. Establishing these practices now will position organizations for both compliance and leadership as accreditation standards are established and evolve.
The Joint Commission and CHAI have announced that a series of follow-on products will launch later this year and into 2026. The next release will include AI governance playbooks, developed after a national series of workshops designed to gather input from hospitals and health systems of all sizes and regions. These playbooks will expand upon the original guidance and provide practical, operational details to help organizations implement AI governance at scale.
Following the release of the playbooks, the Joint Commission plans to introduce a voluntary AI certification program, available to its more than 22,000 accredited and certified healthcare organizations nationwide. This certification will build on the RUAIH principles and serve as a benchmark for demonstrating responsible and trustworthy AI deployment in clinical and operational settings.
Clinicians will adopt new technology, including AI tools, with or without institutional support. That reality makes it essential for health care organizations to be proactive. By adopting governance structures, safeguarding data, ensuring transparency, monitoring performance, addressing bias and educating staff, health care organizations can unlock the transformative power of AI while minimizing its risk.
AI tools won’t replace clinicians or human judgment, nor should they. But as adoption accelerates, the responsibility falls to health care leaders to ensure that AI is deployed with intention, aligned with core principles and backed by the safeguards patients and clinicians deserve.