Clinical AI Governance Committee Charter
Establish a healthcare-specific AI governance committee with clinical and technical expertise, defined quorum and decision rights, escalation authority over AI systems involved in clinical decision support and patient care, and a review cadence aligned to FDA Software as a Medical Device (SaMD) guidance and applicable state clinical standards.
Objective
Ensure AI systems used in clinical settings — including diagnostic support, treatment recommendations, clinical documentation, and patient triage — receive governance oversight from a body with appropriate clinical expertise and authority, distinct from the organization's enterprise AI governance committee.
Maturity Levels
Initial
AI systems used in clinical settings are reviewed under the same enterprise AI governance process as other AI deployments, without clinical-specific expertise or authority on the governance committee. Clinical staff are not systematically involved in AI governance decisions affecting patient care.
Developing
Clinical leadership is consulted on AI deployments affecting patient care, but consultation is informal and not governed by a committee charter. There is no defined quorum, decision authority, or escalation path for clinical AI governance.
Defined
A Clinical AI Governance Committee (CAGC) is established by charter with: defined membership including CMO, CMIO, clinical informatics, compliance, and clinical representative from each major service line; quorum requirements; decision rights over clinical AI deployments; escalation path to board; and a review cadence aligned to FDA SaMD guidance. All AI systems used in clinical decision support are reviewed by the CAGC before deployment.
Managed
The CAGC maintains an inventory of clinical AI systems with ongoing performance monitoring. FDA-classified SaMD products are tracked against regulatory submissions and change management requirements. Post-market surveillance findings from clinical AI vendors are reviewed at each CAGC meeting. Clinical AI incidents are escalated through the committee and reported per regulatory obligations.
Optimizing
The CAGC reviews and updates its charter annually. Clinical AI performance data is aggregated across the system's clinical AI portfolio for portfolio-level trend analysis. The CAGC participates in industry working groups developing clinical AI governance standards. Governance evidence is packaged for Joint Commission review and state health department examination.
Evidence Requirements
What an auditor or assessor would expect to see for this control.
- —CAGC charter defining membership, quorum, decision rights, meeting cadence, and escalation authority.
- —Clinical AI system inventory maintained by the CAGC, with regulatory classification status for each system.
- —CAGC meeting minutes for the past 12 months showing review of clinical AI deployments, performance reports, and incidents.
- —FDA regulatory submission tracking records for SaMD products in the clinical AI portfolio.
- —Post-market surveillance process documentation and adverse event review records for classified SaMD products.
Implementation Notes
Why clinical AI requires a separate governance structure
Enterprise AI governance committees are designed to cover the breadth of an organization's AI portfolio: customer service, operations, finance, marketing, supply chain, HR. They are staffed for breadth, not clinical depth. When a clinical AI governance decision requires clinical judgment — Is this diagnostic algorithm performing acceptably for this patient population? Does this treatment recommendation system have appropriate uncertainty communication for this clinical context? — an enterprise committee without clinical expertise cannot make that judgment.
The consequences of under-governed clinical AI are categorically different from other AI governance failures. A poorly governed finance AI may cost money. A poorly governed clinical AI may kill a patient. This asymmetry justifies a dedicated governance structure.
FDA SaMD classification and its governance implications
The FDA's Software as a Medical Device (SaMD) framework classifies software functions based on their role in clinical decision-making and the significance of the information they provide:
Class I SaMD (low significance): Software that provides information for administrative support or for informing non-clinical decisions. Lowest regulatory burden.
Class II SaMD (moderate significance): Software that provides information to support or inform clinical decisions but is not itself the basis for treatment decisions. Typically requires 510(k) clearance. Examples: radiology AI that flags areas of interest for physician review.
Class III SaMD (high significance): Software whose output is intended to be the basis for, or to directly inform, treatment or diagnosis. Requires PMA in many cases. Examples: AI systems that diagnose conditions from imaging without requiring physician confirmation.
A clinical AI deployment that meets SaMD criteria must be managed under the organization's FDA-compliant software quality management system. This includes:
- Tracking regulatory submission status for each SaMD product in the clinical AI portfolio
- Post-market surveillance requirements: collecting adverse event data, reporting to FDA per 21 CFR Part 803
- Change management: understanding when a vendor update to a cleared SaMD product requires a new submission vs. falls within the cleared change envelope
- Predicate tracking: understanding the predicate device relationships that support current clearances
The CAGC should include someone with FDA regulatory expertise or direct access to regulatory counsel for all decisions involving classified SaMD products.
Committee structure and charter elements
Membership (minimum requirements):
- Chief Medical Officer (chair or co-chair)
- Chief Medical Information Officer / Chief Clinical Informatics Officer
- Clinical informatics physician / medical informaticist
- Chief Compliance Officer or designee
- Chief Information Security Officer or designee
- Clinical representative from each major AI-using service line (radiology, pathology, pharmacy, ED, as applicable)
- Patient safety officer or quality improvement officer
- At least one frontline clinician (physician or advanced practice provider) who is an end user of clinical AI
Quorum: At least one clinical and one compliance/technical member; specific quorum requirements defined in charter.
Decision rights:
- Approve / reject all clinical AI deployments for patient care use
- Approve / reject material updates to approved clinical AI systems
- Suspend a clinical AI system pending investigation (single CMO authority for immediate suspension; committee ratification within 48 hours)
- Recommend to board / executive committee on clinical AI risk posture
Meeting cadence:
- Regular: monthly review of clinical AI performance reports, vendor communications, and new deployment requests
- Emergency: within 48 hours of a clinical AI-related adverse event or significant safety signal
- Annual: charter review and clinical AI portfolio risk assessment
Clinical AI incident escalation path
Clinical AI incidents require different handling than enterprise AI incidents because they may involve patient harm, regulatory reporting obligations, and mandatory disclosure under state patient safety laws. The escalation path:
- Frontline staff identifies anomalous AI output or suspected patient safety event → Report to clinical supervisor and clinical informatics team.
- Clinical informatics team conducts initial triage → Escalate to CAGC chair if patient harm is suspected or system performance has materially degraded.
- CAGC chair authority to suspend system immediately → CAGC convenes within 48 hours.
- CAGC reviews incident → Determines whether reportable to FDA (adverse event or malfunction), state patient safety authority, and / or Joint Commission.
- Post-incident review produced within 30 days → Reviewed by CAGC; findings shared with vendor where applicable.
Example Implementation
Clinical AI Governance Committee — Quarterly Report Summary
Reporting period: Q2 2026 | Prepared by: Clinical Informatics | Reviewed by: CAGC
Portfolio status:
| System | Type | FDA class | Status | Performance flag | Vendor update pending? |
|---|---|---|---|---|---|
| Radiology AI (chest X-ray) | Diagnostic support | II (510(k)) | Active | None | Yes — version update Q3; change assessment required |
| Sepsis early warning | Clinical decision support | II | Active | Amber — sensitivity below target in ICU cohort | No |
| Clinical documentation assistant | Documentation | I | Active | None | No |
| ED triage risk stratification | Triage support | II | Under review | — | — |
Q2 incidents:
- 1 reportable event: Sepsis warning system missed 3 cases in a 2-week period coinciding with EHR integration update. Root cause: EHR update changed lab value formatting; AI model received malformed inputs. FDA adverse event report filed (date). Vendor notified. System performance restored after EHR rollback. Post-incident review complete.
Deployments approved this quarter: Clinical documentation assistant v2.1 (scope expansion: additional service lines; reviewed against Class I classification — no new regulatory submission required).
Vendor updates reviewed: Radiology AI vendor submitted change notice. Change assessment in progress. Expected CAGC decision: Q3 2026 meeting.
Actions required:
- CMO: Sign post-incident review for sepsis system (due [date])
- Clinical informatics: Complete radiology AI change assessment (due [date])
- Compliance: Confirm ED triage system FDA classification before CAGC deployment review