Tech at warp speed: Why medical practices can’t afford to let liability lag behind

The tools available to medical practices today would have looked like science fiction a decade ago. Ambient artificial intelligence (AI) scribes transcribe patient encounters in real time, diagnostic algorithms flag early-stage disease, and telehealth platforms extend care to patients who might never enter a clinic. But as the technology accelerates, the legal and regulatory frameworks meant to govern it are struggling to keep up, and that gap is quietly becoming one of the most significant liability exposures in medicine.

A 2024 American Medical Association survey found that 66% of physicians reported using AI in their practices, a dramatic rise from 38% the year before. The pace of that adoption is exactly what concerns liability experts: Practices are integrating tools faster than they are understanding what they are agreeing to when they do.

“The system around American medicine is shifting faster than the law, or physicians, can keep up with,” Richard Anderson, M.D., FACP, chairman and CEO of The Doctors Company and TDC Group, told Medical Economics in early 2026. Anderson described the current environment as “an unstable situation,” pointing to AI adoption, nuclear malpractice verdicts and a fraying regulatory safety net as converging risks for physicians.

When not using AI becomes the liability

The conversation has shifted from whether AI belongs in clinical practice to how quickly it is reshaping what courts will expect. Sara Gerke, associate professor of law at the University of Illinois Urbana-Champaign, said the legal definition of standard of care may already be moving faster than most physicians realize.

“AI could eventually redefine the standard of care,” Gerke said on Off the Chart, a Medical Economics and Physicians Practice podcast. “A study published in the Journal of Nuclear Medicine showed that potential jurors may see following AI recommendations as reasonable, even when they deviate from the standard of care. Following the advice of AI already seems to reduce the risk of liability for injury that results from deviations from the standard of care.”

David Simon, associate professor of law at Northeastern University, said the threshold question is not whether AI is sophisticated but whether it is widespread.

“It depends on how pervasive the technology is throughout the field,” Simon said. “If there aren’t a sufficient number of people using AI that it constitutes a standard of care, then not using it won’t be a breach. But if it’s pervasive enough, or if it’s adopted enough in a certain subspecialty, then it can change the standard of care. AI probably will reshape it, but it’s not going to be one and done. It’s going to happen gradually, in certain subspecialties, in fits and starts.”

The result is a moving target: Not using AI could eventually be seen as negligent, while relying on it too heavily without proper validation may be considered careless.

Who holds the bag when AI gets it wrong

The central unresolved question in health care technology liability is deceptively simple: When an algorithm contributes to a bad patient outcome, who is responsible?

According to a 2025 editorial published in Frontiers in Public Health, physicians may face medical malpractice allegations if the use or misuse of AI is deemed to fall below the accepted standard of care, while hospitals bear institutional responsibility to ensure AI systems are properly validated, maintained and used in accordance with applicable regulatory requirements.

Gerke said her own research, conducted across six focus groups with surgeons in the U.S. and Europe, found that liability currently points toward providers rather than manufacturers.

“Right now, liability likely mainly falls on physicians and also hospitals, and not necessarily on manufacturers,” she said. “Surgeons were very skeptical about holding manufacturers liable unless there was a clear defect. But some surgeons called for shared accountability if the AI output is followed properly. There’s really a pressing question of whether the liability landscape needs to adapt, and whether responsibility will be fairly allocated and shared among stakeholders, especially thinking about AI tools that in the future will be much more sophisticated.”

Deepika Srivastava, chief operating officer at The Doctors Company, the largest physician-owned malpractice insurer in the U.S., said the insurance industry sees the picture plainly.

“Where does the ultimate responsibility lie when AI contributes to patient harm: with the physician who relied on it, the health system that deployed it or the technology company that designed it? Currently, malpractice law provides no clear allocation of liability among the three,” Srivastava said. “Physicians currently bear the primary legal risk since they sign the record and make the clinical decision.”

A 2024 paper in Future Healthcare Journal described clinicians as being at risk of becoming “liability sinks” for AI, meaning that despite having little control over how these tools are built or trained, they are most exposed when something goes wrong.

Device pathways add another wrinkle

The regulatory pathway a product takes to market affects how much legal exposure flows back to its manufacturer, and Simon said that distinction matters enormously for how physicians protect themselves.

“A lot of times when there are device cases, the individual suing will sue the device manufacturer because there’s some defect they claim in the device,” Simon said. “I think that’s very likely to happen with AI technologies, particularly those that go through the 510(k) process, which doesn’t usually require any clinical data. There’s going to be a lot of product liability claims, tort claims against manufacturers.”

But physicians are not insulated simply because a manufacturer gets sued. Simon warned that the risk shifts back to the clinician when a device is used outside its validated scope.

“Physicians will be at risk when they either don’t use the device according to its specifications or when they use a device that’s not standard of care,” he said. “You don’t want to just start experimenting with different uses. If it’s been tested at all, it’s been tested for a particular use in a particular setting, and you shouldn’t assume it can be transplanted to another setting without doing some digging.”

The cybersecurity dimension

Technology adoption also broadens the attack surface for cybercriminals, and health care remains one of the most targeted sectors. According to Richard Cahill, J.D., vice president and associate general counsel at The Doctors Company, ransomware attacks can prevent an affected organization from accessing its data unless payments are made, directly interfering with patient care. Because patients’ protected information holds substantial value on the black market, data breaches are a typical collateral consequence of ransomware attacks. For covered entities, those breaches can trigger civil, criminal and administrative liability under federal and state privacy laws, with financially devastating results.

The risks are amplified when practices connect new technology vendors to their networks without adequately vetting security protocols. Each vendor relationship is a potential entry point, and each poorly negotiated contract can leave a practice with limited recourse when a breach occurs.

Informed consent enters new territory

The integration of AI also raises informed consent concerns, particularly when patients are unaware of the role AI plays in their diagnostic or therapeutic management. Ambient AI scribes, for example, are recording clinical conversations, sometimes without explicit patient acknowledgment. A 2025 paper in JAMA Network Open found that ambient listening creates documentation, consent and data governance obligations that most practices have not yet established.

Srivastava said informed consent is, without question, the top protective step she advises physicians to take.

“Informed consent is our No. 1 thing that we advise our physician community: Secure informed consent when AI is used. Be prepared to answer patient questions. Allow patients the choice to decline. If using an AI scribe or documentation tools, carefully review the generated notes for accuracy and completeness. The physician remains ultimately responsible. Treat informed consent as a process. Do not delegate that.”

On transparency with patients more broadly, Srivastava was equally direct.

“Transparency is generally productive. It builds trust and it reduces risk. Patients feel comfortable and consent to technology use when the physician has taken the time to communicate, because open dialogue fosters trust. Clear and respectful communication is the foundation of a physician-patient relationship, with or without AI. Ambient listening tools such as DAX or Nuance save time and reduce burnout, but their use should be disclosed and consented to. Providers should establish clear protocols for when ambient listening will or won’t be used, how consent is documented and what alternatives are available if a patient opts out.”

How practices can protect themselves

Liability experts consistently point to the same categories of risk mitigation for practices integrating new technology.

Srivastava said health systems and practices face direct exposure when they fail to govern what they deploy.

“They face liability if they fail to proactively and properly vet, oversee and implement AI tools. Their responsibility includes safe systems: Are you training the tool correctly? Are you training the staff correctly? Are you instituting safeguards such as consent, documentation and oversight policies? Inadequate training of these tools and governance gaps can heighten malpractice risk. Hospitals and health systems are not off the hook because they’re deploying the technology that the physicians are using.”

Simon said the same due diligence obligation applies to smaller practices, even when resources are limited.

“Before adoption of any technology, ask questions of the manufacturer. How was this validated? How did it get to market? What kind of protections are there for the physician? If something goes wrong with your system, are you going to pay for my defense? The health system should be making sure that systems are validated for their particular uses and not assume that because something is validated to diagnose one condition, it can be used to diagnose another.”

Gerke added that the regulatory environment itself needs to catch up, particularly on how AI tools are labeled.

“There is a lack of labeling standards tailored to AI and machine learning-based medical devices, and that really prevents users from receiving important information for their safe use, such as information on the data sets that were used,” she said. “We do need a comprehensive labeling framework for AI medical devices.”

Gerke also identified the legal doctrine that keeps the physician at the center of the liability picture, even when better labels exist.

“Right now, the physician bears most of the risks of liability when using AI. We have something called the learned intermediary doctrine: a manufacturer of a medical device can typically discharge their duty by informing the physician, and then it’s the physician as the learned intermediary who needs to interpret that information and communicate it to the patient.”

MGMA reported in January 2025 that AI tools had supplanted EHR usability as the top technology priority among medical practice leaders, a marked shift from 2023, when EHR usability led with 35 percent of respondents and AI tools accounted for just 13 percent. The enthusiasm is justified. But the practices best positioned to benefit from these tools are the ones treating adoption not as an IT project, but as a patient safety and legal governance challenge that demands the same rigor as any other clinical process.