Clear Sky Science
Evidence-based, jargon-light explanations

Clear Sky Science · en

Advancing healthcare AI governance through a comprehensive maturity model based on systematic review

· Back to index

Why smarter rules for medical AI matter

Hospitals are rushing to use artificial intelligence to spot disease earlier, reduce paperwork, and make care more efficient. But if these tools are chosen or managed poorly, they can quietly make mistakes, deepen inequities, or waste precious resources. This article explains how a team of researchers sifted through dozens of existing rulebooks for medical AI and built a practical roadmap that any healthcare organization—from a small clinic to a top research hospital—can use to put AI to work safely and fairly.

Making sense of a crowded advice landscape

In recent years, experts around the world have proposed checklists, guidelines, and oversight structures for how AI should be used in healthcare. The authors systematically reviewed 35 such frameworks published between 2019 and 2024, narrowing to 29 that offered concrete, multi-step guidance rather than focusing on a single issue like ethics alone. They found that, while many documents covered how to develop an algorithm or monitor it over time, far fewer tackled the organizational realities: Who should be in charge? How should hospitals choose between competing products? And how can less-resourced health systems keep up? This patchwork of advice, often written with large academic centers in mind, left smaller organizations without a clear path forward.

Figure 1
Figure 1.

Seven building blocks for good AI oversight

From their review, the researchers distilled seven essential areas that must be addressed for AI to be responsibly woven into patient care. These include having a clear leadership structure, carefully defining the clinical problem before reaching for tech, understanding how the algorithm is built and trained, checking outside products before purchase, testing how well a tool works in the local patient population, thoughtfully plugging it into daily clinical workflows, and tracking its performance once it is live. Across the literature, there was strong emphasis on tasks like problem formulation, model development, and ongoing monitoring. Yet the authors saw weaker coverage of how to evaluate external products and how to design governance bodies that reflect the perspectives of clinicians, technical experts, patients, and legal and ethics professionals.

From theory to a stepwise roadmap

To turn this scattered guidance into something more usable, the team created the Healthcare AI Governance Readiness Assessment, or HAIRA—a five-level “maturity model” that describes what capable governance looks like at increasing stages of sophistication. At Level 1, an organization has only basic awareness and mostly relies on vendor assurances for off-the-shelf tools, with minimal internal testing or integration. By Level 2, there are documented procedures, a simple oversight committee, more structured selection of tools, and basic monitoring of performance. Level 3 describes regional or community systems that can independently validate models, assess risks such as bias, integrate AI with quality improvement programs, and manage change systematically as tools enter clinical practice.

Growing into advanced and leading practice

Levels 4 and 5 capture what the authors consider advanced and leading-edge governance. At Level 4, typically seen in major academic medical centers, organizations have executive leaders dedicated to AI, robust ethics structures, advanced data infrastructure, and strong in-house development and evaluation capabilities, including real-time monitoring. Level 5 represents institutions that not only manage AI well but also help set industry standards. These organizations run multi-site studies to prove safety and benefit, experiment with new types of AI applications, and share what they learn through centers of excellence and collaborations. Importantly, the model uses a “weakest-link” rule: an organization’s overall level is limited by the least-developed of the seven domains, reflecting the reality that a single missing safeguard—like poor monitoring—can undermine otherwise sophisticated efforts.

Figure 2
Figure 2.

What this means for patients and providers

For patients, the HAIRA model is meant to ensure that AI tools are introduced in ways that genuinely improve care rather than adding hidden risks. For clinicians and health system leaders, it offers a realistic ladder: a small practice might aim first to reach Level 2 by documenting how it chooses and checks vendor tools, while a larger system could work toward higher levels by investing in data teams, fair evaluation methods, and continuous monitoring. The authors stress that not every hospital needs cutting-edge capabilities, but all should meet basic standards of safety, equity, and accountability. By matching governance expectations to available resources, their framework seeks to make trustworthy medical AI achievable across diverse healthcare settings, instead of only at the most well-funded institutions.

Citation: Hussein, R., Zink, A., Ramadan, B. et al. Advancing healthcare AI governance through a comprehensive maturity model based on systematic review. npj Digit. Med. 9, 236 (2026). https://doi.org/10.1038/s41746-026-02418-7

Keywords: healthcare artificial intelligence, AI governance, clinical decision support, digital health policy, algorithmic fairness