Case study

AI in Clinical Decision Support: Evidence, Workflow, Failure, and Governance

Clinical value depends less on a model demonstration than on intended use, evidence quality, workflow fit, human control, monitoring, and accountable escalation.

20 min Verified 2026-07-16 3 primary sources

This is a reference case, not evidence that a particular model is clinically effective. It shows the decisions required to turn an AI capability into bounded clinical decision support.

Begin with intended use

"AI for healthcare" is not a testable product definition. A responsible specification identifies:

  • the user and care setting;
  • the patient population and exclusions;
  • the exact input and output;
  • the decision being informed;
  • the time available to act;
  • the qualified person responsible for interpretation;
  • the consequence of false positive, false negative, delay, and non-use;
  • whether the function may fall within medical-device or clinical-decision-support regulation.

The same model can create different risk when used for note drafting, evidence retrieval, triage, diagnosis, treatment recommendation, or autonomous action.

Evidence must match the claim

Technical accuracy on a retrospective dataset supports a narrow claim. It does not by itself establish clinical utility, generalization across sites, workflow safety, improved patient outcomes, or absence of unequal harm.

Evidence planning should distinguish:

  1. analytical validity: whether inputs and calculations are correct;
  2. clinical validity: whether outputs relate to the clinical condition or decision;
  3. clinical utility: whether use improves a relevant workflow or outcome;
  4. operational safety: whether deployment, downtime, latency, alerts, and overrides behave safely;
  5. post-deployment performance: whether results remain acceptable as populations, practice, data, and models change.

Design for professional control

Human review is meaningful only when the reviewer has time, competence, evidence, and authority to disagree. A nominal approval click after a persuasive recommendation can increase automation bias without improving control.

The interface should expose the recommendation, relevant evidence, material uncertainty, missing information, version, and intended limitations. It should make correction, deferral, escalation, and override ordinary actions rather than exceptional failures.

FDA guidance distinguishes characteristics of certain clinical decision-support functions, while WHO guidance emphasizes autonomy, safety, transparency, accountability, equity, and sustainability. The applicable legal analysis must still be performed for the actual function and jurisdiction.

Threat and failure model

| Failure | System response | |---|---| | Missing or stale patient data | Detect incompleteness and avoid unsupported recommendation | | Unsupported generated claim | Require traceable evidence and bounded source set | | Population shift | Monitor segmented performance and suspend affected use | | Alert fatigue | Measure actionability, overrides, and downstream workload | | Prompt or document injection | Treat external text as untrusted data and isolate authority | | Service outage or high latency | Provide a safe fallback workflow that does not depend on the model | | Privacy or access violation | Minimize data, enforce least privilege, audit access, and contain the incident |

Deployment architecture

The model should not directly control clinical records or actions merely because it can generate structured output. A governed application validates inputs, retrieves authorized evidence, invokes the model, verifies output shape, applies policy, records appropriate provenance, and presents the result inside the clinical workflow.

Every external action requires explicit authorization and idempotent handling. Logs must be useful for safety investigation without becoming an uncontrolled copy of sensitive patient data.

Monitoring and accountability

Monitor more than model accuracy: coverage, abstention, override, disagreement, time-to-decision, workflow burden, subgroup performance, incidents, appeals, and outcomes appropriate to the intended use. Assign owners for clinical performance, technical operation, security, data governance, and incident response.

Change control must cover models, prompts, retrieval sources, policies, interfaces, and infrastructure. A clinically evaluated version cannot be silently replaced by a new model alias.

Decision check

Which evidence and control would justify moving a clinical AI function from retrospective evaluation to limited supervised use?

Decision rule

Clinical AI should earn authority through evidence and bounded use. When uncertainty, missing data, system failure, or consequence exceeds the validated operating envelope, the correct behavior is to defer and escalate, not to generate a more confident answer.