Intelligence Brief

The CLEARED
Intelligence Brief

Issue 005  |  April 28, 2026

What happened this week in AI and health practice governance.

What it means for your practice.

What to do about it.

The governance accountability window is closing from multiple directions simultaneously. International data shows AI adoption running ahead of practitioner readiness across an entire continent. Domestic data puts the ungoverned practice rate at 82 percent. Legal analysts are naming the specific documentation failure that will define liability over the next two years: the missing BAA.

Signal 1

WHO/Europe Published the First-Ever Cross-Government Snapshot of AI in Clinical Practice — All 27 EU Member States Are Already Deploying It (April 20, 2026) [Witness]

The World Health Organization's European office released a first-of-its-kind report on April 20 assessing AI adoption across all 27 EU member states. Every country surveyed recognizes improved patient care as a driver of AI deployment, and the majority are already running AI tools in active clinical settings. WHO/Europe's primary recommendation: governments must prioritize workforce readiness — specifically education on AI ethics and governance — before adoption outpaces the practitioners using it.

What this means for you

This is the first time an international body has documented the full scope of clinical AI deployment across a major geopolitical bloc. The gap WHO/Europe named — adoption running ahead of governance capacity — is not a future problem. It is documented and current. If the question "what is your governance process?" wasn't already coming from credentialing bodies and payers, this report moves that timeline forward.

Signal 2

75% of Health Systems Have AI Deployed. Only 18% Is Governed. (April 2026) [Warn]

New industry data published this week shows that three-quarters of health systems have implemented or are actively implementing at least one AI solution — a 27% jump in a single year. Only 18% of that AI use is operating under a fully defined governance model. The other 82% is running on adoption without accountability.

What this means for you

This statistic is the clearest single data point the Brief has published on the governance gap. The systems that are ungoverned are not failing to use AI — they are using it without being able to answer the basic questions: what data does it touch, who approved it, what happens when it is wrong. If you are a practitioner whose AI workflow cannot answer those three questions, you are in the 82%. That is where the exposure is.

Signal 3

AI Documentation Tools Are Generating Liability the EHR Audit Trail Cannot Defend (April 2026) [Warn]

A cluster of legal analyses published in April 2026 — including pieces in KevinMD, PhysEmp, and NursesEducator — points to a structural problem emerging in AI-assisted clinical documentation: most EHR-AI integrations do not produce legally robust audit trails. Prompt history, model versions, confidence scores, and time-stamped edits are not captured. When an AI-influenced clinical note becomes central to a malpractice claim, the clinician absorbs the liability because the medical record is legally presumed to reflect the clinician's own judgment. New data from a mock jury study found that when practitioners reviewed AI-flagged imaging only once, 74.7% of jurors found they did not meet their duty of care.

What this means for you

This is not a hospital-system problem. Any practitioner using AI to assist with session notes, intake summaries, referral letters, or between-session client communication is running the same audit trail gap. If an AI-assisted document is ever reviewed in a dispute, the record will be treated as yours — and if you cannot show a documented independent review, it will read that way regardless of what actually happened.

Signal 4

Norton Rose Fulbright Published a Practitioner-Facing HIPAA + AI Compliance Analysis This Month (April 2026) [Instruct]

Global law firm Norton Rose Fulbright published a detailed compliance brief in April 2026 on using AI in healthcare while staying HIPAA-compliant. The central finding: if an AI tool creates, receives, maintains, or transmits Protected Health Information on a practitioner's behalf, the vendor is legally a Business Associate — and a signed Business Associate Agreement is required before any PHI can be shared with them. Most practitioners using AI tools with client data have not verified whether a BAA exists. Most AI tool vendors have not proactively surfaced the requirement.

What this means for you

Run through your current AI tools and ask one question for each: does this tool ever touch client health information — session notes, intake data, health history, lab results, any of it? If yes, you need a signed BAA with that vendor before the next session. This is not a future compliance requirement. It is a current one. The practitioners who do not have BAAs in place are already in violation, and the state-level enforcement wave that began January 1 is closing the gap between "technically required" and "actively enforced."

The Pattern

Four signals. One trajectory: the governance accountability window is closing from multiple directions simultaneously. An international body just documented that adoption is running ahead of readiness across an entire continent. Domestic data shows the same gap at 82% ungoverned. Legal analysts are naming the specific documentation failure that will define liability claims over the next two years. And a basic compliance requirement — the BAA — is sitting unmet in the majority of private practices using AI with client data. The practitioners who are waiting for the governance requirement to be made explicit are misreading the timeline. It has already been made explicit. The documentation just hasn't reached most practices yet. That gap is the CLEARED thesis, and this week's signals tighten it.

One Thing You Can Do This Week

Open every AI tool you use that touches client information. For each one, search your email for a signed Business Associate Agreement with that vendor. If you cannot find one, contact the vendor today and ask for it. If they do not offer one, that is information you need before the next session. Start there — not with a new system, not with a full audit. Just the BAA check. One hour. Real exposure resolved. *getrealnut-sys.github.io/CLEARED-webinar/cleared-assessment/*

Last updated: 2026-04-28

Get this in your inbox every Monday.

Signal tracking for practitioners who are paying attention.

Subscribe via LinkedIn Newsletter →

Missed an issue? Read every prior brief in the archive →

← All Issues