The period when 'AI use' was a single undifferentiated governance question is ending. New policy work from NEJM AI names three distinct tiers of generative AI in healthcare, each carrying different oversight obligations. Practitioners who can identify which tier each tool operates in have already completed the first step of the compliance work larger organizations are being asked to do now.
Signal 1
NEJM AI Publishes a Typology Separating AI Chatbots From Autonomous Agents From Integrated Agentic Systems (May 5, 2026)
On May 5, 2026, NEJM AI published a Policy Corner by David Blumenthal and Vivian Lee proposing a three-tier typology for generative AI in healthcare: chatbots (single-turn, prompted, narrow), autonomous agents (multi-step, narrow scope, some tool use), and integrated agentic AI systems (coordinating complex tasks across systems on their own). The authors note the field has moved through these tiers in under three years and that the conceptual collapsing of all three into the single word "AI" is now actively interfering with policy work. Source: Blumenthal D, Lee VS. A Typology of Generative Health Care Artificial Intelligence — Definitions and Policy Implications. NEJM AI Policy Corner, May 5, 2026. DOI: 10.1056/AIpc2600233.
What this means for you
When practitioners describe their AI workflow, they usually mean a mix of all three tiers without distinguishing them. The governance question (who reviews the output, who holds the file, who answers when the tool errs) applies differently at each tier. A chatbot drafting a session note is a different exposure than an agent retrieving labs and queueing follow-up tasks on its own. The Policy Corner makes the case that future regulation and audit will track these tiers separately. Practitioners who can name what tier they are operating in for each tool have already done the first piece of the compliance work that is being asked of larger organizations now and will be asked of solo practices next.
Signal 2
New England Journal of Medicine Publishes a Perspective on AI's Equity Gap, Naming Safety-Net Hospitals and Underserved Patients as the Populations at Risk of Being Left Behind (May 9, 2026)
On May 9, 2026, the New England Journal of Medicine published a Perspective by Andrea Sikora, Leo Anthony Celi, and Raja-Elie Abdulnour arguing that the current pace of healthcare AI integration is producing a stratified system. Well-resourced organizations procure validated tools with vendor support and post-deployment monitoring. Safety-net hospitals and the patients they serve are receiving either unvalidated tools, the leftover tier of vendor offerings, or no AI access at all. The authors argue that deliberate policies, equitable access, and clinician-led governance are required to keep the gap from widening. Source: Sikora A, Celi LA, Abdulnour R-EE. NEJM Perspective, May 9, 2026. DOI: 10.1056/NEJMp2517624.
What this means for you
The same gap operates one tier down. Solo and small-practice practitioners are not in the room when AI vendors design pricing, validation standards, or oversight protocols. The tools available to a solo practitioner are usually the same tools a hospital system uses, but stripped of every governance scaffold the hospital built around them. The clinical question is identical (is this tool safe for the person in front of me)? The infrastructure to answer it is not. Practitioners who build their own oversight scaffolding now are closing that gap manually, one tool at a time.
Signal 3
Health AI Partnership Publishes an AI Vendor Disclosure Framework in NEJM AI Naming Five Categories Vendors Should Disclose Before Procurement (NEJM AI Vol 3, Issue 5, May 2026)
In the May 2026 issue of NEJM AI, Sena Kpodzro and the Health AI Partnership consortium published a Perspective introducing the HAIP AI Vendor Disclosure Framework. The framework names five categories that healthcare organizations should require from any AI vendor before procurement: system capabilities and intended use, system performance and compliance, data stewardship, integration requirements, and lifecycle management. The framework was developed with input from clinicians, engineers, lawyers, and social scientists across Duke Health, Mayo Clinic, UC Berkeley, and DLA Piper. Source: Kpodzro S, Kim JY, Hasan A, et al. A Collaborative Best Practice Guide for Promoting AI Vendor Transparency in Health Care — The HAIP AI Vendor Disclosure Framework. NEJM AI 2026;3(5). DOI: 10.1056/AIp2500985.
What this means for you
The five categories work at any practice size. The decisions an academic medical center is now being told to require of vendors before adopting them are the same decisions a solo practitioner already makes every time they sign up for a new AI tool, usually implicitly and rarely on paper. The HAIP framework formalizes the same questions. Practitioners can use the five categories as a one-page vendor checklist that fits a solo practice and would survive scrutiny if asked by a regulator, a board, or a client.
The Pattern
Three pieces from the same journal family in one week point in one direction. The first names that "AI" is not a single thing and that the governance questions differ by tier. The second names that AI adoption is producing a stratification gap between well-resourced and under-resourced practice settings. The third names a concrete diligence framework that practices of any size can use to close that gap one vendor at a time. The argument running underneath all three is the same. The period when "AI use" was a single undifferentiated question is ending. The questions that will define exposure and audit from here forward are which tier, what disclosure, and what oversight.
One Thing You Can Do This Week
Pick one AI tool you have used with client data in the past 30 days. Open a blank document and answer the five HAIP categories for it: what it does and for whom, how it was tested and what regulatory standing it has, how it handles your data, what it requires to integrate into your workflow, and how it is updated and monitored. If you cannot answer two or more of the five from the vendor's public materials, that is the audit gap the May 9 Perspective named, and it is the gap practitioners are now being expected to close on their own.