Federal funding is now flowing toward AI systems that autonomously adjust prescriptions and appointments in clinical care. Colorado quietly rewrote its landmark AI law last month, largely exempting HIPAA entities until January 2027. A panel of healthcare attorneys and insurers documented how malpractice claims are shifting from clinical error to systemic failure. And in Texas, the disclosure window for AI use in patient care has been law since January 1. Governance is not approaching. It is already a liability calculation.
Signal 1
ARPA-H Selects Teams This Month to Build the First FDA-Authorized Autonomous Clinical AI Agents (June 2026)
The Advanced Research Projects Agency for Health is in the process of selecting innovator teams this month for its ADVOCATE program — a 39-month, two-phase initiative to develop and deploy the first FDA-authorized agentic AI systems for clinical care. The program is focused on advanced cardiovascular disease management and will fund two system types: a patient-facing AI agent capable of autonomously adjusting appointments, medications, diet, and exercise, and a supervisory AI “overseer” designed to monitor deployed agents for continued safety and efficacy after clinical deployment. ARPA-H published the program in January 2026 with a mandatory solution summary deadline of February 27 and full proposals by invitation due April 1. Sources: ARPA-H ADVOCATE program page, January 2026; STAT News, January 13, 2026; American Hospital Association, January 15, 2026.
What this means for you
The federal government is now funding the development of AI systems that write and modify prescriptions without a physician initiating the action. That is not a research concept. That is a funded program with a selection timeline measured in weeks. The oversight structure ARPA-H is building into ADVOCATE — the supervisory “overseer” that monitors deployed agents — is structurally the same oversight any practice needs to document around the AI tools already running in their workflow. The question is not whether autonomous clinical AI is coming. The question is whether your current governance documentation describes what human oversight exists for the tools you are using right now, before the regulatory standard is written around the tools that are still being built.
Signal 2
FDA Issues Its First Warning Letter Citing AI Misuse as a Named Compliance Deficiency — AI Generated the Documentation Error, Quality Unit Approved It Anyway (April 2, 2026)
On April 2, 2026, the FDA issued Warning Letter 320-26-58 to Purolea Cosmetics Lab in Livonia, Michigan — the first enforcement action in which the FDA cited inappropriate use of AI in manufacturing as a standalone named cGMP deficiency under 21 CFR 211.22(c). During a facility inspection, investigators found that the company had used AI agents to generate drug product specifications, manufacturing procedures, and master production and control records. The AI omitted the requirement to conduct process validation entirely. The Quality Unit reviewed and approved the documentation without identifying the omission. When asked why process validation had not been conducted, the company stated that the AI system “never told them” it was required. Purolea has since ceased drug production. Sources: FDA Warning Letter 320-26-58, April 2, 2026; DLA Piper analysis, April 2026; RAPS, April 2026.
What this means for you
The Purolea letter establishes a new enforcement category: AI-generated compliance gaps that the responsible human reviewer failed to catch. The FDA’s position is explicit — any AI output used in a regulated context must be reviewed and cleared by an authorized human representative before it governs practice. “The AI never told me” is not a defense that survives inspection. For health practitioners, the parallel is direct: AI-assisted documentation in a clinical record, a treatment plan, or a practitioner compliance workflow is not compliant simply because the AI produced it. The human review step must be documented, and it must be real. The FDA has now demonstrated it will cite the absence of that step as a named deficiency, not a footnote.
Signal 3
Healthcare Attorneys and Insurers Document the Shift: Malpractice Claims Are Moving from Clinical Error to Systemic Failure (May 2026)
A May 2026 legal and insurance panel convened by Frier Levitt documented the emerging shift in malpractice claim structure as practices adopt AI tools. Healthcare attorneys described a move from “what did the physician do wrong” claims to “what did the system allow to happen” claims, with plaintiff attorneys increasingly directing discovery resources toward audit trails, AI tool configurations, and documentation of physician review processes. Insurance professionals on the panel noted that carriers are now asking the same governance questions during underwriting that regulators ask during investigations: is there a policy governing AI tool use, are there validation processes, and can audit trails be produced. A mock juror study cited in the panel found that jurors were approximately 50 percent more likely to find a physician liable when the physician reviewed a diagnostic scan only after AI flagged it, compared to when the physician reviewed it both before and after AI analysis. Sources: Frier Levitt legal webinar panel, May 2026; Epic Insurance and Consultants; Revtech LLC Healthcare Consulting.
What this means for you
The insurance and legal communities have already recalibrated what AI governance documentation means in a liability context. The governance question is no longer whether you have a policy — it is whether you can demonstrate that a human reviewed what the AI recommended, and when. A physician who cannot articulate what they reviewed before signing an AI-generated note has a documentation gap that is now a liability amplifier, not just an administrative oversight. The 50 percent increase in juror liability attribution is not a theoretical risk. It is a measurable shift in how clinical AI workflow translates to courtroom accountability. If your current documentation process does not capture the sequence of human and AI involvement in a clinical decision, that sequence is invisible to anyone who asks to see it.
Signal 4
Stanford-Harvard Study: Top AI Models Produce Severely Harmful Clinical Recommendations in Up to 22% of Cases — 76% of Errors Are Omissions the Physician Would Have Caught (January 2, 2026)
Researchers from Stanford and Harvard published “First, Do NOHARM” on January 2, 2026, evaluating 31 large language models against 100 real primary care consultation cases across 10 medical specialties, with 12,747 expert annotations from 29 board-certified physicians. Top-performing models produced severely harmful clinical recommendations in 12 to 15 cases per 100. The worst-performing models exceeded 40 severe errors per 100 cases. Critically, 76.6 percent of all severe errors were errors of omission — the AI failed to recommend a diagnostic test or treatment that a physician would have ordered. The study concluded that clinical safety is a distinct performance dimension that current AI benchmarks do not measure: strong performance on knowledge tests and reasoning benchmarks does not predict safe clinical output. Sources: “First, Do NOHARM,” arXiv:2512.01241, January 2, 2026; Stanford Medicine; Harvard Medical School.
What this means for you
The error-of-omission finding is the signal practitioners should hold. AI systems do not fail primarily by recommending the wrong thing. They fail primarily by not recommending the right thing — a failure mode that is structurally harder to detect because the AI output looks complete. A clinical note generated by an AI scribe that omits a relevant finding, a decision support tool that does not surface a contraindication, a documentation system that does not flag an abnormal value — each of these is an error of omission that the practitioner cannot catch if they are reviewing AI output for accuracy rather than completeness. Read against Signal 1: the federal government is funding autonomous clinical AI agents this month. This study, published on the first day of the year, documents the safety gap those systems are being built to bridge. The gap is real and currently unresolved.
The Pattern
Three things happened in the last two months that belong in the same sentence. The federal government is selecting teams this month to build and deploy the first FDA-authorized AI systems that adjust prescriptions and appointments without a physician initiating the action. The FDA issued its first enforcement action in April naming AI misuse as a standalone compliance deficiency — not a footnote, a named finding — after a manufacturer let AI-generated documentation go through quality review unchallenged. And healthcare attorneys and insurers documented in May that malpractice discovery is now targeting AI audit trails, tool configurations, and the documented sequence of human review. The liability architecture is being written right now, in enforcement actions and courtroom discovery, not in future rulemaking. The Stanford-Harvard study from January, which found that top AI models produce severely harmful recommendations in 12–15% of cases with most errors being omissions, is the backdrop. The gap the government is funding toward is real. The enforcement and liability record is catching up to it.
One Thing You Can Do This Week
List every AI tool your practice currently uses that touches patient documentation, scheduling, diagnosis, or treatment planning. Next to each tool, write one sentence answering this question: if a patient or a regulator asked what human review process exists for the output of this tool, what would you say? If you cannot write that sentence, that is the gap. The FDA enforcement record, the liability shift documented by the insurance panel, and the autonomous AI programs being funded right now all converge on the same documentation requirement. You do not need a legal opinion to start. You need an honest list.