Standard of Care
The Profession Has Spoken.
Both Sides Are Exposed.
It's not just your carrier. Medical boards, accreditors, and professional bodies have established that ungoverned AI use falls below the standard of care — and that failing to adopt beneficial AI is equally negligent.
Federation of State Medical Boards · May 2024
The Standard of Care Now Cuts Both Ways
Exposed
Use AI Without Governance
Below Standard of Care
Protected
Govern AI Properly
Only Defensible Position
Exposed
Refuse to Use AI
Below Standard of Care
You cannot opt out. You can only govern it — or remain exposed on both sides.
Where the Standard Is Going
Joint Commission
7 governance elements · $46K+/yr · Built for hospital systems with full compliance departments
AI certification doesn't exist yet
AMA
8-step framework · CPT 2026 AI codes · Defines what governance should look like
Publishes standards — doesn't certify
ACR ARCH-AI
Purpose-built AI accreditation · Radiology track · Not available to general practices
Full program expected 2027
Every Major Body Requires Independent Validation. None Offer It Today.
We do.
Regulatory Environment
The Laws Are Here.
The Lawsuits Have Started.
Beyond the insurance cliff and the evolving standard of care, 21 states enacted 33 provider-facing AI laws in 2025, with 47 states introducing healthcare AI bills — and every one of them applies to practices outside their borders.
Florida
SB 482 Stalled — But Existing Law Already Creates AI Liability
The bill stalled in the House, but the Medical Practice Act and § 501.171 already expose practices using ungoverned clinical AI — including 3rd-degree felony risk and $500K per breach.
+ Details
Colorado
SB 24-205 — $20,000 Per Violation, No Cap, Enforcement June 2026
The broadest U.S. statute on AI accountability. Clinical AI qualifies as high-risk. 500 Colorado patients = $10 million exposure. AG exclusive enforcement begins June 30, 2026.
+ Details
Texas
TRAIGA + SB 1188 — Two Laws, Both Live, Up to $450K Per Violation
Both laws are in effect with no small-practice exemptions. Combined exposure reaches $450,000 per violation when both statutes apply — and the TX AG is already enforcing.
+ Details
National Landscape · 2025–2026
47 States. 250+ Bills. The Wave Is Accelerating.
Beyond Florida, Colorado, and Texas — these states are already in effect or advancing now:
New York S7263
Third reading in Senate. Deployer liability — cannot be disclaimed.
+ Details
AI deployers civilly liable for chatbot responses in 14+ licensed professions. Private right of action + attorneys' fees.
California AB 3030 / AB 489
In effect Jan 1, 2026. $1,000 per violation.
+ Details
GenAI disclaimers required. Private right of action. 5+ new bills advancing.
Illinois HB 3773 + HB 1806
Two laws enacted. $10K/violation.
+ Details
AI barred from independent therapeutic decisions in behavioral health. IHRA amendment eff. Jan 2026.
Tennessee · Rhode Island · Virginia · Pennsylvania · And Counting
6+ additional states with bipartisan healthcare AI bills advancing — governance, transparency, patient consent requirements. Tennessee SB 1580 signed April 1, 2026 — the first state healthcare AI law with a private right of action. Every legislative session adds more. The question is when, not if.
New · Behavioral Health
Tennessee SB 1580 creates the first private right of action for mental health AI.
$5K per violation, treble if willful, no annual cap. Effective July 1, 2026.
The Pattern Across Every Bill
Every bill requires governance, disclosure, oversight, bias monitoring. The question is whether you're certified before it's mandatory.
Multi-State Exposure
Telehealth Multiplies Your
Regulatory Exposure
The practice of medicine occurs where the patient is physically located during the encounter — not where your office is. 71% of physicians now use telehealth weekly (AMA, 2024). Each cross-state visit can trigger the AI law of the patient's state.
Scenario
The Snowbird Follow-Up
Your Texas patient winters in Florida. You see them in-person at your office — Florida law governs that visit. They return home to Texas. You do a telehealth follow-up. The patient is now physically in Texas.
Texas TRAIGA applies to that telehealth visit
Written AI disclosure required. Clinician review of all AI output documented. Known limitations disclosed. $200,000 per uncurable violation.
Scenario
The Returning Retiree
A Colorado resident visits family in your state. You see them in-person — your state's law governs. They fly home to Colorado. You conduct a telehealth check-in. The patient is now physically in Colorado.
Colorado SB 24-205 applies after June 30, 2026
Impact assessment required. Consumer notification. Bias testing. $20,000 per consumer, no aggregate cap.
Scenario
The Out-of-State Specialist Consult
An Illinois patient requests a telehealth specialty consultation. The patient is physically in Illinois during the visit. You use AI clinical documentation during the encounter.
Illinois WOPR Act (HB 1806) applies if behavioral health component
If the consultation involves behavioral health or therapy, AI cannot make independent therapeutic decisions. Discriminatory AI use prohibited under IHRA. $10,000 per violation.
Key Distinction
When the Trigger Fires — and When It Doesn't
A Texas resident treated in-person at your Florida office is governed by Florida law for that visit. TRAIGA does not apply. The exposure arises when you conduct telehealth follow-ups and virtual consultations where the patient has returned home — or is physically located in another state during the encounter.
This is why single-office practices need multi-state awareness. You don't need offices in multiple states. You just need patients who go home to states with AI laws — and a telehealth relationship that follows them there. AI Governance Shield™ maps your actual patient population against enacted and pending statutes across every jurisdiction your telehealth visits touch.
What Your AI Vendor Isn't Telling You
AI Scribes Can Make Errors and Inflate Codes.
The DOJ Noticed.
This is why your carrier is running.
Federal Enforcement Priority
DOJ Formed a Working Group Targeting AI-Driven EHR Manipulation. CMS Is Using AI to Scan Your Claims.
AI documentation inaccuracies meet the False Claims Act’s “reckless disregard” standard. They’re using AI to catch your AI. If your codes were inflated, they’re already looking.
$556M
Kaiser · Jan 2026
AI code inflation
AI code inflation
$6.8B
FCA recoveries FY 2025
AI/EHR fraud named priority
AI/EHR fraud named priority
5,586
Providers revoked
CMS CRUSH · Feb 2026
CMS CRUSH · Feb 2026
2026
AI healthcare fraud
DOJ enforcement priority
DOJ enforcement priority
+ Details
Clinical Accuracy
$2.8M
Estimated annual False Claims Act exposure per provider: over $2.8 million — before malpractice liability, payer recoupment, or state penalties. 26.3% error rate across major platforms. Up to $28,619 per false claim plus treble damages.
+ Details
26.3% error rate across five major AI scribe platforms — Mayo Clinic, JAMA Ophthalmology, 2025. While most errors were low-severity, each one is a documentation defect in a signed chart — and documentation defects are what trigger FCA exposure.
18.5% of safety feedback involved wrong medications — UCSF/Abridge study. Incorrect drug names, dosages, or instructions recorded in the chart you signed.
AI documented physical exams that never happened — Columbia University, npj Digital Medicine. Entire clinical findings fabricated from nothing.
50% of AI-influenced errors invisible to the clinician — every physician denied having been influenced. Measurable deskilling occurs within 90 days.
The errors aren't the worst part.
The billing patterns are.
The billing patterns are.
The Coding Arms Race
$90M
Two $45M DOJ settlements — and counting. EHRs programmed to auto-upcode. AI scribes are the next generation of the same pattern — vendors now market revenue uplift, not burnout reduction. 6+ major payers already auto-downcoding AI-inflated claims.
+ Details
+11% physician work RVUs after AI scribe deployment — Riverside Health. 14% increase in documented HCC diagnoses per encounter.
3.0 → 4.1 diagnoses per encounter — Texas Oncology after AI deployment. More diagnoses = higher risk-adjusted payments = payer and federal scrutiny.
6+ major payers now auto-downcoding AI-inflated claims — Cigna (Oct 2025), Aetna, Humana, BCBS, UnitedHealthcare, Wellcare all targeting AI documentation patterns.
If payers don't catch it, the DOJ will — signing AI-generated notes without meaningful review meets the False Claims Act's "reckless disregard" standard. The liability is yours.
First State Enforcement
Texas AG v. Pieces Technologies — Vendor Claimed "<0.001%" Hallucination Rate. AG Found It Deceptive.
If your vendor's accuracy numbers are wrong — you're the one holding the bag. Your vendor's contract shifts all liability to your practice.
+ Details
The vendor marketed a hallucination rate of "<0.001%." The Texas AG found the claim was likely inaccurate and deceptive. You signed the notes. Your name is on the chart. Your vendor's contract almost certainly shifts all compliance and regulatory liability to your practice.
We can show you exactly where your vendor agreement leaves you exposed.
Penalty Exposure
The Penalties Stack.
Across Every Jurisdiction.
When your carrier won't cover you, the standard of care exposes you, and the state fines you — the numbers add up fast. Certification is the documented evidence that you took this seriously before any of it hit.
$10K–$200K
per violation — Texas TRAIGA — curable or not, the penalties stack across every jurisdiction
HIPAA
$73K
per violation
Criminal: $250K + 10 years
Texas
$450K
combined per violation
In effect now
Colorado
$20K
per consumer · no cap
500 patients = $10M
Florida
$500K
per breach
+ 3rd-degree felony
New York
Actual
damages + atty fees
Cannot be disclaimed
Illinois
$10K
per violation
In effect Aug 2025
Civil Liability Exposure
Existing tort and negligence claims are explicitly preserved even where AI-specific statutes lack private rights of action.
Contractual & Reputational Risk
Vendor liability gaps, indemnification failures, patient trust erosion, and institutional credibility damage that compounds.
It's Already Happening
Saucedo v. Sharp HealthCare — First AI Scribe Class Action (Nov 2025)
AI scribe recorded doctor-patient conversations without informed consent, transmitted audio to third-party cloud. Class certification sought for every California patient recorded since April 2025. Every ambient AI scribe — Abridge, DAX, Suki, Freed — carries the same risk.
Documented governance doesn't prevent lawsuits. It's the difference between a defended claim and a catastrophic one.
None of them are waiting.
Neither should you.
Get Certified →
Neither should you.
One Incident vs. One Certification
Every bar is a single event.
In addition to the penalties, exclusions, and enforcement actions above — here is what one incident actually costs.
Real-World Exposure
What it looks like when it hits your practice.
Each scenario uses enacted law, published data, or documented market behavior. None are hypothetical.
$2M+
Your group is being acquired. Governance gaps surface.
Sheppard Mullin, Oct 2025
$400K
Patient sues your practice. No AI statute needed.
FSMB, May 2024 · NPDB 2023
$300K
Your payer flags 18 months of AI-inflated codes.
CMS CRUSH · Kaiser $556M
$1M+
You're selling. Buyer asks about AI governance.
Grant Thornton, 2025
Methodology
How Certification Works
No site visits. No IT integration. Minimal disruption to your practice.
1
Engage
Define scope. Collect evidence. Tailored to your practice, your AI systems, and your patient footprint.
2
Assess
Independent evaluation against our governance framework — documentation accuracy, provider oversight, coding defensibility, vendor risk, regulatory alignment.
3
Certify
Certification report, governance policies, and implementation tools your carrier, payer, or attorney can rely on.
Where no framework existed, we built one.
What Certification Gives You
More than a report. A defensible position.
Every certification delivers the documentation your carrier evaluates at renewal, defense counsel can draw on if your governance is challenged, and you can present to regulators as evidence of good-faith compliance posture.
⚖️
Carrier Defensibility
✓ Scored governance assessment report
✓ Multi-jurisdiction risk mapping
✓ Digitally verifiable certification badge
✓ Renewal-ready compliance summary
Litigation Protection
✓ Complete governance policy documents
✓ Patient-facing AI disclosure templates
✓ Prioritized remediation roadmap
✓ Independent third-party validation
📋
Operational Confidence
✓ AI governance staff training portal
✓ Ongoing monitoring checklists
✓ Implementation guidance
✓ Vendor risk evaluation framework
Everything your carrier, attorney, and regulator will ask for — in one package.
Common Questions
What Practice Owners Ask Us
The questions we hear most — and the answers that change the conversation.
Why do I need AI governance certification?
Three things have already happened — and none of them require a new law to hurt you.
First, your carrier moved. As of January 2026, standard-form AI exclusion endorsements are available to every malpractice insurer in the country. W.R. Berkley, Hamilton Select, and Philadelphia Indemnity have already adopted them. These exclusions cover AI scribes, EHR algorithms, scheduling chatbots — any AI tool touching patient care. If your policy has one, an AI-related claim gets denied. You bear the full cost.
Second, the laws are already enforceable. Texas TRAIGA carries $200,000 per uncurable violation. Illinois enacted two AI laws — the IHRA AI Amendment (employment discrimination, eff. Jan 2026) and the WOPR Act (HB 1806, $10,000 per violation for AI in therapy without licensed oversight, eff. Aug 2025). Colorado SB 24-205 enforces at $20,000 per consumer with no aggregate cap starting June 30, 2026. If you conduct telehealth follow-ups with patients who have returned to any of these states — and in Florida, with its snowbird population, you almost certainly do — those states\' laws apply to those encounters. Globally, the EU AI Act now classifies healthcare AI as high-risk and requires conformity assessments — U.S. states are building on that model.
Third, the standard of care shifted. The Federation of State Medical Boards established that physicians are liable for AI errors just as for any diagnostic tool — and went further: both reckless use and failure to use beneficial AI can fall below the standard of care. You cannot opt out. You can only govern it or remain exposed on both sides.
Independent third-party certification is the documented evidence that you govern AI properly. It's what carriers evaluate at renewal, what defense counsel can draw on if your governance is challenged, and what you can present to regulators as evidence of good-faith compliance posture. Self-attestation carries zero evidentiary weight. Certification does.
First, your carrier moved. As of January 2026, standard-form AI exclusion endorsements are available to every malpractice insurer in the country. W.R. Berkley, Hamilton Select, and Philadelphia Indemnity have already adopted them. These exclusions cover AI scribes, EHR algorithms, scheduling chatbots — any AI tool touching patient care. If your policy has one, an AI-related claim gets denied. You bear the full cost.
Second, the laws are already enforceable. Texas TRAIGA carries $200,000 per uncurable violation. Illinois enacted two AI laws — the IHRA AI Amendment (employment discrimination, eff. Jan 2026) and the WOPR Act (HB 1806, $10,000 per violation for AI in therapy without licensed oversight, eff. Aug 2025). Colorado SB 24-205 enforces at $20,000 per consumer with no aggregate cap starting June 30, 2026. If you conduct telehealth follow-ups with patients who have returned to any of these states — and in Florida, with its snowbird population, you almost certainly do — those states\' laws apply to those encounters. Globally, the EU AI Act now classifies healthcare AI as high-risk and requires conformity assessments — U.S. states are building on that model.
Third, the standard of care shifted. The Federation of State Medical Boards established that physicians are liable for AI errors just as for any diagnostic tool — and went further: both reckless use and failure to use beneficial AI can fall below the standard of care. You cannot opt out. You can only govern it or remain exposed on both sides.
Independent third-party certification is the documented evidence that you govern AI properly. It's what carriers evaluate at renewal, what defense counsel can draw on if your governance is challenged, and what you can present to regulators as evidence of good-faith compliance posture. Self-attestation carries zero evidentiary weight. Certification does.
Doesn't my vendor contract protect me?
It protects the vendor. Not you. Most AI scribe contracts shift all compliance, regulatory, and clinical liability to the practice. The vendor retains broad rights to modify their software — including changing the underlying AI model — without advance notice or your consent. Accuracy warranties are typically disclaimed entirely or limited to vague "commercially reasonable" standards that wouldn't survive regulatory scrutiny.
But even if you negotiated the most favorable vendor agreement possible — full indemnification, accuracy guarantees, mandatory model update notifications — that only governs your relationship with the vendor. It does nothing for your liability to patients under malpractice law, to payers under the False Claims Act, to regulators under state AI laws, or to carriers under your insurance policy. Better vendor terms might give you a contribution claim against the vendor after you've already been sued — but they don't prevent the lawsuit, the regulatory fine, the payer recoupment, or the insurance denial.
Contracts are between you and your vendor. Governance is between you and everyone else — patients, payers, regulators, carriers. Our certification optionally includes a vendor governance assessment that identifies where your agreement leaves you exposed.
But even if you negotiated the most favorable vendor agreement possible — full indemnification, accuracy guarantees, mandatory model update notifications — that only governs your relationship with the vendor. It does nothing for your liability to patients under malpractice law, to payers under the False Claims Act, to regulators under state AI laws, or to carriers under your insurance policy. Better vendor terms might give you a contribution claim against the vendor after you've already been sued — but they don't prevent the lawsuit, the regulatory fine, the payer recoupment, or the insurance denial.
Contracts are between you and your vendor. Governance is between you and everyone else — patients, payers, regulators, carriers. Our certification optionally includes a vendor governance assessment that identifies where your agreement leaves you exposed.
I'm in Florida (or another state) — why do other states' AI laws apply to me?
Because of telehealth. The practice of medicine occurs where the patient is physically located during the encounter — not where your office is. A Texas snowbird who sees you in-person at your Florida office? That visit is governed by Florida law. But when that patient returns home to Texas and you do a telehealth follow-up, Texas TRAIGA applies to that visit — $200,000 per uncurable violation — because the patient is now physically in Texas. The same logic applies to Colorado: a patient who visited Florida returns to Colorado, and your telehealth follow-up triggers SB 24-205 at $20,000 per consumer, no aggregate cap, once enforcement begins June 30, 2026. The Illinois WOPR Act (HB 1806) applies to behavioral health encounters where AI is used therapeutically — $10,000 per violation.
This is not hypothetical. 71% of physicians now use telehealth weekly (AMA, 2024). If you conduct telehealth follow-ups with patients who have returned to states with enacted AI laws, those laws apply to those visits. Each cross-state telehealth encounter potentially triggers disclosure requirements, documentation obligations, and penalty exposure in the patient's state. As more states enact AI laws (47 states have introduced bills, 17 enacted in 2025 and counting), the compliance footprint for every telehealth-enabled practice expands with every out-of-state follow-up.
This is not hypothetical. 71% of physicians now use telehealth weekly (AMA, 2024). If you conduct telehealth follow-ups with patients who have returned to states with enacted AI laws, those laws apply to those visits. Each cross-state telehealth encounter potentially triggers disclosure requirements, documentation obligations, and penalty exposure in the patient's state. As more states enact AI laws (47 states have introduced bills, 17 enacted in 2025 and counting), the compliance footprint for every telehealth-enabled practice expands with every out-of-state follow-up.
Can't we just do this ourselves?
Self-assessment has zero evidentiary weight when challenged. When a malpractice carrier evaluates your AI risk, when a plaintiff's attorney asks whether your governance was independently validated, when a regulator reviews your compliance posture — self-attestation is meaningless. Every credible governance standard requires independent third-party validation: SOC 2, ISO 27001, Joint Commission accreditation, HITRUST. The reason is straightforward: an independent assessor has no institutional blind spots, no incentive to overlook gaps, and produces documentation that carries legal weight precisely because it was not self-generated. Governance without independent validation is a binder on a shelf. Governance with certification is a legal defense.
Can I just stop using AI?
No — and that's the critical insight most practices miss. The Federation of State Medical Boards issued guidance in May 2024 establishing that physicians are liable for AI errors just as for any diagnostic tool. But FSMB went further: both reckless use of AI and failure to use beneficial AI can fall below the standard of care. This is the first licensing body to suggest that not using AI where it would benefit patients could itself be problematic. You cannot opt out. You can only choose whether you govern it properly or remain exposed on both sides.
My carrier already added an AI exclusion. Is it too late?
No — but the window to act is narrowing. Certification doesn't undo an existing exclusion. What it does give you is documented evidence to negotiate at renewal, a defensible governance posture to shop to competing carriers, and protection under any remaining coverage lines (E&O, cyber, general liability) that may still cover AI-adjacent claims. Carriers are rational — they exclude risks they can't evaluate. Give them something to evaluate. The cybersecurity insurance parallel is instructive: by 2022, carriers weren't just requiring security controls — they were offering better rates for documented frameworks. AI governance is on the same trajectory, roughly 12–18 months behind.
The federal government is working on AI regulation. Should I wait?
No. You're exposed right now — and waiting makes it worse.
17 states have already enacted AI healthcare laws. Texas TRAIGA is in effect. Colorado SB 24-205 is in effect. Illinois, California, New York — all enforceable. These laws don't pause because Washington is drafting a framework. Your practice is subject to them today, through every telehealth visit that crosses state lines.
The federal executive order signed in December 2025 signals intent to establish a national AI standard — but an executive order does not preempt state law. Only Congress can do that through legislation, and the current legislative draft still requires governance obligations, risk assessments, and duty of care for high-risk AI in healthcare. The question isn't whether governance will be required — it's whether the framework is state, federal, or both.
Meanwhile, your malpractice carrier isn't waiting. Carrier exclusion decisions are private market decisions that no federal framework changes. The DOJ False Claims Act applies regardless. Common law negligence applies regardless. The standard of care applies regardless. None of these depend on AI-specific statutes.
Practices that certify now are governed before any mandate — state or federal — requires it. When the framework arrives, you're already compliant. Practices that wait will certify under pressure, at higher cost, with less favorable terms.
17 states have already enacted AI healthcare laws. Texas TRAIGA is in effect. Colorado SB 24-205 is in effect. Illinois, California, New York — all enforceable. These laws don't pause because Washington is drafting a framework. Your practice is subject to them today, through every telehealth visit that crosses state lines.
The federal executive order signed in December 2025 signals intent to establish a national AI standard — but an executive order does not preempt state law. Only Congress can do that through legislation, and the current legislative draft still requires governance obligations, risk assessments, and duty of care for high-risk AI in healthcare. The question isn't whether governance will be required — it's whether the framework is state, federal, or both.
Meanwhile, your malpractice carrier isn't waiting. Carrier exclusion decisions are private market decisions that no federal framework changes. The DOJ False Claims Act applies regardless. Common law negligence applies regardless. The standard of care applies regardless. None of these depend on AI-specific statutes.
Practices that certify now are governed before any mandate — state or federal — requires it. When the framework arrives, you're already compliant. Practices that wait will certify under pressure, at higher cost, with less favorable terms.
Why is certification only valid for one year?
Because AI healthcare regulation is moving faster than any compliance area in modern medicine.
In the past 12 months alone: multiple states passed new AI transparency and liability laws, CMS updated billing guidance for AI-assisted documentation, the ONC finalized new rules on AI in health IT, and major malpractice carriers introduced AI-specific exclusion endorsements. A certification based on last year's regulatory landscape does not protect you from this year's enforcement actions.
The parallel is HIPAA Security Risk Assessments — HHS recommends annual reviews, and OCR has fined practices for stale assessments. AI governance moves faster than HIPAA ever did. A two-year-old governance framework would miss entire categories of risk that didn't exist when it was written.
Annual recertification ensures your practice stays current with the law — not just current with the technology. Our renewal process is streamlined for returning clients, recognizes the governance foundation you've already built, and is priced at a reduced renewal rate. You're not starting over — you're staying ahead.
In the past 12 months alone: multiple states passed new AI transparency and liability laws, CMS updated billing guidance for AI-assisted documentation, the ONC finalized new rules on AI in health IT, and major malpractice carriers introduced AI-specific exclusion endorsements. A certification based on last year's regulatory landscape does not protect you from this year's enforcement actions.
The parallel is HIPAA Security Risk Assessments — HHS recommends annual reviews, and OCR has fined practices for stale assessments. AI governance moves faster than HIPAA ever did. A two-year-old governance framework would miss entire categories of risk that didn't exist when it was written.
Annual recertification ensures your practice stays current with the law — not just current with the technology. Our renewal process is streamlined for returning clients, recognizes the governance foundation you've already built, and is priced at a reduced renewal rate. You're not starting over — you're staying ahead.
What happens if my practice doesn't pass?
You get a roadmap, not a rejection.
Most practices will have governance gaps on their first assessment — that's the entire point of the evaluation. If your practice doesn't meet the certification threshold, you receive a Conditional outcome: a detailed assessment report identifying every finding by severity, with specific remediation steps and a clear timeline to resolve them.
Here's the key: one re-assessment is included at no additional cost. You implement the corrective actions in the roadmap, we re-evaluate, and if you meet the threshold, you're certified. The re-assessment window is 12 months from your initial assessment — generous enough to implement meaningful changes without rushing.
The assessment report is itself a valuable deliverable. It tells you exactly where your governance stands, what needs to change, and why. Practices that receive a Conditional outcome and follow the roadmap consistently achieve full certification on re-assessment. The goal is certification — the assessment just gets you there safely.
Most practices will have governance gaps on their first assessment — that's the entire point of the evaluation. If your practice doesn't meet the certification threshold, you receive a Conditional outcome: a detailed assessment report identifying every finding by severity, with specific remediation steps and a clear timeline to resolve them.
Here's the key: one re-assessment is included at no additional cost. You implement the corrective actions in the roadmap, we re-evaluate, and if you meet the threshold, you're certified. The re-assessment window is 12 months from your initial assessment — generous enough to implement meaningful changes without rushing.
The assessment report is itself a valuable deliverable. It tells you exactly where your governance stands, what needs to change, and why. Practices that receive a Conditional outcome and follow the roadmap consistently achieve full certification on re-assessment. The goal is certification — the assessment just gets you there safely.
Service Tiers
Assessment Packages
Pricing scales with practice size, number of AI workflows, and jurisdictional scope.
Get Started
Select
Pay Deposit
Choose your tier below. Deposit reserves your assessment.
Complete
Intake & Terms
Terms, BAA, and practice intake — all in one form.
Receive
Assessment & Certification
We begin within 48 hours. Balance due upon report delivery.
Select your tier, complete payment through our secure portal, and begin your intake. No scheduling required.
Tier 1
Solo / Small Practice
1–3 providers · 1 AI system
$3,500
per assessment
$1,750 deposit to begin · balance due upon report delivery
Complete governance assessment of your AI workflow against certification criteria. Multi-jurisdiction gap identification across your telehealth footprint.
+ What's included
Full assessment or certification report with scored findings · Complete governance documentation · Patient-facing disclosure materials · AI governance staff training · Ongoing monitoring tools · Implementation guidance
Most Common
Tier 2
Group Practice
4–20 providers · multiple AI systems
$8,000
per assessment
$4,000 deposit to begin · balance due upon report delivery
Everything in Solo, plus: Multi-system assessment, expanded workflow analysis, federal AI risk alignment, vendor governance review.
+ Full scope
Each AI system assessed individually · Provider-level workflow variance analysis · Vendor-specific risk evaluation · Phased remediation roadmap with ownership assignments · Expanded governance documentation
Tier 3
Enterprise
20+ providers · multiple systems & locations
$25,000+
custom scoped
50% deposit to begin · balance due upon report delivery
Everything in Group, plus: Multi-site governance consistency, board-ready reporting, annual recertification pathway, dedicated assessment manager.
+ Full scope
Cross-location governance analysis · Executive-level deliverables · Ongoing advisory relationship · Named point of contact · Are different locations handling AI differently?
By proceeding to payment, you agree to our Terms of Service and Privacy Policy.
Same rigorous methodology at every tier.
Nobody else is doing this at the practice level.
What's Included & Available
Every Certification Includes Training. Extensions Go Deeper.
Included Free
AI Governance Training No in-person sessions · No scheduling · No disruption
Every certification includes AI governance training your staff completes independently. Documentation review, error identification, patient disclosure, incident reporting — tracked, acknowledged, and on file. Staff training portal →
Optional Extensions — Recommended Based on Your Findings
Vendor Contract Governance Assessment
$1,500 – $2,500
+ Details
Colorado Enhanced Governance
$1,500 – $2,500
+ Details
Multi-State Expansion Mapping
Scoped at assessment
+ Details
Extensions are recommended based on your assessment findings — not sold upfront. If your governance is already strong in an area, we won't recommend what you don't need.
Certification is preventive care for your practice.
Trust
·
Reputation
·
Value
Who We Are
Independent Evaluation Authority
Sentinel Risk Group is an independent governance evaluation firm with no vendor affiliations, no product endorsements, and a rigorous independence screening process.
Led by a healthcare attorney with over 20 years of in-house experience across hospital systems, medical groups, specialty practices, and managed care organizations — spanning compliance program design, risk management, regulatory affairs, and health information governance. Our assessment methodology draws on direct experience navigating the complex regulatory frameworks we evaluate against.
Our extended team includes a clinical expert witness and practicing physician who reviews AI workflow integration from the provider's perspective, enterprise consulting alumni who bring institutional-grade audit methodology, and health IT specialists who evaluate the technical architecture of AI systems in clinical environments. Certification decisions are evidence-based and methodology-driven. We certify governance structure — not technology.
Independent
No Vendor Affiliations
Evidence-Based
Attorney-Led
Clinical Expert Network
