Question 1

Why do I need AI governance certification for my healthcare practice?

Accepted Answer

Three things have already happened: First, malpractice carriers now have standard-form AI exclusion endorsements available — carriers like W.R. Berkley, Hamilton Select, and Philadelphia Indemnity have already adopted them. If your policy includes one, an AI-related claim gets denied and you bear the full cost. Second, 21 states enacted 33 provider-facing AI laws in 2025 with penalties up to $200,000 per violation. Third, the Federation of State Medical Boards established that both reckless AI use and failure to use beneficial AI falls below the standard of care. Independent third-party certification is the documented evidence carriers evaluate at renewal, defense counsel can rely on in a dispute, and regulators weigh as evidence of good-faith governance.

Question 2

Doesn't my AI vendor contract protect me?

Accepted Answer

No — it protects the vendor. Most AI scribe contracts shift all compliance, regulatory, and clinical liability to the practice. Even the most favorable vendor agreement only governs your relationship with the vendor. It does nothing for your liability to patients under malpractice law, to payers under the False Claims Act, to regulators under state AI laws, or to carriers under your insurance policy. Contracts are between you and your vendor. Governance is between you and everyone else.

Question 3

Why do other states' AI laws apply to my practice?

Accepted Answer

Because of telehealth. The practice of medicine occurs where the patient is physically located during the encounter, not where your office is. When a Texas patient returns home and you do a telehealth follow-up, Texas TRAIGA applies at $200,000 per uncurable violation. Federal HHS OCR Section 1557 algorithmic discrimination obligations apply regardless of state, for any HIPAA-covered practice receiving federal financial assistance. 71% of physicians now use telehealth weekly. Each cross-state visit triggers the AI law of the patient's state.

Question 4

Can't we just do AI governance ourselves?

Accepted Answer

Internal policies are valuable groundwork — but without external assessment against an independent framework, they aren't defensible to carriers, OCR, or regulators. Every credible compliance standard for organizations requires independent third-party validation: SOC 2, ISO 27001, Joint Commission, HITRUST. None of those include AI-specific governance evaluation. There is no published AI governance standard for healthcare practices yet, which is exactly why third-party AI certification is the only defensible posture available today. Certification is the external assessment that makes your existing posture credible.

Question 5

Can I just stop using AI in my practice?

Accepted Answer

No. The Federation of State Medical Boards issued guidance establishing that physicians are liable for AI errors just as for any diagnostic tool — and went further: both reckless use of AI and failure to use beneficial AI can fall below the standard of care. You cannot opt out. You can only choose whether you govern it properly or remain exposed on both sides.

Question 6

My carrier already added an AI exclusion. Is it too late?

Accepted Answer

No, but the window to act is narrowing. Certification gives you documented evidence to negotiate at renewal, a defensible governance posture to shop to competing carriers, and protection under remaining coverage lines. Carriers are rational — they exclude risks they can't evaluate. Give them something to evaluate. The cybersecurity insurance parallel is instructive: by 2022, carriers were offering better rates for documented frameworks. AI governance is on the same trajectory, roughly 12-18 months behind.

Question 7

Should I wait for federal AI regulation before getting certified?

Accepted Answer

No. You're exposed right now. 17 states have already enacted AI healthcare laws. An executive order does not preempt state law — only Congress can do that. Meanwhile, your malpractice carrier isn't waiting. Carrier exclusion decisions are private market decisions. The DOJ False Claims Act applies regardless. Common law negligence applies regardless. Practices that certify now are governed before any mandate requires it. Practices that wait will certify under pressure, at higher cost, with less favorable terms.

Question 8

Why is certification only valid for one year?

Accepted Answer

AI healthcare regulation is evolving faster than any compliance area in modern medicine. In the past 12 months alone, multiple states passed new AI laws, CMS updated billing guidance, and major carriers introduced AI exclusion endorsements. A certification based on last year's regulatory landscape doesn't protect you from this year's enforcement actions. The parallel is HIPAA Security Risk Assessments — HHS recommends annual reviews, and OCR has fined practices for stale assessments. Annual recertification keeps your practice current with the law, not just the technology. Our renewal process is streamlined and priced at a reduced rate for returning clients.

Question 9

What happens if my practice doesn't pass certification?

Accepted Answer

You get a roadmap, not a rejection. Most practices have items requiring remediation on their first assessment. If you don't meet the criteria for full certification, you receive a Conditional outcome: an AI Governance Shield&trade; Gap Assessment & Remediation Roadmap with each finding listed by severity and a 30 / 60 / 90-day timeline. One re-assessment is included at no additional cost. The remediation window is 180 days from your initial assessment — long enough to do the work properly, short enough that the assessment is still current when you re-engage.

Question 10

I'm a concierge or direct-pay practice. Do I need AI governance certification?

Accepted Answer

Concierge practices have a leaner exposure profile but not zero. HHS Section 1557 algorithmic-discrimination obligations and OIG / Medicare Advantage scrutiny may not apply if you receive no federal financial assistance. But HIPAA, every state AI healthcare law in your operating jurisdictions (TX HB 149, CA AB 3030, CO HB 26-1195 (BH only), TN SB 1580, IL WOPR), FTC Act § 5, and state medical board guidance all apply regardless of payer mix. Concierge practices certify for malpractice carrier renewals, patient trust, practice sale or affiliation due diligence, and state-law compliance. The engagement adapts: scope statement notes the payer model and Domain 6 (Insurance & Coding Defensibility) is reviewed at reduced scope. Same certificate, scope-adjusted report.

Question 11

Is my engagement private if I don't get certified?

Accepted Answer

Yes. Confidentiality is the default. Sentinel Risk Group does not disclose the existence or outcome of any assessment to third parties absent your written authorization or valid legal process. Practices that do not achieve certification are never publicly identified in any Sentinel Risk Group communication. Practices that do achieve certification are listed in the public Certification Directory at sentinelriskgrp.com — with disclosure limited to practice name, location, certification reference, dates, and current status. Findings, scores, gap analyses, and remediation recommendations are never published. You may opt out of Directory listing in writing at any time.

Question 12

How much does AI governance certification cost?

Accepted Answer

Sentinel Risk Group offers three tiers: Solo/Small Practice (1-3 providers, 1 AI system) at $3,500, Group Practice (4-20 providers, multiple AI systems) at $8,000, and Enterprise (20+ providers, multiple systems and locations) starting at $25,000. All tiers include a complete governance assessment, certification report, governance policies, and implementation tools. 50% deposit to begin, balance due upon report delivery.

What healthcare practices need to know about AI

Your AI scribe could be a crime in about a dozen states

AI can code your claims. You still sign them.