How to Lead AI Governance in Healthcare: 7 Practical Steps

The integration of artificial intelligence (AI) into healthcare is transforming patient care, clinical workflows, and operational efficiencies at an unprecedented rate. Yet, as innovation accelerates, so do the challenges of ethical oversight, regulatory compliance, and risk management. In a thought-provoking discussion during the AIM Med podcast, Anna Santiago, the Chief Information Security Officer (CISO) of ChristianaCare, shared critical insights on how healthcare organizations can lead with effective AI governance.

This article distills her expertise into actionable strategies for healthcare and cybersecurity professionals, exploring how to align AI innovation with robust governance frameworks.

Understanding the Stakes: Why AI Governance Matters in Healthcare

AI technologies have permeated critical domains in healthcare, from ambient listening in clinical settings to AI-assisted scheduling and cybersecurity defenses. As Santiago emphasized, "The impact AI can have on care delivery is monumental - transformative, truly." However, the rapid adoption of these technologies presents unique risks, including cybersecurity threats, clinical missteps, and ethical biases.

For decision-makers in both healthcare delivery organizations (HDOs) and vendor networks, the stakes are high: Ensuring patient safety, maintaining compliance, and navigating the unknowns of new technologies.

Santiago’s journey at ChristianaCare - where the organization has implemented AI in areas like ambient listening and cybersecurity - offers a real-world case study on how to balance opportunity with responsibility.

sbb-itb-535baee

7 Practical Steps to Leading AI Governance in Healthcare

Anna Santiago outlined key principles that healthcare and cybersecurity leaders can adopt to establish a robust AI governance framework. Below are her insights, along with additional context for professionals navigating the complexities of AI implementation.

1. Create a Governance Framework with Universal Buy-In

Governance should not be siloed within one department or team. Santiago's team at ChristianaCare has developed an AI governance process centered around a risk-management rubric. This system ensures that every AI project undergoes thorough scrutiny, from initial assessment to testing its efficacy.

Key takeaway: Align technology, compliance, and operational teams under a unified governance model to ensure collective accountability.

2. Develop a Risk-Management Rubric

A comprehensive rubric helps decision-makers evaluate AI projects across multiple dimensions, including cybersecurity, ethical concerns, and clinical risks. Santiago’s rubric includes a robust questionnaire that serves as a gateway for new AI initiatives. Depending on the complexity of an implementation, projects may also undergo additional testing by the organization’s innovation and engineering teams.

Key takeaway: Standardize risk assessment through a rubric to streamline decision-making and increase transparency.

3. Educate Stakeholders on Multi-Faceted Risks

Santiago noted that while most people understand cybersecurity risks, awareness of clinical risks, ethical biases, and unknown consequences remains limited. Her governance team emphasizes education to help stakeholders align projects with policy and regulatory standards.

Key takeaway: Invest in cross-functional education to ensure stakeholders recognize both technical and ethical dimensions of AI risks.

4. Embrace the Unknowns

A recurring theme in Santiago’s approach is humility - recognizing that no one can fully anticipate the implications of emerging AI technologies. "I don’t know what I don’t know", she admitted, advocating for flexibility and frequent reassessment. This mindset allows organizations to adapt as new risks and opportunities emerge.

Key takeaway: Foster a culture of continuous learning and adaptability to address evolving challenges.

5. Establish a Collaborative Governance Committee

At ChristianaCare, the AI governance committee includes voices from diverse departments, ensuring all perspectives are acknowledged. Santiago highlighted the importance of equal representation, stating that "no one person owns the risks; they are shared across the governance team."

Key takeaway: Create a governance committee with representatives from IT, clinical operations, compliance, and innovation to encourage balanced decision-making.

6. Prioritize Use Cases and Avoid Redundancies

To prevent inefficiencies, ChristianaCare adheres to a strict methodology: If an existing platform can handle a proposed AI use case, the new technology must justify its value. For example, the team would question the need for an AI ticketing system if the existing ServiceNow platform can perform the same tasks.

Key takeaway: Rigorously evaluate whether new technologies genuinely add value or merely duplicate existing tools.

7. Increase Governance Agility Without Sacrificing Rigor

In rapidly evolving healthcare environments, delays are not an option. Santiago’s team initially met monthly but transitioned to weekly meetings to keep pace with the growing pipeline of AI projects. This shift reflects a deliberate effort to combine agility with accountability.

Key takeaway: Adjust governance mechanisms to support agile decision-making while maintaining thorough evaluations.

Challenges in AI Adoption

Santiago candidly addressed the biggest hurdles in AI adoption:

• Velocity of Adoption: Organizations often rush to adopt AI without fully understanding the associated risks.
• Knowledge Gaps: Even experts are grappling with the unknowns of this emerging field.
• Cultural Resistance: Facilitating cross-functional collaboration can be an uphill task, as different departments may have varying levels of understanding and readiness.

These challenges underscore the need for strong governance processes that balance innovation with caution.

Leadership Lessons and Personal Insights

Santiago’s leadership approach is as much about fostering people as it is about implementing technology. Reflecting on her early career, she shared a pivotal lesson: Leaders must intentionally align individual growth with organizational roles. By regularly engaging team members in discussions about their aspirations, she ensures they feel valued and supported.

Her commitment to professional development extends beyond her immediate team. Santiago is an advocate for thought leadership and knowledge sharing, encouraging others to embrace the philosophy that "cyber safety is patient safety."

Key Takeaways

• Unified Governance: Establish an AI governance framework that involves stakeholders across compliance, IT, and clinical domains.
• Risk Rubrics Matter: Use standardized rubrics to evaluate AI projects for ethical, clinical, and cybersecurity risks.
• Education is Paramount: Train stakeholders to recognize the multifaceted risks of AI, including ethical and clinical considerations.
• Flexibility is Key: Accept that there will always be unknowns and cultivate a culture of learning and adaptability.
• Collaboration Drives Success: Form governance committees with diverse representation to ensure balanced perspectives.
• Focus on Agility: Increase governance frequency to keep pace with rapid innovation while maintaining thorough evaluations.
• Prioritize Value-Driven AI: Evaluate use cases to prevent redundancy and focus on high-impact innovations.

Conclusion

AI has the potential to revolutionize healthcare, but it also introduces complexities that demand nuanced governance. Anna Santiago’s insights offer a roadmap for healthcare and cybersecurity leaders to navigate this transformative journey. By fostering collaboration, education, and flexibility, organizations can harness AI’s power responsibly - ensuring that innovation continues to serve the ultimate goal: improving patient care and safety.

As healthcare professionals and decision-makers, the challenge is clear: Lead with intention, govern with rigor, and embrace the opportunities of AI with a measured and informed approach.

Source: "What We Don’t Know: Leading AI Governance with Humility and Clarity with Anahi Santiago, Chief In..." - Outcomes Rocket, YouTube, Dec 22, 2025 - https://www.youtube.com/watch?v=53oqVRkS4Gs

Related Blog Posts

• Cross-Jurisdictional AI Governance: Creating Unified Approaches in a Fragmented Regulatory Landscape
• AI Governance Talent Gap: How Companies Are Building Specialized Teams for 2025 Compliance
• Board-Level AI: How C-Suite Leaders Can Master AI Governance
• Future-Ready Organizations: Aligning People, Process, and AI Technology