Action-Gating 1.0 — governing the moment an AI output becomes a clinical action
The normative standard for clinical AI: classify every output that could become an action by its reversibility, and resolve it to ALLOW, REQUIRE_HUMAN, CONSTRAIN, THROTTLE, or DENY before it reaches a patient, a chart, a medication workflow, or an external system.
A clinical AI system produces an output. The danger begins at the next step, when that output becomes an action — a transmitted summary, a chart entry, a medication change, a discharge instruction, a payer submission. This standard governs that transition. It classifies clinical actions by reversibility, requires each to resolve to an explicit governance outcome before it reaches a patient or an external system, and binds every irreversible action to a named, licensed clinician who can understand, challenge, override, and own it.
Scope
This standard applies to any clinical AI output that could become an action affecting a patient, the clinical record, a clinician's workflow, or an external system. It governs, without limitation:
- Clinical documentation — draft notes, ambient-scribe output, problem-list and chart entries.
- Handoff summaries — shift-change, transfer, and service-to-service summaries.
- Triage and risk stratification — acuity scoring and patient-prioritization output.
- Clinical alerts — deterioration and early-warning signals, including sepsis alerts.
- Medication workflows — order entry, dose changes, reconciliation, and interaction checks.
- Prior authorization — payer submissions and supporting clinical justification.
- Discharge instructions — after-visit summaries and home-care directions given to patients.
- Patient education — patient-facing explanations and instructional material.
- Clinical escalation — routing, paging, and hand-offs that move a case to another clinician or team.
The purpose of this standard is narrow and specific: to ensure that no clinical AI output crosses into action until its risk is classified, its required human posture is determined, and a record of the decision exists. MUST, MUST NOT, SHOULD, and MAY are used as defined in §2.
Terms & normative language
The key words MUST, MUST NOT, SHOULD, and MAY are requirement levels: MUST denotes an absolute requirement for conformance; MUST NOT an absolute prohibition; SHOULD a recommended practice that requires documented justification to omit; MAY an optional practice.
- Clinical action — any operation through which an AI output changes state outside the model: a transmission, chart entry, medication action, instruction given to a patient, escalation, or payer submission.
- Reversibility — the cost and feasibility of undoing a clinical action after it executes. A reversible draft is not equivalent to an irreversible transmission, chart entry, medication action, discharge instruction, or payer submission.
- Action tier — the action-risk classification assigned to a clinical action: Green (allow / monitor), Yellow (human validation), Red (approval-gated or blocked).
- Externality — the property of an action that crosses an institutional boundary, such as a payer portal, a public channel, or a patient-facing message.
- Named clinical authority — the identified, role-appropriate licensed clinician accountable for authorizing or refusing a gated clinical action.
- Steward — the clinician, typically a nurse, responsible for the whole-person, systems-aware environment in which the AI operates.
Clinical reversibility scale
Risk in clinical AI is not a property of the model; it is a property of what is about to happen. A reversible draft is categorically different from an irreversible transmission, chart entry, medication action, discharge instruction, or payer submission. Every clinical action MUST be classified by its reversibility, and the action tier MUST follow from that classification.
| Clinical action | Reversibility | Action tier | Required human authority | Evidence required |
|---|---|---|---|---|
| AI draft note | Reversible — editable before signing; no external effect | Green | Clinician edits and signs | Provenance of source content |
| Handoff summary | Low — transmitted to another clinician; informs care | Yellow | Nurse validates before transmission | Source grounding + flagged gaps |
| Sepsis alert | Conditional — escalates care; acting or not acting both carry risk | Yellow → Red | Clinician adjudicates | Signals, uncertainty, contradictory data |
| Medication order or change | Irreversible once administered | Red | Prescriber + pharmacist | Full bundle + interaction check |
| Prior-authorization submission | Irreversible — leaves the institution; affects coverage | Red | Authorized staff | Clinical justification + provenance |
| Discharge instructions | Irreversible — given to the patient; governs home care | Red | Discharging clinician | Full bundle + reconciliation |
Where an action is partly reversible or its reversibility is uncertain, it MUST be classified at the higher tier. Uncertainty about reversibility is not a reason to proceed; it is a reason to escalate.
The gate
Before any clinical action reaches a patient or an external system, the gate MUST resolve it to exactly one of five governance outcomes, each logged identically per the Evidence Bundle Standard:
| Outcome | Meaning in a clinical context | Typical tier |
|---|---|---|
ALLOW | Execute and monitor; reversible, bounded, and informational, such as a draft for clinician edit. | Green |
REQUIRE_HUMAN | Route to a named, role-appropriate clinician for validation before the action executes. | Yellow |
CONSTRAIN | Execute only within a narrowed scope — redacted content, reduced privilege, or limited recipients. | Yellow |
THROTTLE | Rate-limit, defer, or stage the action pending further clinical signal or review capacity. | Orange |
DENY | Refuse; record the rationale and route to a safer path. A refusal is a governance event, not a failure. | Red |
The gate MUST classify each action using, at minimum, who is asking, what data is involved, what system is touched, how reversible the action is, and what harm could follow. Where signals disagree, the gate MUST select the higher outcome — ambiguity escalates upward. Any action carrying externality — a payer portal, a patient-facing channel, an outbound message, or an external API — MUST start at a higher governance posture; externality raises the floor.
Named clinical authority
A tier MUST NOT authorize itself. Every REQUIRE_HUMAN outcome MUST resolve to a specific, role-appropriate licensed clinician — nurse, physician, pharmacist, or allied clinician — who can understand, challenge, override, and own the action, and who holds accountability for it once authorized. The loop never closes on a tier; it closes on a named human.
- The reviewing clinician MUST be given the context, source grounding, uncertainty, and alternatives needed to make a substantive judgment — not a one-click accept.
- The role assigned to authorize an action MUST match the action's clinical scope: a medication change resolves to a prescriber and pharmacist; a discharge instruction resolves to the discharging clinician; a prior-authorization submission resolves to authorized staff.
- Systems MUST actively counter automation bias (see the Human Oversight Standard) and MUST NOT design defaults that reward rubber-stamping.
Evidence & grounding
No clinical claim may be acted upon without an evidentiary basis. Before a clinical action executes, the AI output it rests on MUST carry source grounding, provenance, an uncertainty signal, and explicit flags for missing or contradictory data. A polished output is not a trustworthy one unless it is traceable.
- Each governed clinical action MUST produce a record conformant with the Evidence Bundle Standard: provenance, model and version, uncertainty, data scope, and the named human's decision.
- Predictive clinical decision support MUST surface the structured source attributes required under the ONC HTI-1 Final Rule, so the reviewing clinician has the data, performance, and risk context needed to judge the output.
- Where source grounding is absent, stale, or contradicted, the gate MUST raise the action's tier and SHOULD route it to a clinician rather than allow it to proceed on an unsupported claim.
Empirical basis
The requirement to gate clinical AI output is not precautionary abstraction; it rests on measured error rates in current models.
The Stanford–Harvard "First, Do NoHARM" study (January 2026) evaluated 31 large language models on 100 real primary-care cases across 10 specialties. Leading models produced "severely harmful" clinical recommendations in up to 22.2% of cases; the best-performing models still made 12–15 severe errors per 100 cases, and the worst made errors in roughly 40 of 100. Approximately 77% of severe harm came from omissions — information the model failed to surface.
An output that is severely harmful in up to one case in five is not safe to act on without structured human review. This is the empirical anchor for action-gating: the governance gap is measured, not theoretical, and omission-driven harm is precisely what source-grounding and flagged-gap requirements (§6) are designed to catch.
Because most severe harm arises from omission rather than commission, conformant systems MUST NOT treat a confident, well-formed output as evidence of completeness, and MUST flag missing and contradictory data as part of the record that reaches the reviewing clinician.
Mapping to external frameworks
Action-Gating is the runtime expression of obligations that federal regulators, accreditors, and binding law have each defined independently.
| External requirement | Action-Gating clause |
|---|---|
| ONC HTI-1 — DSI source attributes & Intervention Risk Management transparency | §6 evidence & grounding |
| FDA — AI-enabled device guidance & PCCP (predetermined change control) | §3 reversibility classification, §6 evidence |
| Joint Commission / CHAI — seven elements (governance, transparency, monitoring, safety-event reporting) | §4 gate, §5 named authority, §6 evidence |
| EU AI Act Art. 14 — human oversight, override, stop button | §5 named clinical authority |
| EU AI Act Art. 15 — accuracy, robustness, fallback to human | §4 gate, §7 empirical basis |
ONC requires transparency, the FDA requires lifecycle change-control, the Joint Commission and CHAI require monitoring and safety-event reporting, and the EU AI Act requires meaningful human oversight with an override and a stop button. Action-Gating is where those obligations meet a real clinical action — classified by reversibility, resolved to an explicit outcome, and owned by a named, licensed clinician before it reaches the patient.
Sources
- Stanford–Harvard — "First, Do NoHARM" clinical-harm study (Jan 2026)
- ONC — HTI-1 Final Rule (DSI source attributes & Intervention Risk Management)
- FDA — AI-enabled medical device guidance & Predetermined Change Control Plans
- Joint Commission & CHAI — Responsible Use of AI in Healthcare guidance
- EU AI Act — Article 14, Human Oversight
- EU AI Act — Article 15, Accuracy & Robustness
Map your clinical AI outputs to actions. Then gate them.
Start with an inventory of where AI output becomes a clinical action, classify each by reversibility, and stand up the gate and the evidence your accreditors require.