The most expensive mistake hospitals are making with clinical AI is not which vendor they chose. It is the absence of a safety framework to evaluate what that vendor's models will do in their environment, before deployment and after.
This is not a technology problem. It is a discipline problem. Hospitals already have the methodologies to assess deployed systems for failure modes, score risk, and assign mitigation. Those methodologies are root cause analysis and failure mode and effects analysis. They run in every Patient Safety Organization, every M&M conference, every Joint Commission-accredited quality department in the country. The conversation about AI safety in healthcare is not failing for lack of frameworks. It is failing because the existing frameworks are not being applied to a new class of system.
Gartner recently published a useful analytical scaffold: five reasons generative AI projects fail to reach production. The framework is grounded in enterprise IT vocabulary, and for healthcare leaders it lands awkwardly. The categories are correct but the diagnosis is incomplete, because clinical AI failure is not just a project failure. It is a patient safety failure waiting to be classified.
This briefing reads the five Gartner failure modes through a clinical safety lens. For each, it names what hospitals are getting wrong specifically, and what the Cortivus SAFE AI framework (Safety Assessment Framework for AI) does instead. The argument is simple. Clinical AI does not need a new safety language. It needs the existing one applied with discipline.
Why patient safety frameworks fit AI failure
RCA and FMEA were designed for systems that perform as expected most of the time and fail under conditions that were not anticipated. That description fits a fluoroscopy unit, a medication compounder, a surgical timeout protocol, and a generative AI system equally well. The failure-and-recovery dynamics are structurally similar. The system runs. It produces an output. Sometimes the output is wrong in a way that is detectable, and sometimes it is wrong in a way that is not. The question is whether the organization can detect the failure, contain its consequences, and learn from it.
Reason's Swiss cheese model, James Reason's foundational work on organizational accident causation, applies cleanly to AI deployment. Each layer of defense (input validation, model output monitoring, clinician review, downstream verification) has gaps. Failures happen when the gaps align. AI vendors will tell you they have addressed the model layer. They cannot speak to the other layers, because those layers exist inside your hospital. Your responsibility is to make sure the alignment cannot happen.
This is the discipline that SAFE AI brings. Two methodologies, two outputs. RCA for failures that have already occurred. FMEA for failures that have not yet occurred, scored on severity, occurrence, and detection. Both adapted from twenty years of clinical patient safety practice and applied to the AI systems entering care.
Against that backdrop, the Gartner failure modes become five distinct surfaces where the framework gets applied.
Failure Mode 1: Lack of Clinical Use Case Validation
Gartner calls this lack of business value. Organizations chase impressive demos, deploy generative AI across low-impact use cases, and find themselves unable to demonstrate measurable return when budgets tighten.
In healthcare, the failure pattern is slightly different. The use case usually does have business value (less documentation time for clinicians, fewer transcription errors, faster discharge summaries). What is missing is clinical safety value. Hospitals do not ask, before deployment, what specifically gets worse if this model performs perfectly, and what specifically gets worse if it fails. Those two questions belong in a pre-deployment FMEA worksheet, not in a vendor pitch deck.
A SAFE AI use case validation begins by scoring each proposed AI system on two dimensions. Severity if the model performs as expected (does the documentation it produces affect downstream clinical decisions, billing, or legal record?) and severity if the model fails (what is the worst plausible outcome of a hallucinated medication or an omitted history element?). Hospitals that complete this exercise frequently discover that the failure mode severity for ambient scribes is closer to a medication error than to a paperwork annoyance. That changes the deployment posture, the oversight workflow, and the monitoring requirements.
The Gartner recommendation is to build a use-case prioritization framework. The SAFE AI recommendation extends that framework to include pre-deployment severity scoring tied to clinical outcomes. The vocabulary your quality committee already uses applies directly. The committee has been doing this work on medication formulary changes, surgical instrument introductions, and clinical pathway modifications for decades. AI is a new class of system in a familiar review process.
Failure Mode 2: Data Isn't Ready
Gartner's second failure mode is data readiness. Poor quality, ungoverned, or unenriched data produces unreliable outputs and breaks retrieval-augmented generation pipelines.
The healthcare-specific version of this failure has two faces that vendors rarely address. First, training data lineage. Most clinical AI vendors are not transparent about the patient populations, care settings, or temporal windows their training data represents. An ambient scribe trained predominantly on outpatient internal medicine encounters in academic medical centers will perform differently in a rural emergency department, a Federally Qualified Health Center, or a long-term care facility. The deployment context mismatch is real, measurable, and rarely tested by hospitals before procurement.
Second, feature drift over time. Even when training data is appropriate at deployment, clinical practice changes. New medications appear in formularies. Documentation conventions shift. Patient demographics evolve. The model that worked in January will be a functionally different model in October if no one is monitoring the drift. The vendor will know. The hospital will not, because the contract did not require disclosure.
A SAFE AI assessment of the data layer asks three questions. What does the training data cover and what does it omit? What is the deployment context fit between training data and current patient population? What drift monitoring is in place, who owns it, and what is the response protocol when drift exceeds threshold? Hospitals rarely have defensible answers to all three. The output of a SAFE AI engagement is the documentation that makes those questions answerable.
Failure Mode 3: Operational Cost and Resilience
Gartner names this escalating total cost of ownership. The negligible per-token cost in a demo becomes a budget black hole at production scale.
In healthcare, the cost surfaces are distinctive. Ambient scribe per-encounter costs scale with visit volume, and visit volume is the same metric the practice is trying to grow. AI-generated note review costs are absorbed by clinicians whose time is already constrained. Hidden costs include retraining triggers that vendors do not disclose in pricing, prompt cache misses that produce inference overages, and the cost of cross-functional teams maintaining the deployment over time. Procurement teams approve initial vendor quotes without visibility into total cost of ownership over a three-year operating window.
The Gartner recommendation is to apply FinOps principles to GenAI workloads from day one. The SAFE AI recommendation extends this to include token-level cost attribution per service line, scheduled drift reviews tied to cost re-baselining, and explicit cost containment policies for clinician review time.
"This is not a financial governance problem. It is a clinical operations resilience problem. Programs that run out of budget mid-cycle get cancelled, and the patients whose care patterns adapted to the AI's presence carry the disruption."
The hospital that cannot quantify what its ambient scribe deployment is costing per encounter cannot make defensible decisions about whether the deployment is sustainable.
Failure Mode 4: Responsible AI as the Discipline, Not the Afterthought
Gartner identifies four pillars of responsible AI: safety, privacy, accountability, and fairness. The recommendation is to embed these from inception rather than retrofit them after an incident.
In clinical AI, those four pillars map directly onto FMEA failure modes. Safety becomes hallucination, omission, and incorrect output severity. Privacy becomes inappropriate data exposure and credential misuse. Accountability becomes the question of who signs the note, who owns the audit trail, and who is named in the event the output contributes to a clinical injury. Fairness becomes bias drift across patient demographics, which most hospitals are not yet measuring.
A SAFE AI FMEA worksheet treats each of these as a scoreable failure mode with severity, occurrence, and detection ratings. Hallucinated medication in a generated note scores 9 on severity, 4 on occurrence, and typically 7 on detection (because the clinician review step is imperfect). The resulting Risk Priority Number is high enough to require a documented mitigation. Bias drift across patient demographics scores differently but produces an RPN high enough to warrant ongoing monitoring controls. The exercise is not abstract. It produces a ranked list of failure modes with assigned mitigations, in language your quality committee uses every week for non-AI systems.
This is the central argument of the SAFE AI framework. Responsible AI is not an additional discipline that hospitals need to acquire. It is the discipline they already practice, applied to a class of system that was not in scope when the existing safety committees were formed.
Failure Mode 5: Clinician Oversight and Workflow Integrity
Gartner identifies poor change management as the fifth failure mode. Technically excellent tools see minimal adoption when employees feel threatened, workflows are disrupted, or the experience is poorly designed.
In healthcare, the failure mode is more pointed. Clinicians do not just stop using the AI. They start trusting it more than they should. The phenomenon has parallels in alert fatigue and clinical decision support: the more reliable a system performs early on, the lower the cognitive vigilance applied to later outputs. Ambient scribes that produce excellent notes for six weeks train the documenting clinician to skim rather than verify. When the model has a bad day in week seven, the skimming pattern is already established.
The SAFE AI lens on this failure mode is the clinician oversight workflow. Specifically, what is the attestation discipline, who is responsible for verifying AI-generated outputs, how is verification load distributed across the clinical day, and what triggers a re-evaluation of the oversight workflow when the model behaves differently than expected. These are operational questions that are difficult to answer well at the procurement stage, but they have direct patient safety implications once the system is in production.
A change management plan that focuses only on adoption is insufficient. The clinical safety equivalent focuses on sustained vigilance, attestation integrity, and the ability of the oversight workflow to degrade gracefully when the model degrades. A SAFE AI engagement makes the existing workflow visible, identifies where it depends on assumptions about model performance that have not been validated, and recommends specific controls to keep the human-in-the-loop function reliable over time.
The thread that runs through all five
Read together, the five Gartner failure modes are not independent. They share a common root: the absence of a clinical safety framework applied to AI from before deployment through ongoing monitoring. Each failure mode has an analog in patient safety practice. Each is solvable with vocabulary your quality committee already speaks. Each, untreated, contributes to the kind of clinical injury that will eventually be classified as a sentinel event and reviewed under the same RCA your organization runs for every other category of adverse event.
The lesson is not that hospitals need new methodologies. It is that they need the existing ones extended to a new class of system. The Gartner framing is useful as an analytical scaffold. The clinical translation is what makes it actionable in a healthcare governance committee.
| Gartner Failure Mode | Clinical Safety Translation | SAFE AI Surface |
|---|---|---|
| Lack of business value | Lack of clinical use case validation | Pre-deployment severity scoring |
| Data isn't ready | Training data lineage and deployment context fit | Data layer RCA |
| Escalating TCO | Operational cost and clinical resilience | FinOps tied to drift re-baselining |
| Responsible AI as afterthought | Failure mode and risk scoring | FMEA worksheet with RPN |
| Poor change management | Clinician oversight workflow integrity | Oversight workflow review |
Where to start
Most hospitals do not need an enterprise-wide governance initiative to begin closing these gaps. They need a single system, examined with the framework, to see what the discipline produces. The most natural starting point is the most visible system already in production: the ambient documentation deployment.
A two-week SAFE AI Quick Read of an ambient scribe deployment produces a worksheet with RPN-scored failure modes, a mitigation roadmap tied to your existing quality and risk governance, and an executive briefing for your AI committee or board. It is the fastest way to see what the framework looks like applied to your environment. Hospitals that have completed a Quick Read frequently extend the engagement to an AI Inventory of Record, which catalogs and risk-tiers every AI system in clinical use across the institution.
The cost of waiting is not theoretical. It is the next sentinel event, classified after the fact, in vocabulary that should have been applied before.
Start a SAFE AI Quick Read
Two-week assessment of your ambient documentation deployment. Worksheet with RPN-scored failure modes, mitigation roadmap, executive briefing.
See the Practice Scope an EngagementAbout Cortivus
Cortivus is an independent clinical AI safety, audit, and governance practice for hospitals deploying AI into care. The firm's proprietary methodology, Cortivus SAFE AI (Safety Assessment Framework for AI), brings twenty years of patient safety practice (root cause analysis and failure mode and effects analysis) to the AI systems entering clinical workflows. Cortivus is a NVIDIA Inception and Google for Startups member, founded by Troy Sybert, MD, MPH, board certified in preventive medicine and public health, and in clinical informatics.
Sources
- Gartner. "Why Generative AI Projects Fail." gartner.com/en/articles/genai-project-failure
- Joel Carusone, NinjaOne, in "Here are the top challenges for CIOs in 2025." Intelligent CIO APAC, May 13, 2025. intelligentcio.com
- Precisely. Trust '24 Data Integrity Summit. Enterprise Times, September 12, 2024. enterprisetimes.co.uk
- Reason, J. Human Error. Cambridge University Press, 1990. (Swiss cheese model of organizational accident causation.)