Activity 3: Institutional Complexities in AI Deployment
Role-Playing an AI Implementation
Your laboratory is evaluating two AI-enabled projects that could change how laboratory results are reviewed, released, communicated, and acted on:
Part 1: Considering and implementing a vendor autoverification solution that automates result verification using analyzer flags, quality checks, delta checks, reference intervals, clinical context, and model-derived risk scores.
Part 2: Implementing a generative AI solution that drafts interpretive comments, internal review notes, or provider-facing explanations after results are held, corrected, or require additional context.
Each participant will represent one institutional perspective. Your goal is not to “win” the discussion, but to identify what each group needs before the project can move forward, what risks must be controlled, and where institutional responsibilities overlap.
- What problem is the AI system solving, and who is accountable if it fails?
- What evidence is needed before pilot use, clinical use, and broader deployment?
- Where should human review be required?
- What needs to be documented for validation, governance, downtime, monitoring, and change control?
- What risks are different for a vendor autoverification tool versus a locally configured generative AI tool?
Ensure the AI workflow improves result release, turnaround time, and operational reliability without compromising review of abnormal, questionable, or high-risk results.
1) Which result types, analytes, patient settings, and abnormal patterns should be eligible for automated release?
2) What local validation cases are needed before the laboratory trusts vendor performance claims?
3) What documentation is required when staff override a hold, manually release a result, or disable autoverification?
1) What kinds of result comments, review notes, or provider explanations are appropriate for AI drafting, and which should remain fully manual?
2) Who must review and approve generated text before it becomes part of the laboratory record or patient chart?
3) How will staff detect omissions, overstatements, or recommendations that conflict with local policy?
Ensure the AI systems can be deployed, integrated, secured, supported, and retired within institutional infrastructure and cybersecurity standards.
1) What result, flag, demographic, order, medication, diagnosis, and historical data does the vendor need, and where will those data be processed?
2) How will autoverification decisions, result holds, overrides, and audit trails move between middleware, LIS, and EHR-facing workflows?
3) What uptime, support, audit-log, and version-notification requirements must be in the contract?
1) Can the generative AI tool run in an approved environment with appropriate PHI controls?
2) How will prompts, retrieved reference material, generated output, reviewer edits, and final text be logged?
3) What technical controls prevent unapproved model use, prompt injection, data leakage, or silent model changes?
Ensure the implementation satisfies applicable CLIA, CAP, HIPAA, institutional governance, contractual, and, where relevant, FDA expectations.
1) Is this being used only to automate laboratory result release, or does it create clinical decision support obligations?
2) What evidence is needed to verify local safety, false-release risk, false-hold burden, and performance after vendor updates?
3) What records must be retained for validation, released results, held results, overrides, rule/model changes, and monitoring?
1) Is generated text part of the medical record, a draft working note, or an internal quality document?
2) What review, attestation, and version-control requirements apply before generated text is released?
3) How will the institution manage hallucinations, biased language, inappropriate recommendations, and patient privacy risks?
Ensure AI-supported laboratory workflows improve clinical decision-making without creating confusing, delayed, or low-trust communication.
1) When should providers be notified that a result was held, manually reviewed, corrected, or not eligible for autoverification?
2) What information is needed to interpret a delayed, corrected, suppressed, or manually reviewed result?
3) How should provider feedback be captured when AI-driven actions affect clinical care?
1) What makes an AI-drafted comment clinically useful rather than merely plausible?
2) How should uncertainty, limitations, and recommended follow-up be phrased?
3) How will providers know whether the final comment was reviewed and approved by laboratory professionals?
Represent patient interests in safety, privacy, transparency, equitable performance, and understandable communication.
1) What patient benefit justifies using historical and real-time laboratory data to automate result release?
2) How will the institution check whether the system performs differently across patient populations?
3) What should patients be told if an AI-assisted process releases, delays, corrects, or questions a result?
1) Could generated comments be misunderstood by patients viewing results in a portal?
2) What privacy protections apply when patient data are used to generate or revise text?
3) How will patients or caregivers ask questions or correct misunderstandings caused by AI-supported communication?
Evaluate model fitness, local performance, failure modes, monitoring design, and the technical limits of both autoverification and generative AI systems.
1) What local data are needed to validate false-release risk, false-hold burden, manual review reduction, turnaround time, and subgroup performance?
2) How will the team monitor drift, subgroup performance, vendor updates, and unexpected changes in hold or release rates over time?
3) What should trigger retraining, recalibration, rollback, or suspension of the tool?
1) What test set, rubric, and review process will evaluate generated text before deployment?
2) How will prompts, retrieved documents, model versions, and reviewer edits be controlled and monitored?
3) What guardrails are needed to prevent unsupported recommendations, fabricated facts, and inappropriate tone?
Final Discussion
After each group has discussed both parts, compare the implementation plans:
- Which risks are shared across both AI projects?
- Which risks are unique to vendor autoverification?
- Which risks are unique to generative AI?
- What governance structure would allow the institution to approve, monitor, revise, or stop either tool?