The Liability Gap: Who Pays When Autonomous Clinical Systems Fail?

The Liability Gap: Who Pays When Autonomous Clinical Systems Fail?

Share

The Liability Gap: Who Pays When Autonomous Clinical Systems Fail?

In 2018, the FDA cleared IDx-DR as the first autonomous AI diagnostic system in the United States. It screens for diabetic retinopathy without a clinician interpreting the results. The machine reads the fundus image. The machine makes the call.

So when it gets it wrong, who is liable?

Our legal systems have not answered this. And as autonomous clinical AI moves into emergency departments and primary care clinics, that silence is becoming dangerous.

The Legal Vacuum

Traditional malpractice law assumes a human made the decision. A physician examines a patient, forms a clinical judgment, and acts on it. If the outcome is negligent, the physician and their institution bear responsibility. The chain of causation is clear.

Autonomous AI breaks that chain. When IDx-DR misses a case of proliferative retinopathy, the ophthalmologist never saw the image. The primary care physician relied on a cleared device. The hospital purchased it in good faith. The vendor delivered a product that met its FDA-specified performance threshold. Everyone did their job. The patient still lost vision.

Babylon Health's triage chatbot hit a different version of this problem. In 2020, reports surfaced that its symptom checker had missed serious conditions. Babylon pointed to its disclaimers. The NHS trusts that deployed it pointed to Babylon's regulatory status. The patients pointed to the advice they received.

Three Liability Holders, None Adequate

The vendor can be held to product liability standards. But product liability requires a defect, and a system performing within its stated accuracy parameters is, by legal definition, working as intended. A 90% sensitivity means 10% of positive cases will be missed. That is the specification.

The deploying institution could bear responsibility under corporate negligence. But how does a hospital evaluate an opaque algorithm? They cannot audit the training data or inspect the model weights.

The physician is the most exposed party, and I think that is deeply unfair. In Canada, the Canadian Medical Protective Association has not issued clear guidance on physician liability when an autonomous system makes an error the physician never reviewed. The physician who orders an IDx-DR screening is responsible for a decision they were explicitly told they did not need to make.

Canada and the US: Two Gaps

Canadian negligence law requires a physician to meet the standard of a "reasonable practitioner." If the reasonable practitioner in 2026 is expected to use AI screening, failing to use it could be negligent. But if using it introduces undetectable errors, using it might also be negligent. The standard has become circular.

US law adds the complication of FDA preemption. Federal courts have sometimes held that FDA clearance preempts state tort claims. If this extends to autonomous AI, patients harmed by a cleared system may have no legal remedy at all.

What I Think Needs to Happen

We need a liability framework designed for autonomous systems, one that does not force clinicians to bear the risk of decisions they did not make.

Vendors of autonomous clinical AI should carry mandatory outcome insurance, similar to pharmaceutical product liability coverage. If the system makes the call, the system's maker shares the consequences.

FDA clearance should not function as a liability shield. Clearance means the device met a performance threshold at the time of review. It does not mean the device is safe in every clinical context forever.

Provinces and states need to update their malpractice frameworks explicitly. The silence from CMPA and from US malpractice carriers is a transfer of risk onto physicians and patients by default. That is a problem we can solve. We are choosing not to.


Related Reading