The Named Owner Principle requires every clinical AI deployment to name two persons in the audit trail: a Governance Owner at the institutional level, accountable for the decision to deploy, and a Decision Owner at the bedside, accountable for the individual patient call. Neither role substitutes for the other, and the principle is satisfied only when both seats are filled and both names are recorded. This paper states the principle, details the two roles, places the requirement at Layer 4 of the clinical AI governance cascade, and sets out the evidence that the accountability gap is real, measurable, and already being priced by insurers.
Every clinical AI deployment requires two named persons in the audit trail, not one. A Governance Owner at the institutional level, accountable for the decision to deploy. A Decision Owner at the bedside, accountable for the individual patient call. Both names must appear in the documentation that accompanies any clinical AI recommendation. Neither role substitutes for the other. This is the Named Owner Principle, and most clinical AI deployments operating in United States health systems today satisfy neither seat.
The principle is satisfied only when both seats are filled and both names are recorded. A deployment with a Governance Owner and no Decision Owner has approved a tool nobody is accountable for using. A deployment with a Decision Owner and no Governance Owner has placed the full weight of an institutional decision on a single clinician at the bedside. Most deployments have neither, which means that when an AI-shaped recommendation reaches a patient and the outcome is questioned, the audit trail records the clinician who acted and nothing about the system that shaped the recommendation or the authority that approved it.
The institutions that carry this exposure are not abstract. They are the Chief Medical Officer who signed the deployment charter, the Chief Medical Information Officer who integrated the model into the workflow, the General Counsel who will answer the discovery request, and the board members who certified the system to their regulator and their underwriter. Each of them is, in the language of medical-legal accountability, already on the record. What most of them do not yet know is that the record is incomplete.
The failure mode
The evidence that clinical AI is unsafe enough to require named accountability is no longer thin, and it does not depend on speculation about future capability. It is in the benchmarks and the loss data now.
Start with the systems themselves. On Stanford’s MedAgentBench, a benchmark of clinically derived tasks run inside a realistic electronic health record environment under strict first-attempt scoring, the leading models reached roughly 70% task success, leaving the best clinical AI agents wrong on close to one task in three. Performance on safe multi-step execution lagged well behind performance on simple retrieval, which is to say the models were weakest exactly where a clinical decision is most consequential. The NOHARM benchmark, developed by the ARISE Network in a Stanford and Harvard collaboration and released in January 2026, measured something more pointed: across 31 large language models, the potential for severe harm from a model’s medical recommendation occurred in up to 22.2% of cases, and 76.6% of those harmful errors were errors of omission, the model failing to raise a diagnosis, a red flag, or a necessary next step. The harm is mostly in what the system does not say. A clinician acting on a confident, fluent recommendation has no signal that something critical was left out.
The systems also cannot reliably show their work. A study published in Nature Communications in 2025, using the SourceCheckup framework, found that between 50% and 90% of large language model medical responses were not fully supported, and were sometimes contradicted, by the sources the models themselves cited. A recommendation that cannot be traced to a supporting source cannot be audited after the fact, which is the precise capability an institution needs when an outcome is questioned.
The institutions deploying these systems are not positioned to catch the gap. In a Black Book Research survey of 182 United States hospital leaders conducted in late 2025, only 22% reported high confidence that they could produce a complete, auditable AI explanation for regulators or payers within 30 days. The same survey found that 33% cited unclear internal ownership between IT, quality and safety, and compliance as a top barrier to audit readiness. That is the Named Owner gap, measured directly: a third of institutions already know they cannot say who owns the AI in their own workflows. The governance literature confirms the structural shape of the problem. A scoping review of 77 healthcare AI governance frameworks, published in npj Digital Medicine, found that most were not applicable to real-world settings and that oversight mechanisms were the least common component, present in under a fifth of frameworks. The frameworks exist. The layer that operates them at the bedside is the one that does not.
These are not model performance failures alone. A model that is wrong one time in three, that errs mostly by omission, and that cannot reliably cite its own basis, is a known quantity that an institution can govern, if it has decided who governs it. The failure is the absence of that decision. It is an accountability architecture failure, and it produces deployments that look complete on paper and cannot survive an audit.
The clearest evidence that the gap is real comes from the parties whose business is pricing risk. Effective January 1, 2026, the Insurance Services Office introduced Form CG 40 47, a Commercial General Liability endorsement that excludes bodily injury, property damage, and personal and advertising injury arising out of generative artificial intelligence. W. R. Berkley Corporation introduced Form PC 51380, an absolute artificial intelligence exclusion written for the directors and officers, errors and omissions, and fiduciary liability lines, the coverage that protects the executives who approve deployments. The underwriters have read the same evidence and drawn the operational conclusion first. They are carving generative AI exposure out of the policies that institutions and their leaders rely on. When the exclusion applies, the institution holds the AI risk itself, unindemnified, at exactly the point in the workflow where no one has been named to own it. The accountability gap is not a future concern. It is already priced, and the institution is now holding it.
The principle stated
The Named Owner Principle. Every clinical AI deployment requires two named persons in the audit trail: a Governance Owner at the institutional level and a Decision Owner at the bedside. Both names must appear in the documentation that accompanies any clinical AI recommendation. Neither role substitutes for the other. The principle is satisfied only when both seats are filled and both names are recorded.
Governance Owner. The institutional executive accountable for the deployment decision. The Governance Owner signs the charter language and answers to the board, the General Counsel, the underwriter, and the regulator. Role-holders are typically the Chief Medical Officer, the Chief Medical Information Officer, or the Chief of Clinical Service.
Decision Owner. The treating clinician whose signature lands on the chart at the moment an AI-shaped recommendation is acted on. The Decision Owner carries the medical-legal accountability for the individual patient decision and lives at the bedside, not in the charter.
The audit trail. The documentation that travels with a clinical AI recommendation from deployment approval through to the patient decision. A complete audit trail records both named owners. An incomplete audit trail records the Decision Owner alone, or names neither, leaving no traceable line from the bedside back to the institutional authority that approved the system.
Both seats filled. The operational test of the principle. A deployment satisfies the Named Owner Principle when a Governance Owner and a Decision Owner are both named, both recorded, and both current. One without the other leaves the accountability gap open.
The two roles in operational detail
The Governance Owner answers to people who can ask the question under oath.
The Governance Owner is the institutional executive who signed off on putting a clinical AI system into the workflow. In most United States health systems the role lands on the Chief Medical Officer, the Chief Medical Information Officer, or the Chief of Clinical Service, depending on how the institution structures clinical authority. The defining feature is not the title. It is the answerability. The Governance Owner is the person who responds when the board asks whether the system is safe, when the General Counsel asks whether the deployment can survive discovery, when the underwriter asks what the institution certified at renewal, and when the regulator asks who approved the tool.
The Governance Owner signs the charter language. That signature is the institutional act that converts a vendor’s product into the institution’s clinical instrument. Before the signature, the model is the vendor’s. After it, the recommendation is the institution’s. The Governance Owner owns that conversion, and owns it by name.
What the Governance Owner cannot do is carry the individual patient decision. The executive who approved a sepsis-prediction model for the medical service is not in the room when the model fires on a specific patient at three in the morning. The deployment decision and the bedside decision are different decisions, made by different people, at different times, against different information. This is why one named owner is not enough.
The Decision Owner is the name already on the chart.
The Decision Owner is the treating clinician whose signature lands on the chart at the moment an AI-shaped recommendation is acted on. This role is not new and not optional. It is the existing structure of medical-legal accountability, which has always attached to the clinician who makes the call. What is new is that the call is now shaped by a system the clinician did not build, cannot fully inspect, and in most deployments cannot trace back to an institutional owner.
The Decision Owner carries the medical-legal accountability for the individual patient decision. When an outcome is reviewed, the chart shows this clinician acted. It does not show that a model shaped the recommendation, and it does not show who approved the model. The Decision Owner is therefore the one name the audit trail reliably contains, and in an incomplete deployment, the only name it contains. That is the precise shape of the failure: full accountability resting on the person with the least control over the system that produced the recommendation.
Why neither seat fills the other.
The two roles sit at different layers of the institution and answer different questions. The Governance Owner answers whether the system should be in use at all. The Decision Owner answers whether to act on what the system produced for one patient. Collapsing them into a single owner forces a choice between two failures. Name only the executive, and the clinician at the bedside acts on a recommendation no one has made them accountable for. Name only the clinician, and the institution has placed the full weight of a system-level decision on the person standing closest to the patient and furthest from the deployment authority. Most institutional failures in clinical AI accountability arise from exactly this conflation: filling one seat, leaving the other implicit, and discovering at audit that implicit ownership is not ownership at all.
Where the principle lives: Layer 4 of the governance cascade
Clinical AI governance is not a single layer of oversight. It is the fourth layer of a cascade, and each layer governs something the layer beneath it cannot see.
Data Governance is the first layer. It governs how data is collected, stored, secured, and permissioned. Most United States health systems built this layer years ago, under regulatory pressure that predates clinical AI.
AI Governance is the second layer. It governs how models are selected, validated, monitored for drift, and retired. This is the layer most enterprise AI governance programs are built to address, and it is largely a general-purpose discipline that applies to any AI deployment in any sector.
Healthcare AI Governance is the third layer. It governs the requirements specific to AI operating on health data and inside health systems, including the regulatory, privacy, and safety obligations that general AI governance does not reach.
Clinical AI Governance is the fourth layer. It governs the moment an AI-shaped recommendation reaches a patient and a clinician acts on it. This is the layer where the deployment stops being an enterprise asset and becomes a clinical decision. It is also the layer most institutions have not built.
The first three layers are well developed in most health systems. They govern the model, the data, and the regulatory envelope. None of them governs the bedside. A health system can hold a mature Data Governance program, a validated AI Governance pipeline, and a complete Healthcare AI Governance framework, and still have no answer to the question of who owns the clinical decision when the model is wrong. That question lives at Layer 4, and the Named Owner Principle is the operational requirement that gives Layer 4 its substance.
Without the principle, Layer 4 is a label on an empty box. The institution can name the layer in its governance documentation and still not operate it, because operating it requires naming the two owners and recording them in the audit trail. The Named Owner Principle is what converts Clinical AI Governance from a category on an org chart into a structure that can survive an audit.
What the principle is not
The Named Owner Principle is frequently mistaken for structures institutions already have. Each of those structures is real, and none of them satisfies the principle.
Not a role-naming exercise that ends at the charter. Naming a Governance Owner in a deployment document is the start of the principle, not the whole of it. A charter that names the institutional owner and says nothing about who owns the bedside decision has filled one seat and left the other open.
Not a single individual taking sole responsibility. The principle is not a search for one accountable person. It is the requirement that two specific accountabilities, institutional and clinical, are each carried by a named owner. Concentrating both in one person recreates the failure the principle exists to prevent.
Not a substitute for clinical judgment. The Decision Owner is accountable for the call, not relieved of it. The principle records who exercised clinical judgment on an AI-shaped recommendation. It does not replace that judgment with the model’s output, and it does not lower the standard the clinician is held to.
Not a substitute for the first three governance layers. The principle operates at Layer 4, in addition to Data, AI, and Healthcare AI Governance, not in place of them. An institution that adopts the Named Owner Principle without the three layers beneath it has named owners for a system it has not validated, secured, or made compliant.
Not a static designation. The principle requires re-verification at every rotation cycle, every deployment expansion, and every workflow change. A named owner who has left the role, or a deployment that has grown beyond the scope the owners were named for, satisfies the principle on paper and fails it in operation.
Not satisfied by committee ownership. A committee is not a name. A governance committee can approve a deployment, but the principle requires a person who answers for it. When the question is asked under oath, a committee cannot be deposed; its members can, and the principle requires knowing which one.
Not satisfied by function ownership. A function is not a name. Assigning ownership to Quality, to Informatics, or to IT places accountability on a department rather than a person. Departments do not sign charters and do not stand behind clinical decisions. The principle requires a named individual in the role, not the role alone.
Not satisfied by vendor accountability. The vendor cannot own the clinical decision. A vendor can warrant the model, indemnify the contract, and support the deployment, but the vendor is not in the room when the recommendation reaches the patient and is not accountable for the clinical call. The institution owns the decision to deploy and the decision to act. Contractual vendor accountability does not transfer either.
The principle is dynamic, not static
Naming the two owners once does not satisfy the Named Owner Principle. The principle requires that both owners are current, and currency decays on its own.
The Governance Owner named at deployment closure rarely survives unchanged through the operational life of the deployment. Executives move, titles are restructured, and clinical service lines are reorganized. The Chief Medical Information Officer who signed the charter in one fiscal year may have left the institution by the next, and the deployment they approved continues to fire on patients with a named owner who no longer holds the role. The name in the audit trail is still there. The accountability behind it has evaporated.
The Decision Owner decays faster. Treating clinicians rotate through services on cycles measured in weeks. The Decision Owner named at pilot rarely survives the first rotation cycle. A principle that named the bedside owner once, at launch, and never again, describes the accountability of a clinician who may not have touched the deployment in months.
The principle therefore requires re-verification at three triggers. At every rotation cycle, because the Decision Owner changes. At every deployment expansion, because a system approved for one service and extended to another has owners named for a scope they no longer cover. And at every workflow change, because a recommendation that now reaches the patient through a different path may reach a different clinician than the one on record.
This is the failure that is hardest to detect, because it produces no error at the moment it occurs. A deployment that was compliant at launch does not announce the day its named owners go stale. It continues operating, recommendation after recommendation, with an audit trail that looks complete and names that no longer answer for anything. The gap opens quietly, and it is usually discovered at the worst possible time: when an outcome is reviewed and the institution learns that the people named in the record left the roles, or the scope, that made them accountable.
Frequently asked questions
- Who is the named owner?
- There are two. A Governance Owner at the institutional level, accountable for the decision to deploy, and a Decision Owner at the bedside, accountable for the individual patient call. The Named Owner Principle requires both names in the audit trail. One without the other does not satisfy it.
- Is the named owner the CMO or the clinician?
- Both. The Chief Medical Officer, Chief Medical Information Officer, or Chief of Clinical Service owns the deployment as Governance Owner. The treating clinician owns the call as Decision Owner. The principle requires both names recorded, not a choice between them.
- How is this different from existing AI governance?
- General AI governance operates at the enterprise level and stops at deployment approval. The Named Owner Principle extends accountability to Layer 4, Clinical AI Governance, which is where the patient decision happens. The principle does not replace general AI governance. It operationalizes the layer that general AI governance does not reach.
- What happens if only one seat is filled?
- The accountability gap stays open. When an outcome surfaces, the audit trail cannot reconstruct who made the call. Deployments that look complete on paper fail at the point of audit, underwriting renewal, or regulatory inquiry, because a single named owner cannot answer for both the institutional decision and the bedside decision.
- How often must the named owners be re-verified?
- At every rotation cycle, every deployment expansion, and every workflow change. The principle is dynamic. The Governance Owner named at deployment closure rarely survives unchanged through the deployment's operational life, and the Decision Owner named at pilot rarely survives the first rotation cycle. A named owner who has left the role no longer satisfies the principle.
- What about committee-based ownership?
- A committee is not a name. A governance committee can approve a deployment, but the principle requires a person who answers for it. When the question is asked under oath, the committee cannot be deposed and its individual members can.
- Who enforces the principle?
- The institution itself, in the first instance. External enforcement surfaces at adverse outcome review, regulatory inquiry, underwriting renewal, or board-level audit. By the time external enforcement asks who owned the decision, the gap is already priced into the consequence.
- What does it cost to operate the principle?
- Two named owners, recorded in the audit trail, and re-verified at each trigger. The principle adds documentation, not headcount. The cost of operating it is small. The cost of an incomplete deployment surfaces only once, at the moment the institution can least afford it.
Funding
None declared.
Conflicts of interest
Mo Johnson, MD MBA is the founder of GPe Research and its affiliated entities, including Tangibley Health Inc. The Named Owner Principle and related frameworks (Clinical AI Accountability Canvas™, Mind the 9 Blocks™, MedicoVigilance™) are works of GPe Research.
How to cite
@techreport{johnson2026namedowner,
author = {Johnson, Mo},
title = {Named Owner: Why Every Clinical AI Output Needs a Professional on Record},
institution = {GPe Research Publications},
type = {Position Paper},
number = {№01},
year = {2026},
month = {5},
url = {https://publications.gperesearch.com/papers/named-owner}
}