Five governance gaps insurers look for

Medical indemnity insurers in Australia are quietly adjusting their risk models to account for AI use in clinical practice. While most have not yet added explicit AI governance questions to their renewal forms, underwriters are beginning to ask about it during reviews, particularly for practices that have disclosed AI tool usage. The five gaps that consistently raise concerns follow a predictable pattern.

The first gap is the absence of a tool register. Insurers want to know what AI tools are in use, what they do, and whether they have regulatory approval. The second is missing or outdated policies: practices that cannot produce a current AI governance policy signal unmanaged risk. Third, insurers look for evidence of human oversight, specifically whether radiologists are documented as having final authority over AI-assisted findings rather than deferring to algorithmic outputs.

The fourth gap involves performance monitoring. Practices that cannot demonstrate they track AI accuracy, false positive rates, or concordance with clinical judgment are seen as operating blind. The fifth, and often most damaging, is the absence of incident documentation. When something goes wrong with an AI tool, the insurer wants to see that it was logged, investigated, and addressed. Silence in the record is interpreted as negligence.

Each of these gaps maps directly to a CAIOS domain. Attest generates the evidence trail that closes them: tool registration, policy documents, monitoring dashboards, and incident logs. When your insurer asks how you govern AI, having a structured answer reduces your risk profile and can influence your premium.