Health Data, Privacy and Security, Regulatory and Health Industry
Why Data Quality Is the Foundation of AI Governance in Healthcare
Editor’s note: This is the first of a two-part series on Data Quality and AI Governance. The next article will be published in August and provide actions that HI professionals can take to strengthen governance in their organizations.
Artificial Intelligence (AI) governance is often described in terms of oversight, accountability, transparency, and risk management. Those are all essential components. Yet in practice, AI governance in healthcare succeeds or fails much earlier in the lifecycle: at the level of the data.
Before an organization can govern a model, explain an output, monitor for bias, or defend the use of an AI-enabled system, it must first be able to trust the quality, provenance, and fitness for use of the information that fuels that system.
Many AI governance frameworks reflect this reality. The National Institute of Standards and Technology’s (NIST) AI Risk Management Framework describes it as an organizational capability that spans governance, mapping, measurement, and management. The framework emphasizes characteristics of trustworthy AI systems such as validity and reliability, safety, security, resilience, privacy enhancement, transparency, explainability, fairness with harmful bias managed, and accountability. None of those characteristics can be meaningfully achieved if the underlying data are poor in quality.
The same pattern appears in health-specific guidance as well. The World Health Organization (WHO) stresses that AI governance in healthcare must protect the public interest, address risks, and hold stakeholders accountable. This is so much more than technical performance and accuracy. It requires attention to the data sources, collection practices, and limitations that shape AI behavior.
For that reason, the most important opening argument for any serious discussion of AI governance in healthcare is this: data quality is the foundation on which all other governance functions depend.
Components of AI Governance Frameworks
Most mature AI governance frameworks contain several common elements.
It all begins with foundational data governance and accountability. Clear roles, decision rights, escalation paths, and ownership across the AI lifecycle are necessary. Governance must involve leadership, legal and compliance functions, privacy and security, operational stakeholders, and subject matter experts who understand how data is generated and used. Operating from inside a single, isolated technical team will not suffice. NIST’s framework and ISO/IEC 42001 both reflect this broader management-system view of AI governance, rather than treating governance as a one-time approval exercise.
The second component is risk management. Organizations must identify, assess, prioritize, and mitigate risks associated with AI systems before and after deployment. Within healthcare ecosystems, those risks could include patient safety concerns, workflow disruptions, privacy breaches, inequitable performance across populations, documentation errors, financial impact, and regulatory noncompliance. This is a representative list, not exhaustive. The NIST Artificial Intelligence Risk Management Framework (AI RMF) explicitly states that organizations should map context, measure performance and risks, and manage those risks over time, rather than assuming a model is safe because it performed well once.
Additional components include transparency and documentation. AI governance requires organizations to know and disclose what a system is intended to do, what data feeds it, what assumptions underlie it, what limitations exist, and what evidence supports its use. In US health IT policy, the Office of the National Coordinator for Health Information Technology (ONC) HTI-1 Final Rule established new transparency requirements for predictive decision support interventions in certified health IT, including required source-attribute disclosures for predictive decisions support interventions (DSIs).
Human oversight of AI remains a necessary part of governance. Healthcare organizations must define how human review, escalation, override, and accountability operate in workflows that incorporate AI. Oversight is especially important where outputs may influence medical coding, documentation, quality review, utilization management, patient communication, or care-related decisions. The WHO guidance emphasizes that AI in health should support, not displace, ethically grounded and accountable human decision-making.
The final component involves monitoring and continuous improvement. AI governance cannot end at implementation. It must include ongoing validation, performance monitoring, drift detection, incident response, retraining decisions, and retirement planning. This lifecycle approach is now widely reflected across governance literature and standards.
Taken together, these components form the architecture of AI governance. But they all rely on a more basic condition: the ability to trust the data environment in which the system operates.
Why Data Quality Is Foundational
Data quality is foundational because it determines whether an AI system can be trusted, assessed, or governed at all.
AI systems base their learning on patterns in data. If data quality dimensions are defined as complete, consistent, timely, contextually labeled, representative, and connected within the context in which the model will be used, then governance begins from a stable footing. Poor data quality undermines validity, obscures bias, impedes explainability, limits reproducibility, and erodes confidence in outputs. It also complicates accountability because it may be impossible to determine what part of the lifecycle introduced the flaw.
The NIST AI RMF Playbook recommends aligning AI risk management to broader data governance policies and documenting standards for data quality, experimental design, and model training. The playbook guides us toward documenting data quality criteria, understanding context, intended use, and establishing structures that support trustworthy AI outcomes. There is no AI governance without data governance, including solid data quality measures.
This point is especially important in healthcare because health data is rarely free of representation issues, bias, or uniformity, and is rarely created directly for machine learning. Much of the data used in healthcare AI originates in operational, clinical, administrative, or reimbursement workflows and their supporting systems. They may reflect local documentation habits, medical coding variation, incompleteness, time lags, workflow shortcuts, and historical inequities. A dataset may be sufficiently complete for one purpose and still be unfit for another. Data that works reasonably well for revenue cycle analytics may not support safe clinical summarization, predictive modeling, or workflow automation.
For that reason, HI professionals bring indispensable and unmatched expertise to AI governance. Our field has always focused on the integrity of source information, the consistency and completeness of documentation, alignment to standards and terminologies, stewardship of metadata, and the governance of information across its lifecycle. These concerns are neither new nor unique to AI, but they are absolutely relevant to the governance of AI.
The AHIMA practice brief on healthcare data governance defines data governance as the overall administration, through clearly defined procedures and plans, that assures the availability, integrity, security, and usability of structured and unstructured data. That definition aligns naturally with AI governance because AI systems depend not only on data availability but on data integrity, usability, and stewardship across the full lifecycle of use.
AHIMA published a policy statement on data quality and integrity that emphasizes completeness, standards, data mapping, documentation, and the trustworthy use of health information. These are not legacy concerns voiced without context or relevance. Data quality is even more urgent now, because AI can amplify the strengths and weaknesses of the underlying data ecosystems.
In Part 2 of this series, I will build on this foundation by examining the concrete risks of using AI with poor-quality data, practical lessons echoed at HIMSS 2026, and specific actions AHIMA members and credential-holders can take to strengthen governance in their organizations.
Anthony E. Roscoe, MSL, RHIA, FACHDM, is Education Director, Applied AI in Health Information at AHIMA.