· Lex Hamilton
Why an AI System Can't Audit Its Own Output
An AI system can't verify its own output: generator and checker share the same blind spots. Why clinical AI needs independent verification.
Last reviewed: July 2026
An AI system cannot reliably audit its own output because the process that generates a claim and the process that checks it draw on the same model, the same training data, and the same blind spots. A model that is confidently wrong tends to be equally confident that it is right. Real verification requires a separate system, run by a separate party, producing a record the original system cannot alter. This is true at the level of the model, and it is true at the level of the organization that deploys it.
What does "an AI system auditing its own output" actually mean?
Self-audit is any arrangement where the tool that produces a clinical claim is also trusted to confirm the claim is safe. It shows up in two common forms. The first is technical: a model generates a recommendation and a second pass, driven by the same model, is asked to grade it. The second is organizational: the team that builds and ships a clinical AI tool is also the team that signs off on whether it is safe to deploy.
Both forms feel like a check. Neither one is. A check has to introduce information or judgment the original process did not already contain. When the reviewer shares the generator's assumptions, its data, and its incentives, the review mostly confirms what the generator already concluded.
This matters in clinical settings because the output looks finished either way. A discharge summary reads cleanly whether or not it dropped a medication. A dosing suggestion sounds authoritative whether or not it contradicts the label. The absence of an obvious error is not evidence the output was verified. It is often just evidence that nothing external looked.
Why doesn't self-checking work, even when the model looks confident?
Large language models express confidence as a property of fluent text, not as a measure of whether a statement is true. The same model that fabricates a monitoring protocol will describe that protocol in the same assured tone it uses for correct statements. Asking that model to review its own work invites it to apply the same assumptions that produced the error in the first place.
The evidence for residual error is not hypothetical. In a 2026 JAMA Network Open study of an AI workflow for hospital course summaries at Stanford, physician review of 100 summaries found omissions in 25 percent and inaccuracies in 20 percent, even though outright hallucinations were rare at 2 percent. The tool was well built and the harm ratings were low, and errors at that frequency still passed through to a human reader. Notably, the study authors said they plan to develop a separate system to evaluate AI tools from vendors, which is a call for independent evaluation coming from the people who built the tool.
Self-checking can reduce some error. It cannot certify the absence of error, because the checker inherits the generator's limits. That is the reason accuracy work alone never closes the governance question. For why clinical AI cannot simply be made accurate enough to skip oversight, see why you can't make clinical AI accurate enough to skip governance.
What happens when the organization grades its own work?
The self-audit problem scales up. When a health system builds an AI tool and also owns the decision about whether that tool is safe, the same structural weakness appears, with an added pressure: the people reviewing the tool are measured, in part, on shipping it.
A federal lawsuit filed July 6, 2026 in U.S. District Court in Minnesota illustrates the failure mode. Traci Tamiko Eto, a former Mayo Clinic director of research operations who worked on AI governance, alleges she was demoted and then terminated after repeatedly raising concerns about how the health system reviewed its AI tools. According to reporting by the Post Bulletin, Becker's Hospital Review, and the Star Tribune, the complaint alleges that a study team deleted unfavorable results, mischaracterized outcomes, and in some cases steered around or bypassed the independent institutional review boards that are supposed to sign off on research safety. The complaint alleges investigators sought to disguise an internal error rate as high as 67 percent on the tool. That figure is an unproven allegation, and the argument here does not depend on it.
Mayo has stated that it does not comment on active litigation and that it is committed to responsible AI development with compliance embedded in its processes. The allegations have not been tested in court, and the point of citing the case is not to assign guilt. The point is structural. The mechanism the suit describes, a team clearing its own work while under pressure to move fast, is a predictable outcome of putting the builder in charge of the verdict. It is a governance design flaw before it is anyone's misconduct.
Every health system has someone in Eto's position: a quality officer, a compliance lead, or a clinical informaticist who wants results surfaced honestly. When that person's only tool is their own testimony, they can be overruled. This is where the question of who is accountable when clinical AI fails becomes concrete, because the liability does not disappear when the review is skipped. It moves to the clinician and the institution.
How does independent oversight change the outcome?
Medicine already knows this problem and already solved a version of it. The institutional review board exists precisely because researchers cannot be trusted to approve the safety of their own studies without bias. An independent body, structurally separated from the people whose work it reviews, removes the conflict between wanting the study to proceed and judging whether it should. The alleged bypassing of that exact mechanism in the Mayo complaint is a reminder of what independence is for.
Regulation is beginning to encode the same logic for AI. Under the EU AI Act, AI used for diagnosis, clinical decision support, treatment recommendations, patient triage, and monitoring is classified as high risk. High-risk systems carry mandatory obligations that include independent conformity assessment, risk management, human oversight, and post-market monitoring. Those obligations phase in through August 2027 for AI that is also a regulated medical device. The design principle behind that framework is the same one behind the IRB: a party with a stake in the outcome should not be the sole judge of the outcome.
The framework is not complete. In-house tools that a hospital builds only for itself and never places on the market often fall outside the third-party assessment requirement, which leaves internal AI with the least external scrutiny of all. In the United States, there is currently no general requirement that clinical AI be independently verified before it shapes care, in-house or purchased. The EU AI Act shows the direction of travel, and the gap between mandate and practice is where most hospitals operate today. For what the existing safety net inside the EHR does and does not catch, see what EHR alerts catch in clinical AI and what they miss.
What does independent verification actually require?
Independence alone is necessary but not sufficient. For a review to function as a real check, three conditions have to hold.
First, separation. The system or party performing the check must not share the generator's model, data, or reporting line. A second model with a different basis of judgment, run by someone who does not answer to the team being reviewed, can introduce information the generator lacked.
Second, a durable record. The review has to produce an audit trail the reviewed party cannot quietly edit or delete. The Mayo allegations center on the claim that unfavorable results were deleted. An append-only record, held outside the vendor's own dashboard, changes what is possible. It converts a compliance lead's contested testimony into evidence that survives disagreement.
Third, a fixed standard set in advance. The definition of "production-ready" has to be written before the pilot, so the passing bar cannot move to fit whatever result the tool produces. When the standard is set after the fact, self-interest quietly rewrites it.
When those three conditions are absent, a passing grade tells you the tool agrees with itself. That is a self-affirmation. It is not verification, and treating it as verification is the specific gap that clinical AI governance exists to close. The pillar article on clinical AI governance lays out how these pieces fit into a full oversight model.
Where this fits and what a hospital can do
Regardless of what any regulator eventually requires, a health system can act on the independence principle now:
- Separate the team that builds or configures a clinical AI tool from the team that signs off on its safety. Different people, different reporting line.
- Require a per-output audit log held outside the AI vendor's own monitoring, so the record does not depend on the party being reviewed.
- Define "production-ready" in writing before the pilot begins, so the bar cannot move to fit the result.
- Treat any tool that only grades itself as unverified until an independent check exists, whether that check is internal-but-separated, a third party, or a runtime verification layer.
An external runtime safety layer that checks AI assertions against authoritative clinical sources is one way to satisfy the separation and audit-trail conditions structurally rather than by policy alone. The value is not the software. The value is that the party doing the checking has no stake in the tool passing.
Frequently asked questions
Can't a second AI model check the first one?
It helps only if the second model has a genuinely different basis of judgment and is governed by a party without a stake in the first model passing. A second pass from the same model, on the same data, run by the same team, reproduces the original blind spots. Separation of model, data, and incentive is what makes the check meaningful.
Isn't a human reviewer enough?
Human review is valuable and remains essential, but alert fatigue, time pressure, and fluent-looking output limit how reliably a clinician catches a subtle omission or a plausible-sounding fabrication. Human oversight works best when it is supported by an independent record of what the AI asserted, not asked to catch everything unaided.
Does the EU AI Act require this in the United States?
No. The EU AI Act applies to systems placed on or used in the EU market. It has no direct force in the United States, where there is currently no general mandate for independent verification of clinical AI. It is cited here as evidence that regulators are converging on independence as a design requirement, not as a rule that binds US hospitals today.
Further reading
- Grolleau F, et al. Physician-Reported Safety Outcomes of AI-Generated Hospital Course Summaries. JAMA Network Open, 2026. DOI: 10.1001/jamanetworkopen.2026.16556
- Becker's Hospital Review, "Mayo faces lawsuit over AI oversight retaliation," July 2026
- Post Bulletin, "Lawsuit alleges Mayo Clinic retaliated against employee after she flagged AI compliance issues," July 2026
- Star Tribune, "Former executive accuses Mayo of cutting corners on AI research," July 2026
- EU AI Act healthcare classification overview, Tandem Health, 2026
- RAPS, "EU Commission drafts guidelines on classifying high-risk systems under the AI Act," June 2026