Deviations and Incidents with AI: How Should Responsibility and Follow-up be Understood?

AI is becoming an increasingly integrated part of dental clinic operations – in medical records, patient information, task prioritization, and administrative workflows. Much of this occurs through features built into tools the clinic already uses.

When AI contributes suggestions, summaries, or automated decisions, deviations can also occur: incorrect phrasing, misleading suggestions, unintended information sharing, or decision support that results in unfortunate prioritization.

This article explains the characteristics of AI-related deviations, where responsibility typically becomes unclear, and which governance and follow-up mechanisms should be in place to handle incidents in a verifiable manner.

What is Meant by AI-Related Deviations and Incidents?

An AI-related deviation is an undesirable event, an error outcome, or a practice that deviates from the clinic’s defined standards, where AI has contributed to or influenced the outcome. This does not necessarily mean that AI “did something” in a technical sense. Often, AI is just one part of the chain: suggestion → human evaluation → decision → documentation → communication.

In a dental clinic, AI-related deviations typically occur as:

• Content Deviations: incorrect or inaccurate medical record text, unfortunate phrasing in patient information, or standard texts that do not fit the patient’s situation.

• Process Deviations: AI is used in situations where the clinic has not approved its use, or checkpoints are not carried out.

• Data and Privacy Deviations: personal data is handled in ways the clinic is not aware of, or information is pulled into drafts/communications without sufficient control.

• Governance Deviations: new AI features are adopted through updates without assessment, training, or role clarification.

A characteristic of AI deviations is that they are often systematic: the same error type can recur because AI produces “similar” outcomes in many cases, and because people may develop a habit of approving suggestions when they often seem plausible.

Where Does the Question of Responsibility Arise?

The question of responsibility becomes unclear when deviations are handled as isolated incidents, while the cause lies in frameworks, roles, and control mechanisms. In practice, uncertainty often arises in five areas:

1. Unclear Usage Scope and Expected Practices
   If it is not defined what AI can be used for (and not used for), it becomes difficult to assess whether the incident is a deviation, or “just an unfortunate situation.” Follow-up then becomes random and person-dependent.

2. Lack of or Unoperationalized Human Control
   “A professional is involved” is not the same as real control. Without clear stop points and minimum quality assurance requirements, oversight can become routine, especially under time pressure.

3. Weak Traceability in the Course of Events
   In the event of a deviation, one often needs to answer: What was AI's role? What suggestion was made? Who approved it? What was changed? If this cannot be reconstructed, responsibility clarification and learning become weak.

4. Role Mixing Between Professionals, Operations, and Suppliers
   The person who can change system settings is not always the one who owns the professional content, and the supplier's responsibility is easily mixed with the clinic's responsibility for local use. The result can be a “responsibility vacuum” where no one has a clear mandate to stop, change, or document actions.

5. Deviations Get “Resolved” Without Being Addressed
   Many AI-related problems are corrected on the spot (a text is rewritten, a note corrected, new information sent) but without considering whether the error can recur. Then the opportunity for improvement at the system level disappears.

Common Misunderstandings

«This is Just a Single Error – Not a Deviation»

AI errors often appear as isolated deviations but may be indicative of a pattern: the same type of imprecise wording, the same misunderstanding, the same tendency to “fill in” details. If the incident is not treated as a deviation, it becomes difficult to find the cause and implement lasting measures.

«If AI Was Involved, It’s the Supplier’s Problem»

The supplier may have responsibility related to the product, but the clinic is responsible for its own practices: what the function is used for, who uses it, what control points are in place, and how deviations are followed up. Deviation follow-up cannot be fully outsourced, as it must be linked to the clinic's workflow and internal governance.

«We Have Human Control, Because We Can Override»

The ability to override is not sufficient if overriding does not actually happen. Real control assumes that someone is responsible for exercising control, that there are concrete stop points, and that it is acceptable in practice to stop a process when something seems wrong.

«The Most Important Thing is to Log Everything»

Logging can be useful, but it does not solve the governance problem on its own. What the clinic often needs in the event of a deviation is: clear usage scope, defined control mechanism, and a process for assessing cause and action. Without these, logs are just a technical trace without operational value.

«Deviations are About Finding a Culprit»

In AI-related incidents, it is rarely robust to focus on the individual. More useful is to clarify: Which part of the practice failed (usage rules, training, control point, system change, traceability)? When deviations are treated systemically, it also becomes easier to improve without creating a defensive culture.

What Should Be in Place in Practice?

To handle AI-related deviations in a verifiable manner, the dental clinic should have a minimum of governance that makes incidents manageable and learning-oriented.

• 1) Defined Usage Areas and Limitations
  The clinic should have a simple overview of approved AI usage areas, with clear “should/should not” boundaries. This allows for quick determination if an incident is a deviation from practice, or a sign that practice must be revised.

• 2) Roles and Mandates for Deviation Follow-up
  It should be clear who:

  • receives and evaluates reports of AI-related deviations

  • can temporarily stop or limit use

  • can change routines, templates, or access

  • follows up with the supplier if needed
    In small clinics, this may lie with a few people, but the mandate must be explicit.

• 3) Practical Control Points in the Workflow
  Establish minimum controls where risk actually arises (typically before signing medical record text, before sending out patient information, and when using standard texts). The control should describe what must be verified, not just that “it needs to be checked.”

• 4) Traceability Supporting Event Reconstruction
  The clinic should be able to reconstruct:

  • which usage area/function was in use

  • who made the evaluation

  • what was changed before the final document/distribution

  • what actions were taken after the incident
    This does not need to involve storing everything AI produces, but being able to explain the course of events.

• 5) A Simple Method for Cause Analysis and Measures
  When deviations occur, the clinic should distinguish between:

  • human error (e.g., lack of control in a situation)

  • process errors (control point missing or unclear)

  • system/supplier conditions (function changed, unexpected behavior)

  • competence needs (employees do not understand limitations)
    Measures should be tied to the category so that follow-up becomes concrete (updating usage rules, adjusting templates, changing access, improving training, escalating to supplier).

• 6) Change Control for Embedded AI
  The clinic should have a simple practice for capturing changes in systems that may affect AI functionality: updates, new modules, changed standard settings. Many AI deviations are not about “incorrect use,” but about the use having changed without anyone deciding it.

Actera’s Role in This

Actera is established to provide dental businesses with a structure around the responsible use of AI.

We do not work with technology development or clinical decisions, but with governance structure, lines of responsibility, and documentation – so that AI can be used safely, predictably, and verifiably.

Concluding Remarks

AI-related deviations in dental clinics often occur in the interfaces: between suggestions and assessment, between standard texts and the patient’s situation, and between the supplier's function and the clinic’s local practice.

When the clinic has defined usage areas, operationalized control, and ensured traceability in follow-up, deviations become manageable – and learning becomes lasting. It reduces person dependency and allows for the combination of effective AI use with verifiable practices over time.