The Consent Problem AI Creates in Clinical Practice
A patient opens a digital intake form. They read a paragraph that mentions "automated tools may assist in your evaluation." They click agree. The form moves to the next screen.
That click is not informed consent. It is a documented acknowledgment of text the patient may not have read, understood or had the cognitive space to process during a moment of clinical vulnerability.
AI informed consent is one of the most underbuilt components of AI deployment in healthcare. Engineers focus on model performance. Compliance teams focus on HIPAA audit logs. Nobody owns the moment when a real person must genuinely understand that an algorithm is participating in decisions about their mental health, eligibility for support services or clinical risk profile.
At TheraPetic® Healthcare Provider Group, our Licensed Clinical Doctors have observed this gap across intake workflows for support animal documentation and psychological screening. The technical infrastructure, including HANK AI and the verification platform at verify.mypsd.org, is built to clinical standards. The consent layer must match that rigor. In our experience, it rarely does in the broader industry.
This article examines what AI informed consent actually requires, why comprehension validation is not optional, what nonprofit healthcare organizations must understand about IRB jurisdiction over AI-assisted intake, and how to design opt-out architecture that treats patient autonomy as a real value rather than a disclosure footnote.
What Disclosure Actually Requires When AI Is in the Loop
The common law doctrine of informed consent, codified across state medical practice acts and shaped by decades of bioethics, rests on three pillars: disclosure, comprehension and voluntariness. AI introduces new complexity into all three.
Disclosure alone requires that patients be told what the AI system is, what it does and what it cannot do. That is a harder sentence to write than it appears.
The Identity Disclosure Problem
Patients must understand whether they are interacting with a language model, a rule-based classifier or a hybrid clinical NLP pipeline. "Automated tools" does not convey this. A large language model performing sentiment analysis on open-text intake responses is categorically different from a deterministic decision tree flagging PHQ-9 score thresholds. The consent language must reflect the actual system.
The FDA's guidance on Software as a Medical Device (SaMD), updated through the agency's AI/ML action plan, draws a meaningful distinction between locked and adaptive AI models. Locked models produce the same output for a given input indefinitely. Adaptive models update from new data. Patients have a right to know which type is influencing their evaluation, because adaptive models carry different uncertainty profiles.
Limitation Disclosure
Disclosure must include known limitations. For clinical NLP systems, those limitations are substantial. Models trained predominantly on certain demographic groups perform differently on patients whose communication patterns fall outside the training distribution. This is not a theoretical concern. Research published in JAMA Psychiatry and the New England Journal of Medicine has documented performance gaps in AI psychiatric screening tools across racial and socioeconomic groups.
Consent language that omits known bias risks is not merely incomplete. It is ethically indefensible in a clinical context.
Role Disclosure
Patients must understand whether the AI output is advisory or whether it gates access to services. In support animal documentation workflows, does an AI risk flag delay clinician review? Does a low sentiment score route a patient to a longer evaluation protocol? These consequences belong in the disclosure.
The Stanford Human-Centered AI Institute has framed this as the "consequential decision" standard: when AI influences decisions with meaningful impact on a person's life, disclosure must explain the decision pathway, not just the tool's existence.
Comprehension Validation: The Step Every Organization Skips
Disclosure without comprehension is noise. Bioethics has understood this since at least the Belmont Report. What is newer is the specific comprehension challenge AI creates.
Most patients do not have a working mental model of what a language model does. When a consent document says "an AI may analyze your responses," a patient with no technical background may reasonably imagine anything from spell-check to a sentient system reading their mind. Neither interpretation supports valid consent.
The Teach-Back Standard
Health literacy research, well-documented in the Agency for Healthcare Research and Quality literature, establishes that the teach-back method is the most validated approach to comprehension verification. The patient explains back what they understood in their own words. A clinician or well-designed conversational interface then corrects misconceptions.
In digital intake workflows, this is achievable. After the AI consent disclosure, a patient can be asked two or three plain-language questions: "In your own words, what will the AI tool do with your answers?" "Who makes the final decision about your evaluation?" "What can you do if you don't want AI involved?"
Incorrect responses trigger a plain-language re-explanation before the patient proceeds. This adds perhaps 90 seconds to an intake flow. The clinical and ethical return is substantial.
Reading Level and Language Access
AI consent disclosures average a college reading level in most platforms our team has reviewed. The NIH National Institute on Aging recommends that patient-facing health materials target a sixth-grade reading level. There is no principled exception for AI disclosure language.
Language access is equally non-negotiable. Under Title VI of the Civil Rights Act and applicable HHS guidance, healthcare organizations receiving federal funding must provide meaningful access to patients with limited English proficiency. An AI consent disclosure available only in English is a civil rights compliance failure for most nonprofit healthcare providers.
IRB Considerations for Nonprofit AI Screening Research
This is the area where nonprofit healthcare organizations most frequently underestimate their obligations.
The Common Rule, codified at 45 CFR 46, governs human subjects research. When an organization conducts or supports research involving human subjects, IRB oversight applies. The critical question for AI-assisted clinical intake is: when does routine service delivery become research?
The Generalizable Knowledge Test
Under the Common Rule, an activity constitutes research when it is designed to develop or contribute to generalizable knowledge. If a nonprofit uses AI-assisted screening to serve patients and never analyzes aggregate outputs, the activity may qualify as a clinical practice exempt from IRB jurisdiction. The moment the organization analyzes aggregate AI outputs to evaluate the tool's performance, refine the model or study population-level patterns, the activity is research requiring IRB review.
Many AI deployments in nonprofit healthcare sit in this ambiguous middle. The intake AI generates a dataset. The data team queries it to monitor performance. A program officer writes a report. A funder receives findings. Each step moves further from pure service delivery toward research, and the consent framework must travel with it.
Exempt vs. Expedited vs. Full Review
Not all AI-assisted screening research requires full board review. Activities meeting the criteria at 45 CFR 46.104 may qualify for exemption, particularly when data is fully deidentified under HIPAA Safe Harbor standards. Activities involving identifiable health information about vulnerable populations, including individuals with diagnosed mental health conditions, typically require at minimum expedited review.
Full board review is warranted when the AI system is itself experimental, when the research involves more than minimal risk or when the population includes individuals whose capacity to consent may be variable. Psychological screening workflows frequently meet all three criteria.
Consent Language in Research Contexts
When IRB oversight applies, the consent document must satisfy 45 CFR 46.116 requirements, which are more stringent than standard clinical consent. Required elements include a description of foreseeable risks, a description of benefits, disclosure of alternative procedures and a statement that participation is voluntary with no penalty for refusal.
For AI-specific research consent, IRB applications should address: how AI outputs will be stored, for how long, who has access, whether outputs could be reidentified and whether the model will be retrained on participant data.
Designing Opt-Out Architecture That Respects Autonomy
Valid consent is not valid without a genuine opt-out option. This is where many AI deployments in healthcare fail at the architectural level.
If the only pathway through an intake system is AI-assisted, the patient has not consented to AI assistance. They have consented to receiving services, which happened to require AI processing as a technical precondition. These are different things.
What a Genuine Opt-Out Requires
An opt-out pathway must be genuinely equivalent in access and quality to the AI-assisted pathway. A patient who declines AI processing must still be able to complete a clinician-reviewed evaluation. The non-AI pathway should not require substantially more time, different scheduling resources or any indication that the patient is receiving lesser care.
From a technical architecture standpoint, this means the intake system must route opt-out patients to a workflow that does not depend on AI-generated flags or scores at any point in the evaluation chain. That includes downstream clinician review tools that may automatically display AI-generated summaries. If a Licensed Clinical Doctor sees an AI-generated intake summary before reading the patient's own words, the opt-out was not honored at the system level.
Temporal Scope of Consent
Consent for AI processing must be understood as time-limited and revisable. A patient who consented to AI-assisted screening during an initial intake has not necessarily consented to having that AI-processed data used in a follow-up evaluation six months later, or to having it included in a deidentified research dataset.
The infrastructure at mydatakey.org, which TheraPetic® Solutions uses for data governance, implements patient-controlled consent flags that persist across the data lifecycle. This allows consent to be specific to purpose and time-bounded, rather than functioning as a blanket authorization.
How TheraPetic® Healthcare Provider Group Structures AI Consent
TheraPetic® Healthcare Provider Group operates as a 501(c)(3) nonprofit healthcare provider with EIN 81-3003968. The clinical team, led by Dr. Patrick Fisher, PhD, LPC, NCC, has developed a consent framework that treats the disclosure and comprehension requirements described above as operational standards rather than compliance minimums.
In practice, this means the HANK AI system, which assists with clinical NLP processing in support animal and psychological screening workflows, is disclosed by name and function at the first point of patient contact. The disclosure explains that HANK AI analyzes intake responses to assist Licensed Clinical Doctors in prioritizing and contextualizing evaluations, that a Licensed Clinical Doctor reviews every case and that the AI output is never the final determination.
Comprehension is verified through a two-question teach-back module embedded in the intake flow at servicedog.ai and mypsd.org. Patients who answer incorrectly receive a plain-language re-explanation. Patients who request to proceed without AI assistance are routed to a parallel clinician-direct pathway.
For research activities involving aggregate analysis of intake data, the organization maintains an active relationship with its IRB and ensures that consent documents are updated to reflect research purposes whenever intake data migrates from service delivery to program evaluation or model improvement functions.
Moving Informed Consent From Compliance Theater to Genuine Practice
The checkbox is not the problem. The checkbox is a symptom of an organizational culture that treats AI consent as a liability management exercise rather than a clinical and ethical obligation.
The underlying problem is that building genuine AI informed consent requires investment from engineering, clinical leadership, compliance and patient advocacy simultaneously. It requires the engineering team to understand that an opt-out pathway is not a feature request but a civil rights requirement. It requires clinical leadership to accept that patients must be told when AI output is influencing their care, even when that disclosure is awkward. It requires compliance teams to understand that IRB jurisdiction does not disappear because an organization calls its AI use "quality improvement."
The Partnership on AI and Stanford HAI have both published frameworks for meaningful AI transparency in high-stakes domains. The consistent finding across those frameworks is that transparency must be operationally embedded, not attached as a disclosure afterthought.
At TheraPetic®, the editorial and clinical standard for AI-assisted evaluation is that the consent framework should be able to withstand scrutiny from the patient, the IRB, the funder and a federal regulator, simultaneously. That standard is achievable. It requires intention, architecture and ongoing review, none of which are optional when an algorithm is in the clinical loop.
Healthcare organizations deploying AI in clinical workflows in 2026 are no longer in an experimental phase where ethical frameworks are still being developed. The frameworks exist. The federal guidance exists. The bioethical literature is substantial. What remains is the organizational will to implement them with the same rigor applied to the AI systems themselves.
