Public health AI needs clear rules on data, equity and accountability

Artificial intelligence (AI) is moving into core public health work, from disease surveillance and outbreak detection to resource planning and public communication, but many agencies lack the organizational safeguards needed to use it responsibly. A new study published in Healthcare warns that public health bodies need practical governance capabilities, not just broad ethics principles, as AI systems begin shaping population-level decisions.

The study, titled Public Health Responsible AI Capability (PH-RAIC) Framework: A Conceptual Model for Integrating AI into Public Health Agencies, proposes a four-domain framework to help public health agencies translate responsible AI principles into institutional practice, covering strategic governance, data stewardship, participatory design and lifecycle oversight.

AI is moving from pilots to public health infrastructure

Public health agencies have started using machine learning, natural language processing, generative AI and related tools in disease surveillance, outbreak detection, emergency response, health communication, resource allocation and the analysis of social determinants of health. This shift raises a governance problem.

Global bodies have already issued high-level principles for ethical AI in health, including transparency, accountability, fairness, safety, inclusiveness and respect for human rights. But those principles often do not tell public health departments what to do when they choose a vendor, link datasets, validate a model, monitor bias or decide when an AI system should be retired.

This gap is critical because public health AI works at population scale. A flawed clinical tool may affect a patient or a care pathway. A flawed public health AI system can influence surveillance alerts, vaccination priorities, resource allocation, risk scoring, public messaging or emergency response across whole communities. The stakes include not only technical accuracy, but also legitimacy, trust and equity.

Health data have become a strategic resource, but data systems remain deeply uneven. Some jurisdictions still rely on paper-based records, while others use digital systems that do not communicate well across programs or agencies. If AI is built on fragmented or biased data, it can magnify existing inequities rather than correct them.

AI-enabled surveillance shows the problem. Machine learning systems can scan emergency department complaints, laboratory reports, digital signals and unstructured records to detect outbreaks earlier. These tools may increase analytic speed and help public health teams respond sooner. However, they can also generate false alarms, miss events in facilities with weaker data quality or create uneven surveillance coverage across urban, rural and marginalized communities.

The same tension appears in AI systems designed to analyze social and structural determinants of health. These tools can help identify communities at higher risk and improve targeting of interventions. But they may also rely on proxies for disadvantage that stigmatize communities or encourage monitoring instead of support. Without clear safeguards, risk prediction can become a new channel for old inequities.

Resource allocation tools pose another challenge. AI forecasting can help agencies plan vaccination campaigns, staffing, medical supplies and emergency logistics. But decisions about whose needs are prioritized are not neutral technical choices. They involve ethical and political judgments that must be visible and accountable.

Generative AI adds further complications. Public health agencies may use it to draft health messages, triage public inquiries or monitor misinformation. However, the same systems can produce misleading outputs, amplify disinformation, mishandle sensitive interactions or weaken public trust if agencies do not maintain strong human oversight.

Public health agencies need a meso-level framework, meaning guidance focused on the organizational capabilities between national policy statements and technical model instructions - a role the authors assign to PH-RAIC.

PH-RAIC sets out four capabilities for responsible AI

The Public Health Responsible AI Capability framework identifies four interdependent domains that agencies should build before and during AI deployment.

1. Strategic governance and alignment: This means agencies should have a written AI strategy tied to public health goals such as prevention, equity and resilience. AI should not be adopted simply because a tool is available or a vendor offers it. Each use case should be linked to a statutory public health function and reviewed against the agency’s mission. This domain also requires clear accountability. Agencies should know who is responsible for AI decisions across design, procurement, deployment, monitoring and response to harm. The authors stress the need for portfolio oversight, meaning agencies should maintain a central inventory of AI systems, vendors, data sources, use cases, risk levels and performance expectations.
2. Data and infrastructure stewardship: AI systems depend on the quality, representativeness, privacy and security of the data they use. Public health agencies must assess whether training and validation datasets adequately represent affected populations, including groups that are often undercounted or poorly served in health systems. Data stewardship also means protecting privacy and sovereignty. Public health AI often involves linking data across agencies, clinical systems, vendors and community sources. The authors argue that agencies need strong data-sharing agreements, cybersecurity controls, data minimization and privacy-preserving methods where appropriate. The study also places environmental sustainability inside AI governance. Large AI deployments can require substantial computing power, energy and water. The authors say public health agencies should consider the environmental footprint of AI infrastructure, especially when data centers or related systems impose burdens on communities already facing environmental risk.
3. Participatory design, equity and public engagement: The paper argues that public trust cannot be added after deployment. Agencies should involve affected communities, civil society groups and frontline public health workers early in problem framing, design and review. This is particularly important when AI systems affect marginalized communities. Equity impact assessments should examine whether a tool could worsen disparities, stigmatize groups or direct resources away from people with less visible needs. Public communication should also explain where AI is being used and how people can ask questions, complain or seek redress.
4. Lifecycle oversight, learning and decommissioning: AI governance cannot end once a system is launched. Public health models operate in changing conditions. Disease patterns shift, care-seeking behavior changes, data sources evolve and public health priorities move over time. A model that works at one point can drift, fail or become obsolete. Lifecycle oversight requires pre-deployment review, continuous monitoring, incident response and clear triggers for retraining, suspension or retirement. Agencies should monitor performance across subgroups, track errors, document adverse events and decide in advance who can pause or remove a system if it becomes unsafe, inaccurate or inequitable.

The framework also gives agencies practical questions to ask, including whether an AI use case serves public health goals, which populations are missing from the data, whether affected communities were involved in design, how failures will be detected and who decides when a tool should be decommissioned.

The framework was tested through a structured expert panel of nine specialists from public health informatics, AI governance, digital health equity, public health operations and epidemiology. All four domains met the study’s content validity threshold, with domain scores at or above 0.85. The panel supported the framework’s structure while recommending clearer positioning against existing global tools and stronger attention to under-resourced agencies.

The study presents PH-RAIC as a conceptual, expert-validated model, not as a fully operational assessment tool. The authors note that it still needs empirical testing in real public health agencies, including national, state, tribal, local and low-resource settings.

Agencies face trade-offs on equity, trust and capacity

PH-RAIC is not a compliance checklist, it is meant to help agencies identify trade-offs before harm occurs. Public health departments often operate under budget, workforce and infrastructure constraints. A framework that demands perfection would be unrealistic. The authors instead propose structured decision-making that makes risks and responsibilities visible.

One example is AI-enhanced syndromic surveillance. A resource-constrained health department may want to use a proprietary model trained on national data to detect outbreaks earlier. PH-RAIC would push the agency to ask whether the system matches its surveillance mandate, how local data will be used, whether the model performs equally across rural and urban hospitals, who is accountable for missed outbreaks or false alarms and when the tool should be paused.

Another example is generative AI for public health communication. A national agency may use AI to draft culturally tailored health messages or monitor online misinformation. The framework would require human editorial control, review of training data for stereotypes, engagement with communities, privacy safeguards and rapid correction procedures if AI-generated content becomes inaccurate or harmful.

The paper also compares PH-RAIC with leading AI governance and readiness efforts, including WHO guidance, the PAHO readiness toolkit, OECD AI principles and the NIST AI Risk Management Framework. The authors argue that PH-RAIC differs by focusing on the agency level, treating equity and public engagement as a core domain, including environmental and disinformation risks, and stressing portfolio management across multiple AI systems.

Public health agencies rarely manage just one technology. Over time, they may use AI tools for surveillance, communication, resource planning, analytics, emergency response and public-facing services. Without portfolio oversight, accountability can become scattered across programs, vendors and contracts.

The study also warns that agency readiness varies widely. Public health bodies in high-resource settings may focus on transparency registers, procurement standards, model monitoring and lifecycle review. Agencies in lower-resource settings may first need to strengthen data quality, privacy protection, workforce capacity and community engagement before more advanced AI oversight becomes realistic.

Workforce development is another major implication. The authors argue that public health professionals need training that combines epidemiology, biostatistics, informatics, ethics and governance. Agencies may also need new roles, such as public health AI stewards or algorithmic auditors, to bridge technical teams, leadership and communities.

Lastly, the study also sheds light on some limitations, including that it is based on targeted narrative synthesis rather than a systematic review, and the framework has not yet been tested through agency case studies or large-scale implementation research. The expert validation supports the framework’s conceptual structure, but it does not prove that PH-RAIC will work in practice across different health systems.