VA OIG Identifies Lack of Oversight of VA GenAI Chat Tools
A review of the use of generative artificial intelligence (GenAI) tools by Department of Veterans Affairs (VA) staff has identified potential patient safety risks from a lack of safeguards and oversight. The review was conducted by the VA Office of Inspector General (OIG) between October 2025 and January 2026 and found that more than 15,000 VA staff members were using general-purpose GenAI chat tools authorized for use by the Veterans Health Administration (VHA) – VA GPT and Microsoft 365 Copilot Chat.
The reviewers identified broad staff engagement with the AI chat tools. An analysis of an internal prompt‑sharing application identified 135 prompts for the GenAI chat tools, 79 of which were clinical. The drafting of clinical notes and summarization of patient care were among the most common uses of the tools. The VA OIG notes that the tools were not specifically developed for clinical use, and while the VA provides clinical users with general training and resources, the VA does not centrally curate or evaluate prompts or the generative output, which may be applied to clinical decision making. The VA OIG notes that studies of genAI usage in medical settings found that prompt techniques can play a critical role in output errors that could impact diagnoses and care management if not corrected.
The Office of Management and Budget’s 2025 memorandum (Accelerating Federal Use of AI through Innovation, Governance, and Public Trust) requires all agencies to identify high-impact AI use and implement safeguards to manage risk. The VA did not identify the use of VA GPT and Copilot Chat as high-impact, and therefore, the required risk management actions did not apply.
The VHA had determined that Ambient AI Scribe was high-impact, which triggered safety requirements such as pre-deployment testing of the AI tool and providing human oversight before use. Ambient AI Scribe is a targeted clinical documentation tool that listens to clinical visits and drafts medical record notes. The VA-OIG said the tool had functionality similar to the clinical documentation prompts VA staff were using with VA GPT and Copilot Chat, which were not considered high-impact.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The VA OIG made three recommendations to the VHA regarding the use and assessment of GenAI chat tools: Evaluating these tools as high-impact, implementing the required safeguards, and integrating monitoring of AI-related risks into existing patient safety programs. The VHA concurred in principle with the recommendation to evaluate the tools as high -impact and concurred with the other two recommendations. The VHA has provided the VA OIG with an action plan, will develop guidance on the use of the GenAI chat tools, and is working on addressing the recommendations by April 2027.
As the use of GenAI tools in healthcare accelerates, concern is growing that sensitive patient data may be shared with publicly accessible chatbots, and that AI tools could generate output that puts patients at risk of harm or even death. Earlier this year, Health-ISAC and the Health Sector Coordinating Council Cybersecurity Working Group issued guidance on developing effective AI governance frameworks – Health-ISAC’s White Paper: Policies and Safeguards for a Safe Use of AI and the HSCC Health Industry AI Cyber Governance Framework Implementation Guide to help healthcare organizations create an effective AI governance and safeguards framework and responsibly use GenAI and LLMs while minimizing risk.
