VA GPT and Copilot Chat: OIG Finds 79 Clinical Prompts, No AI Safety Traceability

The Department of Veterans Affairs made VA GPT and Microsoft Copilot Chat broadly available, and providers used those tools for clinical documentation and patient-care support even though VA had not classified them as high-impact AI. The VA Office of Inspector General found 79 clinical prompts and warned that the department could not reliably trace AI-generated material or related safety events.
VA should govern high-impact clinical tasks—not only high-impact products—and make AI contribution traceable in safety reporting.
The central problem is not that VA clinicians discovered generative AI, nor that every use of a chatbot is inherently dangerous. It is that the department classified general-purpose products differently from a dedicated clinical application while providers used the general-purpose tools for work that could affect patient care. In medicine, a tool’s risk changes when its output helps shape a patient record, diagnosis, medication decision, treatment plan, or communication with a patient.

A doctor reviews an AI-assisted clinical risk assessment dashboard with patient data and warning alerts.VA’s AI Policy Met Clinical Reality​

VA leaders have told Congress that the department intends to “aggressively deploy” artificial intelligence. That posture follows Office of Management and Budget guidance released in April 2025 directing federal agencies to “remove unnecessary and bureaucratic requirements that inhibit innovation and responsible adoption.”
There is a coherent policy argument behind that directive. Federal technology projects can spend years passing through overlapping reviews, procurement gates, cybersecurity assessments, privacy checks, legal interpretations, and committees that distribute responsibility so widely that nobody remains accountable for delivering a usable system. Generative AI moves too quickly for a governance process designed entirely around multiyear software acquisitions.
Health care, however, exposes the weakness in treating controls primarily as potential friction. In a clinical environment, a review may be the mechanism that identifies how an incorrect output could reach a medication note, become part of the medical record, and influence the next provider who treats the patient.
One VA AI leader described the department’s interpretation of the OMB guidance as an instruction to “push risk management down to the lowest reasonable level.” That approach may be workable when AI helps an employee rewrite an administrative email or summarize meeting notes. It becomes more complicated when the lowest level is an individual clinician deciding, during a busy workday, whether fluent-looking output is accurate enough to place in a veteran’s record.
The OIG’s findings therefore go beyond a dispute about internal labels. They describe a visibility gap: VA made powerful chat tools broadly available and placed responsibility on users, but it lacked reliable ways to identify when those tools were being used for high-impact clinical work or when they contributed to a patient-safety event.
It would overstate the record to say that VA formally approved VA GPT or Microsoft Copilot Chat for clinical documentation and patient-care support. The more precise conclusion is that providers used broadly available tools for those purposes while the products remained outside the safeguards VA applied to its high-impact Ambient AI Scribe pilot.

The High-Impact Gap: Products Were Classified, but Clinical Uses Emerged​

The OMB memorandum requires agencies to identify high-impact uses of AI and implement minimum risk-management practices. VA defines a high-impact project as one that serves “as a principal basis for decisions or actions with legal, material, binding or significant effect on human health and safety.”
That definition appears broad enough to cover at least some uses of AI-generated clinical documentation and decision support. A draft note can influence what later clinicians believe occurred during a visit. A summary can elevate one fact while omitting another. Generated text may influence diagnosis, medication management, referrals, follow-up care, and interpretation of a veteran’s medical history.
VA’s Ambient AI Scribe was explicitly designed to listen to clinical visits and draft medication notes. Because its purpose was clearly clinical, VA classified it as high-impact, kept it in a pilot stage, and attached a structured set of safeguards.
VA GPT and Microsoft Copilot Chat were broadly available general-purpose tools. VA did not classify either product as high-impact, even though the OIG found providers sharing prompts for clinical notes, summarization, and other clinical purposes.
ToolRole described in the recordDeployment stage or availabilityHigh-impact classificationSafeguards described
VA Ambient AI ScribeListens to clinical visits and drafts medication notesPilot stageYesPredeployment testing, impact assessment, monitoring, training, human oversight, remedies, appeals, and public and user feedback
VA GPTGeneral-purpose AI chat used by VA staff, including for clinical tasks identified by the OIGBroadly available to staffNoNot assigned the Ambient AI Scribe safeguards through a high-impact classification
Microsoft Copilot ChatGeneral-purpose AI chat used by VA staff, including for clinical tasks identified by the OIGBroadly available to staffNoNot assigned the Ambient AI Scribe safeguards through a high-impact classification
The contradiction is straightforward. A specialized system that drafts clinical material receives formal review because its clinical purpose is declared in advance. A general-purpose chatbot can be prompted to produce related material without automatically triggering the same controls because the clinical purpose emerges through user behavior.
It is the analysis of this article—not a direct OIG finding—that VA’s governance appears to have focused more effectively on products with an explicitly declared clinical purpose than on high-impact tasks performed through broadly available tools. The resulting risk is a classification gap in which consequential activity may occur on a platform carrying fewer clinical safeguards.
General-purpose AI complicates traditional inventories because a prompt helps define the tool’s function. The same interface may draft an administrative announcement, summarize a patient history, prepare patient correspondence, and generate a proposed clinical note within a single work session.
Risk therefore cannot attach only to a product name. It must also attach to the task, information provided, output produced, intended recipient, and downstream decision. A product may remain general-purpose at the enterprise level while a particular use of it is unmistakably clinical and high-impact.

The Prompt Sample Shows Clinical Use, Not Its Full Scale​

The OIG reviewed 135 prompts shared on an AI-focused VA Teams site. Of those, 79 were clinical: 56 involved clinical notes, 17 involved summarization, and six served another clinical purpose.
That sample does not establish how often every VA provider used AI, nor does it measure the total volume of AI-assisted documentation across the department. Shared prompts are not a complete usage log. They reflect material employees voluntarily posted in one collaborative environment, giving the OIG a limited view of broader activity.
The sample is still consequential. Nearly three-fifths of the reviewed prompts were clinical, and most of those related to clinical notes. Providers were not using the tools exclusively for low-risk administrative editing. They were sharing methods for applying general-purpose generative AI to work that could enter or influence patient care.
Prompt sharing may also act as an informal distribution mechanism. When an employee posts an instruction that appears useful, colleagues can adopt or adapt it without a new software release or formal clinical implementation plan. The record does not establish how many people reproduced any particular prompt, but the collaborative setting creates a plausible path by which an individual experiment could become a recurring workflow.
That mechanism can support useful innovation. Clinicians understand their documentation burdens, and a prompt that converts clinician-supplied facts into a coherent draft may save time.
It can also spread a weak practice. A prompt might invite the model to fill gaps, compress uncertainty, omit context, or produce polished text when the source material is incomplete. Generative AI can return plausible prose even when the underlying content is wrong or insufficiently supported.
The OIG highlighted hallucinations, in which an AI system presents false information as factually accurate. In a medical record, outright fabrication is only the clearest failure mode. Output can also be unsafe through omission, misplaced emphasis, excessive certainty, loss of chronology, or failure to preserve the distinction between what a patient reported and what a clinician concluded.
Human review remains necessary, but “human in the loop” is not a complete safety system by itself. If a clinician must compare every generated sentence with all source material, the efficiency benefit may shrink. If the clinician conducts only a quick plausibility review, subtle errors may survive because the output reads smoothly.
The concern is not that providers will blindly follow every chatbot response. It is that repetitive use may shift the user’s role from composing and verifying toward scanning and approving. That is a risk that VA should test and monitor rather than assume away.

The Same Clinical Task Should Trigger Comparable Safeguards​

The Ambient AI Scribe pilot demonstrates that VA already has a framework for serious AI governance. Its safeguards include predeployment testing, an AI impact assessment, continuing performance and adverse-impact monitoring, training, added human oversight, remedies and appeals, and feedback from users and the public.
Those controls do not guarantee that every AI-generated note will be correct. They do create organizational ownership. Someone must define acceptable performance, explain permitted use, review failures, monitor effects, and respond when an AI system contributes to an incorrect record or harmful outcome.
The mismatch identified in the OIG record is that providers performed clinical documentation and summarization through VA GPT and Microsoft Copilot Chat without those products being placed inside the same high-impact framework. The interfaces and methods may differ from Ambient AI Scribe, but the resulting text can still influence a medical record or patient-care decision.
The practical governance unit should therefore be both the product and the workflow.
Dedicated clinical systems should receive product-level testing, impact assessment, monitoring, training, and oversight. General-purpose tools should receive task-level controls whenever they are used for clinical documentation, summarization, decision support, medication-related work, or patient correspondence.
This approach does not require treating every chatbot request as high-impact. Editing an administrative memo is different from drafting a progress note. Reformatting clinician-authored text is different from generating missing clinical history. Summarizing a record is different from recommending a medication. But VA must define those distinctions in advance rather than leave each user to infer them.
The OIG findings show four VA-specific consequences of failing to do so:
  1. AI-assisted clinical documentation may enter workflows without a reliable tag identifying the AI contribution.
  2. The patient-safety reporting process lacks an AI-specific event label.
  3. Shared prompts demonstrate clinical use of tools that were broadly available and not classified as high-impact.
  4. Ambient AI Scribe received high-impact safeguards while clinical uses of general-purpose chat tools did not automatically receive comparable treatment.
Those consequences are more immediate than abstract debates over whether generative AI is inherently a product, platform, model, or service. VA needs to know when AI has contributed to clinical work, what controls applied, and how any resulting problem will be detected and investigated.

An Error-Reporting System That Cannot Name AI Cannot Learn From AI​

The OIG found that the Joint Patient Safety Reporting system lacked an AI-specific labeling process. That deficiency prevented VA from reliably aggregating reports in which generative AI may have contributed to a documentation or patient-care problem.
“Without a way to tag or trace AI-generated documentation, VA cannot readily detect patterns, investigate AI-generated safety events or implement quality improvement processes that may lead to safer prompting,” the report stated.
The inability to trace generated documentation breaks the feedback loop needed for organizational learning. One provider may catch an inaccurate summary before signing a note. Another may discover an invented detail later. A subsequent provider may rely on an AI-assisted omission without realizing how the original text was created. If AI contribution cannot be recorded consistently, VA cannot readily determine whether the events share a tool, workflow, prompt pattern, or failure mode.
The OIG searched the reporting system and found no mentions of AI. That result is not proof that no AI-related events occurred.
A search can return zero results because no events occurred, because events were not reported, because employees did not recognize AI as a contributing factor, because reports used other terminology, or because the system lacked a structured field that made the relationship searchable. Given the absence of AI-specific labeling and traceability, the safest conclusion is that VA did not have a dependable safety signal.
An NCPS AI lead captured the uncertainty directly: “It’s very tricky. We don’t have the best answer yet.” That candor is useful, but it also confirms that the department needs a concrete reporting mechanism rather than reliance on free-text descriptions.
AI should be recorded as a contributing factor alongside the underlying type of event. A medication-related report could identify AI assistance. A documentation problem could specify that generated text was involved. A summary omission could be categorized by its clinical consequence while also preserving the fact that an AI tool contributed.
VA has said it is working with the Defense Health Agency to enable tagging of AI-related events and has increased communication between AI-focused programs and the National Center for Patient Safety. NCPS is also expected to develop education to help employees recognize and report AI-related patient-safety events.
Those are necessary steps, but education alone will not create traceability. Employees need a structured field, a common definition of AI contribution, clear reporting instructions, and assurance that reporting is intended to improve systems rather than punish good-faith disclosure.

What VA Should Do Now​

VA should take four immediate actions.

1. Classify high-impact clinical workflows regardless of product​

VA should designate clinical documentation, clinical summarization, clinical decision support, medication-related work, and patient correspondence as high-impact workflow categories whenever generative AI materially contributes to the output. The designation should apply whether the work occurs through Ambient AI Scribe, VA GPT, Microsoft Copilot Chat, or another current or future product.
Classification should turn on the task and its possible effect on health and safety—not only the tool’s marketing description, procurement category, or original purpose.

2. Require an approved-use matrix​

VA should publish and maintain an approved-use matrix that identifies, for each available AI tool:
  • Permitted clinical and administrative uses
  • Uses permitted only under specified controls
  • Prohibited uses
  • Required human-review steps
  • Documentation and disclosure requirements
  • Required testing or validation
  • Appropriate data categories
  • Escalation and incident-reporting procedures
  • The accountable clinical and technical owners
The matrix should distinguish low-risk editing from note generation, record summarization, diagnostic support, medication-related output, and patient-facing communication. It should be accessible at the point of use and updated when tools, models, or VA policies change.

3. Add an AI-contributor field to patient-safety reports​

The patient-safety reporting process should include a structured AI-contributor field rather than relying solely on free text. At minimum, reporters should be able to record:
  • Whether AI contributed or may have contributed
  • Which product was involved
  • The workflow performed
  • Whether the output entered the medical record or reached a patient
  • Whether a clinician reviewed or modified the output
  • The type of suspected AI failure, such as fabrication, omission, unsupported inference, incorrect summary, or excessive certainty
The field should supplement existing event classifications, not replace them. VA needs to know both what happened clinically and whether AI played a role.

4. Assign ownership and a deadline​

VA should assign joint ownership to NCPS and VA AI leadership. NCPS should own patient-safety definitions, reporting design, event review, and learning processes. VA AI leadership should own tool inventories, approved-use controls, technical traceability, and implementation across deployed platforms.
The two organizations should deliver department leadership a joint implementation report by a fixed deadline established immediately. The report should include the approved-use matrix, the AI-contributor reporting field, responsible officials, implementation milestones, training plans, and a method for measuring compliance. A public summary should follow where legal, privacy, and security constraints permit.

Operational Checklist for Workflow-Based Governance​

VA can translate the OIG findings into a manageable operational program without requiring central approval of every prompt.
  • Identify: Determine which general-purpose tools are being used for clinical documentation, summarization, decision support, medication-related work, and patient correspondence.
  • Classify: Apply high-impact status to qualifying workflows even when the underlying product is not classified as a dedicated clinical system.
  • Authorize: Publish an approved-use matrix specifying permitted, conditional, and prohibited uses.
  • Tag: Make AI contribution identifiable in clinical documentation where appropriate and in patient-safety reports.
  • Test: Evaluate common clinical workflows for fabrication, omission, unsupported inference, loss of context, and misleading certainty.
  • Train: Teach employees the boundaries of approved use, required verification, and methods for reporting suspected AI-related events.
  • Monitor: Review usage patterns, sampled outputs, safety reports, and recurring workflow failures.
  • Escalate: Give clinicians a clear path to report unsafe outputs and obtain guidance on ambiguous use cases.
  • Correct: Establish procedures for addressing AI-assisted inaccuracies that enter patient records or communications.
  • Report: Require NCPS and VA AI leadership to provide recurring summaries of implementation, incidents, trends, and corrective actions.

Timeline​

April 2025 — OMB released guidance directing federal agencies to reduce unnecessary barriers to responsible AI adoption while identifying high-impact uses and implementing minimum risk-management practices.
January 2026 — VA’s inventory listed 367 AI use cases across the department, including 253 within the Veterans Health Administration; 68 percent of the cited use cases were considered high-impact.
February, year not established in the supplied record — Based on preliminary findings, the OIG issued an advisory to VA physicians about patient-safety risks associated with generative AI chat tools in clinical care and documentation.

Scale Makes Informal Clinical Use More Important​

VA’s reported inventory of 367 AI use cases, including 253 within VHA, describes an organization operating beyond isolated experimentation. At that scale, a small central office cannot manually understand every prompt-driven workflow. Consistent classification and reporting become more important because consequential local practices can remain invisible inside a large portfolio.
A system inventory remains necessary, but general-purpose AI makes it incomplete. One application can support many different uses, and those uses can change without a software update, new contract, or formal deployment. A shared prompt can create a new workflow even though the tool’s inventory entry remains unchanged.
VA should therefore inventory high-impact classes of activity as well as products. It should know whether broadly available tools are being used for note drafting, summarization, patient correspondence, decision support, medication-related work, referrals, coding, or administrative tasks.
That does not require indiscriminate collection of every prompt. VA can use approved-use attestations, workflow registration, targeted auditing, aggregate usage information, documentation tags, safety reporting, and carefully designed sampling. The objective is not surveillance for its own sake. It is enough observability to determine where high-impact clinical use is occurring and whether required safeguards are operating.

Patient Safety Cannot Rest on User Caution Alone​

Training clinicians to recognize hallucinations, omissions, unsupported inferences, and excessive certainty should be part of VA’s response. But user education cannot carry the full burden of clinical safety.
Even careful users can miss an error in polished text. Generic warnings to verify output may lose effectiveness through repetition. Providers also need clear boundaries, approved workflows, meaningful testing, structured reporting, and tools that make verification practical.
Effective controls should appear at several points in the workflow: before use through an approved-use matrix; during use through clear restrictions and review requirements; when documentation is created through appropriate traceability; and after a problem through an AI-contributor field in patient-safety reporting.
The OIG findings do not establish that every clinical prompt caused harm, and they do not justify treating every use of generative AI as unsafe. They establish something more operationally important: VA lacked a reliable way to connect high-impact clinical use, AI-assisted documentation, and patient-safety reporting.
VA already knows how to apply structured safeguards to an explicitly clinical AI system. Its next task is to extend that discipline to clinical work performed through general-purpose tools. If the department continues to classify only products while clinical risk emerges through workflows, the official inventory will describe the technology VA deployed but not necessarily the care processes AI has begun to influence.
The durable solution is not to freeze innovation or prohibit clinicians from improving burdensome workflows. It is to make the rules follow the work. VA should identify high-impact clinical tasks regardless of product, approve their uses explicitly, preserve the traceability of AI contribution, and give NCPS and VA AI leadership joint responsibility for learning from failures.
That framework would allow VA to move quickly without mistaking availability for clinical approval, broad access for validated use, or an empty safety search for evidence that no problem exists.

References​

  1. Primary source: U.S. Medicine
    Published: 2026-07-12T02:50:08.277542
  2. Related coverage: vaoig.gov
  3. Related coverage: nextgov.com
  4. Related coverage: windowsforum.com
  5. Related coverage: fedscoop.com
  6. Related coverage: fedweek.com
 

Back
Top