Shadow AI: It's already in your practice, with Asha Palmer, J.D., of Skillsoft

If you haven't given your staff a sanctioned artificial intelligence (AI) tool, chances are they've already found one on their own. In this episode, Asha Palmer, senior vice president of compliance solutions at Skillsoft, joins Medical Economics Associate Editor Austin Littrell to break down the real risks of shadow AI in clinical settings — not just the data privacy concerns most practices already know about, but the harder-to-catch problem of inaccurate outputs that no one is monitoring. 

Palmer explains why banning AI entirely isn't a sustainable strategy, walks through what a simple, practical governance plan looks like for a smaller practice, and makes the case that the conversation with clinicians has to come before the policy does. She also covers what to ask vendors before any AI tool goes live, what to do when you discover staff are already using tools you didn't approve and why visibility — not prohibition — is the most important thing practice leaders can give themselves right now.

Music Credits:
Ocean Calm by Cephas - stock.adobe.com
A Textbook Example by Skip Peck - stock.adobe.com

Editor's note: Episode timestamps and transcript produced using AI tools.

0:00 – 0:27 | Sponsor message Copic medical liability insurance.

0:27 – 0:50 | Cold open Palmer previews the episode's central argument: banning AI is not a sustainable strategy — staff will use it on their phones whether you sanction it or not.

0:50 – 1:42 | Introduction Austin Littrell introduces the episode and previews the conversation with Palmer.

1:42 – 3:03 | Meet Asha Palmer and Skillsoft Palmer introduces herself — a lawyer turned compliance professional now in tech — and describes Skillsoft as a learning company focused on defensible, scalable compliance programs.

3:03 – 5:03 | What is shadow AI and why does it matter Palmer reframes the conversation by starting with the opportunity AI creates for clinicians — efficiency, cognitive support, a thought partner — before explaining why unmonitored use creates serious data input and output risks that organizations can't see or control.

5:03 – 6:20 | Why clinicians keep reaching for unsanctioned tools The number one reason: the organization hasn't sanctioned anything. When there's no approved path, people create their own — and banning AI entirely makes shadow use more likely, not less.

6:20 – 9:16 | What a governance plan actually looks like for a small practice Palmer's practical framework: establish use cases in three buckets — how people are already using AI, how they want to use it and how the organization wants them to. Then map risks to those cases, identify controls and build in ongoing testing and monitoring.

9:16 – 11:00 | The risks practices are underestimating It's not patient data exposure — most clinicians understand that risk. The bigger concern is inaccurate or inconsistent outputs: hallucinations, wrong conclusions drawn from real data, recommendations that don't align with the organization's care model.

11:00 – 11:56 | P2 Management Minute Keith Reynolds shares practice management tips and invites listeners to submit their own workflow ideas.

11:56 – 13:59 | AI is not just an IT problem Palmer argues that AI has to be viewed as a multidisciplinary issue — IT procures and monitors, compliance ensures safe use, and practice leaders need to see AI through the lens of business opportunity and growth, not just risk management.

13:59 – 16:09 | What compliance infrastructure needs to be in place before any AI goes live Palmer's core recommendation: rigorous third-party due diligence. Ask vendors tough questions about where your data goes, how models are trained, whether they test for bias and accuracy, and what their own governance structure looks like.

16:09 – 18:38 | What to do when you discover shadow AI use Palmer's answer isn't to fire anyone — it's to ask why. What are clinicians not getting that they feel they need? Shadow use is a signal, not just a violation. She also makes the case for a clear, readable acceptable use policy as a foundational step before any AI goes live.

18:38 – 20:30 | Closing advice for practice leaders Palmer closes with a direct message: visibility is everything. Sanctioning a tool gives you the data, the use cases and the control you need. Letting staff use AI in the shadows means losing control of your data, your people and eventually your practice.

20:30 – 21:39 | Outro Littrell thanks Palmer and wraps the episode.