Radiology has become the crowded test case for artificial intelligence in medical imaging. As of March 30, 2026, radiology accounted for 1,163 of 1,524 FDA-cleared AI algorithms, or 76% of the total, with the clearance rate rising to roughly 30 algorithms per month in early 2026 from 21 per month in 2024.[1][2][3] That is no longer a novelty curve. It is an installed-base problem.
FDA clearance answers an important but narrower question: whether a device has met the regulatory requirements for its cleared indication. It does not tell a radiology department whether the algorithm still performs on its scanners, its patient mix, its report templates, its technologist workflows, or its overnight call schedule. It does not maintain an inventory, define who can suspend use, check for drift, or explain what happens when the algorithm and the radiologist disagree.

That is why the ACR-SIIM Practice Parameter for Imaging AI, approved by the American College of Radiology in May 2026, matters less as another policy document than as a working map for the people who have to make cleared tools behave like accountable clinical systems.[4] It gives radiology a way to move from procurement to governance: from “we bought it” to “we know where it is running, what it is doing, when it should stop, and who is responsible.”
The New Question Is Not Whether AI Is Cleared
The clearance count is useful only because it exposes the mismatch. A few algorithms can be tracked informally by a motivated radiologist, a PACS administrator, and a vendor contact. More than a thousand cleared radiology algorithms create a different kind of burden. Health systems may deploy tools across emergency imaging, stroke workflows, breast imaging, fracture detection, triage queues, structured reporting, and quality programs. Some run in the background. Some change worklists. Some insert findings into reports. Some influence who gets seen first.
Once an algorithm touches the clinical workflow, “cleared” is no longer a sufficient local control. The facility still has to know whether the model was tested against its own workflow before go-live, whether the data needed for monitoring are captured, whether performance can be stratified across relevant patient groups, and whether someone has authority to pause the tool when performance becomes questionable.
The ACR-SIIM parameter is built around that operational gap. It identifies five governance areas: an AI governance group, a clinical AI tool inventory, local acceptance testing before clinical use, monitoring for performance drift with defined stop rules, and HIPAA-compliant data security.[4] None of these is glamorous. All of them are the difference between a product installed in a radiology environment and a clinical capability that can be audited, questioned, and improved.

| Governance area | What it changes in local deployment |
|---|---|
| AI governance group | Creates a named body for decisions, oversight, escalation, and accountability. |
| Clinical AI inventory | Makes the deployed AI estate visible across tools, sites, indications, versions, and workflows. |
| Local acceptance testing | Requires a facility to check performance and workflow fit before routine clinical use. |
| Drift monitoring with stop rules | Makes continued use conditional rather than assumed indefinitely after go-live. |
| HIPAA-compliant data security | Treats monitoring data, integrations, and vendor relationships as part of clinical trust. |
Governance Starts With Someone Being Responsible
The governance group is the least technical requirement and probably the most important. Without it, AI accountability tends to dissolve across radiology leadership, IT, quality, legal, compliance, vendors, and individual clinical champions. Everyone has a partial view; no one owns the full risk picture.
A useful AI governance group is not a ceremonial committee that meets after the procurement decision is already made. It has to be close enough to operations to ask dull but decisive questions. Does the algorithm operate on all scanners or only some? Which patient populations were represented in local testing? Does the output change the reading order, the report, or both? Who monitors false positives that create downstream work? Who monitors false negatives that fail silently? What is the escalation path when a radiologist sees repeated discordance?
This is where the parameter’s value becomes practical. It gives department leaders permission to treat AI as a longitudinal clinical quality issue rather than a one-time software implementation. A governance group can decide which use cases are ready for deployment, what evidence is enough for local acceptance, which monitoring measures are feasible, and when operational constraints make a promising product too difficult to supervise safely.
The harder part is resourcing. A committee can be named quickly; maintaining useful oversight takes informatics support, quality staff time, data access, clinical participation, and administrative authority. The ACR-SIIM parameter creates the expectation of governance, but local institutions still have to decide whether the work is funded as patient safety infrastructure or absorbed as another unfunded task by already overextended teams.
An Inventory Turns AI From Rumor Into an Estate
The inventory requirement sounds administrative until a health system tries to answer a simple question: Which AI tools are currently influencing patient care? In many organizations, that answer may be scattered across purchasing records, PACS integrations, modality workstations, cloud dashboards, research pilots, service-line projects, and vendor-managed modules embedded inside larger platforms.
A real inventory should do more than list product names. It should connect each tool to its clinical indication, version, deployment sites, input data, output type, workflow location, intended users, vendor contacts, validation records, monitoring plan, and current operational status. That is the minimum needed to know whether an algorithm is active, dormant, being piloted, retired, or still running because nobody remembered to turn it off.
This matters when software changes. It matters when scanners are replaced. It matters when a vendor updates a model, a report template changes, or a hospital acquires a new imaging site with different protocols. Without an inventory, drift monitoring cannot be systematic because the organization does not have a stable denominator: it cannot reliably say what is deployed, where, and under which assumptions.
Acceptance Testing Is Where Clearance Meets the Local Department
Local acceptance testing is the point where the department stops treating the vendor’s regulatory and validation package as the whole story. The product may be cleared for a defined use, but the facility still needs to check whether the tool works acceptably in its own environment before routine clinical deployment.[4]
That testing should be specific to the way the algorithm will be used. A triage tool that changes reading priority creates different operational risk than a tool that quietly pre-populates a measurement. A tool used in a stroke pathway will be judged against different time and escalation requirements than one used for breast density assessment. A tool that only flags suspected findings may still increase workload if false positives are frequent enough to interrupt normal reading.
The acceptance decision is not only about accuracy in the abstract. It is about whether the output appears at the right time, in the right system, for the right user, with enough clarity to support safe action. If an alert arrives after the case has already been read, it may be statistically interesting and operationally useless. If a result is displayed without an obvious indication of confidence, scope, or failure mode, the radiologist is left to reverse-engineer the tool’s meaning during clinical work.
A disciplined acceptance process also creates a record. Later, when performance changes or a disagreement arises, the department can compare current behavior with the assumptions made at go-live. That record becomes important for quality review, vendor conversations, patient safety analysis, and legal defensibility.
Drift Monitoring Makes Continued Use Conditional
The most consequential shift in the parameter is the expectation that deployed AI should be monitored for real-world performance drift with defined stop rules.[4] This is where AI adoption changes from installation to supervision. Go-live is no longer the finish line. It is the beginning of a supervised interval.
Drift can enter through familiar radiology pathways. Scanner protocols change. Contrast timing changes. A new patient population enters the system. Acquisition parameters vary across sites. Disease prevalence shifts. Report language evolves. A model update may change outputs in ways that are not obvious to the users reading cases. Even if the algorithm itself does not change, the clinical environment around it does.
Stop rules are where monitoring becomes governance instead of dashboard decoration. A department needs to know in advance what level of performance degradation, discordance, missing data, integration failure, or safety concern triggers review, restriction, or suspension. That decision cannot be improvised during a safety event while the tool continues to influence care.
The parameter does not, by itself, solve the hardest measurement problem: many radiology AI tools do not have easy, structured ground truth available at scale. Pathology, follow-up imaging, clinical outcomes, adjudicated expert review, and report text all carry different strengths and limitations. What the parameter does is force the question into the open. If a facility cannot measure performance in a usable way, that is not a minor documentation gap. It is a deployment risk.
Assess-AI Tries to Make Monitoring Scalable
Assess-AI is the registry layer designed to make that monitoring less dependent on each site inventing its own measurement system from scratch. ACR describes it as the world’s first AI quality registry and data service. It uses a large language model-based method to extract surrogate labels from existing radiology reports, compares those labels with AI algorithm outputs to measure concordance, and supports national benchmarking and closed-loop quality improvement through the ACR Forensics platform.[4]

The idea is attractive because radiology already produces a massive body of interpretive text. If report language can be converted into reliable labels, then sites may be able to monitor AI performance across routine care without building a separate manual adjudication program for every use case. A registry can then compare local concordance with broader benchmarks, identify outliers, and feed performance signals back into quality improvement.
The ACR says Assess-AI currently supports at least 12 imaging AI use cases, including intracranial hemorrhage, pulmonary embolism, pneumothorax, large vessel occlusion, bone age, cervical spine fracture, and breast density.[4] That breadth is important. A registry that only works for one highly structured use case would be useful but narrow; a registry that can support multiple common deployment categories begins to look like shared infrastructure.
Still, surrogate labels deserve careful handling. A label extracted from a radiology report is not automatically the same as validated ground truth. Reports may contain uncertainty, negation, historical findings, differential diagnoses, follow-up recommendations, or language shaped by clinical context rather than binary truth. A large language model may extract the intended meaning accurately in many cases, but the available ACR material on Assess-AI does not establish the accuracy of LLM-extracted labels against structured ground truth.
That limitation does not make the method unhelpful. It makes validation central. Concordance between an algorithm and a report-derived surrogate label can be a powerful monitoring signal if the surrogate label is accurate enough for the use case and if its errors are understood. If the label extraction is biased by report style, site-specific language, subspecialty conventions, or ambiguous phrasing, the registry could measure agreement with documentation patterns rather than clinical truth.
The operational question is not whether surrogate labels are perfect. They will not be. The question is whether their performance is known well enough to support the decisions attached to them. A weak label may be acceptable for broad surveillance, trend detection, or identifying cases for review. It may not be sufficient for stopping a tool, declaring a vendor failure, or comparing performance across hospitals without adjustment. Those distinctions need to be explicit before registry outputs become governance triggers.
What Concordance Can and Cannot Tell a Department
Concordance is a practical starting measure because it asks whether the AI output and the report-derived label point in the same direction. For many monitoring programs, that is the first feasible signal. A sudden drop in concordance may indicate model drift, integration trouble, a change in case mix, a report extraction problem, or a workflow issue that deserves review.
But concordance is not the same as clinical effectiveness. An AI tool and a report can agree and still be wrong. They can disagree because the AI is wrong, because the report is wrong, because the report is intentionally hedged, or because the algorithm is detecting a finding outside the phrasing captured by the surrogate label. A registry can help find the cases worth investigating; it cannot eliminate the need for clinical interpretation of discordance.
This distinction matters for leaders who will be tempted to turn registry dashboards into performance grades. Benchmarking can identify variation, but variation is not automatically failure. A site serving a different population, using different imaging protocols, or documenting findings differently may need a different analysis before anyone concludes that the algorithm, the radiologists, or the local workflow is the problem.
Data Security Is Not a Side Requirement
The parameter’s HIPAA-compliant data security requirement is easy to relegate to compliance review, but it sits close to the heart of AI governance.[4] Performance monitoring depends on moving, linking, storing, and analyzing clinical data. Registry participation may involve report text, algorithm outputs, timestamps, metadata, site identifiers, and workflow information. Vendor integrations may create new paths through which protected health information or operationally sensitive data travel.
A department cannot ask clinicians to trust AI oversight if the monitoring process itself is opaque. Who receives the data? Are outputs de-identified, limited, or linked? What is retained? How are vendor access, audit logs, breach response, and cybersecurity responsibilities handled? Can the organization reconstruct which AI output was available for a given clinical encounter? These are not abstract IT questions when AI outputs are embedded in patient care.
Data governance also affects bias monitoring. If a facility cannot reliably stratify performance by clinically relevant variables, scanner type, site, protocol, or patient population, it may miss patterns that matter. If it can stratify but lacks governance over how those analyses are interpreted, it may overreact to noisy subgroups or underreact to meaningful disparities. The parameter creates a place for the issue; it does not make the underlying data clean.
ARCH-AI Adds an Incentive, Not a Guarantee
The ACR Recognized Center for Healthcare-AI, or ARCH-AI, is the facility designation attached to this governance movement. It recognizes facilities that demonstrate responsible AI implementation aligned with the Practice Parameter, and designated sites form a learning community for sharing best practices and aggregate performance data.[4]
That can be useful if it pushes organizations to build the infrastructure they might otherwise postpone: governance membership, inventory discipline, acceptance testing records, monitoring workflows, security review, and participation in shared learning. Designation programs can create internal leverage. A radiology chair or imaging executive may be able to justify staff time and informatics resources more easily when responsible AI implementation is tied to external recognition.
The risk is treating designation as a proxy for safety. ARCH-AI can signal that a facility has implemented the required governance elements, but the source material does not provide outcome data showing that designated facilities have fewer AI-related safety events, better diagnostic performance, or improved patient outcomes. For now, its value is in standard-setting, incentive creation, and shared learning—not proof of clinical superiority.
What This Infrastructure Still Has to Prove
The ACR-SIIM Practice Parameter is new, and the evidence available in 2026 supports a cautious conclusion. Radiology now has a systematic governance framework for imaging AI, but there are no adoption data yet showing how many facilities will implement it, how consistently they will apply it, or whether it will measurably improve patient outcomes. Practice parameters are not binding standards, and voluntary uptake may vary sharply between large academic health systems, community hospitals, outpatient imaging networks, and resource-constrained practices.
The framework is also US-centric and radiology-specific. It does not settle governance for pathology, cardiology, ophthalmology, or non-US regulatory settings. Even within radiology, it does not eliminate the unresolved questions that have made AI deployment difficult: data governance and cybersecurity, algorithm robustness and bias, stakeholder consensus, and legal liability.
The liability question is especially uncomfortable because governance creates records. That is a feature, not a flaw, but it changes the accountability landscape. If a department defines stop rules and then ignores them, the problem is no longer invisible. If monitoring shows persistent discordance and no one acts, the registry becomes evidence of inaction. Mature governance will make some organizations safer; it will also make weak governance harder to hide.
Stakeholder consensus will be just as important. Radiologists, technologists, informaticists, administrators, compliance officers, vendors, referring clinicians, and patients may not assign risk in the same way. A tool that administrators see as efficiency infrastructure may be experienced by radiologists as an added verification burden. A tool that vendors describe as assistive may function operationally as a triage gate. Governance has to surface those differences before they harden into workarounds.
The Shift Is From Buying Algorithms to Governing Systems
The most important thing about the ACR-SIIM Practice Parameter, Assess-AI, and ARCH-AI is that they fit together. The parameter defines the local governance obligations. Assess-AI offers a registry mechanism for scalable monitoring, benchmarking, and feedback. ARCH-AI gives facilities a designation pathway and a learning community. Together, they form the first integrated governance infrastructure for imaging AI.
That does not mean artificial intelligence in medical imaging has crossed from promise into proven systemwide assurance. It means radiology has finally started building the machinery needed to ask better post-market questions: What is deployed? Does it work here? Is it still working? Is it working equitably? Are the labels reliable enough to support action? Who can stop the tool? Who learns from the data?
In 2026, that is the real change. The field is moving from counting cleared algorithms toward governing deployed systems. The infrastructure is significant because it makes assurance possible, not because it proves assurance has already been achieved.
References
- Radiology gets 68 new FDA-cleared algorithms. RadiologyBusiness.com. 2026.
- FDA Updates AI List with New Clearances. The Imaging Wire. March 11, 2026.
- Artificial Intelligence-Enabled Medical Devices List. FDA.
- ACR Approves First Practice Parameter for Imaging Artificial Intelligence. ACR News and Publications, Media Center. 2026.
Comments
Join the discussion with an anonymous comment.