Back to Blog
ai-safetyhealthtechprompt-engineeringguardrailsmedical-ai

Medical AI Guardrails: Keeping a Health AI From Diagnosing (Simply Explained)

A plain-language guide to medical ai guardrails. No jargon, no tech speak, just what it means for your business.

By Mike Hodgen

Want the full technical deep dive? Read the detailed version

The One Thing a Health App Can Never Do

I built an app for a client that helps parents track their baby's development. A parent types in what their child is doing. The AI writes back warm, useful notes about where that lands in a normal range.

That was the plan. Without limits, the AI did something else.

It didn't just describe what the baby was doing. It guessed. It floated developmental delays. It mentioned autism. It brought up ADHD, on its own, off a single sentence from a tired parent at 2am. And none of it sounded like a guess. It read like a doctor's verdict.

Now picture that parent. They read "this could indicate a developmental delay," and they don't shrug it off. They panic. They Google for six hours. They book appointments. Or worse, they feel falsely reassured and miss a real warning sign.

This isn't the AI making a mistake. It was doing exactly what it was built to do: be helpful and complete. That's what made it dangerous.

Here's the rule, plain and simple. Any AI that touches health has one job it must never do: play doctor. Everything else can bend. That one rule cannot.

The rest of this is how I make sure it never does.

Why a Health AI Wants to Play Doctor

This isn't a one-time bug you fix. It's built into how these tools work, and understanding that is what stops you from thinking a single warning label solves it.

AI that reads and writes like a human is trained to be helpful and to fill in the blank with whatever usually comes next. Ask it about a child's milestones, and it reaches for the words that normally follow in everything it learned from. In medical writing, "child not walking at 15 months" sits right next to talk of delays and evaluations.

So the AI grabs that. Not because it's thinking like a doctor. Because that's the pattern.

And the AI has no idea it isn't a doctor. There's no little voice telling it "I'm not allowed to say this." So it says things like "your child is about three months behind." That sentence is a diagnosis wearing a friendly costume.

Most people try to fix this by slapping a disclaimer at the bottom. "This is not medical advice." That does almost nothing. A parent who just read a confident paragraph about possible autism is not calmed by fine print underneath it. The damage already happened. The disclaimer is a seatbelt you bolt on after the crash.

The real fix is layers. Think of it like a nightclub with three security checks: one at the prompt, one on the way out, and one at the data. No single guard catches everything. That's the whole point.

The Rules the AI Is Never Allowed to Break

I keep a fixed set of rules that get fed into the AI every single time it runs. Not just on the medical-sounding stuff. Every output, because the same AI that suggests a fun activity is the one that might wander into diagnosis if you give it room.

There are four rules it can never break:

  1. Never diagnose or name a condition. Describe what the child is doing, not what it might mean.
  2. Never recommend medicines, supplements, or specific therapies. That's a doctor's call, not an app's.
  3. Never give a single-number verdict. Only describe normal ranges. No "your child is behind."
  4. At any sign of distress, hand off to a real pediatrician. Stop describing, start pointing to a human.

Rule three is the one people underestimate. "Most kids start walking somewhere between 9 and 18 months" is safe and genuinely useful. It tells the parent something true without judging their kid.

"Your child is a bit behind on walking" is a diagnosis dressed up as encouragement. It sounds gentle. It is not. The parent carries that sentence around for weeks.

Ranges teach. Single-number verdicts judge. The first is education. The second is practicing medicine without a license, and that's exactly the line that gets you sued.

These rules live in the actual code, in one place, not pasted into each feature by hand. So when I add a new feature six months later, it automatically inherits the same rules. There's no version where someone forgot.

The Single Door Every Output Has to Walk Through

One warning label doesn't fit every situation. What a parent reads on a casual daily summary is not what they should read on something they might hand to their actual doctor.

So I built three versions:

  • Everyday notes. Light and clear. A reminder that this is observation, not medical advice.
  • The doctor handout. For anything a parent might print and bring to an appointment. It clearly says "these are the parent's observations, not test results," so the doctor doesn't mistake the app's words for a real screening.
  • The photo version. For anything based on analyzing a picture or video. This one openly admits the AI might be misreading a blurry phone photo.

Now here's the part that makes it actually work. Every single thing a parent sees has to pass through one checkpoint before it reaches them. Think of it as the only exit door in the building. No output gets to a parent any other way.

Why does that matter? Because someday a new developer adds a feature, and without that single door, they might accidentally ship the raw AI text straight to the screen with no safety check. With the door in place, they physically can't. The rule is enforced by the system, not by someone remembering it.

A Safe List, and an AI That Shuts Up When It Should

The app also suggests fun activities. "Here's something to try with your six-month-old today." Useful. Also quietly risky, because activities involve objects, and a baby plus the wrong object is a trip to the ER.

Left alone, the AI will happily suggest something exotic, something a choking-size, or something the parent doesn't even own. It doesn't weigh safety. It weighs what sounds plausible.

So I keep a list of about 100 safe, common household items. Soft blocks, big balls, a wooden spoon, a cardboard box. Stuff that's everywhere and won't hurt anyone.

Every activity the AI suggests gets checked against that list. If it mentions anything off the list, the system throws it away and asks again. It doesn't ship the iffy one with a warning. It tosses it and regenerates until everything is on the approved list.

Here's why that beats just asking the AI nicely. A prompt is persuasion. The AI usually listens. But "usually" is not a safety standard when the failure is a choking hazard. The checker never gets tired, never misreads, never decides a marble is fine. The AI proposes. Plain code with no creativity decides what's allowed through.

The hardest case is when a parent describes something genuinely worrying. A symptom. A sudden change. The wrong move is for the AI to make up reassurance. The other wrong move is for it to guess at causes. Both feel helpful. Both are dangerous.

The right move is to stop and hand off. "This is something to discuss with your pediatrician. Reach out to them." The AI is flatly forbidden from improvising here. It doesn't reassure, it doesn't guess, it defers.

And I'll be honest: the AI isn't perfect at spotting distress. It misses some, over-flags others. That's exactly why all the layers run at once. If the distress check misses, the never-diagnose rule still stops the AI from guessing, and the disclaimer still tells the parent this isn't medical advice. Each layer fails sometimes. Together, they fail far less, and far less badly.

What It Costs, What It Buys

Straight talk on the tradeoff. These guardrails make the AI less flashy. It won't wow anyone with a confident diagnosis. Next to a flashier competitor in a demo, mine looks cautious.

That's the point. The flashy version is the one that ships the sentence that gets you sued or hurts a customer.

The cost is a few hundred extra lines of code and some throwaway outputs. What it buys you is an AI that simply cannot say the thing that ends your company. Not because it chose well, but because the system won't let it choose otherwise.

Here's the lesson for anyone with a health, finance, or legal product on the way. The safety system is the product. Not a phase-two cleanup. In these spaces, the limits are what make the clever part legal to ship in the first place.

Most teams build the feature first and bolt safety on later. That's backwards. I build the box first, then design the clever part inside it.

Want to explore what AI could do for your business?

Book a free 30-minute strategy call. No pitch deck, no sales team, just a real conversation about your operations and where AI fits.

Book a Discovery Call

Get AI insights for business leaders

Practical AI strategy from someone who built the systems — not just studied them. No spam, no fluff.

Ready to automate your growth?

Book a free 30-minute strategy call with Hodgen.AI.

Book a Strategy Call