What happened
Sepsis kills quickly, and catching it early saves lives, so a tool that warns clinicians before a patient deteriorates is valuable. Epic Systems, whose software holds the medical records of a large share of American hospital patients, built such a tool into its electronic health record: the Epic Sepsis Model, a proprietary algorithm that scored hospitalised patients for the risk of sepsis and raised an alert when the score crossed a threshold. It was switched on across hundreds of hospitals.
In June 2021, researchers at the University of Michigan, led by Andrew Wong, published an external validation of the model in JAMA Internal Medicine. They ran it against the records of 27,697 adult patients, covering 38,455 hospitalisations, admitted to Michigan Medicine, and compared what the model predicted against what actually happened. The results were a long way from the marketing. The model’s ability to distinguish patients who would develop sepsis from those who would not, measured as area under the curve, was about 0.63, against the 0.76 to 0.83 range Epic had reported. In practice that meant it missed roughly two-thirds of the patients who had sepsis, 1,709 of 2,552, even as it generated alerts on close to a fifth of all hospitalised patients. It rarely caught what clinicians had not already suspected. The combination, low sensitivity and high alert volume, is the worst of both: it failed to flag the cases that mattered while contributing to the alert fatigue that makes clinicians tune warnings out.
Part of the gap between Epic’s numbers and Michigan’s traced to how the model had been built and measured. Reporting by STAT found the model used whether a clinician had already ordered antibiotics as one of its inputs, which flattered its apparent performance, since by the time antibiotics are ordered sepsis is often already suspected, and that this was not publicly disclosed. An accompanying JAMA Internal Medicine editorial put the lesson in its title: “The Epic Sepsis Model Falls Short, The Importance of External Validation.”
Epic disputed the study, arguing in part that performance depended on local calibration and on how each site used the tool. It subsequently overhauled the model; documents surfacing in 2022 showed the changes, including a recommendation that hospitals retrain the model on their own patient data before relying on it, a revised definition of sepsis onset, and reduced reliance on the antibiotic-order signal. No single patient harm was the headline here. The harm was structural: a clinical tool whose real-world accuracy had not been independently established was running, widely, as though it had.
What an auditable version would have shown
The question that mattered about the Epic Sepsis Model was not whether it could score a risk, but how well its scores held up against outcomes in the hospitals actually using it, and that question went unanswered at scale for years. The model’s marketed performance came from the vendor; the independent performance came from one academic group, after the fact, at one health system. Between the claim and the validation sat hundreds of deployments running on trust.
An auditable version makes a model’s live performance a measured, ongoing fact rather than a launch-day brochure figure. It records each alert the model fires, each case it stays silent on, and the eventual clinical outcome, and computes from those records the model’s actual sensitivity and false-alert rate at that site, over time. With that, a model missing two-thirds of sepsis cases is a number a hospital can see on its own patients within weeks, bound to the records it was computed from, rather than something a journal article reveals two years later. Independent, continuing validation stops being an academic exercise and becomes a standing property of the deployment.
Where the gap was
The gap was that a clinical model was sold and deployed on performance claims that no independent, continuing measurement on real patients had confirmed, and that nothing at each site was generating that measurement as the model ran. A vendor’s reported accuracy is a starting point; whether the tool achieves it in a given hospital is an empirical question that only that hospital’s data can answer.
A MetricRecord is the control: a signed, recomputable measure of the model’s sensitivity, false-alert rate and calibration, computed over the site’s own recorded outcomes, so that performance is monitored continuously rather than asserted once. A ConductRecord is its foundation: a record of each prediction and the outcome it was tested against, which is what a MetricRecord is computed from and what lets an independent party check the figure rather than take it on faith.
What governance should have looked like
The pattern recurs across high-stakes AI sold on a performance number: the number is real in the setting where the vendor measured it and unverified everywhere it is deployed, and without local, ongoing validation the gap between the two is discovered in patients rather than in testing. A model’s accuracy is not a property of its marketing; it is a property of its use, and it has to be measured there.
The reference implementation of MetricRecord and ConductRecord is open source. It lives at github.com/saffronandindia/headlights-oss, Apache 2.0 licensed and free to install. The repository is public now.
Sources
- External Validation of a Widely Implemented Proprietary Sepsis Prediction Model in Hospitalized Patients (JAMA Internal Medicine, Wong et al., 2021)
- The Epic Sepsis Model Falls Short—The Importance of External Validation (JAMA Internal Medicine editorial)
- Epic’s sepsis algorithm is going off the rails in the real world (STAT News)
- Epic overhauls popular sepsis algorithm criticized for faulty alarms (STAT News)