Readers Write: Application Portfolio Management: The Hidden Key to Healthcare Cybersecurity Resilience

Application Portfolio Management: The Hidden Key to Healthcare Cybersecurity Resilience
By Kevin Erdal

Kevin Erdal is president of advisory services at Nordic.

Healthcare leaders are navigating a tough reality: protecting margins while making operations more resilient. Financial pressures, workforce shortages, and regulatory complexity mean every investment must deliver real, measurable impact.

At the same time, cyber threats are amplifying these pressures. A single breach can wipe out hard-won savings, derail transformation projects, and compromise patient safety.

In this environment, application portfolio management (APM) is a strategic necessity.

Think of APM as a smarter way to manage your technology stack. By taking inventory, trimming what you don’t need, and securing what you keep, you can cut waste, reduce risk, and lay the groundwork for streamlined, patient-centered operations without adding complexity.

What are the risks of ignoring application portfolio management?

Healthcare is the most expensive sector for cyberattacks, with the average breach costing $11 million, three times the global average. Ransomware is the most prevalent threat, accounting for approximately 70% of healthcare cyberattacks. In 2024 alone, 118 confirmed ransomware attacks accessed more than 15 million patient records.

The operational impact across our industry is staggering:

• 17 days of average downtime per ransomware incident, costing $1.9 million per day.
• 92% of healthcare organizations targeted by cyberattacks in 2024.
• $21.9 billion in downtime losses over six years.

Most importantly, the risk to patient safety can’t be overstated. When systems fail, care delivery is disrupted, treatments are delayed, and lives are at risk.

Why traditional cybersecurity isn’t enough

Most healthcare organizations rely on perimeter defenses like firewalls, VPNs, and intrusion detection systems, but attackers often exploit internal vulnerabilities, especially through unmonitored legacy applications and shadow IT.

If you don’t know what’s running in your environment, you can’t protect it. And you may be paying for apps you don’t even use.

What is application portfolio management (APM)?

Application portfolio management is the structured process of managing applications based on value, cost, risk, and performance. It includes:

• Inventory and classification of all your applications.
• Risk and value assessment to understand security posture and business impact.
• Lifecycle and rationalization planning to retire redundant or high-risk apps

Done right, APM is a strategic enabler for efficiency, modernization, and cost control.

How does APM deliver real ROI?

APM allows you to clean up your tech stack and create significant wins across your organization.

• Visibility = control. You can’t secure what you don’t know exists.
• Risk prioritization. Spot high-risk apps before they become breach entry points.
• Legacy exposure mitigation. Retire unsupported apps before attackers exploit them.
• Cost savings. Rationalization reduces licensing, maintenance, and support costs.
• Compliance confidence. Stay ahead of HIPAA and other regulatory requirements.
• Foundation for innovation. Simplify before you modernize.

APM delivers value across the enterprise by aligning technology decisions with business, financial, and clinical priorities:

• Chief information officers gain alignment between IT investments and strategic goals, paving the way for digital transformation.
• Chief information security officers strengthen risk management and improve threat response.
• Chief financial officers see hard ROI through cost savings and breach avoidance.
• Chief medical information officers benefit from streamlined clinical workflows and better data integrity.

How to get started with application portfolio management

Here’s a practical roadmap for healthcare leaders:

1. Start with an inventory. Capture every app across clinical and business functions.
2. Map applications to workflows. Understand their role in care delivery and operations.
3. Assess risk and compliance. Evaluate vendor security posture, data sensitivity, and HIPAA alignment.
4. Rationalize and retire redundant or risky apps. Reduce attack surface and technical debt.
5. Integrate APM insights into governance programs. Embed findings into cybersecurity strategy and IT planning.

How the right partner accelerates APM success

Finding redundant apps is just the start. The real challenge is managing governance, staying compliant, and retiring systems without disrupting care or losing critical data. That’s where the right partner can help. Experienced healthcare IT advisors bring proven, scalable frameworks and tools to make the application portfolio management process faster and safer.

Partnering gives you the structure and support to reduce risk, achieve measurable ROI, and build a solid foundation for future innovation.

Bottom line: APM is foundational to cybersecurity resilience

Cyber threats and digital complexity aren’t slowing down, and neither can you. Application portfolio management is one of the most practical, high-impact steps you can take to strengthen cybersecurity, protect margins, and build a foundation for future-ready operations.

The cost of doing nothing? Higher risk, wasted resources, and missed opportunities. The upside of acting now? You simplify your environment, reduce vulnerabilities, and free up capacity to deliver patient-centered care that’s safer and more efficient.

APM is a strategic lever for margin resilience, operational efficiency, and innovation. Start today and position your organization to do more with less while safeguarding your mission and the people you serve.

Readers Write: The Missing Clinical Voice in Healthcare IT

The Missing Clinical Voice in Healthcare IT
By Susan Grant, DNP, RN

Susan Grant, DNP, RN, is chief clinical officer at Symplr.

For years, the weight of healthcare technology decisions has fallen solely on IT teams, inadvertently leaving clinicians and IT operating in silos. Yet clinicians play a critical role in determining whether technology implementations succeed. Deloitte research shows that clinicians rate technology initiatives far more positively when we are actively involved, from design through implementation.

Despite this, only 38% of frontline clinicians report having been consulted on digital health workflows or new applications. We need to bring the clinical perspective into technology decisions earlier and  more consistently. With physician use of AI already up 78% from 2023, clinicians both want and deserve a larger role in shaping these conversations.

The value of clinical input
Health systems must engage across departments, from IT to executives and clinical teams, to deliver successful technology implementations. Nurses alone make up the largest segment of the healthcare workforce. Because clinicians directly experience the problems that many solutions aim to solve, they offer essential insights that should guide decision-making.

Cross-functional communication is equally critical. Open discussions about technology challenges and workflow pain points help to align around the shared goal of streamlining work so that providers can focus on patient care. These conversations also allow IT professionals to demonstrate the benefits of new tools early, reducing resistance and building confidence that the technology reflects clinicians’ needs.

Historically, clinicians have too often been excluded from these conversations, leading to painful rollouts, misaligned expectations, and limited influence over tools designed for them. Bringing the clinical voice to the table can change all of that.

Clinicians want to be more involved

Clinicians want to play a bigger role in healthcare technology decisions. Our 2025 Compass Survey shows that 85% of clinicians want more influence over software purchasing decisions, up from 72% last year and 51% in 2022. This trend shows that care teams no longer view technology and innovation as strictly an IT responsibility. They recognize the value technology brings to their daily work and to delivering optimal care.

IT and operations professionals also acknowledge the advantage that clinicians bring to these decisions. Both groups show increased interest in clinician involvement. This year’s survey found that 77% of operations leaders and 76% of IT teams actively seek clinician participation.

What’s next?

Organizations are seeking to implement technology that improves care delivery, including AI and scheduling tools. Ensuring that clinicians participate throughout the full implementation process prevents problematic deployments and increases ROI. As a former nursing leader at large health systems, I’ve seen the direct positive impact digital tools can have on clinicians, saving time, reducing stress, and ultimately improving the healthcare experience for patients.

We are in the midst of a clinical shortage, with the National Council of State Boards of Nursing reporting that 40% of RNs intend to leave the field in the next five years. Ensuring that clinical voices guide technology decisions can improve daily life for this workforce.

Strengthen alignment and communication

Healthcare leaders can take several approaches to address this issue. Teams should begin by aligning on central priorities across clinical and IT groups to foster communication and gain a better understanding of each other’s goals. While they may have different priorities, both sides share the guiding objective of improving patient care.

Leadership should demonstrate the value of technology upfront to strengthen clinicians’ trust. After facing so many initiatives that have not helped, clinicians need concrete examples of how new tools can make their jobs easier.

To increase clarity and confidence in new tools, leadership should also provide comprehensive training and education for the healthcare workers who will use them. This approach offers transparency and addresses change fatigue, helping differentiate new technology rollouts from earlier efforts that left clinicians burned out.

Opening the lines of communication in a continuous and intentional way can transform how systems operate. When leaders gather clinical input before decisions and continue the conversation post-rollout, they increase collaboration, elevate clinician voices, and improve the success of each initiative.

Learn from past experiences

To share a personal example, in a previous role I saw nurses become frustrated with a new AI tool because incoming messages disrupted their communication with other providers. A simple conversation could have revealed this problem sooner. But because consideration of ongoing feedback was not a part of the post-implementation plan, no one realized that the tool designed to help them was instead creating more work.

When healthcare organizations use these strategies and place greater value on the clinical experience, they create a culture of innovation and collaboration that increases enthusiasm for change and avoids overpromising and underdelivering.

Readers Write: Igniting Smart Strategy: Rationalizing Your Application Portfolio

Igniting Smart Strategy: Rationalizing Your Application Portfolio
By Amy Penning

Amy Penning is senior application analyst with CereCore.

The complexity of managing clinical, administrative, and operational applications in healthcare organizations continues to grow. While many large hospital systems have invested in robust programs to streamline their application portfolios, any health system that has undergone ownership changes, faced prolonged under resourcing, or shifted priorities grapples with technical debt and legacy systems that quietly drain resources and introduce risk.

Application rationalization is not just a cleanup task. It’s a strategy that can yield measurable operational and financial benefits, even without a large team to execute it.

Application portfolios in healthcare environments tend to grow over time as new needs emerge and priorities shift. Legacy systems, departmental tools, and redundant applications can quietly accumulate, while consolidation becomes more complex from mergers and acquisitions, creating technical debt and operational inefficiencies.

One regional health system uncovered over 700 applications, nearly triple their initial estimate, after a thorough inventory. The result? $17 million in savings in the first year and $72 million over five years, all without a massive team or predefined playbook.

While cost reduction is a compelling driver, the return on investment from AppRat extends far beyond the balance sheet. Healthcare leaders often delay AppRat due to competing priorities, perceived disruption, or lack of internal expertise, including rationalizing legacy systems that aren’t understood by anyone on the current team.

Rationalization efforts have led to a 30% reduction in IT support tickets, 20–25% improvements in clinical workflow efficiency, and enhanced data interoperability. These operational gains translate into better clinician experiences, faster decision-making, and ultimately, improved patient care.

The challenge often lies in knowing where to begin. Many organizations believe that they have a handle on their application inventory until they start digging and discover hidden redundancies, unsupported systems, data silos, and cybersecurity risks. Begin with a simple inventory and build from there, tailoring the approach to each organization’s unique bandwidth and priorities.

A phased assessment approach, starting with inventory validation and business function mapping, can uncover opportunities to reduce licensing costs, simplify workflows, and improve data governance.

Decommissioning a single application can bring significant savings and risk reduction. But application rationalization isn’t just an IT exercise; it supports the most strategic organizational goals. By consolidating systems and eliminating outdated platforms, healthcare providers can improve clinician experience, reduce login fatigue, and streamline training. Standardization enhances interoperability, supports regulatory compliance, and strengthens cybersecurity posture by reducing exposure to vulnerabilities in legacy systems. These improvements contribute to better patient care and operational resilience.

Importantly, the return on investment extends beyond direct cost savings. Rationalization efforts often lead to reductions in IT support tickets, improved onboarding processes, and enhanced clinical workflow efficiency. These outcomes translate into cost avoidance and increased capacity for innovation. Organizations can redirect resources toward strategic initiatives such as AI adoption, cloud migration, or digital transformation.

Success does not require an army. It requires a thoughtful, repeatable process. Engaging stakeholders across IT, clinical, finance, and compliance teams ensures that decisions are informed and aligned with organizational priorities. Leveraging existing tools and frameworks can accelerate progress and reduce the burden on internal staff. Whether starting with a simple assessment or building a full application lifecycle management program, the key is to embed rationalization into the fabric of IT operations.

For organizations without the bandwidth or specialized expertise to manage this work, partnering with a team that can both assess and execute is critical. That team can help health systems identify opportunities through structured assessments and then manage the legacy turndown process,  reducing risk, freeing resources, and creating a faster path to ROI so that teams can focus on strategic priorities like digital transformation and innovation.

Readers Write: HLTH: Healthcare’s Burning Man for the Well Funded

HLTH: Healthcare’s Burning Man for the Well Funded
By Anonymous

I’ve been around this industry for decades. I have to admit that I’m still trying to wrap my head around all these newfangled conferences like HLTH.

Back in my day, HIMSS was the gold standard. Everyone knew it, everyone went, and you could count on a certain level of professionalism.

HLTH, on the other hand, feels like it’s out of control. I remember when it started in 2018 as just a small gathering in Las Vegas. It has apparently ballooned to 12,000 attendees and 900 sponsors. I guess that’s progress, although I’m not sure it’s all for the better.

When I went to my first HLTH a couple of years back, I was struck by how different it felt. Most companies had the same booth size, so you would think the focus would be on substance. Still, there were a lot more “tech bros” than I’m used to, with lots of sneakers and puffer vests but not many suits. It was supposed to be about conversation and content. 

Now we have big booths with espresso machines and ice cream carts. Honestly, it felt more like a popularity contest. Maybe I’m old-fashioned, but I miss the days when people were more interested in building real relationships than just being seen.

HLTH also doesn’t seem to care much for academic rigor or peer review. At HIMSS, you could count on presentations that were vetted and at least acted like they had substance. At HLTH, it feels like speakers are chosen for how much noise they make online, not for what they actually have to say. Most presentations are just opinions and visions, not proven results.

I suppose HLTH never claimed to be academically rigorous. They say they are about “healthcare innovation and societal well-being,” whatever that means. I’ve always believed that lofty goals are fine, but in healthcare, you need something concrete. I’ve seen plenty of big companies come and go, thinking they could fix healthcare, only to leave with their tails between their legs.

There were some positives at the 2025 HLTH conference, such as Kroger and Walgreens giving flu shots. But I ran into plenty of vendors who couldn’t explain what they actually do. I even asked a CEO for a simple elevator pitch, and all I got in return was a finger pointing to an iPad and a questionnaire. If you ask me, that’s not a good sign. Nobody bothered to ask about my organization or my needs, even though I have buying authority.

This year, HLTH was crawling with so-called “influencers.” I’ll be honest, I don’t care much for that term. Most of these folks seem more interested in building their personal brands than in driving real innovation. Some have medical degrees but never finished residency or got board certified. They’re quick to share opinions on topics where they don’t have much expertise. Their LinkedIn profiles are full of adviser roles and startup credits, but it’s hard to tell if they have actually accomplished anything.

There was even a dust-up online about a group of “physician founders” flying to the conference on a private jet, courtesy of an anonymous sponsor. The LinkedIn post and group photo were deleted after some backlash, but it makes you wonder how many of these folks still practice medicine.

HLTH seems to encourage this influencer culture, handing out free passes if you agree to post about the conference nine times. You could spot them in the exhibit hall, always taking selfies and blocking the aisles. They even had their own lounge.

Another trend I just don’t get is all the rebranding. Companies spend a fortune changing logos and colors, then throw parties to celebrate. Wouldn’t that money be better spent on employees or helping out struggling healthcare organizations? HLTH is also the time for big corporate announcements, most of which don’t mean much once you read the fine print.

And don’t get me started on the entertainment. The opening event was at Topgolf, way off the strip, and you needed a shuttle to get there. It just reinforces the old “business is done on the golf course” mentality. The Industry Night at Drai’s Beach Club was another example of excess. I even witnessed some pretty bad behavior at the casino bars, stuff I thought we had moved past.

Sponsors also go overboard with their own parties. I got at least 20 emails inviting me to events, but most required a certain profile to attend. Sometimes you had to apply, and even then, you might get rejected or have your invitation rescinded at the last minute. That’s just bad manners and bad business.

I didn’t bother with the hosted buyer program, even though I’m a budget owner. From what I overheard, it’s basically speed dating for vendors, and I heard some complaints from vendors that the buyers they met with acted bored, as if they were just doing it for the discounted registration.

Bottom line: HLTH and vendors need to take a hard look in the mirror. It’s become too much of a party, with way too much extravagance. In a year when care delivery organizations are facing more uncompensated care and cuts to Medicare and Medicaid, all this glitz just feels out of touch.

I will run pieces whose author prefers to remain anonymous, although they must submit it to me under their real name so I can check for credibility and conflict of interest.

Readers Write: The Six Rights of Clinical Decision Support at the Dawn of the AI Era

The Six Rights of Clinical Decision Support at the Dawn of the AI Era
By Steve Miller, MD

Steve Miller, MD, MBE is clinical solutions architect at FDB.

Clinical decision support (CDS) embedded in the electronic health record (EHR) has demonstrated impressive benefits for patient outcomes, particularly through medication alerts in Computerized Provider Order Entry. CDS helps prevent millions of medical errors per year. Yet the potential of CDS remains under-realized due to poor usability, misalignment with clinical and institutional goals, and its contribution to clinician burnout.

We are at the dawn of a new era in CDS, where we can realize the promise of enhanced care and financial outcomes simultaneously to the empowerment of clinicians.

Effective clinical decision support depends on meeting the Five Rights: delivering the right information, to the right person, in the right format, through the right channel, and at the right time.

Too often many CDS systems still fall short: interrupting workflows, triggering at the wrong moment, or lacking the specificity that is needed to earn clinician trust. High false-positive rates lead to reflexive overrides, eroding confidence and sometimes putting patients at risk. It’s time to evolve the framework.

I propose a sixth right: the right purpose: designing CDS with clearly defined, measurable benefits.

When interventions lack purpose or a defined return on investment, even well-built tools can fail to deliver value. As hospitals face tighter budgets and mounting pressure to improve outcomes, advances in interoperability and artificial intelligence (AI), including large language models (LLMs), offer a new path to achieving all Six Rights.

Workflow Integration: Right Person, Format, Channel, and Time

Consider a common scenario. Dr. Smith, on inpatient rounds, discusses starting spironolactone with 80-year-old Mr. Richards, who has heart failure. After researching the dose, she signs the order and is immediately interrupted by an alert flagging the drug as potentially unsafe for older adults. The decision has already been made. She is annoyed, overrides the alert, and moves on.

Now imagine a near-future alternative. An AI-powered ambient listening tool transcribes and interprets the conversation in real time. As spironolactone is mentioned, a message appears on screen with safety concerns specific to Mr. Richards in his current clinical context, a patient education prompt, alternative options, and a preselected dose. The information is timely and useful, supporting rather than  disrupting shared decision-making.

Context-specific decision support could also surface during pharmacist verification, admission medication reconciliation, or through patient-facing bots. Interruptive alerts at order signature are fading. Smarter systems will deliver guidance at the right moment. They will also reduce the amount of time physicians would otherwise have to spend looking up information, such as lab values that are relevant for a specific drug.

Personalization: Right Information

Let’s revisit Mr. Richards. His heart failure has impaired his kidneys and his potassium is dangerously elevated. This places him at risk for arrhythmia if prescribed spironolactone, yet no alert fires. Dr. Smith misses this lab result, placing the patient in danger.

Now imagine a CDS module that detects elevated potassium and correlates it with spironolactone, firing only when truly relevant. Dr. Smith receives fewer alerts, but each one matters. This precision support, with both low false positives and false negatives, is achievable today using interoperable systems and standardized data.

Beyond labs, decision support can incorporate genetic tests, imaging, pathology, and patient-reported outcomes. AI can convert notes and conversations into structured insights that power a new generation of CDS that is accurate, timely, and personalized.

Return on Investment: Right Purpose

Right purpose means aligning CDS with institutional and societal goals. Tools that serve mission-critical needs, and the other five rights, drive adoption.

Back to our case. Budget cuts force the hospital to reassign pharmacists from the wards. Without human backup, prescribing errors could rise. But with AI-enhanced CDS, the computer system helps the clinical team catch errors and find opportunities to enhance care once identified by pharmacists. Rather than replacing clinicians, CDS amplifies their capabilities, delivering cost savings without compromising care.

AI could also accelerate this shift in two ways. First, AI-assisted development could speed the creation of CDS modules, enabling access to high quality and purpose-built decision support. Second, AI-powered analytics could allow hospitals to evaluate CDS performance in real time, measuring clinical and financial impact and refining systems.

A Pivotal Moment

The current moment in healthcare is one of great challenges and great possibilities. Advances in AI, data standards, and clinical messaging combine with economic pressures to fuel a necessary evolution. The future of CDS is personalized, context-aware, and results-driven. By honoring the original Five Rights, and adding a sixth of Right Purpose, we can ensure that CDS not only guides decisions, but also advances care, supports clinicians, and justifies itself in a resource-constrained world.

Readers Write: From Hype to Headache: The Truth About Ambient Listening

From Hype to Headache: The Truth About Ambient Listening
By Jay Anders, MD and Jeanne Armstrong, MD

Jay Anders, MD, MS is chief medical officer at Medicomp Systems. Jeanne Armstrong, MD is chief medical officer at TouchWorks, Altera Digital Health.

Like prospectors flocking to California in the mid-1800s, hospitals and health systems today are hitching their wagons to AI-powered ambient listening tools in hopes of making their documentation dreams come true.

The attraction is understandable: the power to automatically capture physician-patient conversations and turn them into clinical notes could significantly reduce documentation burden, let clinicians focus on patients, and create a better experience for everyone.

However, as with most gold mining and health tech fantasies, the reality is more complicated. Without the right safeguards, context, and clinical framework, ambient listening risks producing incomplete, inaccurate, or unusable notes. At best, that leaves physicians editing more than they save. At worst, it could compromise patient safety, billing, and care quality.

Transcript 2.0

Every clinician understands the appeal of eliminating clicks and keystrokes. Documentation has become an enormous burden, with 92% of physicians reporting that it negatively impacts care.

Ambient listening promises to capture everything that is said in the exam room, generate a structured note, and let the physician simply review and sign. But as many early adopters have discovered, the first pass is not always the last pass.

Even with high accuracy, the challenge lies in context. If a patient says, “I use my inhaler every morning,” is that a daily maintenance medication or a rescue treatment? If the system places a counseling conversation into the wrong section of the chart, the clinical meaning changes. Physicians cannot uncritically trust the transcript; they must still review and often edit.

Ambient listening certainly removes typing, but it does not solve the core problem of ensuring that documentation is clinically meaningful. This dilemma was echoed recently by the healthcare technology experts at KLAS, specifically:

Our findings show that free text alone will not deliver the outcomes providers expect,” said Mac Boyter, research director at KLAS Research. “For ambient listening to support quality measures, billing, and interoperability, it must generate discrete, structured data—not just nicely formatted notes.

Why context matters

Experienced clinicians know how to ask the right follow-up questions to surface information that patients may not volunteer. They also know which details belong in the history versus the plan and how to translate medical jargon into patient-friendly explanations. An ambient listening system, no matter how advanced, lacks that judgment unless it is anchored by a medical knowledge framework.

That framework provides the “dictionary” against which the AI can validate what it hears. Without it, the risk of hallucinations or misplaced details remains. With it, ambient listening can be constrained, guided, and made more reliable. Context is not a nice-to-have. It is essential to ensure that the note accurately reflects both the clinical encounter and the physician’s intent.

Structured data, not just free text

Another major limitation of most ambient listening solutions is that they generate free text. Even when formatted with section headers, free text is not structured, codified data. It cannot directly feed decision support systems, quality measure databases, or billing workflows.

For example, if a patient’s family history of diabetes is captured only as text, it does not generate a SNOMED code. Downstream systems cannot act on it. Clinicians end up with a nice-looking note that remains invisible to analytics, risk adjustment, and interoperability.

To avoid this pitfall, ambient listening must be paired with technology that converts narrative into discrete, computable data. This makes the output both readable and actionable, while supporting regulatory compliance, coding, and care coordination.

What to look for

Health systems evaluating ambient listening should demand more than transcription and data entry. They should ask:

• Does the system validate documentation against a trusted, clinically referenced framework that is transparent?
• Does it generate codified, structured data that supports billing, quality measures, and decision support?
• Does it give physicians flexibility to toggle between listening, templates, and macros depending on the visit type?
• Does it improve the completeness and accuracy of notes, not just their length?

The answers to these questions will determine whether ambient listening becomes a meaningful advance in healthcare IT or just another short-lived fad.

Help over hype

Ambient listening can make documentation more efficient, but it is not a panacea. Without the right foundation, it risks adding a new layer of complexity instead of solving the problem. To fulfill its promise, ambient listening must be paired with systems that provide medical context, structured data, and clinical relevance.

Again, KLAS’s Mac Boyter reported that its research shows that providers are “looking beyond convenience—they want ambient tools that deliver structured, codified output. Without discrete data, the note is unusable for billing, quality measures, and decision support. Ambient listening is most impactful when it produces information that downstream systems can act on.”

In other words: do not be distracted by the hype. Ambient listening alone is not enough.

Readers Write: For Better Member Engagement, Talk to a Human

For Better Member Engagement, Talk to a Human
By Kevin M. Healy

Kevin M. Healy is CEO of ReferWell.

The healthcare industry is experiencing a digital gold rush. AI platforms are everywhere, offering innovative promises to change how we engage with members for the better. From chatbots to automated outreach tools, the future is fast, efficient, and increasingly faceless.

The issue that many people aren’t discussing is that while these tools offer a quick, and seemingly intelligent, alternative to direct outreach, people are not responding to it. 

Despite the excitement around AI and automation, the majority of healthcare appointments are still made over the phone. Not through an app or  chatbot, but a phone call, often with another human being, because healthcare is personal.

Research shows that 84% of healthcare consumers identified communication quality as a crucial factor in their overall patient experience. When someone needs help navigating the system, whether it’s finding a doctor, scheduling a mammogram, or understanding their benefits, they want to talk to someone who listens and knows their needs, not an AI bot that doesn’t truly understand the emotions that can come with complex healthcare decisions.

Digital tools have their place. Text reminders and emails can be helpful for tech-savvy members, and portals are a fantastic tool for direct follow-up questions with your provider or to reference after visit summary notes.

However, when it comes to driving action, such as actually getting people to the doctor, technology alone rarely moves the needle. A generic text cannot reassure someone who is anxious about an upcoming procedure. A portal doesn’t know if your insurance covers the provider you need to see. Instead, a phone call from a trained care navigator who speaks the member’s preferred language, understands their needs, and respects their time can make the difference.

A study conducted at the University of Alabama’s Patient Care Connect program found that 83% of patients were satisfied or very satisfied with assistance provided by care navigators, and an impressive 90% recommended the program to others. These human connections are more than feel-good anecdotes. They are proven strategies for increasing show rates, improving outcomes, and reducing care gaps.

This isn’t just a rejection of technology. It’s a reminder that we’re in the business of human health. AI can support and inform engagement efforts. It can help us identify the right people to reach and the right time to call, but it shouldn’t replace the human voice at the heart of care.

Let’s build smarter systems that elevate empathy, not eliminate it. Let’s use AI to empower human outreach, not sideline it. Let’s stop mistaking automation for connection. Because when it comes to getting someone to take that critical step, to schedule the appointment, show up, ask the hard question, and take control of their health, a conversation still works better than an algorithm.

Readers Write: Realizing the Value of AI Starts With Data Governance and Leadership Support

Realizing the Value of AI Starts With Data Governance and Leadership Support
By Mark Leifer

Mark Leifer is data and analytics manager for Tegria.

AI dominates healthcare conversations. Vendors are knocking. Leadership is pressured to act. Pilots are sprouting across the industry. EHR vendors like Epic, Meditech, and Oracle are rolling out exciting AI tools that are embedded directly into their platforms.

Whether your organization is adopting those EHR-native tools or building a custom solution, one thing is clear: data governance is foundational.

Amid the AI buzz, many health systems remain stuck in the proof-of-concept phase, unable to scale or sustain results. Gartner reports that by 2027, 60% of organizations will fail to achieve the full value of their AI initiatives due to poor data governance.

In my experience, this isn’t a technology failure. It’s because the organization isn’t ready, and leadership hasn’t made data governance a priority.

Without Governance, AI Can’t Deliver Results

Imagine your organization rolls out a shiny new AI tool for clinical decision support. The logic is sound. It integrates with the EHR and the demo wowed the C-suite. But six months in, utilization is low, analysts distrust the data, and compliance wants to know who approved it.

This isn’t hypothetical. In fact, it’s a common pattern. AI stalls not because the tech fails, but because data governance was never embedded in the foundation. Behind that missing foundation is a lack of executive sponsorship.

Governance Needs a Seat at the Leadership Table

If AI is going to succeed in healthcare, data governance can’t live in the shadows. It needs executive backing, visibility, and resources.

Once an organization sets clear, business-aligned goals for data and AI, the next most important success factor is strong executive sponsorship. Ideally, that sponsor is someone with a C-level title — like a CIO, CMIO, or chief data officer — who can connect the dots between business strategy and the operational work of governance.

Modern data governance should emphasize accountability, clear decision-making authority, cultural alignment, and measurable outcomes rather than focusing solely on control. Executive sponsors are critical to bridging those priorities across business and IT. Their role is not to manage the day-to-day, but to model support, prioritize funding, and align governance with organizational goals.

When leaders show up to governance councils, reference it in strategy discussions, and reward good data practices, the signal is clear: This matters.

Culture, Not Control, Is the Real Barrier

Governance must move from fixing data to enabling confident use of data across the enterprise, from “AI as a cool tool” to “AI as a governed system.” Developing a strong data culture happens through modeling, incentives, and stewardship that’s embedded into real workflows. Without that cultural groundwork, even well-designed AI tools will flounder. Teams won’t know who owns the data. Trust will be low. People won’t feel confident using the outputs. Worse, they may not feel safe raising concerns when something looks off.

Build a Coalition, Not a Silo

Executive sponsorship is step one. Step two is building a data governance coalition that spans departments. This coalition — ideally a formal data governance committee — should include IT, clinical leadership, compliance, operations, and analytics. Too often, these groups are working in silos. This structure ensures that governance is positioned as a value enabler and a risk mitigator for AI adoption, rather than bureaucracy.

When it comes to AI, the governance committee should help define approval processes, monitor model performance, and ask questions about transparency, bias, and explainability. But they should also help build buy-in, provide feedback loops, and support training across the organization.

Is Your Culture Ready for AI?

Here are four signs that it may not be:

• No one can clearly answer who owns governance for AI tools.
• A promising AI pilot was shelved due to unclear accountability or lack of trust.
• Data decisions are made in silos or based on influence, not strategy.
• Governance is viewed as red tape, not a strategic capability.

If these sound familiar, you have work to do, but these are fixable problems.

Three Practical Moves To Build Executive-Led Data Governance

If your organization wants better AI outcomes, here’s what I recommend:

1. Appoint a C-level sponsor for governance and AI readiness. This person should connect governance to business strategy. Not manage the weeds, but advocate visibly and consistently.
2. Stand up a formal data governance committee that includes stakeholders from across the organization. Give it real authority, diverse voices, and a regular meeting cadence.
3. Make cultural change part of the plan. Train people, talk about successes, and share stories where good governance led to better outcomes. Help teams see data governance as something that supports their work, not slows it down.

Final Thought

AI won’t transform healthcare if we treat it like a series of disconnected tech pilots. It must be guided by strategy, grounded in governance, and shaped by people who understand the intersection of data, operations, and clinical care. That kind of alignment demands executive leadership, cultural change, and above all, trust. And trust begins with governance.

Readers Write: Innovate Responsibly – Cutting Through the Hype of Generative AI in Healthcare

Innovate Responsibly – Cutting Through the Hype of Generative AI in Healthcare
By Holly Urban, MD

Holly Urban, MD, MBA is VP of business development for Wolters Kluwer Health.

In the fast-moving world of generative AI (GenAI), it’s easy to get caught up in the allure of shiny new technologies in healthcare. But we can’t let hype alone outpace responsibility. GenAI’s strengths quickly turn into weaknesses if we deploy GenAI in clinical care without carefully vetting it first.

The Shiny Object Dilemma

The healthcare technology market has become flooded with flashy new tools and solutions. According to Deloitte, 75% of leading healthcare companies are already experimenting with GenAI, and our research shows that nearly three-quarters of healthcare professionals recognize the potential of technology like GenAI in aiding professional development, clinical training, and efficiency.

Still, experimentation doesn’t always equate to readiness. What we should be looking at — and answering — is whether GenAI is capable of solving today’s most pressing challenges.

The key to healthcare innovation starts with creating impactful technology and fostering an environment for clinicians and their patients to thrive. That’s only possible by aligning technology with the real needs of healthcare professionals, the patients they’re serving, and demonstrating the return on investment (ROI) in clinical and financial outcomes.

Rolling out new GenAI should be about matching the problems with the right technology. For example, 60% of healthcare professionals believe that GenAI can improve the patient experience, and 41% think that ambient listening capabilities will enrich patient-provider relationships.

Ambient documentation is a prime example of where GenAI is making a significant impact by alleviating one of healthcare’s biggest challenges in a low-risk domain. It can save clinicians hours each week by creating clear and actionable patient summaries, and there’s an incredible opportunity to integrate clinical decision support and revenue cycle into these workflows.

Balancing Hype with Safety

As GenAI gains traction throughout healthcare, risks persist, particularly as GenAI approaches the actual patient and directly impacts their care. One area of concern among healthcare professionals is the overreliance on GenAI. In fact, a preliminary study from MIT explored how GenAI alters the brain’s ability to process information, leading to impaired learning and retention.  

As great as GenAI is at generating content and creating patient summaries in seconds, it’s also capable of hallucinating with complete confidence in the same amount of time. What’s more problematic is the inability to distinguish hallucinations from reality. One study found that up to 45% of residents do not detect hallucinations accurately.

The likes of ChatGPT may perform well on a medical exam or when diagnosing textbook clinical vignettes, but real-world patient care can be far more complex and unpredictable. Patients expect their clinicians to make error-free decisions using trustworthy evidence, not guesswork, to ensure the best possible outcomes.

It’s easy for LLMs to be unaware of clinical context and fail to ask important questions before delivering diagnostic and treatment recommendations when they aren’t held to a gold standard of evidence. LLMs can fail to admit they’re wrong and may lead a clinician down the wrong path if it’s not caught early on.

For example, if you’re treating a patient with a urinary tract infection who is allergic to penicillin, an LLM will likely recommend prescribing fluoroquinolones, which is typically the right course of action. However, if it is not trained to ask if the patient is pregnant, fluoroquinolones could cause a harmful drug reaction in the patient and the fetus.

Real-world concerns can come with severe consequences. GenAI must be fully ready for every clinical application and grounded in rigorously reviewed evidence-based content before doctors rely on it to aid in clinical decision-making.

Making GenAI Responsible for Healthcare

Organizations are beginning to take the lead in building robust AI governance to ensure the safe and responsible use of GenAI at their institutions, as the technology is currently advancing faster than the oversight.

It’s important to learn to walk before you sprint. We’re seeing benefits from gradual rollouts, pilot programs, and industry consortiums offering quality assurance resources for clinical AI. Collaborations are crucial to working towards the same goal of seamless integration and avoiding disruptions or costly errors.

Ultimately, the most effective GenAI tools in healthcare will remove, not add, another layer of complexity to practicing medicine. Our efforts should be grounded in restoring joy to healthcare through the simplification of processes. Patient encounters should focus on care, not on clinicians spending valuable time searching for information.

GenAI offers an incredible opportunity to eliminate friction and accelerate access to the right information at the right time, when clinicians need it. At the end of the day, technology should be an enabler, not a barrier, to delivering the best possible care.

Readers Write: Healthcare Search Strategy Needs a Reboot

Healthcare Search Strategy Needs a Reboot
By Harsh Bhatt

Harsh Bhatt is  executive director of AI and analytics at Praia Health.

With policy changes out of Washington impacting reimbursements, the need for health systems to attract and retain commercially insured patients will become critical. These patients are not only the most profitable, but also the most digitally savvy and the most likely to comparison shop for care.

Health systems have invested years and millions of dollars building digital front doors and acquisition funnels to capture these patients. Unfortunately, those once-proven funnels are quietly eroding beneath the surface, disrupted by something few health systems have yet to account for: AI-powered search.

Despite continued investment in SEO and content creation, leading health systems are seeing a 10% or greater decline in search traffic, even while maintaining high search rankings. AI-powered answers and summaries are increasingly satisfying patient questions at the top of the results page, leaving no need for them to click through to their local health system’s website.

Patients are still searching, but fewer are actually reaching a health system’s digital front door. Since the launch of these AI-powered features, click-through rates from search have dropped by more than 30% across industries.

The problem isn’t just visibility; it’s redistribution. Generative AI tools are favoring national brands like Cleveland Clinic, Mayo Clinic, and Johns Hopkins, as well as commercial providers like Amazon and Teladoc. These entities aren’t winning traffic solely because of name recognition. They are winning because their content is structured for machine readability and optimized for citation by generative algorithms.

This is a fundamental shift. Most patients no longer begin their digital care journey on a health system home page or even a service line page. Increasingly, they begin, and often end, their journey with a generative answer.

To stay competitive, health systems must reimagine not just how they drive traffic, but how they capture and convert it. Traditional SEO is no longer enough. The new frontier is Answer Engine Optimization (AEO) and Generative Engine Optimization (GEO), strategies that organize content in conversational Q&A formats, use structured data and schema markup, and position information to be picked up by AI-driven search experiences.

But even if that click is won, the digital journey can’t end at a static landing page. Unless the next step is personalized, immediate, and intuitive, the opportunity to engage that patient disappears. Health systems need to have intuitive consumer identity and experience on-ramps embedded throughout their digital properties.

Every visitor is more valuable than ever. Health systems must deliver personalized, logged-in experiences that build loyalty and drive retention. When a patient lands on a site, the experience should adapt to who they are, what they need, and how they prefer to engage. Guided navigation, tailored service recommendations, and contextual digital support aren’t just nice-to-haves – they are required to reduce friction and move people closer to care.

Search isn’t dying, but the way patients use it is changing fast. The digital strategies that worked even two years ago are no longer sufficient. Health systems must pivot quickly to remain discoverable, credible, and competitive in the AI-shaped search landscape.

Readers Write: Self-Service in Health IT: More than a Fancy Kiosk

Self-Service in Health IT: More than a Fancy Kiosk
By Sriram Devarakonda

Sriram Devarakonda, MSEE is CTO at Cardamom.

Self-service first emerged in the consumer space, where it was designed to offer a frictionless, user-controlled experience. Whether buying a soda from a vending machine, ordering a burger at a kiosk, or depositing a check via mobile app, self-service is no longer a novelty — it’s an expectation.

The goal? Empower customers with speed and convenience, while still providing the right guardrails.

In health IT, self-service started gaining traction in the early 1990s, as support demand quickly outpaced available resources. Early implementations focused on handling low-complexity tasks like password resets, login issues, and access to knowledge articles.

Today, self-service goes far beyond troubleshooting. Users expect more sophisticated, cognitive tasks, such as exploring data, generating ad-hoc reports, and deriving meaningful insights, all without having to file a ticket. Yet despite the strategic focus placed on self-service across industries, sustainable, impactful adoption in healthcare remains rare.

What separates organizations that succeed with self-service from those that struggle?

Let’s go back to the burger analogy. Why might a customer avoid using a self-service kiosk?

• The interface isn’t intuitive.
• It doesn’t allow for customization (no pickles, extra cheese?).
• It doesn’t support their preferred payment method.
• Most importantly: if the kiosk gets the order wrong, that customer probably won’t use it again. If the burger itself is bad, they may never return to the restaurant, which is a different, but equally important, problem.

Now, apply that thinking to self-service reporting in healthcare. The stakes are higher, and the choices are rarely as simple as picking from a preset menu. Success requires more than just implementing a tool. It demands the right mix of people, processes, and technologies to ensure that the information that is being served is accurate, actionable, and tailored to the user.

Here’s what that takes:

A deep understanding of users and use cases.

A care manager may need a quick list of patients for outreach. An ED director may be focused on real-time throughput. These are vastly different needs, both in purpose and in technical complexity. And that’s just two personas. Most healthcare systems support dozens more, each with their own complexities and needs.

Strong data governance

Certified, approved definitions help avoid inconsistent or misleading data. It’s the difference between ordering a Big Mac and ending up with a plain hamburger.

Rigorous validation processes

Just as restaurants test new menu items before launch, healthcare solutions should be reviewed by cross-functional teams — including clinical, technical, and operational experts — to ensure accuracy and trust.

A long-term mindset

Self-service is not a one-and-done implementation. It’s a journey that evolves with user maturity, system capabilities, and data maturity.

Robust user enablement

Even the best tools fall flat without support. Users need training, ongoing coaching, and a clear path for feedback and escalation.

Clear, meaningful measurement

Success should be tracked through real adoption, demonstrated value, and a measurable reduction in support tickets for routine issues.

Accessible, intuitive technology
The best self-service tools are invisible — seamless, simple, and always available when users need them. 

When executed effectively, self-service doesn’t just reduce dependency on IT teams. It empowers frontline users to make faster, more informed decisions. It builds trust. It turns skeptics into advocates.
But success isn’t a matter of flashy platforms. It requires a service-oriented mindset, one that is grounded in empathy, clarity, and commitment to getting it right.

Readers Write: Innovating the Consumer Experience Beyond the EMR with Open Standards

Innovating the Consumer Experience Beyond the EMR with Open Standards
By Robin Monks

Robin Monks is EVP of technology at Praia Health

Patients – and potential patients — expect seamless digital experiences. They’re getting them every day from their social media, retail, and banking apps. The difference in user experience between viewing a credit card statement and a healthcare bill is obvious – and shocking. At the same time, the costs of fragmented, proprietary systems for health systems are becoming unsustainable.

While we’ve seen progress in allowing patients access to more of their data, we’re just scratching the surface on data access and have yet to make inroads into data actionability. The lack of open standard adoption inflates integration costs, stifles innovation, and limits the true potential of digital health.

This challenge was the focus of our recent HIStalk webinar, “Innovating the Consumer Experience Beyond the EMR with Open Standards,” where fellow industry leaders and I explored the transformative power of open standards in healthcare. I was joined by Ryan Howells, principal at Leavitt Partners and program manager of The CARIN Alliance; David LaBine, vice president of software engineering at Providence 4SITE; and Kristen Valdes, CEO of b.well Connected Health.

We emphasized that open standards — such as OIDC (OpenID Connect) and HL7 FHIR (Fast Healthcare Interoperability Resources) — along with broader open technology requirements are creating dramatic ROI where they’ve been deployed. They are strategic enablers that can dramatically reduce the burdens associated with integrations, data migrations, and workflow adjustments across the healthcare ecosystem.

These standards offer more than just future flexibility. They deliver immediate ROI by accelerating development timelines, minimizing rework, and significantly lowering long-term maintenance expenses. Every closed integration implemented today represents a missed opportunity to operate with greater speed, intelligence, and efficiency.

A key takeaway from our discussion was the critical role of open standards in fostering a truly patient-centric approach. The current landscape often forces individuals to navigate a labyrinth of disparate patient portals, each with its own login and limited data access. This creates significant friction and can even impede access to life-saving information, particularly for those managing complex or rare diseases. By adopting open standards for identity and data exchange, health systems can streamline patient access, improve engagement, and build stronger, more trusting relationships.

Our conversation also delved into the tangible business case for open standards, moving beyond mere compliance. By standardizing data exchange and identity management, organizations can reduce technology costs, automate manual tasks, and unlock entirely new business models. Examples shared included double-digit increases in lab completion rates and cash collection for health systems that have embraced open identity solutions. The ability to connect disparate data sources, from clinical notes to wearable device data, allows for a more holistic view of the patient that enables proactive care and improved outcomes.

We underscored the importance of leveraging established global standards from other industries. The financial sector, for instance, has long utilized open standards for seamless and secure transactions, demonstrating that these are solved problems that healthcare can readily adopt. This approach avoids the costly and inefficient creation of bespoke solutions, allowing resources to be redirected towards actual patient care and innovation.

For healthcare executives and developers who are looking to initiate this transition, the advice is clear. Identify areas where fragmented patient experiences and data silos create friction and cost. Assess how many applications are isolated due to proprietary identity systems.

The potential for double-digit increases in patient engagement and operational efficiency makes a compelling argument for investment. Advocates for this shift are often found among chief digital officers and transformation leaders who recognize the need for a broader, integrated ecosystem of applications.

A practical roadmap for open standards implementation involves a strategic, incremental approach. This includes auditing systems to understand existing data flows and identity challenges, developing a clear vision for interoperability, and creating cross-functional teams dedicated to this transformation.

Open standards are available for immediate adoption. Organizations do not need to wait for mandates or rely on proprietary vendor roadmaps. But adoption requires that vendors be held to open standards when evaluating solutions and during each renewal cycle. By actively engaging with collaborative initiatives and embracing these open frameworks, healthcare stakeholders can collectively drive innovation, enhance patient loyalty, and build a more efficient and effective system for everyone.

The time to act is now. The industry must move from business-to-business data exchange to truly individual-centered care.

Readers Write: The Multi-Million Dollar Transformation Opportunity Healthcare Loves to Hate: Application Rationalization

The Multi-Million Dollar Transformation Opportunity Healthcare Loves to Hate: Application Rationalization
By Amy Penning

Amy Penning is senior application analyst at CereCore.

Rationalize your applications, they say. It will lead to cost savings, streamline your portfolio, and release resources for innovation and technological advancement.

So why do we groan at the idea of starting an application rationalization effort? Immediate reactions to AppRat, as it is commonly called, are often due to the complexity of the work and lack of employee bandwidth to complete the work thoroughly. AppRat is often deemed a “not now, but maybe later” task that is driven by bigger strategic moves like M&A, cloud migration, and EHR implementations, further complicating these mission imperatives, adding to their timelines, and increasing their cost.

Consider these points about all there is to gain from having full visibility into your application portfolio before, rather than during, another strategic undertaking at your organization.

Application Sprawl is Expensive and Risky

Over time, even the most well-managed IT environments accumulate technical debt. Siloed purchasing, legacy systems, and shadow IT can create a bloated application portfolio that could:

• Drain IT support resources.
• Increase cybersecurity risk.
• Inflate licensing and maintenance costs.
• Complicate integration and data governance.
• Impact patient safety.

Application sprawl quietly erodes operational efficiency and financial flexibility, with the most significant impact observed at small to mid-sized hospital systems. However, application rationalization as a strategic lever introduces efficiencies through the elimination of overspending on resources and duplicated functionality.

Why AppRat Is a Strategic Lever, Not Just Cleanup

Too often, we think of AppRat as a “someday” project, something to tackle after the dust settles from a major initiative. But done right, it can:

• Fund transformation by freeing up capital that is tied to redundant or underused systems.
• Accelerate innovation by simplifying the IT landscape and enabling faster adoption of technology.
• Improve clinician experience by reducing system fragmentation and login fatigue.
• Streamline training and support by setting up your organization with enterprise standards versus siloed applications.
• Strengthen security posture by eliminating outdated or unsupported applications.

AppRat’s Anticipated Impact on Operations

I have led programs that decommissioned as many as 30% of an organization’s applications over five years, resulting in savings of as much as $70M. Given the value of resources that can be redirected to patient care, staff development, and digital innovation, the potential impact of an AppRat initiative is even higher.

Timing Is Everything, But So Is Framing the Purpose and Value of AppRat

Timing matters. No one wants to launch AppRat during a go-live or construction phase. But waiting for the perfect time often means that it never happens. 

Instead, organizations should reframe AppRat as a foundational part of transformation, not a follow-up act. AppRat should be a thoughtful, repeatable process that is embedded in the planning phase of any major initiative, not left for the post-project cleanup crew. 

Use Industry Tools Instead of Devising Your Own AppRat Approach

Leverage the findings and tools of those who have done the work before you. The CIO Council’s The Application Rationalization Playbook is available as a free download. It’s a great starting point to understanding methodology

Final Thought: Rationalization Is Essential

Application rationalization should become a regularly performed assessment of your overall application portfolio. It is never finished, but it is foundational. Start your organization’s next major technology innovation or change with full transparency into your organization’s IT costs and cost of ownership by conducting AppRat before it even starts.

Readers Write: Modernizing Healthcare’s Third-Party Risk Approach

Modernizing Healthcare’s Third-Party Risk Approach
By Ryan Redman, JD

Ryan Redman, JD is product manager of marketing at Onspring.

Oracle Health’s announcement of its second data cyber incident in March of this year shocked healthcare providers and customers. Even more alarming was the specific data was impacted that is housed in its legacy cloud infrastructure.

According to publicly available information, approximately 6 million records containing protected health information (PHI) were likely compromised despite Oracle’s attempts to downplay the severity of the potential compromise. The repercussions left hospitals struggling to identify exposed data as the incident reminded compliance officers of the challenge of considering all data outside of centralized oversight, including legacy infrastructures, when accounting for third-party risk.

Many of these healthcare compliance professionals must rely on third-party risk strategies with limited visibility into the many networks of contractors, partners, and hosted environments that they are tasked with managing. Beyond compromising legacy infrastructure data, Oracle’s cyber incidents exposed the damaging compliance gap in how healthcare organizations manage third-party relationships. Healthcare compliance teams must adopt real-time, integrated GRC tools that boost visibility, reduce manual work, and enable proactive risk response to close this gap and protect their data.

The Hidden Dangers of Legacy Infrastructure and Outdated Third-Party Risk Strategies

It’s easy for legacy systems to fall by the wayside within healthcare’s intricate network of active systems that span internal platforms, external platforms, and cloud-hosted data. Using third parties only heightens critical risks. In Oracle’s case, the servers had not yet fully migrated to the company’s new environment, leading attackers to exploit compromised credentials to access those systems. Teams overlooked what appeared to be outdated, dormant infrastructures. Bad actors accessed sensitive data, and traditional assessment methods were unable to detect this risk.

Healthcare organizations face serious compliance consequences when third parties fail to safeguard patient data, whether due to misconfigured access, missed vulnerabilities, or neglected systems. In 2024, the healthcare sector emerged as the most targeted industry for data breaches, proving that third-party risk assessments are not cutting it. Often only conducted periodically and involving emailed surveys, spreadsheets, and disconnected records, these assessments result in hours of manual work and provide a limited, static view of risk. Outdated methods fail to catch emerging vulnerabilities in legacy systems over time. Risks often materialize by the time the next scheduled compliance review comes, meaning sensitive data has already been exposed.

Five Essential Steps to Improve Compliance Oversight

Healthcare organizations must take action to strengthen their third-party risk posture, and the following actions can help turn policy into practice.

• Create a single source of truth for evidence and documentation. A secure, centralized repository ensures that materials that are relevant to organizational compliance are version-controlled and always accessible.
• Track and classify third-party integrations and engagements. Different use cases with the same third parties can carry varying levels of risk. A clear inventory with engagement-level context supports more accurate classification and visibility.
• Automate risk scoring and review cycles. Configurable scoring models based on regulatory frameworks allow compliance professionals to consistently assess third-party risk without manual intake processes.
• Move from periodic reviews to continuous oversight. Periodic reviews leave critical gaps in risk oversight. Real-time alerts through continuous monitoring flag when risk scores increase with new findings.
• Develop response plans for third-party risk. Organizations must regularly test even the most comprehensive risk programs through tabletop exercises or simulations.

Ultimately, maintaining trust is vital to compliance, and losing it comes at too high a cost.

Readers Write: Beyond Self-Scheduling: Analysis Shines Spotlight on The Future of Patient-Driven Access

Beyond Self-Scheduling: Analysis Shines Spotlight on The Future of Patient-Driven Access
By David Dyke

David Dyke is chief product officer at Relatient.

“Access to care” has become a central theme in healthcare leadership discussions. While the term “access” can mean many different things in healthcare, it begins with the patient.

A new nationwide analysis of self-scheduling tool usage underscores a shift occurring in the industry that provider organizations must acknowledge and act on to stay relevant: patient-driven access. Findings across more than 150 million patient bookings reveal a 30% year-over-year uptick in patients who booked appointments through digital self-scheduling options from 2023 to 2024.

Patient interest in self-scheduling is likewise driving adoption from healthcare organizations. The analysis further revealed a 53% increase in implementations of self-scheduling tools across a wide variety of healthcare organizations and specialties.

Self-scheduling has evolved into an essential access tool for today’s practices that are striving to meet rising patient expectations. The key is making the right investments upfront to ensure that organizations reap the full benefits of patient-driven access. Early adopters stand to not only delight patients, but also to realize significant operational value and bottom-line impact – such as 24/7 patient access and new patient acquisition — faster.

Understanding Increased Adoption of Self-Scheduling

Patients increasingly prefer digital self-scheduling options, with an overwhelming desire for improved digital self-service. As the first touchpoint in the patient journey, scheduling has a critical impact on overall patient experience.

Consumerism trends point to the need for greater convenience and empowerment. This means manual processes that require having to call multiple times or wait on the phone to schedule an appointment are quickly being replaced with digital solutions by today’s healthcare organizations.

Healthcare leaders value the patient experience advantages of self-scheduling. They also gain operational efficiencies and greater revenue opportunities. Data uncovered from the analysis revealed:

• A 50% decrease in no-show rates for self-scheduled appointments.
• A 21% reduction in cancellations when self-scheduling is used. The reduction was 30% for established patients.
• Two-thirds of appointments that are booked through online self-scheduling are for new patients.

These numbers significantly highlight ongoing industry opportunities to improve no-show rates and appointment cancellations.

Expanding the Impact of Self-Scheduling

Putting patients in the driver’s seat is a start, but the future of self-scheduling optimization relies on more intelligence and integration across the entire patient journey. Organizations can expand the impact of these tools by:

• Integrating full-service scheduling APIs to meet patients where they are. These open scheduling APIs provide flexibility for healthcare organizations to scale access points across diverse channels, automating key scheduling functions across a variety of new and existing patient touchpoints, including virtual agents, AI-assisted chatbots, third-party apps, financial clearance processes, and virtual care platforms. By supporting a self-service, multi-touch model, these tools empower patients to take control of their care journey. Many organizations struggle to deliver this model due to disconnected systems, but tightly linked, multi-channel functionality allows patients to bypass long phone queues and enjoy a more seamless experience, while providers gain better system interoperability and operational efficiency.
• Transforming staff and patient experiences by automating common appointment management tasks with AI-driven voice solutions. New Voice AI tools integrate seamlessly with existing scheduling systems, taking on repetitive, high-volume inquiries, such as appointment rescheduling and cancellations, so that staff can focus on more complex patient needs. By deflecting calls and reducing hold times, these tools not only ease operational strain, but also enhance the patient experience with immediate, conversational support that is available 24/7.
• Driving action and education with integrated scheduling across the patient journey. Digital patient communication should not only inform —  it should drive action. By embedding scheduling functionality into key communication touchpoints, such as appointment reminders, referral activation, and rescheduling workflows, organizations can support patients with timely next steps. This creates a more seamless and scalable access model.

Whether booking a single primary care visit or managing ongoing specialty care, patients benefit from convenience and autonomy, while providers see increased appointment adherence and streamlined operations. Consequently, providers should think beyond traditional scheduling within the call center by embracing self-scheduling and the scalable infrastructures that are needed to support success for the long-term.

As the future of patient access continues to unfold, with more and more power placed in hands of the patient, a single self-service touchpoint won’t be enough. Savvy patients will come to expect a seamless, interconnected experience at every step of the way.

Expanding patient self-service functionality now allows organizations not just to keep up, but to actively fulfill the future of patient access, leading the pack in both patient access performance and operational efficiency.

Readers Write: “The Illusion of Thinking”: Implications for Healthcare

“The Illusion of Thinking”: Implications for Healthcare
By Vikas Chowdhry

Vikas Chowdhry, MS, MBA is founder and CEO of TraumaCare.ai.

If you are even moderately interested in AI, I am sure you have by now at least seen various comments and responses in social media to Apple’s paper titled “The Illusion of Thinking.” But in case you have been under the AI rock, here’s a brief summary.

In this paper, the authors show that today’s large reasoning models (LRMs such as OpenAI o3-mini, DeepSeek-R1, Claude 3.7 Sonnet-Thinking) — systems that explicitly generate long chains-of-thought — really do think more, but not necessarily better. On carefully designed puzzle tasks, they beat ordinary LLMs only in a narrow middle band of difficulty and then collapse outright as problems grow harder.

As expected, the comments span the gamut, from “the sky is falling” to “not a big deal, they will figure out a way to overcome or fix this.” While I am not in the “sky is falling” camp, I do think that this paper raises some important questions with special implications for healthcare. Any healthcare organization (or vendor) that is using or developing a product that is based on LLMs/LRMs will need to think deeply about these issues and have a strategy to run their own similar evaluations and hopefully share them publicly.

Here are four key findings from the paper and my take on the implication of each finding for healthcare.

#1. Impact of complexity on reasoning performance

The authors identify three performance regimes as problem complexity rises:

• Low complexity: standard LLMs are more accurate and efficient than LRMs.
• Medium complexity: LRMs pull ahead.
• High complexity: both collapse to zero.

Performance of LRMs (solid lines) and LLMs (dotted lines) across low, medium and high complexity puzzles (figure from the Apple paper).

Healthcare implications:

• How will you define complexity thresholds in your workflow?
• Does your system dynamically choose between an LLM and an LRM based on a case’s difficulty?
• Can it detect when a case crosses a threshold and alert the clinician instead of forging ahead with low-quality output?

#2. Token-effort collapse

LRMs spend more tokens as tasks get more complex until a critical point, after which, they give up and begin to reduce their reasoning effort despite increasing problem difficulty. This behavior suggests a fundamental scaling limitation in the thinking capabilities of current reasoning models relative to problem complexity.

Healthcare implications:

Let’s say your product helps detect malignant tumors, or, transcribes ambient conversations using LLMs/LRMs.

• In operational mode, does it have mechanisms to detect that the case has crossed a complexity threshold and that it is giving up, and that at that point, humans need to stop using it for that case?
• What happens if the AI product was sold as a tool to make your apps take on more primary care responsibilities, and now that the product has given up, what’s your recommendation for the NP who was relying on your product?
• What if your product doesn’t even have the awareness that it has given up and the NP continues to rely on its output? Who owns the risk for a misdiagnosis?

#3. Over-thinking & self-correction limits

For simpler problems, reasoning models often find the correct solution early in thinking, but then continue exploring incorrect solutions (overthinking). As problems become moderately more complex, this trend reverses: correct answers appear only late. For hard tasks they never appear (“collapse” as discussed earlier).

Healthcare implications:

• Over-thinking wastes compute and drives up cost.
• Yet aggressively pruning the chain of thought might remove the only path to a correct answer on tougher cases.
• Your system therefore needs complexity-aware throttling, not a one-size-fits-all token limit.

#4. No benefit from explicit algorithms

Prompting with a known algorithm to solve the problem does not improve the performance. This indicates weaknesses in faithfully executing step-by-step logic, not just in discovering it.

Healthcare implications:

A healthcare organization may have explicit clinical guidelines for certain use cases and would want the AI product to follow them when those guidelines are met. However, the results of this paper show that an LLM/LRM based on AI product may not be able to execute an algorithm based on those guidelines even when explicitly programmed into the system.

• Embedding clinical guidelines verbatim is not enough.
• You must verify that the model can faithfully execute those step-by-step protocols under real-world complexity.

Final Thoughts

AI progress is breathtaking, yet deploying it in high-risk domains like healthcare demands transparent, domain-specific safety testing. This paper is a timely reminder that such work takes time, expertise, and openness. Sharing evaluation results will accelerate safe adoption for the entire industry.

Readers Write: The Future of Member Support: How Intelligent Search Can Transform VAB Delivery

The Future of Member Support: How Intelligent Search Can Transform VAB Delivery
By  Andi Gillentine

Andi Gillentine, MS is VP of national accounts at Findhelp.

Value-added benefits (VABs) are services that are offered by Medicaid managed care plans above and beyond required Medicaid state plan services. They are extremely popular –  Medicaid plans in at least 48 states offer VABs — and historically poorly promoted and utilized.

How do we ensure improved utilization of VABs, which have the power to impact quality measures, quality of care, and overall health? By maximizing intelligent searching via closed-loop referral systems to surface the right programs to the right person at the right time, for both care managers navigating on a member’s behalf and members who are self-navigating.

About VABs 

While VABs are typically non-medical, they are often related to member wellbeing. Examples of VABs are car seats and bike helmets for children, extended dental and vision services, over-the-counter medication funding, and carpet cleaning. More and more commonly, these services are used to address health-related social needs (HRSNs).

In Ohio, for example, VABs are allowed for dental, vision, transportation, health and wellness programs (includes housing supports and medical meals), incentives to strengthen health and wellbeing (includes rewards for seeking preventative care), prenatal and postpartum incentives, application services, telehealth, and 24-hour medical advice lines. Each of the seven Medicaid plans in Ohio offers at least 30 VABs, with one plan offering nearly 50.

This wealth of benefits can help Medicaid members achieve improved health outcomes and quality of care that is measurable in HEDIS and other health quality measures, if the members are aware of the benefit and know how to access it, and if administering it is easy on the health plan. Unfortunately, this is often not the case.

Improving VABs Access and Awareness

Today, in most states, a Medicaid member seeking support would have to spend hours researching their health plan website or reading their plan’s member handbook. As any health plan member can attest, this is a challenging, time-consuming task, frequently made more challenging by engaging solely through a smart phone. Accessing VABs usually requires a call to a customer service representative, with potentially long wait times, and then a waiting period to receive the goods or services.

This high administrative effort to find and access benefits results in high costs for health plans. Many Medicaid members miss important preventive care appointments due to transportation issues, use the ED for non-emergent needs because they can’t afford medications, or lose housing or utilities. VABs can provide the resources and support to prevent these occurrences, but it’s not enough for support to just be available. Members need relevant recommendations and easy access.

In an ideal world, a Medicaid member would be able to go to one place, validate their insurance coverage, search for services that address their needs, and receive intelligent results that provide resources tailored to their specific situation, with the ability to self-refer to access these goods and services. This intelligent search needs to include all available resources from their community, county, state, and health plan’s VABs. No more hunting through multiple sites or staying on the phone for long periods of time just to put food on the table, get a ride to an appointment, or find a car seat.

Intelligent Search is the Answer

There are no technological hurdles to solving this problem. We have already solved it. We simply need to integrate these workflows at the right time and in the right place for navigators and Medicaid members, using interoperable social care platforms with intelligent search capabilities. Where a patient can walk in the doors of a safety net hospital and, because of the integrated social care information in their medical chart, tailored recommendations, including VABs, are automatically presented to  care teams. The care team may refer or recommend some of these resources to the patient and encourage the patient to self-navigate for additional benefits and support. Or where a health plan care manager, engaging with a chronically-ill, dual-eligible member, can assess need and eligibility for VABs and other integrated social care support and, with consent, directly refer the member to services.

One personalized, intelligent search for all services, in easy-to-access workflows for navigators and members. The future is already here. Let’s make the most of it.