Readers Write: Why Patient Wait Times Still Define the Clinic Experience in 2026

Why Patient Wait Times Still Define the Clinic Experience in 2026
By Inger Sivanthi

Inger Sivanthi, MBA is CEO at Droidal.

Outpatient clinics in 2026 look different from those of a decade ago. Scheduling is online. Records are electronic. Patient portals are standard. Most organizations have already spent the money that was required to modernize access.

Long patient wait times have not disappeared. Waiting rooms still fill early. Appointment times slip before the morning is half over. Front desk staff often begin the day responding to issues rather than managing a steady flow. This happens even when staffing levels are reasonable and schedules appear balanced.

When delays show up this early, technology is rarely the cause. The problem usually lies in how the day begins.

Discussions about wait times often focus on staffing gaps, provider availability, or late arrivals. Those explanations only go so far. In many clinics, the bigger issue is incomplete preparation that spills into the first hours of the day.

Much of the information required for a visit is not fully settled when patients arrive. Demographic details are outdated. Insurance coverage has changed. Required documentation is often left unresolved. The issues show up at the front desk, not in reports.

The front desk absorbs the impact of this unfinished work. Questions that should have been resolved earlier get handled under time pressure. Small corrections stack up. By mid-morning, the schedule is already off course.

Digital intake has reduced paperwork, but it has not changed the timing of the work. Patients may submit forms ahead of time, yet staff still need to review, verify, and correct information close to arrival. Insurance questions require follow-up. Consents must be confirmed. Records must align before a visit can proceed smoothly.

Attempts to improve wait times often focus on making check-in faster. More kiosks are installed. Workflows are tightened. Tasks are automated where possible. These steps improve efficiency, but the constraint remains. As long as preparation is concentrated at the start of the visit, the front desk stays under pressure.

Some organizations now treat intake as work that should be largely completed before the patient enters the clinic. When information is settled earlier, the start of the day becomes more stable and less reactive.

To help with earlier preparation, some clinics use pre-visit review tools that scan intake information before the appointment. Missing data, coverage discrepancies, and unresolved items are flagged while staff still have time to respond. Problems that would otherwise surface at the front desk are handled earlier, when schedules are not yet under strain.

These systems do not replace staff judgment. They point attention to likely trouble spots so issues can be resolved before patient flow is affected. Moving this work earlier reduces the amount of recovery required once the clinic is busy.

Check-in becomes steadier. Front desk staff spend less time resolving avoidable issues. Schedules hold closer to plan across the morning. Patients spend less time waiting because fewer problems reach the front of the workflow.

There is concern that completing intake earlier removes personal interaction. Staff often report the opposite. When documentation and coverage issues are addressed ahead of time, conversations at check-in are calmer and less rushed. Visits begin with clearer expectations.

Patient wait times persist in 2026 because too much essential work still occurs at the moment of arrival. Clinics that complete preparation earlier and use pre-visit review selectively tend to operate with greater stability. The difference shows up in a day that runs closer to plan.

Readers Write: Killing the Clipboard: Cloud Fax is the Bridge to Patient-Centric Data Access

Killing the Clipboard: Cloud Fax is the Bridge to Patient-Centric Data Access
By Bevey Miner

Bevey Miner is a healthcare strategist at eFax, a Consensus Cloud Solutions brand.

The Trump Administration’s renewed focus on interoperability has reignited the long-standing calls for healthcare to “Kill the Clipboard.” This movement aims to eliminate the administrative burden and data silos that are caused by paper-based processes, allowing for near-instant access to searchable, actionable patient information.

The industry broadly supports modernization efforts, with patient access at the forefront. But we need to ensure that this digital transformation doesn’t leave small, rural, and under-resourced communities behind.

The paper problem: why change takes time

We cannot wait for every provider to achieve a perfect, fully digital state before we start delivering on the promise of interoperability. Patients must have access to their data now, even if parts of the industry are still using clipboards and paper fax.

With the federal initiative to bolster near-instant patient access to their health records, along with real-time patient data accessible for providers to dramatically speed care coordination, paper records that are transmitted over outdated fax machines don’t support and often impede the ability to reach this goal. The administration is leaning heavily on data networks and vendors to streamline the transmission of information between healthcare providers while modernizing standards with FHIR APIs.

Conceptually, the future we are all working towards is faster data access, searchable and actionable information to improve care, and seamless communication between care teams. This idealized future state fails to account for the practical limitations that are facing many foundational healthcare organizations. 

Twenty-nine percent of providers report that they lack the financial resources that are needed to deploy the advanced digital infrastructures that are required by today’s interoperability vision.

Many organizations, like rural and smaller post-acute care settings, are still playing catch-up since they were excluded from incentives that accompanied the HITECH act of 2009. While some of these organizations may have an EHR, it may be outdated and not certified. Additionally, it’s not uncommon to find others working with scrappier, home-grown solutions, or even resorting to paper-based and manual processes.

But while these smaller organizations might not have million-dollar EHR platforms, they do have paper fax. In order for healthcare organizations of all sizes to participate in the move to “Kill the Clipboard,” they are turning to digital cloud fax.

Cloud fax: healthcare’s guilty pleasure

A recent survey found that 46% of healthcare facilities still use paper fax to send and receive patient data. If the healthcare industry is so dedicated to moving past paper, why do these archaic systems persist?

The simple answer is that, while we are attempting to replace the paper fax machine with a structured data format like FHIR, we still need the next level of communication maturity: cloud fax. Once a fax becomes digital, additional data-sharing capabilities become possible. 

Cloud fax offers all the benefits of paper fax and is much more efficient. It is particularly easy to use and can be fully integrated into other applications via APIs. For decades, it has served as the standard method for document and digital data transmission in healthcare because it checks many boxes. It meets HIPAA and HITRUST standards and is universally compatible with other systems that operate in silos.

Simply put, cloud fax is the most common and accessible form of send and receive communication in our industry. Calls to prevent its ubiquitous use demonstrate a fundamental unawareness of current operational realities and the power of digital transformation to modernize and integrate cloud fax, rather than simply eliminate it.

Send, receive, find: AI-powered digital cloud fax goes the extra mile

Digital cloud fax provides robust send and receive capabilities, but to meet the CMS definition of interoperability, “find” is another key component. To find information, the data must be discoverable. New AI capabilities are helping fax go the extra mile, transforming traditionally unstructured, static documents into structured, actionable insights using intelligent data extraction. This is critical to advancing interoperability since as much as 80% of healthcare data remains unstructured.

Innovations in machine learning and LLMs enable unstructured data from digital faxes, scanned images, TIFFs, and other PDFs to be extracted from nearly any type of health document, including intake content, claims, handwritten forms, and more, and place it directly into a structured system like an EHR or a payer workflow. When these AI tools are built on digital cloud fax platforms to start, they are already leveraging a technology that most healthcare organizations have in place. Implementation is significantly easier and less time-consuming than adding an entirely new system to an organization’s already overloaded and fragmented tech stack.

Delivering superior reliability and security, intelligent digital cloud fax acts as a connector between various types of data files and formats, sharing both structured and unstructured data between healthcare organizations that span various levels of digital sophistication.

Time to face the fax

For many healthcare organizations, digital cloud fax isn’t a roadblock, but an accelerator, enabling them to keep up with more tech-savvy counterparts without the heavy investment in rip and replace technology. It also supports the ongoing FHIR mandates and regulatory changes impacting providers at every level.

By recognizing digital cloud fax as a necessary part of day-to-day operations, as it is at most healthcare organizations, we can better understand how this tool can help us reach interoperability faster, while facilitating the digital transformation of as many organizations as possible.

Healthcare’s reliance on digital cloud fax should not be treated as a guilty secret. Instead, it’s an equalizer and an opportunity. Once we realize its full potential, interoperability initiatives will be more achievable and successful than ever.

Readers Write: Engineering Prior Authorization for WISeR: Six Ways Providers Can Prepare for AI-Assisted Prior Authorization Under the WISeR Model

Engineering Prior Authorization for WISeR: Six Ways Providers Can Prepare for AI-Assisted Prior Authorization Under the WISeR Model
By Ryan Redman, JD

Ryan Redman, JD is product manager at Onspring.

The Wasteful and Inappropriate Service Reduction (WISeR) model introduces AI-assisted reviews into Medicare Fee-for-Service (FFS) prior authorization across six pilot states is now live, as of January 2026. That may expedite cost control, but it also raises high-stakes governance questions that are already being discussed in public debate.

Some critics have warned of an “AI death panel” dynamic in payer decisions, a fear that is now echoing into Medicare’s orbit as automation expands. For providers participating in original Medicare, the operating problem changes. Decisions must be made quickly, consistently, and defensibly, with evidence trails that withstand audits and appeals.

While the program is framed around reducing waste, it creates immediate governance, risk, and compliance challenges for providers who are deciding whether and how to submit services through the WISeR prior authorization pathway.

What changes most under WISeR is not clinical care, but the expectation that decisions are traceable, reviewable, and defensible as they move through provider ordering, scheduling, and revenue cycle workflows and into AI-assisted review on the payer side.

How should providers respond? The focus should be on preparing ordering, intake, and revenue cycle workflows first, then tuning for throughput.

Where the friction really is for providers

Before designing solutions, providers must understand where WISeR introduces operational and governance risk into existing workflows. Providers will still deliver care and submit claims, but WISeR introduces new intermediaries, AI technology vendors, between the provider and the Medicare Administrative Contractor.

With tech vendors now in the mix, incentives to curb waste cannot influence clinical judgment. Provider documentation and workflow controls must support medical necessity without introducing financial bias into clinical decision-making.

Teams will have to juggle prior authorization and pre-payment reviews. If a provider chooses not to submit a required prior authorization, the claim will be scrutinized pre-payment, delaying reimbursement by 45 days or more and potentially affecting cash flow. If prior authorization is skipped, post-service reviews can stall cash and increase appeals, so routing, timers, and evidence capture must be precise.

The baseline requirement: transparency is non-negotiable. Prior authorization status, approval and denial patterns, turnaround times, and appeals must be visible across provider clinical, scheduling, and revenue cycle teams, not in stitched spreadsheets, with human review and audit trails for any AI-assisted step.

Build a WISeR-ready architecture

With the friction points defined, the build becomes clearer. From a provider perspective, a WISeR-capable pipeline consists of six moving parts that function as a single system and support governance, risk monitoring, and compliance reporting.

1. Data discipline at intake. Ensure that your intake teams or software are capturing the specific clinical evidence that is required for WISeR codes before the order is signed. Don’t let the order proceed without the “evidence packet” attached. For providers, this starts with ensuring that required clinical documentation is captured at the point of order for WISeR-targeted services.
2. Pre-submission logic checks. Configure clearinghouse or revenue cycle management (RCM) practices to check claims before submission. If an issue arises, stop the claim internally before the AI vendor sees it.
3. Clinical review queue (human in the loop). For providers, this includes ensuring that claims do not drop until a prior authorization number is on file. Use selectable reason codes for consistent reporting and notices. Human oversight remains a documented control, not an informal checkpoint.
4. Evidence and disclosure bundles. Automatically generate a complete packet for each determination: inputs, rationale, attachments, timestamps, communications, and notices aligned to reason codes.
5. Appeals and learning loop. Segregate appeals (different reviewers, fresh rationale). Track overturns and feed them into rule refinement, reviewer coaching, and documentation retraining where gaps are identified.
6. Observability in the system of record. Instrument the same system that makes decisions: latency distributions, approval to denial ratios, appeal rates and outcomes, reviewer variance, and any AI usage or overrides. Providers should monitor denial trends closely to identify whether specific diagnosis codes or documentation patterns are triggering automated review.

Controls that make speed defensible

Role-based access should determine who can view PHI, who can finalize a determination, and who can modify provider-controlled workflow rules and documentation requirements. When those rules or configurations change, record who reviewed them and maintain a versioned history of the changes. Logs should be append-only and time-stamped, with retention aligned to records schedules. Controls should also prevent WISeR-targeted claims from being submitted without a prior authorization number on file.

Because AI-supported reviews occur on the WISeR technical vendor side, providers are not tuning models, but monitoring outcomes. Pattern and variance checks should run continuously, monitoring approval and denial rates by category and population slices, tracking overturns on appeal, and flagging outliers for the governance group. Provider compliance, legal, security, and operations teams should review findings together to protect both reimbursement and regulatory posture.

Proving it with metrics and turning plans into operations

Where providers use AI internally, such as limited adoption of AI-enabled claims review or denial prediction, those tools should be governed as part of existing clinical and revenue cycle controls rather than treated as core to the WISeR model itself.

Treat WISeR as an engineering problem: set up the core path, prove it on one service line, and then extend it with guardrails. Four phases keep providers moving without losing control.

• Phase 1: foundation. Intake queues, evidence and disclosure bundles, and tamper-evident logs. Run one high-volume service line end to end. Ensure schedulers do not book WISeR-targeted procedures for original Medicare patients without a prior authorization number on file.
• Phase 2: pilot and prove. Add audited versioning for rules and, where used by a limited set of providers, any AI-enabled claims review configurations. Require documented clinician sign-off for adverse determinations and keep clinical review independent from financial reporting in access controls and logs. Validate that claims for targeted codes cannot drop without prior authorization.
• Phase 3: find gaps and retrain. Use denial and pre-payment review data to retrain physicians when documentation gaps emerge.
• Phase 4: institutionalize and monitor. Run a standing governance cadence (compliance, legal, security, operations, clinical). Track a small, trusted set of metrics: time to decision (median and tail), backlog age, first-pass yield, appeal and overturn rates, reviewer variance, and cash flow impact from pre-payment review delays.

WISeR raises the bar on speed, transparency, and defensibility. For providers, success depends on preparing workflows and documentation before claims are submitted. Done well, this approach protects reimbursement, limits disruption, and may support future eligibility for CMS “Gold Card” exemptions as performance is evaluated during the pilot, ensuring that provider organizations can participate in WISeR without unnecessary risk. Getting data, documentation, and workflows right now puts providers in a position to earn flexibility later.

Readers Write: Early Warning System: How AI-Driven Near Miss Reporting Can Improve Patient Safety

Early Warning System: How AI-Driven Near Miss Reporting Can Improve Patient Safety
By Tim McDonald, MD, JD

Tim McDonald, MD, JD is chief patient safety and risk officer for RLDatix.

A nurse prepares to administer a medication to a patient, notices that it is the wrong medication, and corrects the order. A surgical assistant sees that a patient has been prepped for surgery on the wrong limb and corrects the error. A patient on a liquid diet receives a meal with solid food, but a vigilant nurse notices the mistake and substitutes an appropriate meal.

In hospitals and other healthcare facilities, near miss incidents are commonplace. Robust care protocols and training of clinicians, nurses, and other staff go a long way to reducing incidents and preventing patient harm.

But for a variety of reasons, near misses are underreported across healthcare, representing a multitude of lost opportunities.

The importance of understanding how many near misses occur

The World Health Organization defines a near miss as “an error that has the potential to cause an adverse event (patient harm), but fails to do so because of chance or because it is intercepted.”

Healthcare leaders recognize that a certain number of preventable errors are inevitable. Healthcare delivery is complex, emergency rooms are overcrowded, and staff who are dealing with higher patient volumes are understandably prone to error due to fatigue or burnout.

Hospital leaders want to take measures to reduce the number of preventable harm events and have an opportunity to use near misses as a way to prevent them from escalating into serious incidents. That said, having a large number of near miss reports can be beneficial to a hospital as it indicates that a strong safety culture exists and provides valuable learning opportunities for leadership. Hospitals that effectively encourage robust near miss reporting are better positioned to identify and solve problems before they lead to patient harm.

Heinrich’s safety triangle theory holds that 300 near misses occur for every severe accident that involves a serious injury or fatality. Once hospital leaders have a good idea of how many near misses are occurring, they can use AI tools to analyze their near miss data and predict their risk for more serious adverse events. But the real challenge is getting an accurate near miss number.

Most hospitals have voluntary event reporting systems that include reporting of near miss incidents. But the fact that they are voluntary means they likely underestimate the actual number of near misses occurring. A nurse who notices a patient recovering from surgery walking the hallways without non-slip socks may not report the incident for fear of blame or any consequences of reporting. They also may not report a near miss because they believe the event not to be severe enough to warrant it.

One of the biggest reasons for the underreporting of near-misses is that clinical staff lack the time to log an incident report. For many hospitals, event reporting is manual and time-consuming, often taking around 10 minutes per report. Unless healthcare leaders take steps to simplify and streamline incident reporting, including leveraging AI tools to significantly reduce reporting time, they will lack real visibility into how many near misses are occurring and fail to fully understand the threats to patient safety.

Automating event reporting with AI

Advancements in generative AI and large language models (LLMs) offer the opportunity for hospitals to not only improve the accuracy of near miss reporting, but reduce the amount of time needed to log a report. These reporting efficiencies give back valuable time to clinical staff to care for patients. LLMs can process unstructured data, such as text, audio, and video transcripts, and understand the context, which makes it possible to extract and organize insights for a report.

For busy clinical staff, using an AI tool to accurately create an incident report, rather than filling out a report manually, could save considerable time.

As an example, say a nurse realizes that a patient with a penicillin allergy has been prescribed amoxicillin. The nurse prevents the dose from being given to the patient and requests an alternative prescription, preventing harm to the patient. The nurse takes a few minutes to make a verbal report using an AI-based event reporting tool, and moves on to their next patient. From the nurse’s voice notes, the event reporting tool generates a complete incident report, giving hospital leaders valuable insights about what happened.

Leaders can use machine learning tools to analyze near miss reports over time and detect patterns and trends, as well as anticipate risks, in order to be able to prevent harm before it happens.

Automating incident reporting, including near misses, helps reduce barriers to reporting and gives clinical staff a more active role in reducing harm system wide. 

Better tracking of near-misses can serve as an early warning system

In a way, near miss incidents can indicate the diligence of clinical staff. An attentive nurse who notices an unsecured electrical cord and prevents a patient from tripping is obviously well trained.

Improved near miss reporting creates opportunities to improve processes and protocols, such as improved medication safety protocols, fall prevention measures, emergency department redesign, or training on safe injection methods.

When they are well understood and documented, near misses can act as an early warning system. When hospital leaders have a complete picture of incidents where a patient could have been harmed but wasn’t, only because of the timely intervention of a staff member or just plain luck, they can predict their risk of serious adverse events. They can understand their vulnerabilities and take corrective actions that prevent future incidents of harm.

Hospital leaders shouldn’t leave the future of patient safety to chance. Generative AI tools offer the opportunity for clinical staff to file incident reports seamlessly within their daily workflow, increasing the number of near miss reports received while decreasing the administrative burden that leads to clinician burnout and fatigue. AI and data analytics solutions give hospital leaders the ability to analyze trends over time and gain insights into how many near misses are actually occurring.

With effective use of AI-based tools, staff collaboration, and data-informed decision making, hospital leaders can raise standards of care and safety, reduce risk, and improve outcomes for all.

Readers Write: The Operational Divide in Healthcare: Epic-First Health Systems Versus Real-Time Health Systems

The Operational Divide in Healthcare: Epic-First Health Systems Versus Real-Time Health Systems
By Buzz Stewart, PhD, MPH

Walter “Buzz” Stewart, PhD, MPH is CEO of Medcurio.

An ongoing split is forming across US healthcare, a divide that health system leaders are driving overtly or by default.

On one side are the organizations building real-time reflexes into their operations. On the other are the organizations whose pace is still dictated by vendor-defined data access paths, delayed data, and workflows that are constrained by the vendor architecture.

This divide isn’t philosophical. It is operational. And it is widening fast. This will be the competitive divide for the next decade.

Two Emerging Camps

Markets don’t stall because of a single vendor. They stall when incumbents limit the freedom for customers to move faster, choose better, and innovate on top of their own data. As modernization accelerates, health systems are sorting into two identifiable groups:

Real-Time Health Systems

These organizations are developing the ability to govern their own data access, sense operational signals as they occur, and route actions immediately. They are beginning to build reflex loops, which are lightweight, programmable logic that prevents revenue loss (fewer denials, reduced LOS), mitigates safety drift, reduces manual intervention, and stabilizes workflows before problems compound. They seek destiny control and predictable value creation.

These organizations lean toward independence in how they access and use their own data, and they treat delay as a form of waste rather than an unavoidable byproduct of enterprise IT.

Epic-First Health Systems

These organizations face the same challenges as real-time health systems, but move at the speed of vendor-mediated access. They depend on (costly) sanctioned interfaces, roadmap timelines, batch extracts, and manual processes to identify operational issues. Limited tooling to say the least.

These organizations treat delays as an avoidable byproduct of enterprise IT and accumulating operational drag is their norm

Why the Divide Is Forming

Four forces are driving the move to real-time health systems faster than the industry expected:

• Labor costs in healthcare have risen faster than inflation for five decades, while inflation-adjusted revenue per encounter has steadily declined as commercial mix shrinks. There is no way out from under the current operating model, and no real way to differentiate in most markets if you keep playing the old game.
• Operational latency is a margin killer. Discharge delays, denials identified too late, referrals never acknowledged, eligibility errors discovered only after work is performed. Growth in small lags produces large financial consequences.
• Vendor-controlled access is mismatched to modern workflow demands. Today’s problems require continuous monitoring, immediate detection, and on-demand logic. Architecture designed for retrospective insight isn’t built for real-time operations. HL7/X12 alone doesn’t cut it, and FHIR resources and vendor-gated APIs are imprecise and overly narrow.
• AI and automation cannot run on delayed signals. The industry is extremely optimistic about automation, but models and agents (and the workflows health systems are pointing them toward) are useless without upstream real-time detection. If an organization only learns that a problem occurred after the fact, no amount of workflow redesign can compensate.

These forces have shifted the strategic question from “What technology do we need?” to “How fast can we recognize and act on our own operational signals?” as the foundation for automation and innovation capabilities.

The Hidden Cost of Delay (Waiting is a Cost Center)

• Throughput slowdowns that no one sees until the backlog materializes.
• Denials that could have been prevented if noticed earlier.
• Eligibility mismatches found only in downstream billing.
• Referral leakage due to missed handoffs.
• Safety triggers that surface only when reports are pulled.

Every service unit has its list, but they look remarkably similar across health systems.

While these issues rarely appear as technology failures, they often show up as operational realities. Every one of these problems is a real-time problem trapped in a legacy data access model. The cost of delay is not just inefficiency, but also lost margin, avoidable friction, patient harm, and workforce strain.

What Real-Time Reflexes Look Like

Organizations that operate in real time do not wait for dashboards to tell them what happened. They program their systems to notice and act on what matters in real-time:

• Detecting a mismatch the moment it occurs.
• Automatically triggering a task or action
• Routing information directly to the workflow that requires it.
• Logging the event without human intervention.
• Measuring impact within hours, not quarters.

Acting and adapting fast, which few systems do well today, is a strategic market differentiator and quickly becoming a survival imperative as this divide widens. This is the identity high-performing systems realize they must rise to.

Claiming Control of Your Own Data

The executive unlock is straightforward.

• Your vendor has an obligation to allow access to your data however you choose.
• Your vendor has a legal duty not to interfere with your use of your data.
• Acting on your rights does not mean being in conflict with your vendor.
• Sovereignty is not about choosing one technology path over another. It is about ensuring that the parts of the health system that depend on real-time signals (care transitions, revenue cycle, safety, operations) are not forced into delay by design.

Crossing the Divide: A Simple Playbook

Health systems don’t need multi-year digital transformation programs to build real-time reflexes. They need clarity and sequence.

1. Map your highest-delay workflows. Where do teams wish they had real-time visibility but are stuck with overnight insight?
2. Evaluate control. What should be legitimately controlled by the vendor versus what should be governed by the health system. This is almost always the inflection point.
3. Test one workflow in real time. Pick one workflow and simply measure what happens when teams get the signal immediately instead of a day later. No committees or giant work plan, just a clean before and after.
4. Scale reflex logic across additional domains. Once a health system sees its first real-time win, the pattern becomes contagious.

A Narrow Window

Every health system will be forced to modernize its reflexes. The question is timing.

Organizations that move now will define the performance frontier and expand markets. Those that wait to modernize will fall further behind.

Readers Write: The Healthcare Cybersecurity Landscape For 2026

The Healthcare Cybersecurity Landscape For 2026
By Russell Teague

Russell Teague is chief information security officer of Fortified Health Security.

Healthcare is entering the new year facing the same uncomfortable truth it has confronted for more than a decade: no industry faces a higher financial or operational burden from cyber incidents. Even as technology advances and awareness grows, the cost of a healthcare data breach remains the highest of any sector, and the implications are becoming more severe for patient care, financial performance, and organizational resilience.

The latest data confirms what many leaders already feel day-to-day: cybersecurity is no longer just an IT issue or a compliance checkbox. It is a top-line financial risk, a bottom-line operational disruptor, and one of the most material threats to patient safety.

Healthcare Once Again Leads All Industries in Breach Cost

Healthcare continues its longstanding position as the most expensive industry for data breaches. In 2025, the average cost of a healthcare breach reached $7.42 million, marking the 14th consecutive year that healthcare ranked #1 among all industries. While this represents a decrease from $10.1 million in 2024, the reduction does not signify improved risk posture across the sector. Instead, the decline reflects a combination of factors:

• Evolving incident reporting methodologies.
• The normalization of ransomware payments.
• Increased reliance on third-party negotiations.
• More sophisticated data-exfiltration containment practices.

But the underlying risk drivers – legacy environments, fragmented vendor ecosystems, thinly stretched workforce capacity, and the growing attack surface from digital transformation — remain unchanged.

The $7.42 million average still places healthcare well above all other highly regulated sectors, and it reflects only direct, measurable costs. The true financial impact is often far greater once organizations consider indirect operational and reputational fallout.

Breach Frequency and Threat Pressure Are Accelerating

The cost of individual breaches is only part of the story. Frequency is rising across the sector, expanding total exposure for hospitals, health systems, and clinical organizations. In 2025, healthcare experienced one of the highest incident rates of any industry, driven by persistent ransomware campaigns, increasingly complex third-party and supply chain intrusions, targeted email compromises involving PHI, and exploit attempts against aging clinical systems and medical devices. The growing automation of attacker workflows that are powered by AI has only accelerated this trend.

Attackers view healthcare as a high-pressure, high-reward environment. The combination of operational urgency, patient safety implications, and deeply interconnected technology ecosystems makes the sector uniquely attractive. Historically, healthcare organizations have been among the fastest to pay and the most vulnerable to disruption, further incentivizing attackers.

As breach frequency rises, so does cumulative financial exposure. Even organizations that avoid large-scale incidents still absorb escalating costs tied to smaller breaches, investigative work, vendor assessments, rising insurance premiums, and heightened regulatory scrutiny.

The Operational Fallout: Downtime as a Major Financial Driver

One of the most significant, and often underreported, costs of a cyber incident is operational downtime. In 2025, hospitals experienced an average of 19 to 23 days of disruption following major cyber events, affecting everything from EHR access to imaging, lab systems, surgical schedules, and emergency department operations. These outages frequently force diversion events, delay procedures, and push frontline staff into manual workflows that dramatically slow care delivery.

The financial impact is substantial. Organizations lose millions in net patient revenue as billing cycles stall, coding backlogs grow, and clinical productivity drops. Delayed reimbursement and extended recovery periods often compound these losses. At the same time, hospitals face increased overtime expenses, temporary labor costs, and rising patient dissatisfaction, all of which further erode operating margins. For rural and independent facilities with limited redundancies or tighter financial constraints, the impact can be especially severe.

Operational downtime also creates long-tail effects that extend well beyond the initial incident. Staff burnout rises as clinical teams struggle through prolonged manual processes, turnover risk increases, and organizations become more susceptible to future attacks during recovery periods. In many cases, the cumulative operational and financial damage eclipses the cost of the breach itself.

Why the Breach Lifecycle Matters: 280 Days of Exposure

A defining characteristic of healthcare is how long breaches persist before being identified and contained. Last year, healthcare averaged a 280-day breach lifecycle, exceeding the global average of 241 days. On average, it took 207 days to identify a breach and another 73 days to contain it.

This extended lifecycle dramatically elevates financial exposure. Lengthy dwell time gives attackers ample opportunity to move laterally, access more systems, compromise clinical applications, and exfiltrate sensitive data.

Prolonged exposure usually reflects deeper, systemic challenges across health systems, such as poorly tuned tools, redundant or overlapping technologies, gaps in visibility across environments, inconsistent processes or response playbooks, staffing shortages that drive alert fatigue, and weak segmentation that enables lateral movement. Many organizations also struggle with incomplete logging or monitoring coverage, which further delays containment.

Shortening the lifecycle is one of the most effective ways to reduce breach costs, often by millions. Health systems that detect and contain incidents faster consistently demonstrate stronger program maturity, more rationalized technology stacks, and clearer operational processes aligned to rapid response.

Cyber Insurance Costs Are Rising — for Both Coverage and Claims

In 2025, cyber insurance premiums for healthcare continued to increase, driven by a combination of higher claim severity, rising incident frequency, expanding legal and regulatory exposure, and the growing complexity of medical devices, cloud services, and interconnected vendor environments. Many recent breaches tied to third-party partners have created additional uncertainty for insurers, especially when accountability is difficult to determine.

As a result, carriers are tightening underwriting standards. Organizations now face stricter requirements around MFA enforcement, patching cadence, SOC maturity, third-party oversight, log retention, and evidence of incident response readiness that includes documented plans and playbooks. Those unable to demonstrate adequate maturity are experiencing significantly higher premiums, reduced coverage limits, or, in some cases, losing eligibility for coverage altogether.

The Hidden Costs: Reputation, Trust, and Long-Term Clinical Impact

Beyond direct financial losses, breaches create a secondary wave of disruption that can last months or even years. Organizations often experience a decline in patient trust, heightened scrutiny from regulators and auditors, and increased turnover among clinical, operational, and executive staff. Many also find themselves at a disadvantage when pursuing new strategic partnerships as potential collaborators question their security posture.

These incidents can also drive up ndor-related costs as partners impose stricter security requirements, more frequent assessments, and higher fees tied to their own risk management obligations. Taken together, these indirect, long-tail impacts create significant financial and operational strain, particularly for health systems operating in competitive markets or with already limited resources.

A Clear Path Forward: Maturity as a Financial Strategy

The latest data reinforces a simple truth: the cost of healthcare breaches remains high not just because of attacker sophistication, but because of program immaturity. Organizations that invest in visibility, alignment, rationalization, and early detection reduce breach lifecycle times and significantly limit downstream financial impact.

The most cost-effective cybersecurity strategy is not more tools. It is a mature cyber program, fully rationalized for better alignment with the business goal of protecting patient safety and operational resilience. When people, process, technology, and financial investment work in concert, breach costs drop, operational stability increases, and resilience becomes a competitive advantage.

Healthcare Can No Longer Measure the Cost of Inaction in Dollars Alone

Last year’s data makes it unmistakably clear that healthcare can no longer afford to view cybersecurity as a technical problem sitting on the periphery of operations. The financial impact of breaches is severe, but the deeper cost is the strain they place on clinical delivery, patient trust, workforce capacity, and organizational resilience. Every day a breach goes undetected, every hour systems are offline, and every dollar spent recovering from preventable disruption reflects a direct threat to the mission of safe, reliable care.

The real risk facing healthcare organizations is not the next attacker. It’s the continued reliance on underdeveloped, unaligned, and unprepared cybersecurity programs. More tools will not solve this challenge, and increased spending without strategic maturity will not change outcomes. What will make a measurable difference is a cyber program that is fully rationalized, integrated, and aligned with the fundamental business goals of patient safety and operational stability.

Organizations that invest in visibility, speed, resilience, and coordinated response are already seeing the benefits: shorter breach lifecycles, fewer operational disruptions, reduced financial exposure, and stronger trust from the communities they serve. Those that delay modernization will continue to face rising costs, extended downtime, and a risk profile that becomes increasingly difficult to manage.

2026 must be the year when healthcare stops treating cybersecurity improvements as optional or incremental and starts approaching them as essential to sustaining care. Cybersecurity in healthcare is no longer just a business function or an IT priority. It is a foundational element of patient safety, and the cost of inaction has never been higher.

Readers Write: 2026 Predictions: The Great Data Quality Reckoning in Healthcare IT

2026 Predictions: The Great Data Quality Reckoning in Healthcare IT
By Jodi Amendola

Jodi Amendola is executive advisor for the Supreme Group.

The healthcare IT industry has been playing the “Let’s Improve Interoperability!” game for what feels like decades.

Today, it’s CMS Aligned Networks, TEFCA, and information-blocking-rule enforcement. Yesterday, it was “Meaningful Use” and the HITECH Act. Before that, it was Regional Health Information Organizations and HL7.

While these efforts to improve interoperability have certainly been laudable, they’ve obviously been lacking, because we’re still talking about the problem. A recent report from KLAS Research on the state of EHR interoperability today offers some helpful context:

• While patient records are more available than ever, clinician satisfaction with external integration remains poor.
• Clinicians continue to grapple with issues like duplicative records, inconsistent formats, and poor data mapping, which limit the clinical value of shared data.
• Participation in data-sharing networks by EHR vendors has increased, but data usability has not.

The last point is critical, as all the hope about AI in healthcare will go unrealized without a foundation of accurate, comprehensive patient data for AI to base its decisions and recommendations on.

In the coming year, the healthcare industry will continue to grudgingly come to terms with a difficult truth: Interoperability means very little without connectivity. Issues highlighted in the KLAS report, like duplicative patient records and fragmented medical histories, undermine cost and quality improvement efforts and lead to suboptimal patient outcomes.

As a result, when it comes to communicating with the clients and prospects, health IT vendors will need to not only emphasize their role in delivering better interoperability, but also in improving the accuracy and usability of patient data.

It will also mean preparing for greater scrutiny, harder questions from media and industry analysts, and the need to demonstrate real value rather than aspirational promises.

To get ready, it’s important to ensure that PR and marketing do the following:

• Elevate proof over promises. With key influencers and decision-makers growing more skeptical about lofty promises, every claim needs to be backed with facts and statistics. Punchy copy is great, but hard data, case studies, and third-party research carry more weight.
• Highlight how data quality delivers clinical value. It’s not enough to merely talk about how your organization enhances interoperability. Instead, how does it bolster data integrity, eliminate duplicative records, improve outcomes, or build clinician trust? Offer clear, measurable examples of your technology’s clinical impact.
• Focus messaging on responsible AI enablement. Solid data is the difference between “quality in, quality out” and “garbage in, garbage out” when it comes to AI. Accordingly, health tech marketing should strive to position your organization as an industry champion of the accurate, complete, transparent data that is needed to drive responsible and reliable AI insights.

In 2026, it’s less about expanding the pipes of healthcare data, and more about increasing the quality of the information that flows through them. As expectations and scrutiny around data quality grow, organizations that ground their communications in evidence, clarity, and responsible innovation will stand out.

Readers Write: Application Portfolio Management: The Hidden Key to Healthcare Cybersecurity Resilience

Application Portfolio Management: The Hidden Key to Healthcare Cybersecurity Resilience
By Kevin Erdal

Kevin Erdal is president of advisory services at Nordic.

Healthcare leaders are navigating a tough reality: protecting margins while making operations more resilient. Financial pressures, workforce shortages, and regulatory complexity mean every investment must deliver real, measurable impact.

At the same time, cyber threats are amplifying these pressures. A single breach can wipe out hard-won savings, derail transformation projects, and compromise patient safety.

In this environment, application portfolio management (APM) is a strategic necessity.

Think of APM as a smarter way to manage your technology stack. By taking inventory, trimming what you don’t need, and securing what you keep, you can cut waste, reduce risk, and lay the groundwork for streamlined, patient-centered operations without adding complexity.

What are the risks of ignoring application portfolio management?

Healthcare is the most expensive sector for cyberattacks, with the average breach costing $11 million, three times the global average. Ransomware is the most prevalent threat, accounting for approximately 70% of healthcare cyberattacks. In 2024 alone, 118 confirmed ransomware attacks accessed more than 15 million patient records.

The operational impact across our industry is staggering:

• 17 days of average downtime per ransomware incident, costing $1.9 million per day.
• 92% of healthcare organizations targeted by cyberattacks in 2024.
• $21.9 billion in downtime losses over six years.

Most importantly, the risk to patient safety can’t be overstated. When systems fail, care delivery is disrupted, treatments are delayed, and lives are at risk.

Why traditional cybersecurity isn’t enough

Most healthcare organizations rely on perimeter defenses like firewalls, VPNs, and intrusion detection systems, but attackers often exploit internal vulnerabilities, especially through unmonitored legacy applications and shadow IT.

If you don’t know what’s running in your environment, you can’t protect it. And you may be paying for apps you don’t even use.

What is application portfolio management (APM)?

Application portfolio management is the structured process of managing applications based on value, cost, risk, and performance. It includes:

• Inventory and classification of all your applications.
• Risk and value assessment to understand security posture and business impact.
• Lifecycle and rationalization planning to retire redundant or high-risk apps

Done right, APM is a strategic enabler for efficiency, modernization, and cost control.

How does APM deliver real ROI?

APM allows you to clean up your tech stack and create significant wins across your organization.

• Visibility = control. You can’t secure what you don’t know exists.
• Risk prioritization. Spot high-risk apps before they become breach entry points.
• Legacy exposure mitigation. Retire unsupported apps before attackers exploit them.
• Cost savings. Rationalization reduces licensing, maintenance, and support costs.
• Compliance confidence. Stay ahead of HIPAA and other regulatory requirements.
• Foundation for innovation. Simplify before you modernize.

APM delivers value across the enterprise by aligning technology decisions with business, financial, and clinical priorities:

• Chief information officers gain alignment between IT investments and strategic goals, paving the way for digital transformation.
• Chief information security officers strengthen risk management and improve threat response.
• Chief financial officers see hard ROI through cost savings and breach avoidance.
• Chief medical information officers benefit from streamlined clinical workflows and better data integrity.

How to get started with application portfolio management

Here’s a practical roadmap for healthcare leaders:

1. Start with an inventory. Capture every app across clinical and business functions.
2. Map applications to workflows. Understand their role in care delivery and operations.
3. Assess risk and compliance. Evaluate vendor security posture, data sensitivity, and HIPAA alignment.
4. Rationalize and retire redundant or risky apps. Reduce attack surface and technical debt.
5. Integrate APM insights into governance programs. Embed findings into cybersecurity strategy and IT planning.

How the right partner accelerates APM success

Finding redundant apps is just the start. The real challenge is managing governance, staying compliant, and retiring systems without disrupting care or losing critical data. That’s where the right partner can help. Experienced healthcare IT advisors bring proven, scalable frameworks and tools to make the application portfolio management process faster and safer.

Partnering gives you the structure and support to reduce risk, achieve measurable ROI, and build a solid foundation for future innovation.

Bottom line: APM is foundational to cybersecurity resilience

Cyber threats and digital complexity aren’t slowing down, and neither can you. Application portfolio management is one of the most practical, high-impact steps you can take to strengthen cybersecurity, protect margins, and build a foundation for future-ready operations.

The cost of doing nothing? Higher risk, wasted resources, and missed opportunities. The upside of acting now? You simplify your environment, reduce vulnerabilities, and free up capacity to deliver patient-centered care that’s safer and more efficient.

APM is a strategic lever for margin resilience, operational efficiency, and innovation. Start today and position your organization to do more with less while safeguarding your mission and the people you serve.

Readers Write: The Missing Clinical Voice in Healthcare IT

The Missing Clinical Voice in Healthcare IT
By Susan Grant, DNP, RN

Susan Grant, DNP, RN, is chief clinical officer at Symplr.

For years, the weight of healthcare technology decisions has fallen solely on IT teams, inadvertently leaving clinicians and IT operating in silos. Yet clinicians play a critical role in determining whether technology implementations succeed. Deloitte research shows that clinicians rate technology initiatives far more positively when we are actively involved, from design through implementation.

Despite this, only 38% of frontline clinicians report having been consulted on digital health workflows or new applications. We need to bring the clinical perspective into technology decisions earlier and  more consistently. With physician use of AI already up 78% from 2023, clinicians both want and deserve a larger role in shaping these conversations.

The value of clinical input
Health systems must engage across departments, from IT to executives and clinical teams, to deliver successful technology implementations. Nurses alone make up the largest segment of the healthcare workforce. Because clinicians directly experience the problems that many solutions aim to solve, they offer essential insights that should guide decision-making.

Cross-functional communication is equally critical. Open discussions about technology challenges and workflow pain points help to align around the shared goal of streamlining work so that providers can focus on patient care. These conversations also allow IT professionals to demonstrate the benefits of new tools early, reducing resistance and building confidence that the technology reflects clinicians’ needs.

Historically, clinicians have too often been excluded from these conversations, leading to painful rollouts, misaligned expectations, and limited influence over tools designed for them. Bringing the clinical voice to the table can change all of that.

Clinicians want to be more involved

Clinicians want to play a bigger role in healthcare technology decisions. Our 2025 Compass Survey shows that 85% of clinicians want more influence over software purchasing decisions, up from 72% last year and 51% in 2022. This trend shows that care teams no longer view technology and innovation as strictly an IT responsibility. They recognize the value technology brings to their daily work and to delivering optimal care.

IT and operations professionals also acknowledge the advantage that clinicians bring to these decisions. Both groups show increased interest in clinician involvement. This year’s survey found that 77% of operations leaders and 76% of IT teams actively seek clinician participation.

What’s next?

Organizations are seeking to implement technology that improves care delivery, including AI and scheduling tools. Ensuring that clinicians participate throughout the full implementation process prevents problematic deployments and increases ROI. As a former nursing leader at large health systems, I’ve seen the direct positive impact digital tools can have on clinicians, saving time, reducing stress, and ultimately improving the healthcare experience for patients.

We are in the midst of a clinical shortage, with the National Council of State Boards of Nursing reporting that 40% of RNs intend to leave the field in the next five years. Ensuring that clinical voices guide technology decisions can improve daily life for this workforce.

Strengthen alignment and communication

Healthcare leaders can take several approaches to address this issue. Teams should begin by aligning on central priorities across clinical and IT groups to foster communication and gain a better understanding of each other’s goals. While they may have different priorities, both sides share the guiding objective of improving patient care.

Leadership should demonstrate the value of technology upfront to strengthen clinicians’ trust. After facing so many initiatives that have not helped, clinicians need concrete examples of how new tools can make their jobs easier.

To increase clarity and confidence in new tools, leadership should also provide comprehensive training and education for the healthcare workers who will use them. This approach offers transparency and addresses change fatigue, helping differentiate new technology rollouts from earlier efforts that left clinicians burned out.

Opening the lines of communication in a continuous and intentional way can transform how systems operate. When leaders gather clinical input before decisions and continue the conversation post-rollout, they increase collaboration, elevate clinician voices, and improve the success of each initiative.

Learn from past experiences

To share a personal example, in a previous role I saw nurses become frustrated with a new AI tool because incoming messages disrupted their communication with other providers. A simple conversation could have revealed this problem sooner. But because consideration of ongoing feedback was not a part of the post-implementation plan, no one realized that the tool designed to help them was instead creating more work.

When healthcare organizations use these strategies and place greater value on the clinical experience, they create a culture of innovation and collaboration that increases enthusiasm for change and avoids overpromising and underdelivering.

Readers Write: Igniting Smart Strategy: Rationalizing Your Application Portfolio

Igniting Smart Strategy: Rationalizing Your Application Portfolio
By Amy Penning

Amy Penning is senior application analyst with CereCore.

The complexity of managing clinical, administrative, and operational applications in healthcare organizations continues to grow. While many large hospital systems have invested in robust programs to streamline their application portfolios, any health system that has undergone ownership changes, faced prolonged under resourcing, or shifted priorities grapples with technical debt and legacy systems that quietly drain resources and introduce risk.

Application rationalization is not just a cleanup task. It’s a strategy that can yield measurable operational and financial benefits, even without a large team to execute it.

Application portfolios in healthcare environments tend to grow over time as new needs emerge and priorities shift. Legacy systems, departmental tools, and redundant applications can quietly accumulate, while consolidation becomes more complex from mergers and acquisitions, creating technical debt and operational inefficiencies.

One regional health system uncovered over 700 applications, nearly triple their initial estimate, after a thorough inventory. The result? $17 million in savings in the first year and $72 million over five years, all without a massive team or predefined playbook.

While cost reduction is a compelling driver, the return on investment from AppRat extends far beyond the balance sheet. Healthcare leaders often delay AppRat due to competing priorities, perceived disruption, or lack of internal expertise, including rationalizing legacy systems that aren’t understood by anyone on the current team.

Rationalization efforts have led to a 30% reduction in IT support tickets, 20–25% improvements in clinical workflow efficiency, and enhanced data interoperability. These operational gains translate into better clinician experiences, faster decision-making, and ultimately, improved patient care.

The challenge often lies in knowing where to begin. Many organizations believe that they have a handle on their application inventory until they start digging and discover hidden redundancies, unsupported systems, data silos, and cybersecurity risks. Begin with a simple inventory and build from there, tailoring the approach to each organization’s unique bandwidth and priorities.

A phased assessment approach, starting with inventory validation and business function mapping, can uncover opportunities to reduce licensing costs, simplify workflows, and improve data governance.

Decommissioning a single application can bring significant savings and risk reduction. But application rationalization isn’t just an IT exercise; it supports the most strategic organizational goals. By consolidating systems and eliminating outdated platforms, healthcare providers can improve clinician experience, reduce login fatigue, and streamline training. Standardization enhances interoperability, supports regulatory compliance, and strengthens cybersecurity posture by reducing exposure to vulnerabilities in legacy systems. These improvements contribute to better patient care and operational resilience.

Importantly, the return on investment extends beyond direct cost savings. Rationalization efforts often lead to reductions in IT support tickets, improved onboarding processes, and enhanced clinical workflow efficiency. These outcomes translate into cost avoidance and increased capacity for innovation. Organizations can redirect resources toward strategic initiatives such as AI adoption, cloud migration, or digital transformation.

Success does not require an army. It requires a thoughtful, repeatable process. Engaging stakeholders across IT, clinical, finance, and compliance teams ensures that decisions are informed and aligned with organizational priorities. Leveraging existing tools and frameworks can accelerate progress and reduce the burden on internal staff. Whether starting with a simple assessment or building a full application lifecycle management program, the key is to embed rationalization into the fabric of IT operations.

For organizations without the bandwidth or specialized expertise to manage this work, partnering with a team that can both assess and execute is critical. That team can help health systems identify opportunities through structured assessments and then manage the legacy turndown process,  reducing risk, freeing resources, and creating a faster path to ROI so that teams can focus on strategic priorities like digital transformation and innovation.

Readers Write: HLTH: Healthcare’s Burning Man for the Well Funded

HLTH: Healthcare’s Burning Man for the Well Funded
By Anonymous

I’ve been around this industry for decades. I have to admit that I’m still trying to wrap my head around all these newfangled conferences like HLTH.

Back in my day, HIMSS was the gold standard. Everyone knew it, everyone went, and you could count on a certain level of professionalism.

HLTH, on the other hand, feels like it’s out of control. I remember when it started in 2018 as just a small gathering in Las Vegas. It has apparently ballooned to 12,000 attendees and 900 sponsors. I guess that’s progress, although I’m not sure it’s all for the better.

When I went to my first HLTH a couple of years back, I was struck by how different it felt. Most companies had the same booth size, so you would think the focus would be on substance. Still, there were a lot more “tech bros” than I’m used to, with lots of sneakers and puffer vests but not many suits. It was supposed to be about conversation and content. 

Now we have big booths with espresso machines and ice cream carts. Honestly, it felt more like a popularity contest. Maybe I’m old-fashioned, but I miss the days when people were more interested in building real relationships than just being seen.

HLTH also doesn’t seem to care much for academic rigor or peer review. At HIMSS, you could count on presentations that were vetted and at least acted like they had substance. At HLTH, it feels like speakers are chosen for how much noise they make online, not for what they actually have to say. Most presentations are just opinions and visions, not proven results.

I suppose HLTH never claimed to be academically rigorous. They say they are about “healthcare innovation and societal well-being,” whatever that means. I’ve always believed that lofty goals are fine, but in healthcare, you need something concrete. I’ve seen plenty of big companies come and go, thinking they could fix healthcare, only to leave with their tails between their legs.

There were some positives at the 2025 HLTH conference, such as Kroger and Walgreens giving flu shots. But I ran into plenty of vendors who couldn’t explain what they actually do. I even asked a CEO for a simple elevator pitch, and all I got in return was a finger pointing to an iPad and a questionnaire. If you ask me, that’s not a good sign. Nobody bothered to ask about my organization or my needs, even though I have buying authority.

This year, HLTH was crawling with so-called “influencers.” I’ll be honest, I don’t care much for that term. Most of these folks seem more interested in building their personal brands than in driving real innovation. Some have medical degrees but never finished residency or got board certified. They’re quick to share opinions on topics where they don’t have much expertise. Their LinkedIn profiles are full of adviser roles and startup credits, but it’s hard to tell if they have actually accomplished anything.

There was even a dust-up online about a group of “physician founders” flying to the conference on a private jet, courtesy of an anonymous sponsor. The LinkedIn post and group photo were deleted after some backlash, but it makes you wonder how many of these folks still practice medicine.

HLTH seems to encourage this influencer culture, handing out free passes if you agree to post about the conference nine times. You could spot them in the exhibit hall, always taking selfies and blocking the aisles. They even had their own lounge.

Another trend I just don’t get is all the rebranding. Companies spend a fortune changing logos and colors, then throw parties to celebrate. Wouldn’t that money be better spent on employees or helping out struggling healthcare organizations? HLTH is also the time for big corporate announcements, most of which don’t mean much once you read the fine print.

And don’t get me started on the entertainment. The opening event was at Topgolf, way off the strip, and you needed a shuttle to get there. It just reinforces the old “business is done on the golf course” mentality. The Industry Night at Drai’s Beach Club was another example of excess. I even witnessed some pretty bad behavior at the casino bars, stuff I thought we had moved past.

Sponsors also go overboard with their own parties. I got at least 20 emails inviting me to events, but most required a certain profile to attend. Sometimes you had to apply, and even then, you might get rejected or have your invitation rescinded at the last minute. That’s just bad manners and bad business.

I didn’t bother with the hosted buyer program, even though I’m a budget owner. From what I overheard, it’s basically speed dating for vendors, and I heard some complaints from vendors that the buyers they met with acted bored, as if they were just doing it for the discounted registration.

Bottom line: HLTH and vendors need to take a hard look in the mirror. It’s become too much of a party, with way too much extravagance. In a year when care delivery organizations are facing more uncompensated care and cuts to Medicare and Medicaid, all this glitz just feels out of touch.

I will run pieces whose author prefers to remain anonymous, although they must submit it to me under their real name so I can check for credibility and conflict of interest.

Readers Write: The Six Rights of Clinical Decision Support at the Dawn of the AI Era

The Six Rights of Clinical Decision Support at the Dawn of the AI Era
By Steve Miller, MD

Steve Miller, MD, MBE is clinical solutions architect at FDB.

Clinical decision support (CDS) embedded in the electronic health record (EHR) has demonstrated impressive benefits for patient outcomes, particularly through medication alerts in Computerized Provider Order Entry. CDS helps prevent millions of medical errors per year. Yet the potential of CDS remains under-realized due to poor usability, misalignment with clinical and institutional goals, and its contribution to clinician burnout.

We are at the dawn of a new era in CDS, where we can realize the promise of enhanced care and financial outcomes simultaneously to the empowerment of clinicians.

Effective clinical decision support depends on meeting the Five Rights: delivering the right information, to the right person, in the right format, through the right channel, and at the right time.

Too often many CDS systems still fall short: interrupting workflows, triggering at the wrong moment, or lacking the specificity that is needed to earn clinician trust. High false-positive rates lead to reflexive overrides, eroding confidence and sometimes putting patients at risk. It’s time to evolve the framework.

I propose a sixth right: the right purpose: designing CDS with clearly defined, measurable benefits.

When interventions lack purpose or a defined return on investment, even well-built tools can fail to deliver value. As hospitals face tighter budgets and mounting pressure to improve outcomes, advances in interoperability and artificial intelligence (AI), including large language models (LLMs), offer a new path to achieving all Six Rights.

Workflow Integration: Right Person, Format, Channel, and Time

Consider a common scenario. Dr. Smith, on inpatient rounds, discusses starting spironolactone with 80-year-old Mr. Richards, who has heart failure. After researching the dose, she signs the order and is immediately interrupted by an alert flagging the drug as potentially unsafe for older adults. The decision has already been made. She is annoyed, overrides the alert, and moves on.

Now imagine a near-future alternative. An AI-powered ambient listening tool transcribes and interprets the conversation in real time. As spironolactone is mentioned, a message appears on screen with safety concerns specific to Mr. Richards in his current clinical context, a patient education prompt, alternative options, and a preselected dose. The information is timely and useful, supporting rather than  disrupting shared decision-making.

Context-specific decision support could also surface during pharmacist verification, admission medication reconciliation, or through patient-facing bots. Interruptive alerts at order signature are fading. Smarter systems will deliver guidance at the right moment. They will also reduce the amount of time physicians would otherwise have to spend looking up information, such as lab values that are relevant for a specific drug.

Personalization: Right Information

Let’s revisit Mr. Richards. His heart failure has impaired his kidneys and his potassium is dangerously elevated. This places him at risk for arrhythmia if prescribed spironolactone, yet no alert fires. Dr. Smith misses this lab result, placing the patient in danger.

Now imagine a CDS module that detects elevated potassium and correlates it with spironolactone, firing only when truly relevant. Dr. Smith receives fewer alerts, but each one matters. This precision support, with both low false positives and false negatives, is achievable today using interoperable systems and standardized data.

Beyond labs, decision support can incorporate genetic tests, imaging, pathology, and patient-reported outcomes. AI can convert notes and conversations into structured insights that power a new generation of CDS that is accurate, timely, and personalized.

Return on Investment: Right Purpose

Right purpose means aligning CDS with institutional and societal goals. Tools that serve mission-critical needs, and the other five rights, drive adoption.

Back to our case. Budget cuts force the hospital to reassign pharmacists from the wards. Without human backup, prescribing errors could rise. But with AI-enhanced CDS, the computer system helps the clinical team catch errors and find opportunities to enhance care once identified by pharmacists. Rather than replacing clinicians, CDS amplifies their capabilities, delivering cost savings without compromising care.

AI could also accelerate this shift in two ways. First, AI-assisted development could speed the creation of CDS modules, enabling access to high quality and purpose-built decision support. Second, AI-powered analytics could allow hospitals to evaluate CDS performance in real time, measuring clinical and financial impact and refining systems.

A Pivotal Moment

The current moment in healthcare is one of great challenges and great possibilities. Advances in AI, data standards, and clinical messaging combine with economic pressures to fuel a necessary evolution. The future of CDS is personalized, context-aware, and results-driven. By honoring the original Five Rights, and adding a sixth of Right Purpose, we can ensure that CDS not only guides decisions, but also advances care, supports clinicians, and justifies itself in a resource-constrained world.

Readers Write: From Hype to Headache: The Truth About Ambient Listening

From Hype to Headache: The Truth About Ambient Listening
By Jay Anders, MD and Jeanne Armstrong, MD

Jay Anders, MD, MS is chief medical officer at Medicomp Systems. Jeanne Armstrong, MD is chief medical officer at TouchWorks, Altera Digital Health.

Like prospectors flocking to California in the mid-1800s, hospitals and health systems today are hitching their wagons to AI-powered ambient listening tools in hopes of making their documentation dreams come true.

The attraction is understandable: the power to automatically capture physician-patient conversations and turn them into clinical notes could significantly reduce documentation burden, let clinicians focus on patients, and create a better experience for everyone.

However, as with most gold mining and health tech fantasies, the reality is more complicated. Without the right safeguards, context, and clinical framework, ambient listening risks producing incomplete, inaccurate, or unusable notes. At best, that leaves physicians editing more than they save. At worst, it could compromise patient safety, billing, and care quality.

Transcript 2.0

Every clinician understands the appeal of eliminating clicks and keystrokes. Documentation has become an enormous burden, with 92% of physicians reporting that it negatively impacts care.

Ambient listening promises to capture everything that is said in the exam room, generate a structured note, and let the physician simply review and sign. But as many early adopters have discovered, the first pass is not always the last pass.

Even with high accuracy, the challenge lies in context. If a patient says, “I use my inhaler every morning,” is that a daily maintenance medication or a rescue treatment? If the system places a counseling conversation into the wrong section of the chart, the clinical meaning changes. Physicians cannot uncritically trust the transcript; they must still review and often edit.

Ambient listening certainly removes typing, but it does not solve the core problem of ensuring that documentation is clinically meaningful. This dilemma was echoed recently by the healthcare technology experts at KLAS, specifically:

Our findings show that free text alone will not deliver the outcomes providers expect,” said Mac Boyter, research director at KLAS Research. “For ambient listening to support quality measures, billing, and interoperability, it must generate discrete, structured data—not just nicely formatted notes.

Why context matters

Experienced clinicians know how to ask the right follow-up questions to surface information that patients may not volunteer. They also know which details belong in the history versus the plan and how to translate medical jargon into patient-friendly explanations. An ambient listening system, no matter how advanced, lacks that judgment unless it is anchored by a medical knowledge framework.

That framework provides the “dictionary” against which the AI can validate what it hears. Without it, the risk of hallucinations or misplaced details remains. With it, ambient listening can be constrained, guided, and made more reliable. Context is not a nice-to-have. It is essential to ensure that the note accurately reflects both the clinical encounter and the physician’s intent.

Structured data, not just free text

Another major limitation of most ambient listening solutions is that they generate free text. Even when formatted with section headers, free text is not structured, codified data. It cannot directly feed decision support systems, quality measure databases, or billing workflows.

For example, if a patient’s family history of diabetes is captured only as text, it does not generate a SNOMED code. Downstream systems cannot act on it. Clinicians end up with a nice-looking note that remains invisible to analytics, risk adjustment, and interoperability.

To avoid this pitfall, ambient listening must be paired with technology that converts narrative into discrete, computable data. This makes the output both readable and actionable, while supporting regulatory compliance, coding, and care coordination.

What to look for

Health systems evaluating ambient listening should demand more than transcription and data entry. They should ask:

• Does the system validate documentation against a trusted, clinically referenced framework that is transparent?
• Does it generate codified, structured data that supports billing, quality measures, and decision support?
• Does it give physicians flexibility to toggle between listening, templates, and macros depending on the visit type?
• Does it improve the completeness and accuracy of notes, not just their length?

The answers to these questions will determine whether ambient listening becomes a meaningful advance in healthcare IT or just another short-lived fad.

Help over hype

Ambient listening can make documentation more efficient, but it is not a panacea. Without the right foundation, it risks adding a new layer of complexity instead of solving the problem. To fulfill its promise, ambient listening must be paired with systems that provide medical context, structured data, and clinical relevance.

Again, KLAS’s Mac Boyter reported that its research shows that providers are “looking beyond convenience—they want ambient tools that deliver structured, codified output. Without discrete data, the note is unusable for billing, quality measures, and decision support. Ambient listening is most impactful when it produces information that downstream systems can act on.”

In other words: do not be distracted by the hype. Ambient listening alone is not enough.

Readers Write: For Better Member Engagement, Talk to a Human

For Better Member Engagement, Talk to a Human
By Kevin M. Healy

Kevin M. Healy is CEO of ReferWell.

The healthcare industry is experiencing a digital gold rush. AI platforms are everywhere, offering innovative promises to change how we engage with members for the better. From chatbots to automated outreach tools, the future is fast, efficient, and increasingly faceless.

The issue that many people aren’t discussing is that while these tools offer a quick, and seemingly intelligent, alternative to direct outreach, people are not responding to it. 

Despite the excitement around AI and automation, the majority of healthcare appointments are still made over the phone. Not through an app or  chatbot, but a phone call, often with another human being, because healthcare is personal.

Research shows that 84% of healthcare consumers identified communication quality as a crucial factor in their overall patient experience. When someone needs help navigating the system, whether it’s finding a doctor, scheduling a mammogram, or understanding their benefits, they want to talk to someone who listens and knows their needs, not an AI bot that doesn’t truly understand the emotions that can come with complex healthcare decisions.

Digital tools have their place. Text reminders and emails can be helpful for tech-savvy members, and portals are a fantastic tool for direct follow-up questions with your provider or to reference after visit summary notes.

However, when it comes to driving action, such as actually getting people to the doctor, technology alone rarely moves the needle. A generic text cannot reassure someone who is anxious about an upcoming procedure. A portal doesn’t know if your insurance covers the provider you need to see. Instead, a phone call from a trained care navigator who speaks the member’s preferred language, understands their needs, and respects their time can make the difference.

A study conducted at the University of Alabama’s Patient Care Connect program found that 83% of patients were satisfied or very satisfied with assistance provided by care navigators, and an impressive 90% recommended the program to others. These human connections are more than feel-good anecdotes. They are proven strategies for increasing show rates, improving outcomes, and reducing care gaps.

This isn’t just a rejection of technology. It’s a reminder that we’re in the business of human health. AI can support and inform engagement efforts. It can help us identify the right people to reach and the right time to call, but it shouldn’t replace the human voice at the heart of care.

Let’s build smarter systems that elevate empathy, not eliminate it. Let’s use AI to empower human outreach, not sideline it. Let’s stop mistaking automation for connection. Because when it comes to getting someone to take that critical step, to schedule the appointment, show up, ask the hard question, and take control of their health, a conversation still works better than an algorithm.

Readers Write: Realizing the Value of AI Starts With Data Governance and Leadership Support

Realizing the Value of AI Starts With Data Governance and Leadership Support
By Mark Leifer

Mark Leifer is data and analytics manager for Tegria.

AI dominates healthcare conversations. Vendors are knocking. Leadership is pressured to act. Pilots are sprouting across the industry. EHR vendors like Epic, Meditech, and Oracle are rolling out exciting AI tools that are embedded directly into their platforms.

Whether your organization is adopting those EHR-native tools or building a custom solution, one thing is clear: data governance is foundational.

Amid the AI buzz, many health systems remain stuck in the proof-of-concept phase, unable to scale or sustain results. Gartner reports that by 2027, 60% of organizations will fail to achieve the full value of their AI initiatives due to poor data governance.

In my experience, this isn’t a technology failure. It’s because the organization isn’t ready, and leadership hasn’t made data governance a priority.

Without Governance, AI Can’t Deliver Results

Imagine your organization rolls out a shiny new AI tool for clinical decision support. The logic is sound. It integrates with the EHR and the demo wowed the C-suite. But six months in, utilization is low, analysts distrust the data, and compliance wants to know who approved it.

This isn’t hypothetical. In fact, it’s a common pattern. AI stalls not because the tech fails, but because data governance was never embedded in the foundation. Behind that missing foundation is a lack of executive sponsorship.

Governance Needs a Seat at the Leadership Table

If AI is going to succeed in healthcare, data governance can’t live in the shadows. It needs executive backing, visibility, and resources.

Once an organization sets clear, business-aligned goals for data and AI, the next most important success factor is strong executive sponsorship. Ideally, that sponsor is someone with a C-level title — like a CIO, CMIO, or chief data officer — who can connect the dots between business strategy and the operational work of governance.

Modern data governance should emphasize accountability, clear decision-making authority, cultural alignment, and measurable outcomes rather than focusing solely on control. Executive sponsors are critical to bridging those priorities across business and IT. Their role is not to manage the day-to-day, but to model support, prioritize funding, and align governance with organizational goals.

When leaders show up to governance councils, reference it in strategy discussions, and reward good data practices, the signal is clear: This matters.

Culture, Not Control, Is the Real Barrier

Governance must move from fixing data to enabling confident use of data across the enterprise, from “AI as a cool tool” to “AI as a governed system.” Developing a strong data culture happens through modeling, incentives, and stewardship that’s embedded into real workflows. Without that cultural groundwork, even well-designed AI tools will flounder. Teams won’t know who owns the data. Trust will be low. People won’t feel confident using the outputs. Worse, they may not feel safe raising concerns when something looks off.

Build a Coalition, Not a Silo

Executive sponsorship is step one. Step two is building a data governance coalition that spans departments. This coalition — ideally a formal data governance committee — should include IT, clinical leadership, compliance, operations, and analytics. Too often, these groups are working in silos. This structure ensures that governance is positioned as a value enabler and a risk mitigator for AI adoption, rather than bureaucracy.

When it comes to AI, the governance committee should help define approval processes, monitor model performance, and ask questions about transparency, bias, and explainability. But they should also help build buy-in, provide feedback loops, and support training across the organization.

Is Your Culture Ready for AI?

Here are four signs that it may not be:

• No one can clearly answer who owns governance for AI tools.
• A promising AI pilot was shelved due to unclear accountability or lack of trust.
• Data decisions are made in silos or based on influence, not strategy.
• Governance is viewed as red tape, not a strategic capability.

If these sound familiar, you have work to do, but these are fixable problems.

Three Practical Moves To Build Executive-Led Data Governance

If your organization wants better AI outcomes, here’s what I recommend:

1. Appoint a C-level sponsor for governance and AI readiness. This person should connect governance to business strategy. Not manage the weeds, but advocate visibly and consistently.
2. Stand up a formal data governance committee that includes stakeholders from across the organization. Give it real authority, diverse voices, and a regular meeting cadence.
3. Make cultural change part of the plan. Train people, talk about successes, and share stories where good governance led to better outcomes. Help teams see data governance as something that supports their work, not slows it down.

Final Thought

AI won’t transform healthcare if we treat it like a series of disconnected tech pilots. It must be guided by strategy, grounded in governance, and shaped by people who understand the intersection of data, operations, and clinical care. That kind of alignment demands executive leadership, cultural change, and above all, trust. And trust begins with governance.

Readers Write: Innovate Responsibly – Cutting Through the Hype of Generative AI in Healthcare

Innovate Responsibly – Cutting Through the Hype of Generative AI in Healthcare
By Holly Urban, MD

Holly Urban, MD, MBA is VP of business development for Wolters Kluwer Health.

In the fast-moving world of generative AI (GenAI), it’s easy to get caught up in the allure of shiny new technologies in healthcare. But we can’t let hype alone outpace responsibility. GenAI’s strengths quickly turn into weaknesses if we deploy GenAI in clinical care without carefully vetting it first.

The Shiny Object Dilemma

The healthcare technology market has become flooded with flashy new tools and solutions. According to Deloitte, 75% of leading healthcare companies are already experimenting with GenAI, and our research shows that nearly three-quarters of healthcare professionals recognize the potential of technology like GenAI in aiding professional development, clinical training, and efficiency.

Still, experimentation doesn’t always equate to readiness. What we should be looking at — and answering — is whether GenAI is capable of solving today’s most pressing challenges.

The key to healthcare innovation starts with creating impactful technology and fostering an environment for clinicians and their patients to thrive. That’s only possible by aligning technology with the real needs of healthcare professionals, the patients they’re serving, and demonstrating the return on investment (ROI) in clinical and financial outcomes.

Rolling out new GenAI should be about matching the problems with the right technology. For example, 60% of healthcare professionals believe that GenAI can improve the patient experience, and 41% think that ambient listening capabilities will enrich patient-provider relationships.

Ambient documentation is a prime example of where GenAI is making a significant impact by alleviating one of healthcare’s biggest challenges in a low-risk domain. It can save clinicians hours each week by creating clear and actionable patient summaries, and there’s an incredible opportunity to integrate clinical decision support and revenue cycle into these workflows.

Balancing Hype with Safety

As GenAI gains traction throughout healthcare, risks persist, particularly as GenAI approaches the actual patient and directly impacts their care. One area of concern among healthcare professionals is the overreliance on GenAI. In fact, a preliminary study from MIT explored how GenAI alters the brain’s ability to process information, leading to impaired learning and retention.  

As great as GenAI is at generating content and creating patient summaries in seconds, it’s also capable of hallucinating with complete confidence in the same amount of time. What’s more problematic is the inability to distinguish hallucinations from reality. One study found that up to 45% of residents do not detect hallucinations accurately.

The likes of ChatGPT may perform well on a medical exam or when diagnosing textbook clinical vignettes, but real-world patient care can be far more complex and unpredictable. Patients expect their clinicians to make error-free decisions using trustworthy evidence, not guesswork, to ensure the best possible outcomes.

It’s easy for LLMs to be unaware of clinical context and fail to ask important questions before delivering diagnostic and treatment recommendations when they aren’t held to a gold standard of evidence. LLMs can fail to admit they’re wrong and may lead a clinician down the wrong path if it’s not caught early on.

For example, if you’re treating a patient with a urinary tract infection who is allergic to penicillin, an LLM will likely recommend prescribing fluoroquinolones, which is typically the right course of action. However, if it is not trained to ask if the patient is pregnant, fluoroquinolones could cause a harmful drug reaction in the patient and the fetus.

Real-world concerns can come with severe consequences. GenAI must be fully ready for every clinical application and grounded in rigorously reviewed evidence-based content before doctors rely on it to aid in clinical decision-making.

Making GenAI Responsible for Healthcare

Organizations are beginning to take the lead in building robust AI governance to ensure the safe and responsible use of GenAI at their institutions, as the technology is currently advancing faster than the oversight.

It’s important to learn to walk before you sprint. We’re seeing benefits from gradual rollouts, pilot programs, and industry consortiums offering quality assurance resources for clinical AI. Collaborations are crucial to working towards the same goal of seamless integration and avoiding disruptions or costly errors.

Ultimately, the most effective GenAI tools in healthcare will remove, not add, another layer of complexity to practicing medicine. Our efforts should be grounded in restoring joy to healthcare through the simplification of processes. Patient encounters should focus on care, not on clinicians spending valuable time searching for information.

GenAI offers an incredible opportunity to eliminate friction and accelerate access to the right information at the right time, when clinicians need it. At the end of the day, technology should be an enabler, not a barrier, to delivering the best possible care.

Readers Write: Healthcare Search Strategy Needs a Reboot

Healthcare Search Strategy Needs a Reboot
By Harsh Bhatt

Harsh Bhatt is  executive director of AI and analytics at Praia Health.

With policy changes out of Washington impacting reimbursements, the need for health systems to attract and retain commercially insured patients will become critical. These patients are not only the most profitable, but also the most digitally savvy and the most likely to comparison shop for care.

Health systems have invested years and millions of dollars building digital front doors and acquisition funnels to capture these patients. Unfortunately, those once-proven funnels are quietly eroding beneath the surface, disrupted by something few health systems have yet to account for: AI-powered search.

Despite continued investment in SEO and content creation, leading health systems are seeing a 10% or greater decline in search traffic, even while maintaining high search rankings. AI-powered answers and summaries are increasingly satisfying patient questions at the top of the results page, leaving no need for them to click through to their local health system’s website.

Patients are still searching, but fewer are actually reaching a health system’s digital front door. Since the launch of these AI-powered features, click-through rates from search have dropped by more than 30% across industries.

The problem isn’t just visibility; it’s redistribution. Generative AI tools are favoring national brands like Cleveland Clinic, Mayo Clinic, and Johns Hopkins, as well as commercial providers like Amazon and Teladoc. These entities aren’t winning traffic solely because of name recognition. They are winning because their content is structured for machine readability and optimized for citation by generative algorithms.

This is a fundamental shift. Most patients no longer begin their digital care journey on a health system home page or even a service line page. Increasingly, they begin, and often end, their journey with a generative answer.

To stay competitive, health systems must reimagine not just how they drive traffic, but how they capture and convert it. Traditional SEO is no longer enough. The new frontier is Answer Engine Optimization (AEO) and Generative Engine Optimization (GEO), strategies that organize content in conversational Q&A formats, use structured data and schema markup, and position information to be picked up by AI-driven search experiences.

But even if that click is won, the digital journey can’t end at a static landing page. Unless the next step is personalized, immediate, and intuitive, the opportunity to engage that patient disappears. Health systems need to have intuitive consumer identity and experience on-ramps embedded throughout their digital properties.

Every visitor is more valuable than ever. Health systems must deliver personalized, logged-in experiences that build loyalty and drive retention. When a patient lands on a site, the experience should adapt to who they are, what they need, and how they prefer to engage. Guided navigation, tailored service recommendations, and contextual digital support aren’t just nice-to-haves – they are required to reduce friction and move people closer to care.

Search isn’t dying, but the way patients use it is changing fast. The digital strategies that worked even two years ago are no longer sufficient. Health systems must pivot quickly to remain discoverable, credible, and competitive in the AI-shaped search landscape.