Readers Write: The Operational Divide in Healthcare: Epic-First Health Systems Versus Real-Time Health Systems

The Operational Divide in Healthcare: Epic-First Health Systems Versus Real-Time Health Systems
By Buzz Stewart, PhD, MPH

Walter “Buzz” Stewart, PhD, MPH is CEO of Medcurio.

An ongoing split is forming across US healthcare, a divide that health system leaders are driving overtly or by default.

On one side are the organizations building real-time reflexes into their operations. On the other are the organizations whose pace is still dictated by vendor-defined data access paths, delayed data, and workflows that are constrained by the vendor architecture.

This divide isn’t philosophical. It is operational. And it is widening fast. This will be the competitive divide for the next decade.

Two Emerging Camps

Markets don’t stall because of a single vendor. They stall when incumbents limit the freedom for customers to move faster, choose better, and innovate on top of their own data. As modernization accelerates, health systems are sorting into two identifiable groups:

Real-Time Health Systems

These organizations are developing the ability to govern their own data access, sense operational signals as they occur, and route actions immediately. They are beginning to build reflex loops, which are lightweight, programmable logic that prevents revenue loss (fewer denials, reduced LOS), mitigates safety drift, reduces manual intervention, and stabilizes workflows before problems compound. They seek destiny control and predictable value creation.

These organizations lean toward independence in how they access and use their own data, and they treat delay as a form of waste rather than an unavoidable byproduct of enterprise IT.

Epic-First Health Systems

These organizations face the same challenges as real-time health systems, but move at the speed of vendor-mediated access. They depend on (costly) sanctioned interfaces, roadmap timelines, batch extracts, and manual processes to identify operational issues. Limited tooling to say the least.

These organizations treat delays as an avoidable byproduct of enterprise IT and accumulating operational drag is their norm

Why the Divide Is Forming

Four forces are driving the move to real-time health systems faster than the industry expected:

• Labor costs in healthcare have risen faster than inflation for five decades, while inflation-adjusted revenue per encounter has steadily declined as commercial mix shrinks. There is no way out from under the current operating model, and no real way to differentiate in most markets if you keep playing the old game.
• Operational latency is a margin killer. Discharge delays, denials identified too late, referrals never acknowledged, eligibility errors discovered only after work is performed. Growth in small lags produces large financial consequences.
• Vendor-controlled access is mismatched to modern workflow demands. Today’s problems require continuous monitoring, immediate detection, and on-demand logic. Architecture designed for retrospective insight isn’t built for real-time operations. HL7/X12 alone doesn’t cut it, and FHIR resources and vendor-gated APIs are imprecise and overly narrow.
• AI and automation cannot run on delayed signals. The industry is extremely optimistic about automation, but models and agents (and the workflows health systems are pointing them toward) are useless without upstream real-time detection. If an organization only learns that a problem occurred after the fact, no amount of workflow redesign can compensate.

These forces have shifted the strategic question from “What technology do we need?” to “How fast can we recognize and act on our own operational signals?” as the foundation for automation and innovation capabilities.

The Hidden Cost of Delay (Waiting is a Cost Center)

• Throughput slowdowns that no one sees until the backlog materializes.
• Denials that could have been prevented if noticed earlier.
• Eligibility mismatches found only in downstream billing.
• Referral leakage due to missed handoffs.
• Safety triggers that surface only when reports are pulled.

Every service unit has its list, but they look remarkably similar across health systems.

While these issues rarely appear as technology failures, they often show up as operational realities. Every one of these problems is a real-time problem trapped in a legacy data access model. The cost of delay is not just inefficiency, but also lost margin, avoidable friction, patient harm, and workforce strain.

What Real-Time Reflexes Look Like

Organizations that operate in real time do not wait for dashboards to tell them what happened. They program their systems to notice and act on what matters in real-time:

• Detecting a mismatch the moment it occurs.
• Automatically triggering a task or action
• Routing information directly to the workflow that requires it.
• Logging the event without human intervention.
• Measuring impact within hours, not quarters.

Acting and adapting fast, which few systems do well today, is a strategic market differentiator and quickly becoming a survival imperative as this divide widens. This is the identity high-performing systems realize they must rise to.

Claiming Control of Your Own Data

The executive unlock is straightforward.

• Your vendor has an obligation to allow access to your data however you choose.
• Your vendor has a legal duty not to interfere with your use of your data.
• Acting on your rights does not mean being in conflict with your vendor.
• Sovereignty is not about choosing one technology path over another. It is about ensuring that the parts of the health system that depend on real-time signals (care transitions, revenue cycle, safety, operations) are not forced into delay by design.

Crossing the Divide: A Simple Playbook

Health systems don’t need multi-year digital transformation programs to build real-time reflexes. They need clarity and sequence.

1. Map your highest-delay workflows. Where do teams wish they had real-time visibility but are stuck with overnight insight?
2. Evaluate control. What should be legitimately controlled by the vendor versus what should be governed by the health system. This is almost always the inflection point.
3. Test one workflow in real time. Pick one workflow and simply measure what happens when teams get the signal immediately instead of a day later. No committees or giant work plan, just a clean before and after.
4. Scale reflex logic across additional domains. Once a health system sees its first real-time win, the pattern becomes contagious.

A Narrow Window

Every health system will be forced to modernize its reflexes. The question is timing.

Organizations that move now will define the performance frontier and expand markets. Those that wait to modernize will fall further behind.

Readers Write: The Healthcare Cybersecurity Landscape For 2026

The Healthcare Cybersecurity Landscape For 2026
By Russell Teague

Russell Teague is chief information security officer of Fortified Health Security.

Healthcare is entering the new year facing the same uncomfortable truth it has confronted for more than a decade: no industry faces a higher financial or operational burden from cyber incidents. Even as technology advances and awareness grows, the cost of a healthcare data breach remains the highest of any sector, and the implications are becoming more severe for patient care, financial performance, and organizational resilience.

The latest data confirms what many leaders already feel day-to-day: cybersecurity is no longer just an IT issue or a compliance checkbox. It is a top-line financial risk, a bottom-line operational disruptor, and one of the most material threats to patient safety.

Healthcare Once Again Leads All Industries in Breach Cost

Healthcare continues its longstanding position as the most expensive industry for data breaches. In 2025, the average cost of a healthcare breach reached $7.42 million, marking the 14th consecutive year that healthcare ranked #1 among all industries. While this represents a decrease from $10.1 million in 2024, the reduction does not signify improved risk posture across the sector. Instead, the decline reflects a combination of factors:

• Evolving incident reporting methodologies.
• The normalization of ransomware payments.
• Increased reliance on third-party negotiations.
• More sophisticated data-exfiltration containment practices.

But the underlying risk drivers – legacy environments, fragmented vendor ecosystems, thinly stretched workforce capacity, and the growing attack surface from digital transformation — remain unchanged.

The $7.42 million average still places healthcare well above all other highly regulated sectors, and it reflects only direct, measurable costs. The true financial impact is often far greater once organizations consider indirect operational and reputational fallout.

Breach Frequency and Threat Pressure Are Accelerating

The cost of individual breaches is only part of the story. Frequency is rising across the sector, expanding total exposure for hospitals, health systems, and clinical organizations. In 2025, healthcare experienced one of the highest incident rates of any industry, driven by persistent ransomware campaigns, increasingly complex third-party and supply chain intrusions, targeted email compromises involving PHI, and exploit attempts against aging clinical systems and medical devices. The growing automation of attacker workflows that are powered by AI has only accelerated this trend.

Attackers view healthcare as a high-pressure, high-reward environment. The combination of operational urgency, patient safety implications, and deeply interconnected technology ecosystems makes the sector uniquely attractive. Historically, healthcare organizations have been among the fastest to pay and the most vulnerable to disruption, further incentivizing attackers.

As breach frequency rises, so does cumulative financial exposure. Even organizations that avoid large-scale incidents still absorb escalating costs tied to smaller breaches, investigative work, vendor assessments, rising insurance premiums, and heightened regulatory scrutiny.

The Operational Fallout: Downtime as a Major Financial Driver

One of the most significant, and often underreported, costs of a cyber incident is operational downtime. In 2025, hospitals experienced an average of 19 to 23 days of disruption following major cyber events, affecting everything from EHR access to imaging, lab systems, surgical schedules, and emergency department operations. These outages frequently force diversion events, delay procedures, and push frontline staff into manual workflows that dramatically slow care delivery.

The financial impact is substantial. Organizations lose millions in net patient revenue as billing cycles stall, coding backlogs grow, and clinical productivity drops. Delayed reimbursement and extended recovery periods often compound these losses. At the same time, hospitals face increased overtime expenses, temporary labor costs, and rising patient dissatisfaction, all of which further erode operating margins. For rural and independent facilities with limited redundancies or tighter financial constraints, the impact can be especially severe.

Operational downtime also creates long-tail effects that extend well beyond the initial incident. Staff burnout rises as clinical teams struggle through prolonged manual processes, turnover risk increases, and organizations become more susceptible to future attacks during recovery periods. In many cases, the cumulative operational and financial damage eclipses the cost of the breach itself.

Why the Breach Lifecycle Matters: 280 Days of Exposure

A defining characteristic of healthcare is how long breaches persist before being identified and contained. Last year, healthcare averaged a 280-day breach lifecycle, exceeding the global average of 241 days. On average, it took 207 days to identify a breach and another 73 days to contain it.

This extended lifecycle dramatically elevates financial exposure. Lengthy dwell time gives attackers ample opportunity to move laterally, access more systems, compromise clinical applications, and exfiltrate sensitive data.

Prolonged exposure usually reflects deeper, systemic challenges across health systems, such as poorly tuned tools, redundant or overlapping technologies, gaps in visibility across environments, inconsistent processes or response playbooks, staffing shortages that drive alert fatigue, and weak segmentation that enables lateral movement. Many organizations also struggle with incomplete logging or monitoring coverage, which further delays containment.

Shortening the lifecycle is one of the most effective ways to reduce breach costs, often by millions. Health systems that detect and contain incidents faster consistently demonstrate stronger program maturity, more rationalized technology stacks, and clearer operational processes aligned to rapid response.

Cyber Insurance Costs Are Rising — for Both Coverage and Claims

In 2025, cyber insurance premiums for healthcare continued to increase, driven by a combination of higher claim severity, rising incident frequency, expanding legal and regulatory exposure, and the growing complexity of medical devices, cloud services, and interconnected vendor environments. Many recent breaches tied to third-party partners have created additional uncertainty for insurers, especially when accountability is difficult to determine.

As a result, carriers are tightening underwriting standards. Organizations now face stricter requirements around MFA enforcement, patching cadence, SOC maturity, third-party oversight, log retention, and evidence of incident response readiness that includes documented plans and playbooks. Those unable to demonstrate adequate maturity are experiencing significantly higher premiums, reduced coverage limits, or, in some cases, losing eligibility for coverage altogether.

The Hidden Costs: Reputation, Trust, and Long-Term Clinical Impact

Beyond direct financial losses, breaches create a secondary wave of disruption that can last months or even years. Organizations often experience a decline in patient trust, heightened scrutiny from regulators and auditors, and increased turnover among clinical, operational, and executive staff. Many also find themselves at a disadvantage when pursuing new strategic partnerships as potential collaborators question their security posture.

These incidents can also drive up ndor-related costs as partners impose stricter security requirements, more frequent assessments, and higher fees tied to their own risk management obligations. Taken together, these indirect, long-tail impacts create significant financial and operational strain, particularly for health systems operating in competitive markets or with already limited resources.

A Clear Path Forward: Maturity as a Financial Strategy

The latest data reinforces a simple truth: the cost of healthcare breaches remains high not just because of attacker sophistication, but because of program immaturity. Organizations that invest in visibility, alignment, rationalization, and early detection reduce breach lifecycle times and significantly limit downstream financial impact.

The most cost-effective cybersecurity strategy is not more tools. It is a mature cyber program, fully rationalized for better alignment with the business goal of protecting patient safety and operational resilience. When people, process, technology, and financial investment work in concert, breach costs drop, operational stability increases, and resilience becomes a competitive advantage.

Healthcare Can No Longer Measure the Cost of Inaction in Dollars Alone

Last year’s data makes it unmistakably clear that healthcare can no longer afford to view cybersecurity as a technical problem sitting on the periphery of operations. The financial impact of breaches is severe, but the deeper cost is the strain they place on clinical delivery, patient trust, workforce capacity, and organizational resilience. Every day a breach goes undetected, every hour systems are offline, and every dollar spent recovering from preventable disruption reflects a direct threat to the mission of safe, reliable care.

The real risk facing healthcare organizations is not the next attacker. It’s the continued reliance on underdeveloped, unaligned, and unprepared cybersecurity programs. More tools will not solve this challenge, and increased spending without strategic maturity will not change outcomes. What will make a measurable difference is a cyber program that is fully rationalized, integrated, and aligned with the fundamental business goals of patient safety and operational stability.

Organizations that invest in visibility, speed, resilience, and coordinated response are already seeing the benefits: shorter breach lifecycles, fewer operational disruptions, reduced financial exposure, and stronger trust from the communities they serve. Those that delay modernization will continue to face rising costs, extended downtime, and a risk profile that becomes increasingly difficult to manage.

2026 must be the year when healthcare stops treating cybersecurity improvements as optional or incremental and starts approaching them as essential to sustaining care. Cybersecurity in healthcare is no longer just a business function or an IT priority. It is a foundational element of patient safety, and the cost of inaction has never been higher.

Readers Write: 2026 Predictions: The Great Data Quality Reckoning in Healthcare IT

2026 Predictions: The Great Data Quality Reckoning in Healthcare IT
By Jodi Amendola

Jodi Amendola is executive advisor for the Supreme Group.

The healthcare IT industry has been playing the “Let’s Improve Interoperability!” game for what feels like decades.

Today, it’s CMS Aligned Networks, TEFCA, and information-blocking-rule enforcement. Yesterday, it was “Meaningful Use” and the HITECH Act. Before that, it was Regional Health Information Organizations and HL7.

While these efforts to improve interoperability have certainly been laudable, they’ve obviously been lacking, because we’re still talking about the problem. A recent report from KLAS Research on the state of EHR interoperability today offers some helpful context:

• While patient records are more available than ever, clinician satisfaction with external integration remains poor.
• Clinicians continue to grapple with issues like duplicative records, inconsistent formats, and poor data mapping, which limit the clinical value of shared data.
• Participation in data-sharing networks by EHR vendors has increased, but data usability has not.

The last point is critical, as all the hope about AI in healthcare will go unrealized without a foundation of accurate, comprehensive patient data for AI to base its decisions and recommendations on.

In the coming year, the healthcare industry will continue to grudgingly come to terms with a difficult truth: Interoperability means very little without connectivity. Issues highlighted in the KLAS report, like duplicative patient records and fragmented medical histories, undermine cost and quality improvement efforts and lead to suboptimal patient outcomes.

As a result, when it comes to communicating with the clients and prospects, health IT vendors will need to not only emphasize their role in delivering better interoperability, but also in improving the accuracy and usability of patient data.

It will also mean preparing for greater scrutiny, harder questions from media and industry analysts, and the need to demonstrate real value rather than aspirational promises.

To get ready, it’s important to ensure that PR and marketing do the following:

• Elevate proof over promises. With key influencers and decision-makers growing more skeptical about lofty promises, every claim needs to be backed with facts and statistics. Punchy copy is great, but hard data, case studies, and third-party research carry more weight.
• Highlight how data quality delivers clinical value. It’s not enough to merely talk about how your organization enhances interoperability. Instead, how does it bolster data integrity, eliminate duplicative records, improve outcomes, or build clinician trust? Offer clear, measurable examples of your technology’s clinical impact.
• Focus messaging on responsible AI enablement. Solid data is the difference between “quality in, quality out” and “garbage in, garbage out” when it comes to AI. Accordingly, health tech marketing should strive to position your organization as an industry champion of the accurate, complete, transparent data that is needed to drive responsible and reliable AI insights.

In 2026, it’s less about expanding the pipes of healthcare data, and more about increasing the quality of the information that flows through them. As expectations and scrutiny around data quality grow, organizations that ground their communications in evidence, clarity, and responsible innovation will stand out.

Readers Write: Application Portfolio Management: The Hidden Key to Healthcare Cybersecurity Resilience

Application Portfolio Management: The Hidden Key to Healthcare Cybersecurity Resilience
By Kevin Erdal

Kevin Erdal is president of advisory services at Nordic.

Healthcare leaders are navigating a tough reality: protecting margins while making operations more resilient. Financial pressures, workforce shortages, and regulatory complexity mean every investment must deliver real, measurable impact.

At the same time, cyber threats are amplifying these pressures. A single breach can wipe out hard-won savings, derail transformation projects, and compromise patient safety.

In this environment, application portfolio management (APM) is a strategic necessity.

Think of APM as a smarter way to manage your technology stack. By taking inventory, trimming what you don’t need, and securing what you keep, you can cut waste, reduce risk, and lay the groundwork for streamlined, patient-centered operations without adding complexity.

What are the risks of ignoring application portfolio management?

Healthcare is the most expensive sector for cyberattacks, with the average breach costing $11 million, three times the global average. Ransomware is the most prevalent threat, accounting for approximately 70% of healthcare cyberattacks. In 2024 alone, 118 confirmed ransomware attacks accessed more than 15 million patient records.

The operational impact across our industry is staggering:

• 17 days of average downtime per ransomware incident, costing $1.9 million per day.
• 92% of healthcare organizations targeted by cyberattacks in 2024.
• $21.9 billion in downtime losses over six years.

Most importantly, the risk to patient safety can’t be overstated. When systems fail, care delivery is disrupted, treatments are delayed, and lives are at risk.

Why traditional cybersecurity isn’t enough

Most healthcare organizations rely on perimeter defenses like firewalls, VPNs, and intrusion detection systems, but attackers often exploit internal vulnerabilities, especially through unmonitored legacy applications and shadow IT.

If you don’t know what’s running in your environment, you can’t protect it. And you may be paying for apps you don’t even use.

What is application portfolio management (APM)?

Application portfolio management is the structured process of managing applications based on value, cost, risk, and performance. It includes:

• Inventory and classification of all your applications.
• Risk and value assessment to understand security posture and business impact.
• Lifecycle and rationalization planning to retire redundant or high-risk apps

Done right, APM is a strategic enabler for efficiency, modernization, and cost control.

How does APM deliver real ROI?

APM allows you to clean up your tech stack and create significant wins across your organization.

• Visibility = control. You can’t secure what you don’t know exists.
• Risk prioritization. Spot high-risk apps before they become breach entry points.
• Legacy exposure mitigation. Retire unsupported apps before attackers exploit them.
• Cost savings. Rationalization reduces licensing, maintenance, and support costs.
• Compliance confidence. Stay ahead of HIPAA and other regulatory requirements.
• Foundation for innovation. Simplify before you modernize.

APM delivers value across the enterprise by aligning technology decisions with business, financial, and clinical priorities:

• Chief information officers gain alignment between IT investments and strategic goals, paving the way for digital transformation.
• Chief information security officers strengthen risk management and improve threat response.
• Chief financial officers see hard ROI through cost savings and breach avoidance.
• Chief medical information officers benefit from streamlined clinical workflows and better data integrity.

How to get started with application portfolio management

Here’s a practical roadmap for healthcare leaders:

1. Start with an inventory. Capture every app across clinical and business functions.
2. Map applications to workflows. Understand their role in care delivery and operations.
3. Assess risk and compliance. Evaluate vendor security posture, data sensitivity, and HIPAA alignment.
4. Rationalize and retire redundant or risky apps. Reduce attack surface and technical debt.
5. Integrate APM insights into governance programs. Embed findings into cybersecurity strategy and IT planning.

How the right partner accelerates APM success

Finding redundant apps is just the start. The real challenge is managing governance, staying compliant, and retiring systems without disrupting care or losing critical data. That’s where the right partner can help. Experienced healthcare IT advisors bring proven, scalable frameworks and tools to make the application portfolio management process faster and safer.

Partnering gives you the structure and support to reduce risk, achieve measurable ROI, and build a solid foundation for future innovation.

Bottom line: APM is foundational to cybersecurity resilience

Cyber threats and digital complexity aren’t slowing down, and neither can you. Application portfolio management is one of the most practical, high-impact steps you can take to strengthen cybersecurity, protect margins, and build a foundation for future-ready operations.

The cost of doing nothing? Higher risk, wasted resources, and missed opportunities. The upside of acting now? You simplify your environment, reduce vulnerabilities, and free up capacity to deliver patient-centered care that’s safer and more efficient.

APM is a strategic lever for margin resilience, operational efficiency, and innovation. Start today and position your organization to do more with less while safeguarding your mission and the people you serve.

Readers Write: The Missing Clinical Voice in Healthcare IT

The Missing Clinical Voice in Healthcare IT
By Susan Grant, DNP, RN

Susan Grant, DNP, RN, is chief clinical officer at Symplr.

For years, the weight of healthcare technology decisions has fallen solely on IT teams, inadvertently leaving clinicians and IT operating in silos. Yet clinicians play a critical role in determining whether technology implementations succeed. Deloitte research shows that clinicians rate technology initiatives far more positively when we are actively involved, from design through implementation.

Despite this, only 38% of frontline clinicians report having been consulted on digital health workflows or new applications. We need to bring the clinical perspective into technology decisions earlier and  more consistently. With physician use of AI already up 78% from 2023, clinicians both want and deserve a larger role in shaping these conversations.

The value of clinical input
Health systems must engage across departments, from IT to executives and clinical teams, to deliver successful technology implementations. Nurses alone make up the largest segment of the healthcare workforce. Because clinicians directly experience the problems that many solutions aim to solve, they offer essential insights that should guide decision-making.

Cross-functional communication is equally critical. Open discussions about technology challenges and workflow pain points help to align around the shared goal of streamlining work so that providers can focus on patient care. These conversations also allow IT professionals to demonstrate the benefits of new tools early, reducing resistance and building confidence that the technology reflects clinicians’ needs.

Historically, clinicians have too often been excluded from these conversations, leading to painful rollouts, misaligned expectations, and limited influence over tools designed for them. Bringing the clinical voice to the table can change all of that.

Clinicians want to be more involved

Clinicians want to play a bigger role in healthcare technology decisions. Our 2025 Compass Survey shows that 85% of clinicians want more influence over software purchasing decisions, up from 72% last year and 51% in 2022. This trend shows that care teams no longer view technology and innovation as strictly an IT responsibility. They recognize the value technology brings to their daily work and to delivering optimal care.

IT and operations professionals also acknowledge the advantage that clinicians bring to these decisions. Both groups show increased interest in clinician involvement. This year’s survey found that 77% of operations leaders and 76% of IT teams actively seek clinician participation.

What’s next?

Organizations are seeking to implement technology that improves care delivery, including AI and scheduling tools. Ensuring that clinicians participate throughout the full implementation process prevents problematic deployments and increases ROI. As a former nursing leader at large health systems, I’ve seen the direct positive impact digital tools can have on clinicians, saving time, reducing stress, and ultimately improving the healthcare experience for patients.

We are in the midst of a clinical shortage, with the National Council of State Boards of Nursing reporting that 40% of RNs intend to leave the field in the next five years. Ensuring that clinical voices guide technology decisions can improve daily life for this workforce.

Strengthen alignment and communication

Healthcare leaders can take several approaches to address this issue. Teams should begin by aligning on central priorities across clinical and IT groups to foster communication and gain a better understanding of each other’s goals. While they may have different priorities, both sides share the guiding objective of improving patient care.

Leadership should demonstrate the value of technology upfront to strengthen clinicians’ trust. After facing so many initiatives that have not helped, clinicians need concrete examples of how new tools can make their jobs easier.

To increase clarity and confidence in new tools, leadership should also provide comprehensive training and education for the healthcare workers who will use them. This approach offers transparency and addresses change fatigue, helping differentiate new technology rollouts from earlier efforts that left clinicians burned out.

Opening the lines of communication in a continuous and intentional way can transform how systems operate. When leaders gather clinical input before decisions and continue the conversation post-rollout, they increase collaboration, elevate clinician voices, and improve the success of each initiative.

Learn from past experiences

To share a personal example, in a previous role I saw nurses become frustrated with a new AI tool because incoming messages disrupted their communication with other providers. A simple conversation could have revealed this problem sooner. But because consideration of ongoing feedback was not a part of the post-implementation plan, no one realized that the tool designed to help them was instead creating more work.

When healthcare organizations use these strategies and place greater value on the clinical experience, they create a culture of innovation and collaboration that increases enthusiasm for change and avoids overpromising and underdelivering.

Readers Write: Igniting Smart Strategy: Rationalizing Your Application Portfolio

Igniting Smart Strategy: Rationalizing Your Application Portfolio
By Amy Penning

Amy Penning is senior application analyst with CereCore.

The complexity of managing clinical, administrative, and operational applications in healthcare organizations continues to grow. While many large hospital systems have invested in robust programs to streamline their application portfolios, any health system that has undergone ownership changes, faced prolonged under resourcing, or shifted priorities grapples with technical debt and legacy systems that quietly drain resources and introduce risk.

Application rationalization is not just a cleanup task. It’s a strategy that can yield measurable operational and financial benefits, even without a large team to execute it.

Application portfolios in healthcare environments tend to grow over time as new needs emerge and priorities shift. Legacy systems, departmental tools, and redundant applications can quietly accumulate, while consolidation becomes more complex from mergers and acquisitions, creating technical debt and operational inefficiencies.

One regional health system uncovered over 700 applications, nearly triple their initial estimate, after a thorough inventory. The result? $17 million in savings in the first year and $72 million over five years, all without a massive team or predefined playbook.

While cost reduction is a compelling driver, the return on investment from AppRat extends far beyond the balance sheet. Healthcare leaders often delay AppRat due to competing priorities, perceived disruption, or lack of internal expertise, including rationalizing legacy systems that aren’t understood by anyone on the current team.

Rationalization efforts have led to a 30% reduction in IT support tickets, 20–25% improvements in clinical workflow efficiency, and enhanced data interoperability. These operational gains translate into better clinician experiences, faster decision-making, and ultimately, improved patient care.

The challenge often lies in knowing where to begin. Many organizations believe that they have a handle on their application inventory until they start digging and discover hidden redundancies, unsupported systems, data silos, and cybersecurity risks. Begin with a simple inventory and build from there, tailoring the approach to each organization’s unique bandwidth and priorities.

A phased assessment approach, starting with inventory validation and business function mapping, can uncover opportunities to reduce licensing costs, simplify workflows, and improve data governance.

Decommissioning a single application can bring significant savings and risk reduction. But application rationalization isn’t just an IT exercise; it supports the most strategic organizational goals. By consolidating systems and eliminating outdated platforms, healthcare providers can improve clinician experience, reduce login fatigue, and streamline training. Standardization enhances interoperability, supports regulatory compliance, and strengthens cybersecurity posture by reducing exposure to vulnerabilities in legacy systems. These improvements contribute to better patient care and operational resilience.

Importantly, the return on investment extends beyond direct cost savings. Rationalization efforts often lead to reductions in IT support tickets, improved onboarding processes, and enhanced clinical workflow efficiency. These outcomes translate into cost avoidance and increased capacity for innovation. Organizations can redirect resources toward strategic initiatives such as AI adoption, cloud migration, or digital transformation.

Success does not require an army. It requires a thoughtful, repeatable process. Engaging stakeholders across IT, clinical, finance, and compliance teams ensures that decisions are informed and aligned with organizational priorities. Leveraging existing tools and frameworks can accelerate progress and reduce the burden on internal staff. Whether starting with a simple assessment or building a full application lifecycle management program, the key is to embed rationalization into the fabric of IT operations.

For organizations without the bandwidth or specialized expertise to manage this work, partnering with a team that can both assess and execute is critical. That team can help health systems identify opportunities through structured assessments and then manage the legacy turndown process,  reducing risk, freeing resources, and creating a faster path to ROI so that teams can focus on strategic priorities like digital transformation and innovation.

Readers Write: HLTH: Healthcare’s Burning Man for the Well Funded

HLTH: Healthcare’s Burning Man for the Well Funded
By Anonymous

I’ve been around this industry for decades. I have to admit that I’m still trying to wrap my head around all these newfangled conferences like HLTH.

Back in my day, HIMSS was the gold standard. Everyone knew it, everyone went, and you could count on a certain level of professionalism.

HLTH, on the other hand, feels like it’s out of control. I remember when it started in 2018 as just a small gathering in Las Vegas. It has apparently ballooned to 12,000 attendees and 900 sponsors. I guess that’s progress, although I’m not sure it’s all for the better.

When I went to my first HLTH a couple of years back, I was struck by how different it felt. Most companies had the same booth size, so you would think the focus would be on substance. Still, there were a lot more “tech bros” than I’m used to, with lots of sneakers and puffer vests but not many suits. It was supposed to be about conversation and content. 

Now we have big booths with espresso machines and ice cream carts. Honestly, it felt more like a popularity contest. Maybe I’m old-fashioned, but I miss the days when people were more interested in building real relationships than just being seen.

HLTH also doesn’t seem to care much for academic rigor or peer review. At HIMSS, you could count on presentations that were vetted and at least acted like they had substance. At HLTH, it feels like speakers are chosen for how much noise they make online, not for what they actually have to say. Most presentations are just opinions and visions, not proven results.

I suppose HLTH never claimed to be academically rigorous. They say they are about “healthcare innovation and societal well-being,” whatever that means. I’ve always believed that lofty goals are fine, but in healthcare, you need something concrete. I’ve seen plenty of big companies come and go, thinking they could fix healthcare, only to leave with their tails between their legs.

There were some positives at the 2025 HLTH conference, such as Kroger and Walgreens giving flu shots. But I ran into plenty of vendors who couldn’t explain what they actually do. I even asked a CEO for a simple elevator pitch, and all I got in return was a finger pointing to an iPad and a questionnaire. If you ask me, that’s not a good sign. Nobody bothered to ask about my organization or my needs, even though I have buying authority.

This year, HLTH was crawling with so-called “influencers.” I’ll be honest, I don’t care much for that term. Most of these folks seem more interested in building their personal brands than in driving real innovation. Some have medical degrees but never finished residency or got board certified. They’re quick to share opinions on topics where they don’t have much expertise. Their LinkedIn profiles are full of adviser roles and startup credits, but it’s hard to tell if they have actually accomplished anything.

There was even a dust-up online about a group of “physician founders” flying to the conference on a private jet, courtesy of an anonymous sponsor. The LinkedIn post and group photo were deleted after some backlash, but it makes you wonder how many of these folks still practice medicine.

HLTH seems to encourage this influencer culture, handing out free passes if you agree to post about the conference nine times. You could spot them in the exhibit hall, always taking selfies and blocking the aisles. They even had their own lounge.

Another trend I just don’t get is all the rebranding. Companies spend a fortune changing logos and colors, then throw parties to celebrate. Wouldn’t that money be better spent on employees or helping out struggling healthcare organizations? HLTH is also the time for big corporate announcements, most of which don’t mean much once you read the fine print.

And don’t get me started on the entertainment. The opening event was at Topgolf, way off the strip, and you needed a shuttle to get there. It just reinforces the old “business is done on the golf course” mentality. The Industry Night at Drai’s Beach Club was another example of excess. I even witnessed some pretty bad behavior at the casino bars, stuff I thought we had moved past.

Sponsors also go overboard with their own parties. I got at least 20 emails inviting me to events, but most required a certain profile to attend. Sometimes you had to apply, and even then, you might get rejected or have your invitation rescinded at the last minute. That’s just bad manners and bad business.

I didn’t bother with the hosted buyer program, even though I’m a budget owner. From what I overheard, it’s basically speed dating for vendors, and I heard some complaints from vendors that the buyers they met with acted bored, as if they were just doing it for the discounted registration.

Bottom line: HLTH and vendors need to take a hard look in the mirror. It’s become too much of a party, with way too much extravagance. In a year when care delivery organizations are facing more uncompensated care and cuts to Medicare and Medicaid, all this glitz just feels out of touch.

I will run pieces whose author prefers to remain anonymous, although they must submit it to me under their real name so I can check for credibility and conflict of interest.

Readers Write: The Six Rights of Clinical Decision Support at the Dawn of the AI Era

The Six Rights of Clinical Decision Support at the Dawn of the AI Era
By Steve Miller, MD

Steve Miller, MD, MBE is clinical solutions architect at FDB.

Clinical decision support (CDS) embedded in the electronic health record (EHR) has demonstrated impressive benefits for patient outcomes, particularly through medication alerts in Computerized Provider Order Entry. CDS helps prevent millions of medical errors per year. Yet the potential of CDS remains under-realized due to poor usability, misalignment with clinical and institutional goals, and its contribution to clinician burnout.

We are at the dawn of a new era in CDS, where we can realize the promise of enhanced care and financial outcomes simultaneously to the empowerment of clinicians.

Effective clinical decision support depends on meeting the Five Rights: delivering the right information, to the right person, in the right format, through the right channel, and at the right time.

Too often many CDS systems still fall short: interrupting workflows, triggering at the wrong moment, or lacking the specificity that is needed to earn clinician trust. High false-positive rates lead to reflexive overrides, eroding confidence and sometimes putting patients at risk. It’s time to evolve the framework.

I propose a sixth right: the right purpose: designing CDS with clearly defined, measurable benefits.

When interventions lack purpose or a defined return on investment, even well-built tools can fail to deliver value. As hospitals face tighter budgets and mounting pressure to improve outcomes, advances in interoperability and artificial intelligence (AI), including large language models (LLMs), offer a new path to achieving all Six Rights.

Workflow Integration: Right Person, Format, Channel, and Time

Consider a common scenario. Dr. Smith, on inpatient rounds, discusses starting spironolactone with 80-year-old Mr. Richards, who has heart failure. After researching the dose, she signs the order and is immediately interrupted by an alert flagging the drug as potentially unsafe for older adults. The decision has already been made. She is annoyed, overrides the alert, and moves on.

Now imagine a near-future alternative. An AI-powered ambient listening tool transcribes and interprets the conversation in real time. As spironolactone is mentioned, a message appears on screen with safety concerns specific to Mr. Richards in his current clinical context, a patient education prompt, alternative options, and a preselected dose. The information is timely and useful, supporting rather than  disrupting shared decision-making.

Context-specific decision support could also surface during pharmacist verification, admission medication reconciliation, or through patient-facing bots. Interruptive alerts at order signature are fading. Smarter systems will deliver guidance at the right moment. They will also reduce the amount of time physicians would otherwise have to spend looking up information, such as lab values that are relevant for a specific drug.

Personalization: Right Information

Let’s revisit Mr. Richards. His heart failure has impaired his kidneys and his potassium is dangerously elevated. This places him at risk for arrhythmia if prescribed spironolactone, yet no alert fires. Dr. Smith misses this lab result, placing the patient in danger.

Now imagine a CDS module that detects elevated potassium and correlates it with spironolactone, firing only when truly relevant. Dr. Smith receives fewer alerts, but each one matters. This precision support, with both low false positives and false negatives, is achievable today using interoperable systems and standardized data.

Beyond labs, decision support can incorporate genetic tests, imaging, pathology, and patient-reported outcomes. AI can convert notes and conversations into structured insights that power a new generation of CDS that is accurate, timely, and personalized.

Return on Investment: Right Purpose

Right purpose means aligning CDS with institutional and societal goals. Tools that serve mission-critical needs, and the other five rights, drive adoption.

Back to our case. Budget cuts force the hospital to reassign pharmacists from the wards. Without human backup, prescribing errors could rise. But with AI-enhanced CDS, the computer system helps the clinical team catch errors and find opportunities to enhance care once identified by pharmacists. Rather than replacing clinicians, CDS amplifies their capabilities, delivering cost savings without compromising care.

AI could also accelerate this shift in two ways. First, AI-assisted development could speed the creation of CDS modules, enabling access to high quality and purpose-built decision support. Second, AI-powered analytics could allow hospitals to evaluate CDS performance in real time, measuring clinical and financial impact and refining systems.

A Pivotal Moment

The current moment in healthcare is one of great challenges and great possibilities. Advances in AI, data standards, and clinical messaging combine with economic pressures to fuel a necessary evolution. The future of CDS is personalized, context-aware, and results-driven. By honoring the original Five Rights, and adding a sixth of Right Purpose, we can ensure that CDS not only guides decisions, but also advances care, supports clinicians, and justifies itself in a resource-constrained world.

Readers Write: From Hype to Headache: The Truth About Ambient Listening

From Hype to Headache: The Truth About Ambient Listening
By Jay Anders, MD and Jeanne Armstrong, MD

Jay Anders, MD, MS is chief medical officer at Medicomp Systems. Jeanne Armstrong, MD is chief medical officer at TouchWorks, Altera Digital Health.

Like prospectors flocking to California in the mid-1800s, hospitals and health systems today are hitching their wagons to AI-powered ambient listening tools in hopes of making their documentation dreams come true.

The attraction is understandable: the power to automatically capture physician-patient conversations and turn them into clinical notes could significantly reduce documentation burden, let clinicians focus on patients, and create a better experience for everyone.

However, as with most gold mining and health tech fantasies, the reality is more complicated. Without the right safeguards, context, and clinical framework, ambient listening risks producing incomplete, inaccurate, or unusable notes. At best, that leaves physicians editing more than they save. At worst, it could compromise patient safety, billing, and care quality.

Transcript 2.0

Every clinician understands the appeal of eliminating clicks and keystrokes. Documentation has become an enormous burden, with 92% of physicians reporting that it negatively impacts care.

Ambient listening promises to capture everything that is said in the exam room, generate a structured note, and let the physician simply review and sign. But as many early adopters have discovered, the first pass is not always the last pass.

Even with high accuracy, the challenge lies in context. If a patient says, “I use my inhaler every morning,” is that a daily maintenance medication or a rescue treatment? If the system places a counseling conversation into the wrong section of the chart, the clinical meaning changes. Physicians cannot uncritically trust the transcript; they must still review and often edit.

Ambient listening certainly removes typing, but it does not solve the core problem of ensuring that documentation is clinically meaningful. This dilemma was echoed recently by the healthcare technology experts at KLAS, specifically:

Our findings show that free text alone will not deliver the outcomes providers expect,” said Mac Boyter, research director at KLAS Research. “For ambient listening to support quality measures, billing, and interoperability, it must generate discrete, structured data—not just nicely formatted notes.

Why context matters

Experienced clinicians know how to ask the right follow-up questions to surface information that patients may not volunteer. They also know which details belong in the history versus the plan and how to translate medical jargon into patient-friendly explanations. An ambient listening system, no matter how advanced, lacks that judgment unless it is anchored by a medical knowledge framework.

That framework provides the “dictionary” against which the AI can validate what it hears. Without it, the risk of hallucinations or misplaced details remains. With it, ambient listening can be constrained, guided, and made more reliable. Context is not a nice-to-have. It is essential to ensure that the note accurately reflects both the clinical encounter and the physician’s intent.

Structured data, not just free text

Another major limitation of most ambient listening solutions is that they generate free text. Even when formatted with section headers, free text is not structured, codified data. It cannot directly feed decision support systems, quality measure databases, or billing workflows.

For example, if a patient’s family history of diabetes is captured only as text, it does not generate a SNOMED code. Downstream systems cannot act on it. Clinicians end up with a nice-looking note that remains invisible to analytics, risk adjustment, and interoperability.

To avoid this pitfall, ambient listening must be paired with technology that converts narrative into discrete, computable data. This makes the output both readable and actionable, while supporting regulatory compliance, coding, and care coordination.

What to look for

Health systems evaluating ambient listening should demand more than transcription and data entry. They should ask:

• Does the system validate documentation against a trusted, clinically referenced framework that is transparent?
• Does it generate codified, structured data that supports billing, quality measures, and decision support?
• Does it give physicians flexibility to toggle between listening, templates, and macros depending on the visit type?
• Does it improve the completeness and accuracy of notes, not just their length?

The answers to these questions will determine whether ambient listening becomes a meaningful advance in healthcare IT or just another short-lived fad.

Help over hype

Ambient listening can make documentation more efficient, but it is not a panacea. Without the right foundation, it risks adding a new layer of complexity instead of solving the problem. To fulfill its promise, ambient listening must be paired with systems that provide medical context, structured data, and clinical relevance.

Again, KLAS’s Mac Boyter reported that its research shows that providers are “looking beyond convenience—they want ambient tools that deliver structured, codified output. Without discrete data, the note is unusable for billing, quality measures, and decision support. Ambient listening is most impactful when it produces information that downstream systems can act on.”

In other words: do not be distracted by the hype. Ambient listening alone is not enough.

Readers Write: For Better Member Engagement, Talk to a Human

For Better Member Engagement, Talk to a Human
By Kevin M. Healy

Kevin M. Healy is CEO of ReferWell.

The healthcare industry is experiencing a digital gold rush. AI platforms are everywhere, offering innovative promises to change how we engage with members for the better. From chatbots to automated outreach tools, the future is fast, efficient, and increasingly faceless.

The issue that many people aren’t discussing is that while these tools offer a quick, and seemingly intelligent, alternative to direct outreach, people are not responding to it. 

Despite the excitement around AI and automation, the majority of healthcare appointments are still made over the phone. Not through an app or  chatbot, but a phone call, often with another human being, because healthcare is personal.

Research shows that 84% of healthcare consumers identified communication quality as a crucial factor in their overall patient experience. When someone needs help navigating the system, whether it’s finding a doctor, scheduling a mammogram, or understanding their benefits, they want to talk to someone who listens and knows their needs, not an AI bot that doesn’t truly understand the emotions that can come with complex healthcare decisions.

Digital tools have their place. Text reminders and emails can be helpful for tech-savvy members, and portals are a fantastic tool for direct follow-up questions with your provider or to reference after visit summary notes.

However, when it comes to driving action, such as actually getting people to the doctor, technology alone rarely moves the needle. A generic text cannot reassure someone who is anxious about an upcoming procedure. A portal doesn’t know if your insurance covers the provider you need to see. Instead, a phone call from a trained care navigator who speaks the member’s preferred language, understands their needs, and respects their time can make the difference.

A study conducted at the University of Alabama’s Patient Care Connect program found that 83% of patients were satisfied or very satisfied with assistance provided by care navigators, and an impressive 90% recommended the program to others. These human connections are more than feel-good anecdotes. They are proven strategies for increasing show rates, improving outcomes, and reducing care gaps.

This isn’t just a rejection of technology. It’s a reminder that we’re in the business of human health. AI can support and inform engagement efforts. It can help us identify the right people to reach and the right time to call, but it shouldn’t replace the human voice at the heart of care.

Let’s build smarter systems that elevate empathy, not eliminate it. Let’s use AI to empower human outreach, not sideline it. Let’s stop mistaking automation for connection. Because when it comes to getting someone to take that critical step, to schedule the appointment, show up, ask the hard question, and take control of their health, a conversation still works better than an algorithm.

Readers Write: Realizing the Value of AI Starts With Data Governance and Leadership Support

Realizing the Value of AI Starts With Data Governance and Leadership Support
By Mark Leifer

Mark Leifer is data and analytics manager for Tegria.

AI dominates healthcare conversations. Vendors are knocking. Leadership is pressured to act. Pilots are sprouting across the industry. EHR vendors like Epic, Meditech, and Oracle are rolling out exciting AI tools that are embedded directly into their platforms.

Whether your organization is adopting those EHR-native tools or building a custom solution, one thing is clear: data governance is foundational.

Amid the AI buzz, many health systems remain stuck in the proof-of-concept phase, unable to scale or sustain results. Gartner reports that by 2027, 60% of organizations will fail to achieve the full value of their AI initiatives due to poor data governance.

In my experience, this isn’t a technology failure. It’s because the organization isn’t ready, and leadership hasn’t made data governance a priority.

Without Governance, AI Can’t Deliver Results

Imagine your organization rolls out a shiny new AI tool for clinical decision support. The logic is sound. It integrates with the EHR and the demo wowed the C-suite. But six months in, utilization is low, analysts distrust the data, and compliance wants to know who approved it.

This isn’t hypothetical. In fact, it’s a common pattern. AI stalls not because the tech fails, but because data governance was never embedded in the foundation. Behind that missing foundation is a lack of executive sponsorship.

Governance Needs a Seat at the Leadership Table

If AI is going to succeed in healthcare, data governance can’t live in the shadows. It needs executive backing, visibility, and resources.

Once an organization sets clear, business-aligned goals for data and AI, the next most important success factor is strong executive sponsorship. Ideally, that sponsor is someone with a C-level title — like a CIO, CMIO, or chief data officer — who can connect the dots between business strategy and the operational work of governance.

Modern data governance should emphasize accountability, clear decision-making authority, cultural alignment, and measurable outcomes rather than focusing solely on control. Executive sponsors are critical to bridging those priorities across business and IT. Their role is not to manage the day-to-day, but to model support, prioritize funding, and align governance with organizational goals.

When leaders show up to governance councils, reference it in strategy discussions, and reward good data practices, the signal is clear: This matters.

Culture, Not Control, Is the Real Barrier

Governance must move from fixing data to enabling confident use of data across the enterprise, from “AI as a cool tool” to “AI as a governed system.” Developing a strong data culture happens through modeling, incentives, and stewardship that’s embedded into real workflows. Without that cultural groundwork, even well-designed AI tools will flounder. Teams won’t know who owns the data. Trust will be low. People won’t feel confident using the outputs. Worse, they may not feel safe raising concerns when something looks off.

Build a Coalition, Not a Silo

Executive sponsorship is step one. Step two is building a data governance coalition that spans departments. This coalition — ideally a formal data governance committee — should include IT, clinical leadership, compliance, operations, and analytics. Too often, these groups are working in silos. This structure ensures that governance is positioned as a value enabler and a risk mitigator for AI adoption, rather than bureaucracy.

When it comes to AI, the governance committee should help define approval processes, monitor model performance, and ask questions about transparency, bias, and explainability. But they should also help build buy-in, provide feedback loops, and support training across the organization.

Is Your Culture Ready for AI?

Here are four signs that it may not be:

• No one can clearly answer who owns governance for AI tools.
• A promising AI pilot was shelved due to unclear accountability or lack of trust.
• Data decisions are made in silos or based on influence, not strategy.
• Governance is viewed as red tape, not a strategic capability.

If these sound familiar, you have work to do, but these are fixable problems.

Three Practical Moves To Build Executive-Led Data Governance

If your organization wants better AI outcomes, here’s what I recommend:

1. Appoint a C-level sponsor for governance and AI readiness. This person should connect governance to business strategy. Not manage the weeds, but advocate visibly and consistently.
2. Stand up a formal data governance committee that includes stakeholders from across the organization. Give it real authority, diverse voices, and a regular meeting cadence.
3. Make cultural change part of the plan. Train people, talk about successes, and share stories where good governance led to better outcomes. Help teams see data governance as something that supports their work, not slows it down.

Final Thought

AI won’t transform healthcare if we treat it like a series of disconnected tech pilots. It must be guided by strategy, grounded in governance, and shaped by people who understand the intersection of data, operations, and clinical care. That kind of alignment demands executive leadership, cultural change, and above all, trust. And trust begins with governance.

Readers Write: Innovate Responsibly – Cutting Through the Hype of Generative AI in Healthcare

Innovate Responsibly – Cutting Through the Hype of Generative AI in Healthcare
By Holly Urban, MD

Holly Urban, MD, MBA is VP of business development for Wolters Kluwer Health.

In the fast-moving world of generative AI (GenAI), it’s easy to get caught up in the allure of shiny new technologies in healthcare. But we can’t let hype alone outpace responsibility. GenAI’s strengths quickly turn into weaknesses if we deploy GenAI in clinical care without carefully vetting it first.

The Shiny Object Dilemma

The healthcare technology market has become flooded with flashy new tools and solutions. According to Deloitte, 75% of leading healthcare companies are already experimenting with GenAI, and our research shows that nearly three-quarters of healthcare professionals recognize the potential of technology like GenAI in aiding professional development, clinical training, and efficiency.

Still, experimentation doesn’t always equate to readiness. What we should be looking at — and answering — is whether GenAI is capable of solving today’s most pressing challenges.

The key to healthcare innovation starts with creating impactful technology and fostering an environment for clinicians and their patients to thrive. That’s only possible by aligning technology with the real needs of healthcare professionals, the patients they’re serving, and demonstrating the return on investment (ROI) in clinical and financial outcomes.

Rolling out new GenAI should be about matching the problems with the right technology. For example, 60% of healthcare professionals believe that GenAI can improve the patient experience, and 41% think that ambient listening capabilities will enrich patient-provider relationships.

Ambient documentation is a prime example of where GenAI is making a significant impact by alleviating one of healthcare’s biggest challenges in a low-risk domain. It can save clinicians hours each week by creating clear and actionable patient summaries, and there’s an incredible opportunity to integrate clinical decision support and revenue cycle into these workflows.

Balancing Hype with Safety

As GenAI gains traction throughout healthcare, risks persist, particularly as GenAI approaches the actual patient and directly impacts their care. One area of concern among healthcare professionals is the overreliance on GenAI. In fact, a preliminary study from MIT explored how GenAI alters the brain’s ability to process information, leading to impaired learning and retention.  

As great as GenAI is at generating content and creating patient summaries in seconds, it’s also capable of hallucinating with complete confidence in the same amount of time. What’s more problematic is the inability to distinguish hallucinations from reality. One study found that up to 45% of residents do not detect hallucinations accurately.

The likes of ChatGPT may perform well on a medical exam or when diagnosing textbook clinical vignettes, but real-world patient care can be far more complex and unpredictable. Patients expect their clinicians to make error-free decisions using trustworthy evidence, not guesswork, to ensure the best possible outcomes.

It’s easy for LLMs to be unaware of clinical context and fail to ask important questions before delivering diagnostic and treatment recommendations when they aren’t held to a gold standard of evidence. LLMs can fail to admit they’re wrong and may lead a clinician down the wrong path if it’s not caught early on.

For example, if you’re treating a patient with a urinary tract infection who is allergic to penicillin, an LLM will likely recommend prescribing fluoroquinolones, which is typically the right course of action. However, if it is not trained to ask if the patient is pregnant, fluoroquinolones could cause a harmful drug reaction in the patient and the fetus.

Real-world concerns can come with severe consequences. GenAI must be fully ready for every clinical application and grounded in rigorously reviewed evidence-based content before doctors rely on it to aid in clinical decision-making.

Making GenAI Responsible for Healthcare

Organizations are beginning to take the lead in building robust AI governance to ensure the safe and responsible use of GenAI at their institutions, as the technology is currently advancing faster than the oversight.

It’s important to learn to walk before you sprint. We’re seeing benefits from gradual rollouts, pilot programs, and industry consortiums offering quality assurance resources for clinical AI. Collaborations are crucial to working towards the same goal of seamless integration and avoiding disruptions or costly errors.

Ultimately, the most effective GenAI tools in healthcare will remove, not add, another layer of complexity to practicing medicine. Our efforts should be grounded in restoring joy to healthcare through the simplification of processes. Patient encounters should focus on care, not on clinicians spending valuable time searching for information.

GenAI offers an incredible opportunity to eliminate friction and accelerate access to the right information at the right time, when clinicians need it. At the end of the day, technology should be an enabler, not a barrier, to delivering the best possible care.

Readers Write: Healthcare Search Strategy Needs a Reboot

Healthcare Search Strategy Needs a Reboot
By Harsh Bhatt

Harsh Bhatt is  executive director of AI and analytics at Praia Health.

With policy changes out of Washington impacting reimbursements, the need for health systems to attract and retain commercially insured patients will become critical. These patients are not only the most profitable, but also the most digitally savvy and the most likely to comparison shop for care.

Health systems have invested years and millions of dollars building digital front doors and acquisition funnels to capture these patients. Unfortunately, those once-proven funnels are quietly eroding beneath the surface, disrupted by something few health systems have yet to account for: AI-powered search.

Despite continued investment in SEO and content creation, leading health systems are seeing a 10% or greater decline in search traffic, even while maintaining high search rankings. AI-powered answers and summaries are increasingly satisfying patient questions at the top of the results page, leaving no need for them to click through to their local health system’s website.

Patients are still searching, but fewer are actually reaching a health system’s digital front door. Since the launch of these AI-powered features, click-through rates from search have dropped by more than 30% across industries.

The problem isn’t just visibility; it’s redistribution. Generative AI tools are favoring national brands like Cleveland Clinic, Mayo Clinic, and Johns Hopkins, as well as commercial providers like Amazon and Teladoc. These entities aren’t winning traffic solely because of name recognition. They are winning because their content is structured for machine readability and optimized for citation by generative algorithms.

This is a fundamental shift. Most patients no longer begin their digital care journey on a health system home page or even a service line page. Increasingly, they begin, and often end, their journey with a generative answer.

To stay competitive, health systems must reimagine not just how they drive traffic, but how they capture and convert it. Traditional SEO is no longer enough. The new frontier is Answer Engine Optimization (AEO) and Generative Engine Optimization (GEO), strategies that organize content in conversational Q&A formats, use structured data and schema markup, and position information to be picked up by AI-driven search experiences.

But even if that click is won, the digital journey can’t end at a static landing page. Unless the next step is personalized, immediate, and intuitive, the opportunity to engage that patient disappears. Health systems need to have intuitive consumer identity and experience on-ramps embedded throughout their digital properties.

Every visitor is more valuable than ever. Health systems must deliver personalized, logged-in experiences that build loyalty and drive retention. When a patient lands on a site, the experience should adapt to who they are, what they need, and how they prefer to engage. Guided navigation, tailored service recommendations, and contextual digital support aren’t just nice-to-haves – they are required to reduce friction and move people closer to care.

Search isn’t dying, but the way patients use it is changing fast. The digital strategies that worked even two years ago are no longer sufficient. Health systems must pivot quickly to remain discoverable, credible, and competitive in the AI-shaped search landscape.

Readers Write: Self-Service in Health IT: More than a Fancy Kiosk

Self-Service in Health IT: More than a Fancy Kiosk
By Sriram Devarakonda

Sriram Devarakonda, MSEE is CTO at Cardamom.

Self-service first emerged in the consumer space, where it was designed to offer a frictionless, user-controlled experience. Whether buying a soda from a vending machine, ordering a burger at a kiosk, or depositing a check via mobile app, self-service is no longer a novelty — it’s an expectation.

The goal? Empower customers with speed and convenience, while still providing the right guardrails.

In health IT, self-service started gaining traction in the early 1990s, as support demand quickly outpaced available resources. Early implementations focused on handling low-complexity tasks like password resets, login issues, and access to knowledge articles.

Today, self-service goes far beyond troubleshooting. Users expect more sophisticated, cognitive tasks, such as exploring data, generating ad-hoc reports, and deriving meaningful insights, all without having to file a ticket. Yet despite the strategic focus placed on self-service across industries, sustainable, impactful adoption in healthcare remains rare.

What separates organizations that succeed with self-service from those that struggle?

Let’s go back to the burger analogy. Why might a customer avoid using a self-service kiosk?

• The interface isn’t intuitive.
• It doesn’t allow for customization (no pickles, extra cheese?).
• It doesn’t support their preferred payment method.
• Most importantly: if the kiosk gets the order wrong, that customer probably won’t use it again. If the burger itself is bad, they may never return to the restaurant, which is a different, but equally important, problem.

Now, apply that thinking to self-service reporting in healthcare. The stakes are higher, and the choices are rarely as simple as picking from a preset menu. Success requires more than just implementing a tool. It demands the right mix of people, processes, and technologies to ensure that the information that is being served is accurate, actionable, and tailored to the user.

Here’s what that takes:

A deep understanding of users and use cases.

A care manager may need a quick list of patients for outreach. An ED director may be focused on real-time throughput. These are vastly different needs, both in purpose and in technical complexity. And that’s just two personas. Most healthcare systems support dozens more, each with their own complexities and needs.

Strong data governance

Certified, approved definitions help avoid inconsistent or misleading data. It’s the difference between ordering a Big Mac and ending up with a plain hamburger.

Rigorous validation processes

Just as restaurants test new menu items before launch, healthcare solutions should be reviewed by cross-functional teams — including clinical, technical, and operational experts — to ensure accuracy and trust.

A long-term mindset

Self-service is not a one-and-done implementation. It’s a journey that evolves with user maturity, system capabilities, and data maturity.

Robust user enablement

Even the best tools fall flat without support. Users need training, ongoing coaching, and a clear path for feedback and escalation.

Clear, meaningful measurement

Success should be tracked through real adoption, demonstrated value, and a measurable reduction in support tickets for routine issues.

Accessible, intuitive technology
The best self-service tools are invisible — seamless, simple, and always available when users need them. 

When executed effectively, self-service doesn’t just reduce dependency on IT teams. It empowers frontline users to make faster, more informed decisions. It builds trust. It turns skeptics into advocates.
But success isn’t a matter of flashy platforms. It requires a service-oriented mindset, one that is grounded in empathy, clarity, and commitment to getting it right.

Readers Write: Innovating the Consumer Experience Beyond the EMR with Open Standards

Innovating the Consumer Experience Beyond the EMR with Open Standards
By Robin Monks

Robin Monks is EVP of technology at Praia Health

Patients – and potential patients — expect seamless digital experiences. They’re getting them every day from their social media, retail, and banking apps. The difference in user experience between viewing a credit card statement and a healthcare bill is obvious – and shocking. At the same time, the costs of fragmented, proprietary systems for health systems are becoming unsustainable.

While we’ve seen progress in allowing patients access to more of their data, we’re just scratching the surface on data access and have yet to make inroads into data actionability. The lack of open standard adoption inflates integration costs, stifles innovation, and limits the true potential of digital health.

This challenge was the focus of our recent HIStalk webinar, “Innovating the Consumer Experience Beyond the EMR with Open Standards,” where fellow industry leaders and I explored the transformative power of open standards in healthcare. I was joined by Ryan Howells, principal at Leavitt Partners and program manager of The CARIN Alliance; David LaBine, vice president of software engineering at Providence 4SITE; and Kristen Valdes, CEO of b.well Connected Health.

We emphasized that open standards — such as OIDC (OpenID Connect) and HL7 FHIR (Fast Healthcare Interoperability Resources) — along with broader open technology requirements are creating dramatic ROI where they’ve been deployed. They are strategic enablers that can dramatically reduce the burdens associated with integrations, data migrations, and workflow adjustments across the healthcare ecosystem.

These standards offer more than just future flexibility. They deliver immediate ROI by accelerating development timelines, minimizing rework, and significantly lowering long-term maintenance expenses. Every closed integration implemented today represents a missed opportunity to operate with greater speed, intelligence, and efficiency.

A key takeaway from our discussion was the critical role of open standards in fostering a truly patient-centric approach. The current landscape often forces individuals to navigate a labyrinth of disparate patient portals, each with its own login and limited data access. This creates significant friction and can even impede access to life-saving information, particularly for those managing complex or rare diseases. By adopting open standards for identity and data exchange, health systems can streamline patient access, improve engagement, and build stronger, more trusting relationships.

Our conversation also delved into the tangible business case for open standards, moving beyond mere compliance. By standardizing data exchange and identity management, organizations can reduce technology costs, automate manual tasks, and unlock entirely new business models. Examples shared included double-digit increases in lab completion rates and cash collection for health systems that have embraced open identity solutions. The ability to connect disparate data sources, from clinical notes to wearable device data, allows for a more holistic view of the patient that enables proactive care and improved outcomes.

We underscored the importance of leveraging established global standards from other industries. The financial sector, for instance, has long utilized open standards for seamless and secure transactions, demonstrating that these are solved problems that healthcare can readily adopt. This approach avoids the costly and inefficient creation of bespoke solutions, allowing resources to be redirected towards actual patient care and innovation.

For healthcare executives and developers who are looking to initiate this transition, the advice is clear. Identify areas where fragmented patient experiences and data silos create friction and cost. Assess how many applications are isolated due to proprietary identity systems.

The potential for double-digit increases in patient engagement and operational efficiency makes a compelling argument for investment. Advocates for this shift are often found among chief digital officers and transformation leaders who recognize the need for a broader, integrated ecosystem of applications.

A practical roadmap for open standards implementation involves a strategic, incremental approach. This includes auditing systems to understand existing data flows and identity challenges, developing a clear vision for interoperability, and creating cross-functional teams dedicated to this transformation.

Open standards are available for immediate adoption. Organizations do not need to wait for mandates or rely on proprietary vendor roadmaps. But adoption requires that vendors be held to open standards when evaluating solutions and during each renewal cycle. By actively engaging with collaborative initiatives and embracing these open frameworks, healthcare stakeholders can collectively drive innovation, enhance patient loyalty, and build a more efficient and effective system for everyone.

The time to act is now. The industry must move from business-to-business data exchange to truly individual-centered care.

Readers Write: The Multi-Million Dollar Transformation Opportunity Healthcare Loves to Hate: Application Rationalization

The Multi-Million Dollar Transformation Opportunity Healthcare Loves to Hate: Application Rationalization
By Amy Penning

Amy Penning is senior application analyst at CereCore.

Rationalize your applications, they say. It will lead to cost savings, streamline your portfolio, and release resources for innovation and technological advancement.

So why do we groan at the idea of starting an application rationalization effort? Immediate reactions to AppRat, as it is commonly called, are often due to the complexity of the work and lack of employee bandwidth to complete the work thoroughly. AppRat is often deemed a “not now, but maybe later” task that is driven by bigger strategic moves like M&A, cloud migration, and EHR implementations, further complicating these mission imperatives, adding to their timelines, and increasing their cost.

Consider these points about all there is to gain from having full visibility into your application portfolio before, rather than during, another strategic undertaking at your organization.

Application Sprawl is Expensive and Risky

Over time, even the most well-managed IT environments accumulate technical debt. Siloed purchasing, legacy systems, and shadow IT can create a bloated application portfolio that could:

• Drain IT support resources.
• Increase cybersecurity risk.
• Inflate licensing and maintenance costs.
• Complicate integration and data governance.
• Impact patient safety.

Application sprawl quietly erodes operational efficiency and financial flexibility, with the most significant impact observed at small to mid-sized hospital systems. However, application rationalization as a strategic lever introduces efficiencies through the elimination of overspending on resources and duplicated functionality.

Why AppRat Is a Strategic Lever, Not Just Cleanup

Too often, we think of AppRat as a “someday” project, something to tackle after the dust settles from a major initiative. But done right, it can:

• Fund transformation by freeing up capital that is tied to redundant or underused systems.
• Accelerate innovation by simplifying the IT landscape and enabling faster adoption of technology.
• Improve clinician experience by reducing system fragmentation and login fatigue.
• Streamline training and support by setting up your organization with enterprise standards versus siloed applications.
• Strengthen security posture by eliminating outdated or unsupported applications.

AppRat’s Anticipated Impact on Operations

I have led programs that decommissioned as many as 30% of an organization’s applications over five years, resulting in savings of as much as $70M. Given the value of resources that can be redirected to patient care, staff development, and digital innovation, the potential impact of an AppRat initiative is even higher.

Timing Is Everything, But So Is Framing the Purpose and Value of AppRat

Timing matters. No one wants to launch AppRat during a go-live or construction phase. But waiting for the perfect time often means that it never happens. 

Instead, organizations should reframe AppRat as a foundational part of transformation, not a follow-up act. AppRat should be a thoughtful, repeatable process that is embedded in the planning phase of any major initiative, not left for the post-project cleanup crew. 

Use Industry Tools Instead of Devising Your Own AppRat Approach

Leverage the findings and tools of those who have done the work before you. The CIO Council’s The Application Rationalization Playbook is available as a free download. It’s a great starting point to understanding methodology

Final Thought: Rationalization Is Essential

Application rationalization should become a regularly performed assessment of your overall application portfolio. It is never finished, but it is foundational. Start your organization’s next major technology innovation or change with full transparency into your organization’s IT costs and cost of ownership by conducting AppRat before it even starts.

Readers Write: Modernizing Healthcare’s Third-Party Risk Approach

Modernizing Healthcare’s Third-Party Risk Approach
By Ryan Redman, JD

Ryan Redman, JD is product manager of marketing at Onspring.

Oracle Health’s announcement of its second data cyber incident in March of this year shocked healthcare providers and customers. Even more alarming was the specific data was impacted that is housed in its legacy cloud infrastructure.

According to publicly available information, approximately 6 million records containing protected health information (PHI) were likely compromised despite Oracle’s attempts to downplay the severity of the potential compromise. The repercussions left hospitals struggling to identify exposed data as the incident reminded compliance officers of the challenge of considering all data outside of centralized oversight, including legacy infrastructures, when accounting for third-party risk.

Many of these healthcare compliance professionals must rely on third-party risk strategies with limited visibility into the many networks of contractors, partners, and hosted environments that they are tasked with managing. Beyond compromising legacy infrastructure data, Oracle’s cyber incidents exposed the damaging compliance gap in how healthcare organizations manage third-party relationships. Healthcare compliance teams must adopt real-time, integrated GRC tools that boost visibility, reduce manual work, and enable proactive risk response to close this gap and protect their data.

The Hidden Dangers of Legacy Infrastructure and Outdated Third-Party Risk Strategies

It’s easy for legacy systems to fall by the wayside within healthcare’s intricate network of active systems that span internal platforms, external platforms, and cloud-hosted data. Using third parties only heightens critical risks. In Oracle’s case, the servers had not yet fully migrated to the company’s new environment, leading attackers to exploit compromised credentials to access those systems. Teams overlooked what appeared to be outdated, dormant infrastructures. Bad actors accessed sensitive data, and traditional assessment methods were unable to detect this risk.

Healthcare organizations face serious compliance consequences when third parties fail to safeguard patient data, whether due to misconfigured access, missed vulnerabilities, or neglected systems. In 2024, the healthcare sector emerged as the most targeted industry for data breaches, proving that third-party risk assessments are not cutting it. Often only conducted periodically and involving emailed surveys, spreadsheets, and disconnected records, these assessments result in hours of manual work and provide a limited, static view of risk. Outdated methods fail to catch emerging vulnerabilities in legacy systems over time. Risks often materialize by the time the next scheduled compliance review comes, meaning sensitive data has already been exposed.

Five Essential Steps to Improve Compliance Oversight

Healthcare organizations must take action to strengthen their third-party risk posture, and the following actions can help turn policy into practice.

• Create a single source of truth for evidence and documentation. A secure, centralized repository ensures that materials that are relevant to organizational compliance are version-controlled and always accessible.
• Track and classify third-party integrations and engagements. Different use cases with the same third parties can carry varying levels of risk. A clear inventory with engagement-level context supports more accurate classification and visibility.
• Automate risk scoring and review cycles. Configurable scoring models based on regulatory frameworks allow compliance professionals to consistently assess third-party risk without manual intake processes.
• Move from periodic reviews to continuous oversight. Periodic reviews leave critical gaps in risk oversight. Real-time alerts through continuous monitoring flag when risk scores increase with new findings.
• Develop response plans for third-party risk. Organizations must regularly test even the most comprehensive risk programs through tabletop exercises or simulations.

Ultimately, maintaining trust is vital to compliance, and losing it comes at too high a cost.