OpenAI announces ChatGPT Health, which supports health conversations with encryption, isolation from model training, and connectivity to wellness and medical records applications such as Apple Health and MyFitnessPal.
OpenAI reports that 40 million people use ChatGPT each day for health information. Users ask it to help them decipher medical bills, spot charging errors, file insurance appeals, and in some cases diagnose conditions or manage their care. Seventy percent of those conversations take place outside normal clinic hours. The company also cites reports that nearly half of US nurses use AI weekly.
A Wall Street Journal analysis finds that 27% of US health systems are paying for AI tool licenses, triple the average across industries. The strongest results come from labor heavy administrative work such as note taking, triaging patient calls, and processing insurance claims. A health system found that its use of an Epic tool to manage denials reduced the labor required by 23% and increased the percentage of overturned denials. However, the report adds that Mount Sinai halted its use of Epic’s draft reply tool for patient messages after physicians said that its output required excessive rewriting and sometimes contained questionable information.
Utah launches a pilot to allow AI technology from Doctronic to autonomously manage prescription refills for 190 common medications. The company also markets a free chatbot that assesses systems, offers guidance, and then offers to connect users with virtual providers for a $39 virtual consultation. The goal is to reduce primary care wait times, but medical groups warn that physician oversight is needed. The FDA has not reviewed the automation process and could impose regulations on its use.
The FDA will step back from regulating low-risk wellness technologies, including fitness apps and activity trackers. Products that only share information won’t need clearance as long as companies avoid making medical claims.
CVS Health highlights technology, including AI, as central to its strategy. It has rolled out an AI-first consumer engagement platform across CVS Pharmacy, Caremark, Aetna, and its care delivery units to support prescription, benefit, and care navigation. The company suggests it may eventually offer parts of the platform to outside customers.
Researchers develop SleepFM, an AI tool that can predict 130 disease categories using only data from polymonography (overnight sleep studies), including dementia, heart attack, heart failure, stroke, chronic kidney disease, atrial fibrillation, and all-cause mortality. The tool’s accuracy was measured by linking each patient’s sleep record to their EHR data to find occurrence of related events such as coded diagnosis, procedure and encounter histories, mortality data, and the timestamps of clinical events.
University of Colorado Anschutz profiles AIDA, a self-developed AI assistant that summarizes a patient’s Epic chart for radiologists. Aakriti Pandita, MD, assistant professor of medicine and co-developer of the tool, says, “We don’t need AI to help diagnosing patients. We need AI to help the tasks that are repetitive and redundant and administrative in nature.”
A mother whose teenage son died of an overdose says he used ChatGPT to get advice on dosing illicit drugs and how to achieve different highs. The company says he accessed a flawed version of the model that was known to give unsafe health responses and that he sidestepped safeguards by framing his questions as hypothetical. ChatGPT even suggested a music playlist as part of its recommendation that he drink two bottles of cough syrup.
Mr. H, Lorre, Jenn, Dr. Jayne.
Get HIStalk updates.
Send news or rumors.
Follow on X, Bluesky, and LinkedIn.
Sponsorship information.
Contact us.
The Healthcare Cybersecurity Landscape For 2026
By Russell Teague
Russell Teague is chief information security officer of Fortified Health Security.
Healthcare is entering the new year facing the same uncomfortable truth it has confronted for more than a decade: no industry faces a higher financial or operational burden from cyber incidents. Even as technology advances and awareness grows, the cost of a healthcare data breach remains the highest of any sector, and the implications are becoming more severe for patient care, financial performance, and organizational resilience.
The latest data confirms what many leaders already feel day-to-day: cybersecurity is no longer just an IT issue or a compliance checkbox. It is a top-line financial risk, a bottom-line operational disruptor, and one of the most material threats to patient safety.
Healthcare Once Again Leads All Industries in Breach Cost
Healthcare continues its longstanding position as the most expensive industry for data breaches. In 2025, the average cost of a healthcare breach reached $7.42 million, marking the 14th consecutive year that healthcare ranked #1 among all industries. While this represents a decrease from $10.1 million in 2024, the reduction does not signify improved risk posture across the sector. Instead, the decline reflects a combination of factors:
But the underlying risk drivers – legacy environments, fragmented vendor ecosystems, thinly stretched workforce capacity, and the growing attack surface from digital transformation — remain unchanged.
The $7.42 million average still places healthcare well above all other highly regulated sectors, and it reflects only direct, measurable costs. The true financial impact is often far greater once organizations consider indirect operational and reputational fallout.
Breach Frequency and Threat Pressure Are Accelerating
The cost of individual breaches is only part of the story. Frequency is rising across the sector, expanding total exposure for hospitals, health systems, and clinical organizations. In 2025, healthcare experienced one of the highest incident rates of any industry, driven by persistent ransomware campaigns, increasingly complex third-party and supply chain intrusions, targeted email compromises involving PHI, and exploit attempts against aging clinical systems and medical devices. The growing automation of attacker workflows that are powered by AI has only accelerated this trend.
Attackers view healthcare as a high-pressure, high-reward environment. The combination of operational urgency, patient safety implications, and deeply interconnected technology ecosystems makes the sector uniquely attractive. Historically, healthcare organizations have been among the fastest to pay and the most vulnerable to disruption, further incentivizing attackers.
As breach frequency rises, so does cumulative financial exposure. Even organizations that avoid large-scale incidents still absorb escalating costs tied to smaller breaches, investigative work, vendor assessments, rising insurance premiums, and heightened regulatory scrutiny.
The Operational Fallout: Downtime as a Major Financial Driver
One of the most significant, and often underreported, costs of a cyber incident is operational downtime. In 2025, hospitals experienced an average of 19 to 23 days of disruption following major cyber events, affecting everything from EHR access to imaging, lab systems, surgical schedules, and emergency department operations. These outages frequently force diversion events, delay procedures, and push frontline staff into manual workflows that dramatically slow care delivery.
The financial impact is substantial. Organizations lose millions in net patient revenue as billing cycles stall, coding backlogs grow, and clinical productivity drops. Delayed reimbursement and extended recovery periods often compound these losses. At the same time, hospitals face increased overtime expenses, temporary labor costs, and rising patient dissatisfaction, all of which further erode operating margins. For rural and independent facilities with limited redundancies or tighter financial constraints, the impact can be especially severe.
Operational downtime also creates long-tail effects that extend well beyond the initial incident. Staff burnout rises as clinical teams struggle through prolonged manual processes, turnover risk increases, and organizations become more susceptible to future attacks during recovery periods. In many cases, the cumulative operational and financial damage eclipses the cost of the breach itself.
Why the Breach Lifecycle Matters: 280 Days of Exposure
A defining characteristic of healthcare is how long breaches persist before being identified and contained. Last year, healthcare averaged a 280-day breach lifecycle, exceeding the global average of 241 days. On average, it took 207 days to identify a breach and another 73 days to contain it.
This extended lifecycle dramatically elevates financial exposure. Lengthy dwell time gives attackers ample opportunity to move laterally, access more systems, compromise clinical applications, and exfiltrate sensitive data.
Prolonged exposure usually reflects deeper, systemic challenges across health systems, such as poorly tuned tools, redundant or overlapping technologies, gaps in visibility across environments, inconsistent processes or response playbooks, staffing shortages that drive alert fatigue, and weak segmentation that enables lateral movement. Many organizations also struggle with incomplete logging or monitoring coverage, which further delays containment.
Shortening the lifecycle is one of the most effective ways to reduce breach costs, often by millions. Health systems that detect and contain incidents faster consistently demonstrate stronger program maturity, more rationalized technology stacks, and clearer operational processes aligned to rapid response.
Cyber Insurance Costs Are Rising — for Both Coverage and Claims
In 2025, cyber insurance premiums for healthcare continued to increase, driven by a combination of higher claim severity, rising incident frequency, expanding legal and regulatory exposure, and the growing complexity of medical devices, cloud services, and interconnected vendor environments. Many recent breaches tied to third-party partners have created additional uncertainty for insurers, especially when accountability is difficult to determine.
As a result, carriers are tightening underwriting standards. Organizations now face stricter requirements around MFA enforcement, patching cadence, SOC maturity, third-party oversight, log retention, and evidence of incident response readiness that includes documented plans and playbooks. Those unable to demonstrate adequate maturity are experiencing significantly higher premiums, reduced coverage limits, or, in some cases, losing eligibility for coverage altogether.
The Hidden Costs: Reputation, Trust, and Long-Term Clinical Impact
Beyond direct financial losses, breaches create a secondary wave of disruption that can last months or even years. Organizations often experience a decline in patient trust, heightened scrutiny from regulators and auditors, and increased turnover among clinical, operational, and executive staff. Many also find themselves at a disadvantage when pursuing new strategic partnerships as potential collaborators question their security posture.
These incidents can also drive up ndor-related costs as partners impose stricter security requirements, more frequent assessments, and higher fees tied to their own risk management obligations. Taken together, these indirect, long-tail impacts create significant financial and operational strain, particularly for health systems operating in competitive markets or with already limited resources.
A Clear Path Forward: Maturity as a Financial Strategy
The latest data reinforces a simple truth: the cost of healthcare breaches remains high not just because of attacker sophistication, but because of program immaturity. Organizations that invest in visibility, alignment, rationalization, and early detection reduce breach lifecycle times and significantly limit downstream financial impact.
The most cost-effective cybersecurity strategy is not more tools. It is a mature cyber program, fully rationalized for better alignment with the business goal of protecting patient safety and operational resilience. When people, process, technology, and financial investment work in concert, breach costs drop, operational stability increases, and resilience becomes a competitive advantage.
Healthcare Can No Longer Measure the Cost of Inaction in Dollars Alone
Last year’s data makes it unmistakably clear that healthcare can no longer afford to view cybersecurity as a technical problem sitting on the periphery of operations. The financial impact of breaches is severe, but the deeper cost is the strain they place on clinical delivery, patient trust, workforce capacity, and organizational resilience. Every day a breach goes undetected, every hour systems are offline, and every dollar spent recovering from preventable disruption reflects a direct threat to the mission of safe, reliable care.
The real risk facing healthcare organizations is not the next attacker. It’s the continued reliance on underdeveloped, unaligned, and unprepared cybersecurity programs. More tools will not solve this challenge, and increased spending without strategic maturity will not change outcomes. What will make a measurable difference is a cyber program that is fully rationalized, integrated, and aligned with the fundamental business goals of patient safety and operational stability.
Organizations that invest in visibility, speed, resilience, and coordinated response are already seeing the benefits: shorter breach lifecycles, fewer operational disruptions, reduced financial exposure, and stronger trust from the communities they serve. Those that delay modernization will continue to face rising costs, extended downtime, and a risk profile that becomes increasingly difficult to manage.
2026 must be the year when healthcare stops treating cybersecurity improvements as optional or incremental and starts approaching them as essential to sustaining care. Cybersecurity in healthcare is no longer just a business function or an IT priority. It is a foundational element of patient safety, and the cost of inaction has never been higher.
Healthcare-focused private equity firm Altaris acquires Tegria from Providence St. Joseph Health.
Artificial intelligence begins prescribing medications in Utah
Utah launches a pilot to allow AI technology from Doctronic to autonomously manage prescription refills for 190 common medications.
TPG in talks to buy UnitedHealth’s Optum UK unit, Sky News reports
US-based private equity firm TPG is reportedly looking to acquire UnitedHealth’s Optum UK business, which supplies EHR software to a large percentage of British physicians.
FDA announces sweeping changes to oversight of wearables, AI-enabled devices
The FDA will ease regulation of wearables and AI-enabled devices that provide non-medical-grade information.
Healthcare-focused private equity firm Altaris acquires Tegria from Providence St. Joseph Health.
Tegria was formed in 2020 from Engage, Bluetree, and Navin Haffty. It then acquired Cumberland, Sisu Solutions, Cloud21. It had previously acquired KenSci, Colburn Hill Group, Lumedic, Community Technologies, and MediRevv.
Providence spun out analytics firm Advata in June 2022 by combining KenSci, Colburn Hill Group, MultiScale, Lumedic, Quiviq, and Alphalytics. That company apparently shut down in early 2023. Providence sold Acclara to R1 RCM in early 2024 for $675 million.
Altaris acquired Sharecare in 2024. Its exited healthcare holdings include Acclara, AGS Health, Clearwater, and Precyse.
Welcome to new HIStalk Platinum Sponsor VectorCare. VectorCare is the first patient logistics platform that is built directly inside leading EHRs using SMART on FHIR. Care teams can schedule transportation, home health, and DME in under a minute, without leaving thepatient chart or relying on phone calls and portals. Our SMART on FHIR integration embeds VectorCare into Epic, Cerner, Meditech, Allscripts, Athena, and more with zero code or IT effort. Real-time updates, vendor communication, and live tracking flow directly into the EHR to streamline every transition of care. With VectorCare’s no-code workflow builder, organizations can standardize discharge and care-coordination workflows instantly. This reduces delays, improves handoffs, and helps lower preventable readmissions by up to 30%. Explore our SMART on FHIR app in the Epic Showroom or request a demo. Follow us on LinkedIn and X for updates on patient logistics innovation. Thanks to VectorCare for supporting HIStalk.
I found this YouTube demo of Vector’s SMART on FHIR app within Epic.
None scheduled soon. Contact Lorre to have your resource listed.
InterSystems promotes Don Woodlock to president.
MDAudit promotes Nisheet Goenka, MSEE to CTO.
The Guthrie Clinic (NY) promotes Brad Carvellas, MS to SVP and chief digital officer.
Asif Ali, MD (University of Houston College of Medicine) joins Kencor Health as chief medical officer.
Atropos Health promotes Kevin Smith to chief growth officer.
TeleTracking appoints Derek Ritchea, MBA (Lincoln International) as chief strategy officer.
Utah launches a pilot to allow AI technology from Doctronic to autonomously manage prescription refills for 190 common medications. The company also markets a free chatbot that assesses systems, offers guidance, and then offers to connect users with virtual providers for a $39 virtual consultation.
Healthcare data foundation operator CAQH restructures to assign ownership to 12 shareholder entities that are affiliated with national health plans.
Southwestern Medical Center and Comanche County Memorial Hospital merge to form Memorial Health System of Southwest Oklahoma. The combined system will implement Meditech Expanse this summer.
Connecticut’s Connie HIE implements Clinical Architecture’s PIQXL Gateway patient data quality measurement tool.
The FDA issues an RFI on a proposed contracting vehicle that is aimed at making it easier for VC-backed companies to do business with the agency. FDA notes that many breakthrough health technologies come from firms that lack the resources and know-how to navigate federal procurement, and that the government’s use of prime contractors, whose incentives favor billable hours over scalable solutions, often impedes adoption.
The VA sees a 10% annual increase in telehealth use amongst veterans, 92% of whom report being satisfied with the care received.
A social determinants of health-focused survey of 145 healthcare facilities in Arkansas finds that, while providers screen at a high rate, significant gaps exist in referring patients to services and providing services directly. The survey also found that SDOH-related needs most often pertain to housing, transportation, and food insecurity.
Blog Posts
Mr. H, Lorre, Jenn, Dr. Jayne.
Get HIStalk updates.
Send news or rumors.
Follow on X, Bluesky, and LinkedIn.
Sponsorship information.
Contact us.
40 million people turn to ChatGPT for health care
OpenAI reports that 40 million people around the world ask ChatGPT health-related questions on a daily basis.
CMS no longer requiring childhood vaccination data from states
CMS will no longer require states to report childhood and adolescent immunization statuses as it works on developing new vaccine measures.
CareCloud promotes Stephen Snyder to CEO and A. Hadi Chaudhry to chief strategy officer.
People embrace many traditions to ring in the New Year. My extended family enjoys Hoppin’ John, but my personal ritual is to skip straight to dessert.
I started at midnight by toasting 2026 with an assortment of delightful tarts. I then kept my energy up on New Year’s Day with Fluffy Frosted Orange Rolls, a delightful alternative to cinnamon rolls. Fortunately, the sugar boost helped because I was working clinically later that day.
Nearly every patient I treated had influenza. If the “flu-pocalypse” has not made it to your area yet, chances are it is on the way. If you are at high risk for influenza complications or simply want to avoid forced downtime, I recommend masking up in crowded places.
I had the opportunity over the weekend to chat with several physician executive colleagues. Each shared ideas about what to expect in the coming year.
During the discussion, I learned a new term: job hugging. It describes people who dislike their current roles but stay put because they fear that moving elsewhere could be worse. At least two participants admitted to this mindset. They worry that other environments may be just as toxic, if not more so, and that mid-career physician leadership roles are increasingly vulnerable to downsizing.
One person noted, “If I’m at risk for a layoff, I would rather stay where I have been for 15 years so I might receive a severance. If I start somewhere new and similar cuts occur, recent hires will not get anything.” Another said he would consider consulting but is too concerned about the cost of health insurance to make the leap.
How did you ring in the New Year, and what are your predictions for 2026? Leave a comment or email me.
Email Dr. Jayne.
2026 Predictions: The Great Data Quality Reckoning in Healthcare IT
By Jodi Amendola
Jodi Amendola is executive advisor for the Supreme Group.
The healthcare IT industry has been playing the “Let’s Improve Interoperability!” game for what feels like decades.
Today, it’s CMS Aligned Networks, TEFCA, and information-blocking-rule enforcement. Yesterday, it was “Meaningful Use” and the HITECH Act. Before that, it was Regional Health Information Organizations and HL7.
While these efforts to improve interoperability have certainly been laudable, they’ve obviously been lacking, because we’re still talking about the problem. A recent report from KLAS Research on the state of EHR interoperability today offers some helpful context:
The last point is critical, as all the hope about AI in healthcare will go unrealized without a foundation of accurate, comprehensive patient data for AI to base its decisions and recommendations on.
In the coming year, the healthcare industry will continue to grudgingly come to terms with a difficult truth: Interoperability means very little without connectivity. Issues highlighted in the KLAS report, like duplicative patient records and fragmented medical histories, undermine cost and quality improvement efforts and lead to suboptimal patient outcomes.
As a result, when it comes to communicating with the clients and prospects, health IT vendors will need to not only emphasize their role in delivering better interoperability, but also in improving the accuracy and usability of patient data.
It will also mean preparing for greater scrutiny, harder questions from media and industry analysts, and the need to demonstrate real value rather than aspirational promises.
To get ready, it’s important to ensure that PR and marketing do the following:
In 2026, it’s less about expanding the pipes of healthcare data, and more about increasing the quality of the information that flows through them. As expectations and scrutiny around data quality grow, organizations that ground their communications in evidence, clarity, and responsible innovation will stand out.
DEA Extends Telemedicine Flexibilities to Ensure Continued Access to Care
The Drug Enforcement Administration extends telehealth flexibility in the prescribing of controlled substances through December 31, 2026.
California-Based Health Tech Company Files Chapter 7 Bankruptcy
Population health technology vendor Clint shuts down and files Chapter 7 bankruptcy, citing insufficient cash to make payroll and pay creditors.
Federal judge allows HHS to share Medicaid data with ICE
A federal judge in California rules that HHS can share Medicaid data with ICE, with limits remaining in place on what can be shared and used.
The Drug Enforcement Administration extends telehealth flexibility in the prescribing of controlled substances through December 31, 2026.
This fourth extension came during the last hours of December 31 and took effect the next day.
The flexibilities allow practitioners to remotely prescribe scheduled drugs without first conducting an in-person visit. They may also manage maintenance and withdrawal treatments for opioid use disorder.
From Boyd Beaver: “Re: HTI-5. Washington keeps writing rules as if health IT were competitive, while the market keeps behaving like it isn’t.” In health tech, some companies are innovative and some are imitative, but the rules assume equal market power and equal buyer choice. Companies don’t grow unless they are selling something customers actually want over competitive alternatives. It’s not clear that EHRs are in such demand in the post-Meaningful Use era that vendors are staying out of the market primarily because certification costs are too high. It’s also worth noting that EHR certification was created under a Republican administration and announced days into the Obama presidency as the string attached to federal stimulus money, a move that pushed out smaller vendors and permanently shaped the product roadmaps of the survivors. Today’s EHR market was deliberately created by federal certification.
From AI Drop: “Re: AI. Health systems aren’t adopting AI because it is transformational. They are using it because it’s cheaper than people. Nobody should be surprised that workflow messes persist and disruption is limited to financials.”
From UHG Whiz: “Re: the January 1 mess of US health insurance. Premiums have skyrocketed, deductibles are up to the point of making all policies catastrophic coverage only, and the resetting of those deductibles causes people to defer care that they can’t afford. Just try to get through to insurer to ask about new formulary changes or another round of prior authorizations. This isn’t cost control so much as cost shifting, with patients left to absorb the risk and the consequences.”
HIStalk readers want HIMSS to pick a lane, but can’t decide on which one, which is probably the same challenge that faces Hal Wolf. The #1 choice could be a moneymaker but only at modest scale, #2 doesn’t generate much revenue, and #3 is history because they’ve sold the annual conference exhibit. Respondents are looking for HIMSS to provide industry relevance while HIMSS itself is trying to stop its post-2020 free fall. Respondents skew heavily US, so the global conference answer might be underrepresented. Maybe the takeaway that both sides is that expertise beats booths, plus its pre-COVID ambitions involved selling consulting services around its now-multiple adoption models. Another good poll question would be – would you pay out of your own pocket for HIMSS membership?
New poll to your right or here: What is your reaction to ASTP/ONC’s proposed cutback of EHR certification requirements? Is it a free pass for vendors, a catalyst for innovation, or are those effectively the same thing?
Thanks to these companies for recently supporting HIStalk. Click a logo for more information.
None scheduled soon. Contact Lorre to have your resource listed.
Population health technology vendor Clint shuts down and files Chapter 7 bankruptcy, citing insufficient cash to make payroll and pay creditors.
Rich Rogers, MBA, SVP/CIO at Prisma Health, retires.
The FDA grants 510(k) clearance for BrainSpace’s Intellidrop autonomous brain fluid pressure management system for ICUs. Brain Fluid Interface (BFI) products monitor cerebrospinal fluid, interstitial fluid, and cerebral blood and create training data for Physical AI models.
I enjoyed this LinkedIn photo taken by Altera Digital Health during San Gorgonia Memorial Hospital’s (CA) upgrade to Sunrise 25.1. Go-live teams of both vendor and hospital people, united by their immediately recognizable team support shirts, usually get squeezed into temporarily and lightly repurposed conference rooms (hint: tape cables down, make sure computer-controlled HVAC doesn’t automatically take off for the night, wheel in a whiteboard, and source an unreasonable amount of coffee). Go-live warriors will be taken back olfactorily to long nights in the war room — overheated laptops and printers, panic sweat, and the stench of around-the-clock leftover junk food like pizza and everything bagels. Regards to those who know the smell and have thus earned the shirt.
Mr. H, Lorre, Jenn, Dr. Jayne.
Get HIStalk updates.
Send news or rumors.
Follow on X, Bluesky, and LinkedIn.
Sponsorship information.
Contact us.
NYC Health + Hospitals will take over the struggling Maimonides Health and implement Epic there.
Health Ministries Worldwide Are Quietly Tightening the Rules on Health IT Vendors
Black Book Research reports that non-US markets are increasingly making data residency, in-country processing, and legal control a pass-fail requirement for choosing systems.
Healthcare AI Update 2025: What Use Cases Are Adopted the Most?
KLAS finds that 79% of health systems are using AI, ambient documentation is the leading use case, and just one of 3,000 respondents say their organization is using agentic AI.
HTI 5 Proposed Rule Info Session
HHS ASTP/ONC posts an information session on its proposed plan to streamline EHR certification requirements and update information blocking regulations.
CMS will award all 50 states an average of $200 million each under the $50 billion Rural Health Transformation Program, which states are expected to use to modernize rural health infrastructure and technology.
From Blaspheme: “Re: HIMSS board. It doesn’t have many C-level executives from non-profits.” Excluding Hal Wolf, five of the 12 board members work for non-profits, two of them hospitals. Seven of the 12 are based outside the US. None work for a US-based non-profit health system, although that perspective is represented by recently retired Hal Baker, MD, former SVP/CDO/CIO of WellSpan Health.
None scheduled soon. Contact Lorre to have your resource listed.
Struggling Maimonides Health will be taken over by NYC Health + Hospitals in a move that is backed by $2.2 billion in New York state funding to protect Brooklyn’s safety-net healthcare. The city cites as a benefit that Maimonides will be able to implement Epic, replacing applications from its best-of-breed portfolio that include several systems that it acquired from the former Eclipsys and Allscripts.
University of Utah Health promotes Donna Roach, MS to system CDIO.
The US Navy will extend the pilot of its new medical operations system for at-sea care after completing testing earlier this month.
Epic is working with Penn Medicine to improve patient and clinician experience by deploying technology at the point of care. The organizations previewed a model exam room for the Montgomeryville multispecialty clinic that will open in late 2027.
Black Book Research reports that 80% of international health tech buyers are using digital sovereignty as a first-cut, pass-fail test in eliminating companies that store and host data outside the buyer’s own country. The shift is due to pressure from tariffs, export controls, geopolitical risk, and mandates to use in-country hosting.
A new KLAS report on health system AI use finds that ambient documentation leads by far, with 79% of participating organizations using it. Microsoft, Abridge, Epic, and Oracle Health are considered most often. Two-thirds of organizations use some form of AI, primarily for productivity. Microsoft, Epic, OpenAI, and Abridge most often considered. Agentic AI remains mostly a buzzword, with just one of 3,000 respondents reporting live use. Planned AI use cases focus on revenue cycle management, patient engagement, and clinical workflows.
The Defense Health Agency issues an RFI to solicit industry feedback on its draft contract strategy for a follow-on to MHS Genesis. It proposes a program office structure that would separate technical integration, human-centered design, and product management.
HHS ASTP posts a recorded information session on the just-published HTI-5 Proposed Rule. The 60-day public comment period closes on February 27, 2026.
Mr. H, Lorre, Jenn, Dr. Jayne.
Get HIStalk updates.
Send news or rumors.
Follow on X, Bluesky, and LinkedIn.
Sponsorship information.
Contact us.
Defense Health Agency Seeking Industry Feedback on MHS GENESIS EHR Draft Contract Strategy
The Defense Health Agency issues an RFI to solicit industry feedback on its draft contract strategy for a follow-on to MHS Genesis and a proposed program office structure that would separate technical integration, human-centered design, and product management.
CMS Announces $50 Billion in Awards to Strengthen Rural Health in All 50 States
CMS announces that states will receive awards averaging $200 million under the $50 billion Rural Health Transformation Program, which they are expected to use to fund initiatives that include modernizing rural health infrastructure and technology.
Hospitals Score Win to Halt New HHS Drug Discount Rebate Pilot
A federal judge issues a preliminary injunction against HHS in a lawsuit brought by the American Hospital Association and others that would prevent HHS from implementing the 340B Rebate Model Pilot Program, where providers would buy drugs at full price and then seek rebates from drug companies.
As we approach the end of the year, many of us are reflecting on our accomplishments for the year. Maybe we’re proud of the work that we’ve done, or perhaps we are forced to reflect because of end-of-year performance reviews. I enjoy thinking through how I spent my time and how it might have impacted patients.
I asked some of my CMIO colleagues what they are most proud of this year. Many of the projects were predictable, but at least one was surprising.
The first CMIO who weighed in was a little embarrassed about his accomplishment. Apparently his organization never got the memo about the benefits of having proximity cards or other non-password technology to help reduce the burden of multiple logins for its clinicians. Mandatory EHR upgrades or replacing a solution that was about to be sunset always took precedence. A couple of recent cybersecurity events had also consumed a good chunk of the budget and pushed other needs and wants aside. I certainly understand having to spend money on that.
Regardless, the clinicians are happier not having log in while going back and forth to the workstations in patient rooms, so that’s a win for the year.
The next physician leader was passionate about expanding virtual physician services in the emergency department. His organization’s busiest hospitals put a physician assistant in the triage bay. They worked closely with nursing staff to perform workups on patients who were still in the waiting room. The PA examined the patient and entered orders.
When wait times were at their worst due to bed shortages elsewhere in the hospital, some patients were actually discharged from the waiting room without ever making it to a regular emergency department bed.
The twist this year was using virtual technology to expand that to hospitals that didn’t have the volumes to support the provider-in-triage concept. He felt that it was a win all around. Patients were happier to get their care started more quickly, emergency department staff members were happier because they had fewer patient complaints, and emergency providers were happier because they could opt in to the remote shifts for a break from the ED’s physical grind.
This is a great strategy. I am surprised to see so few facilities creating programs like this. It improves key metrics like the door-to-doctor time, addresses bed turnover issues, improves satisfaction, and provides options to keep physicians in the game when they might be ready to retire. The physician workforce crisis isn’t going away anytime soon, and anything that we can do to maintain those folks and their expertise is good.
I know of another system that has implemented this paradigm. Remote shifts are staffed by people who might otherwise be on medical leave due to orthopedic issues or pregnancy complications, or who need to travel to another part of the country to support family members.
It’s inexpensive since the major investment is a workstation and cameras. Even if you have to do a little rearranging to accommodate a gurney in the triage area, it’s cheaper than building more emergency beds. Another significant factor is probably that hospitals can make a lot of money billing the provider portion of the visit rather than having patients leave without being seen.
Multiple CMIOs said that ambient documentation was the best solution that they implemented all year. Most of them had pilot cohorts that tested the technology first, and at least a couple of them went through a bake-off process where they trialed solutions from different vendors before making their final selection.
One CMIO said, “This is one of two things that I’ve ever implemented that my physicians thanked me for.” Most of them are implementing the technology in ambulatory environments. Only one who I spoke with had a significant project for inpatient wards, and that is in a facility that has 100% private rooms for its patients.
I loved the idea that one correspondent shared about how her facility trained the ambient documentation tools. They created a curriculum called “Caring Out Loud” that addressed how physicians needed to change their history-taking and examination skills for the best outcomes with the technology. Some physicians felt like “talking to themselves” made them seem less professional, but only two of them chose to go back to traditional documentation.
Virtual nursing was also a big win for one CMIO who responded. In a plot twist, this CMIO is a nurse practitioner. Although I’ve seen people in similar roles elsewhere in the industry, she’s the first non-physician CMIO who I’ve gotten to know personally.
Her facility has been able to move approximately half of the steps involved in the nursing admissions process into a virtual workflow, which has been helpful as they continue to have staffing challenges. At their facility, all nurses work at least one virtual shift per month so that everyone is cross-trained. All of the virtual nursing work happens on site, which is different than other models where virtual nursing is used to retain staff that otherwise might be ready to leave bedside nursing.
One respondent’s biggest project was a deterioration prevention system that identifies patients who might be heading towards a crisis. I was surprised to learn that one of the major challenges in that effort was the change management piece. It was not designed to bypass human intervention, but people felt that its use might discourage them from raising an alarm if they suspected that patients were having issues.
The hospital held listening sessions so that staff understood what the system was designed to do, and what it was not. They were made aware that they needed to still rely on their internal “Spidey sense” if they felt that a patient was at risk.
I was surprised that AI projects, other than ambient documentation, were far down the list for many of the people I spoke with. That could be an artifact of budgeting processes, where priorities for 2025 may have been set in the summer of 2024. Or, perhaps skepticism remains around AI and how it should fit into the bigger picture of patient care.
I also think that many facilities are playing catch-up around operational and quality debt and therefore have less time to spend on shiny new things. I’m glad to see those institutions focusing on the basics, because if you don’t have a good foundation, everything else is just window dressing.
What are you most proud about in your work during 2025? Do you have a focus you’re excited about for 2026? Leave a comment or email me.
Email Dr. Jayne.
How One Father Created an Organ Empire
The National Kidney Registry, which matches donors to recipients, pays millions to its technologist founder’s companies.
Medicare’s prior authorization has doctors on edge
Providers express uncertainty about how to submit prior authorization requests under traditional Medicare’s AI-powered treatment reviews, which launch as a six-state pilot project on January 1 for 17 treatments.
NHS England tech provider reveals data breach – DXS International hit by ransomware
A ransomware hacker claims to have stolen 300 GB of company data from NHS technology supplier DXS International.
New York Governor Kathy Hochul vetoes the New York Health Information Privacy Act, which would have required companies that handle health-related information to obtain user consent before storing or selling that data.
The bill defined Regulated Health Information to include data from apps, wearables, telehealth, and employer-provided health information.
Critics said that the definition was so broad that it could encompass non-health data, impose complex and costly compliance requirements, threaten innovation, and create unnecessary burdens for health systems.
Most provider poll respondents say that remote patient monitoring payment changes won’t really affect them.
New poll to your right or here: What primary role should HIMSS choose to maintain or increase its business success? This question addresses big-picture strategy, but leave a poll comment after voting to suggest the #1 thing HIMSS should do within the next year to position itself for the future.
HIStalk supporters and vendor marketing folks: Current HIStalk sponsors get free spotlights and text ads, while prospective ones can talk to Lorre about the benefits of full-year exposure. Startups and former sponsors might even get a lagniappe. Lorre also has a single Top Spot banner for companies that are seeking maximal exposure (10,000 clicks in the past year) and the satisfaction of always seeing their ad atop those of competitors. Sponsors get zero influence over news and opinion, but that’s to their advantage since decision-makers will bail quickly on thinly veiled pay-for-play and inexpert babbling.
News is understandably slow, so let’s enjoy the results of reader donations to Donors Choose. Dr. K says that her Florida first graders started using their new STEM materials immediately after she explained, “I told them that they were donated to our classroom by people who wanted to help them learn.”
Meanwhile, new reader donations, matched with third-party donations and funds from my Anonymous Vendor Executive, fully funded these Donors Choose teacher grant requests:
None scheduled soon. Contact Lorre to have your resource listed.
Peer-reviewed studies find that Linus Health’s AI-based digital cognitive assessments can detect subtle behavioral signals that are associated with Alzheimer’s pathology years before symptoms appear, allowing early identification of people who should be tested for blood-based biomarkers.
Black Book Research posts its annual report on the standards it uses to rank health tech products and services. The company does not sell consulting, advisory, or improvement services to vendors, does not offer paid placements, does not pay survey participants, and offers no pay-to-play options such as offering score improvement services and related recognition. This statement caught my eye:
Black Book’s annual refresh cycle is informed by a widely recognized measurement principle often referred to as Goodhart’s Law: once a measure becomes a target, it can become less effective as a measure. In vendor rankings, stable rubrics can unintentionally encourage optimization for what performs well in the scoring system rather than what consistently delivers implementation success, operational reliability, service responsiveness, and realized value after contract signature. Over time, a ranking can drift toward measuring “ability to rank” instead of “ability to deliver.”
A federal grand jury indicts the physician owner of a clinic for allegedly billing Medicare $45 million for Botox injections that were medically unnecessary and, in many cases, never provided. Violetta Mailyan, DO is also charged with obstructing a criminal investigation by allegedly submitting falsified medical records in response to a grand jury subpoena. Prosecutors say the clinic billed for services on dates when it was closed, when Mailyan was traveling outside the country, and on at least one date when the Medicare patient was incarcerated in federal prison.
The New York Times profiles the kidney transplant-matching National Kidney Registry, which transfers much of its millions of dollars in annual income – collected mostly via hospital fees – to for-profit technology and holding companies that were formed by Founder and CEO Garet Hil, who developed the software that matches donors to recipients. NKR had $69 million in annual revenue in 2023 and paid Hil’s technology company $8.2 million when it sold the commercial operations portion to Hil for $2.6 million.
I was fascinated by a New Yorker article titled “The Role of Doctors is Changing Forever,” written by Weill Cornell hospitalist Dhruv Khullar, MD, MPP. He says that doctors are losing their cultural authority as patients seek “unbundled” medical advice and services outside of traditional practice. Doctors once reigned as the gatekeeper to everything that relates to health, but now people are obtaining and trusting information from attention-optimizing TikTok docs, direct-to-consumer companies, the MAHA movement, and AI, causing people to trust doctors less or to avoid them entirely. He writes this, although glossing over how doctors might actually earn a living in this new role:
When a hegemon loses status, it can take a few paths. It can aim for restoration — bringing back the empire — which in this case would probably focus on gatekeeping. It can retreat, which might mean abdicating medicine’s broad public role, perhaps in favor of a narrow focus on earnings and technical skills. The last — and, in my view, the best — path is reinvention. Doctors can remake their profession by embracing the multi-polar medical landscape they now inhabit, and by acting as a kind of system stabilizer: working with other powers to help shape rules, norms, and relationships.
Mr. H, Lorre, Jenn, Dr. Jayne.
Get HIStalk updates.
Send news or rumors.
Follow on X, Bluesky, and LinkedIn.
Sponsorship information.
Contact us.
Neurable will use new funding to commercialize its brain-computer interface technology that allows wearables to track mental fatigue, cognitive recovery, and focus state detection.
Saint Peter’s Healthcare System, Epic to launch centralized electronic health record system
Saint Peter’s Healthcare System (NJ), whose planned merger with Atlantic Health was cancelled in October 2025, will implement Epic.
New York Governor Vetoes Restrictive Health Privacy Law
New York Governor Kathy Hochul vetoes the New York Health Information Privacy Act, a broad health data privacy bill that would have expanded protections for health information beyond federal HIPAA standards
HIStalk Sponsor Announcements Industry Events Webinars
I was born roughly 2 months after the US space program began (Explorer 1), and I've followed it all my…