The most successful cybersecurity leaders in healthcare have shifted from acting as gatekeepers to becoming business enablers who help organizations achieve their goals securely. This transformation requires building deep relationships with leadership, understanding operational workflows, and balancing robust security controls with positive user experiences.
Randall (Fritz) Frietzsche, Enterprise CISO at Denver Health, has spent nine years developing an approach that positions cybersecurity as a strategic partner to the business. Denver Health, a safety net hospital and Level 1 trauma center, has been serving the community since 1860 and operates multiple clinics, a health plan, and educational programs. The organization’s cybersecurity strategy reflects a fundamental shift in how security leaders must operate in healthcare environments.
From Gatekeeper to Business Partner
The traditional model of cybersecurity as the “department of no” has become obsolete in modern healthcare organizations. Security teams that focus solely on blocking activities create friction with clinical and administrative staff who need to deliver patient care efficiently. The more effective approach involves working collaboratively with business units to identify secure methods for accomplishing their objectives.

“Instead of saying, no, you can’t do that, we have to find ways to say, let’s figure out a way to do that more securely,” Frietzsche explained. This mindset shift requires security leaders to inject cyber risk analysis into business processes early, allowing organizations to make informed decisions about vendors, acquisitions, and new initiatives before committing resources.
When evaluating vendors or considering mergers and acquisitions, cybersecurity teams that participate in due diligence can identify risks that materially affect pricing and contract terms. Organizations can negotiate security requirements into contracts, establishing clear expectations and remediation timelines. This proactive involvement helps avoid costly post-acquisition security issues and strengthens the organization’s overall risk posture.
Building Trust Through Competence and Relationships
Earning a seat at the leadership table requires more than technical expertise. Security leaders must build strong relationships across the organization and demonstrate consistent competence over time. This trust-building process enables cybersecurity to influence critical business decisions and establish necessary security reviews for technology purchases.
“You have to have built great relationships with the leadership of your organization. And that takes time and it takes skill. And you also have to be able to demonstrate your competence to them,” Frietzsche noted. The process involves maintaining awareness of how security controls affect daily operations and ensuring that protective measures do not unnecessarily impede productivity.
The relationship with the chief information officer plays a particularly important role. A supportive CIO who understands cybersecurity can advocate for security initiatives in conversations where the CISO is not present, explaining the reasoning behind controls and their importance to organizational protection. This partnership helps leadership understand that security measures serve essential purposes and use modern tools designed to minimize negative impact on workflows.
Frietzsche makes a deliberate effort to maintain visibility throughout Denver Health. He works support tickets directly to understand user challenges and identify opportunities for broader improvements. This hands-on approach provides insights that inform both tactical solutions and strategic decisions about security architecture.
Balancing Security Controls with User Experience
Effective cybersecurity requires understanding how layered secur...

The 2025 CHIME Fall Forum, held in early November, brought together hundreds of the top IT executives to share what’s working, what isn’t, and what might be next in digital health. In this webinar, we’ll speak to leaders who attended the form to learn their key takeaways and discover how exposure to so many new and diverse perspectives has either confirmed or changed their strategic thinking about the future.
Speakers:

* Chris Paravate, CIO, Northeast Georgia Health System
* Harun Rashid, VP/CIO, Akron Children’s
* Sonney Sapra, SVP/Chief Digital & Information Officer, Samaritan Health Services & Samaritan Health Plan
* Muhammad Siddiqui, Chief Digital & Information Officer, Reid Health

AI-led policy redesign and a broader definition of return on investment are reshaping how Nirav Shah, MD, Associate CMIO, AI & Innovation, Endeavor Health, approaches digital transformation across the nine-hospital Chicago-area system.
Endeavor Health, which operates roughly 300 sites of care and accounts for about one-third of Illinois’ population in its catchment area, built its reputation as an early Epic and enterprise data warehouse adopter. In his role, Shah practices infectious diseases, participates in innovation and IT governance, reports to the chief clinical officer, and leads research tied to AI and new care models, positioning him at the intersection of technology, operations and clinical practice.
Building a Matrix Role for AI Leadership
In describing his day, Shah outlines a schedule that can swing from meetings with venture investors to research design sessions, IT discussions on predictive analytics and vendor evaluations—all before lunch. The structure is decidedly matrixed, with multiple leaders expecting input and shared accountability for outcomes. That configuration, he said, is becoming essential as health systems seek to apply AI across strategy, governance, development and deployment.
The central responsibility is to serve as a connector among innovation teams, informatics, operational leaders and front-line clinicians, seeing new ideas from inception through implementation and evaluation. That includes helping the organization think through when a promising pilot should scale, what metrics define success, and how insights are translated into white papers or multicenter studies that influence responsible AI adoption across the sector.

The breadth of this charge comes with a cognitive tax, as context switching is constant. Shah leans on a research team to go deep on literature reviews, measurement frameworks and outcomes analysis so that his own attention can remain on cross-functional design, prioritization and decision-making.
Protecting Time and Culture in a Burnout Era
Meeting discipline has become a core leadership tool. Shah favors 30-minute sessions, or even 15 minutes when the agenda is narrow, and is quick to remove people from email threads when their attention is not required. “Time is probably the most valuable thing our health systems have, like the time of our workers,” adding that leaders should treat meeting invitations the way they treat capital requests: as scarce, carefully allocated resources.
He regularly evaluates his own calendar the same way. When he realized there were enough experts to handle detailed Epic consolidation work without him, he requested to be removed from a recurring meeting series, freeing an hour a week over the course of a year. That kind of “successful dismount” allows executive time to be redeployed toward higher-impact work without slowing projects.
Shah links these habits directly to burnout. The cumulative effect of unnecessary meetings, long email distributions and inefficient workflows contributes to the sense that clinicians and staff are losing control of their days. He sees ambient documentation as one promising lever, especially when leaders position it as a tool for reducing after-hours charting, improving patient and provider experience, and supporting recruitment and retention. He points to emerging multicenter research with Sutter Health and UChicago Medicine that associates frequent use of ambient tools with gains in patient experience scores.
Rebalancing ROI for AI Investments
Conversations about ambient documentation lead quickly to a broader debate about ROI. Shah observes that different stakeholders value different outcomes: innovation leaders may focus on whether a pilot justified a grant; clinicians may emphasize burnout, quality and experience; and finance leaders look for budget relief. To make sense of this, he frames AI investments in two buckets—financial ...

As health-system IT ecosystems grow more complex, leaders need a better understanding of which technologies they run, where each sits in its risk life cycle, and how assets map to the clinical and administrative workflows they support. It is with the attainment of this more continuous, end-to-end understanding that organizations can manage risk on an ongoing—not snapshot—basis. This work is essential, as effective business-continuity planning depends on anticipating when operations could be affected by outages or vulnerabilities. In this webinar, we’ll speak with leaders focused on sharpening IT inventories and dependency maps to keep care delivery up and running.
Speakers:

* Will Landry, SVP/CIO, Franciscan Missionaries of Our Lady Health System
* J.D. Whitlock, CIO, Dayton Children’s Hospital
* Wes Wright, Chief Healthcare Officer, Ordr
* Mike Vipond, Head of Healthcare Provider GTM, ServiceNow

The race is on for healthcare organizations to deploy AI agents that increase productivity and cut costs. But with a rapidly evolving market, a wide range of options—from building in-house to buying a vendor solution to partnering with a middleware OEM—and a saturation of similar products, it can be difficult for health systems to cut through the noise. This webinar will help you navigate the agentic AI landscape. We’ll explore the pros and cons of the three main approaches: build, buy, or partner. We’ll also cover best practices for selecting an agentic AI partner (new or existing vendor) and discuss hidden risks in this rapidly evolving space. Finally, we’ll provide guidance on how to stay at the forefront of the agentic AI wave and capitalize on its immense potential.
Speakers:

* Syed Mohiuddin, SVP, Chief AI Transformation and Strategy Officer, UnitedHealth Group
* Stephen Nash, Co-Founder, Southern Pediatrics
* Guillaume de Zwirek, CEO & Co-Founder, Artera

 

At Ochsner Health, AI is moving from experimental project to core clinical capability, and Jason Hill, MD, Innovation Officer, says the physicians and health systems that master it first will gain a decisive advantage in care quality and efficiency.
Leading an innovation division inside an $8 billion, 46-hospital integrated delivery network that also operates its own health plan, Hill draws on a decade spent wiring a single Epic EHR, serving as associate CMIO for inpatient care and directing informatics efforts to bridge the gap between clinicians and technology teams.
For Hill, the opportunity is to use technology to redesign care models across a broad Gulf South footprint while keeping ethics and safety at the center of deployment; as he put it, “the very interesting part about AI is that it is ultimately a democratization of human knowledge.”
That capability is already visible in tools such as OpenEvidence, which he uses on the hospital floor and which can score at or near perfect on licensing exams, matching or surpassing the test-taking performance of many practicing physicians.
He sees that level of cognitive capacity as a fundamental shift in knowledge work, including medicine and software development, and believes clinicians who adopt AI as a partner will outcompete those who do not, saying that “doctors are not going to replace AI, but doctors who use AI will most certainly replace those that do not.”

Balancing Governance With Rapid Experimentation
Hill spends much of his time thinking about what happens after AI models are introduced into clinical workflows and begin to learn from new data and interactions, a behavior pattern that differs sharply from fixed-function software.
He noted that generative models can drift in subtle ways as they are tuned and retrained, producing responses that may no longer align with original expectations, and that some research groups have documented behaviors such as deception, sycophancy and other forms of misalignment that raise novel safety questions for healthcare.
Traditional monitoring approaches that compare model predictions with outcomes are difficult to apply to narrative or conversational outputs, so evaluation must instead focus on the quality, consistency and reliability of large volumes of free-text responses. In Hill’s view, that scale challenge leaves organizations little choice but to enlist more automation in the oversight process; in his words, “realistically, the only way to do that is with another AI, so you then have AIs judging AIs.”
That dynamic, he suggested, will force health systems to design governance structures that treat advanced models less like conventional applications and more like complex, semi-autonomous systems whose behavior must be continuously observed, logged and reviewed.
From Ambient Listening to Augmented Intelligence
On the clinical front, Hill sees the fastest gains coming from tools that remove clerical burden while leaving final decisions with clinicians, such as ambient documentation systems that listen to visits and generate notes directly in the EHR.
These services are already widely adopted across Ochsner physicians and many peers nationally, he said, easing burnout and freeing clinicians to focus attention on patients instead of keyboards.
He expects the next wave of capability to assemble a much richer context around each encounter, drawing from the EMR, prior imaging, genomics, external records and even social factors to give physicians a consolidated view before they act.
Hill described a future state in which AI helps transform an open-ended clinical question into a small set of likely diagnoses or management options that a human can quickly assess, turning complex differential diagnosis into a workflow that resembles responding to a well-designed multiple-choice exam.
In that model, augmented intelligence becomes the goal in that...

Health-system IT executives face relentless user demand while working with constrained budgets and lean staffing. Running a tight ship is essential. That requires disciplined governance, transparent communication and proactive workload management—approaches that increase throughput and prevent stakeholders from overreacting to work still in progress. In this timely webinar, we will speak with leaders who operate at high capacity while keeping teams engaged and customers satisfied.
Speakers:

* Laura Fultz, Interim Chief Information & Digital Officer, Emory Healthcare
* Raymond Lowe, SVP/CIO, AltaMed Health Services
* Shane Thielman, Corporate SVP, Chief Information & Digital Officer, Scripps Health
* Tanya Townsend, Chief Information & Digital Officer, Stanford Children’s Health | Lucile Packard Children’s Hospital Stanford

 

AI is being infused into the healthcare ecosystem from 1,000 directions at 100 miles per hour. At least, that’s what it feels like to many tasked with ensuring those injections are done with proper guardrails in place. And while the risks of drift, hallucinations, and bias are at least well appreciated (if not mastered), those related to compliance and cybersecurity need to be more deeply considered and brought—via governance—into the right discussions at the right time. In this timely webinar, we’ll speak with cyber leaders focused on acting as true partners to their operational colleagues—fostering the rollout of the AI tools everyone wants, while making sure it’s done the right way.
Speakers:

* Brian Cayer, CISO, Keck Medicine of USC
* Christopher Frenz, Experienced Health System CISO
* Steven Ramirez, VP/CISO, Renown Health
* Damian Chung, VP of Cyber Defense & CSO, Healthcare, Netskope

Healthcare IT executives are deploying technologies such as generative AI to improve front-end patient access, enable ambient clinical documentation, and streamline back-office tasks like claims submission. Yet the mid-revenue cycle often receives less attention. This broad domain—including clinical documentation integrity and physician query management, medical coding and clinical validation, and charge capture and revenue integrity—still relies on entrenched workflows in many organizations. Given the gap between current practice and what modern tools can deliver, the mid-revenue cycle is a prime target for efforts to reduce costs and capture revenue. In this webinar, we’ll speak with leaders who are looking to bring today’s best technology to these processes.
Speakers:

* Adar Palis, SVP of Clinical & Revenue Cycle Applications, Providence
* James Wellman, VP/CIO, Nathan Littauer Hospital & Nursing Home
* Nicholas Raup, SVP, AI & Automation Solutions, e4health

Nnaemeka Okafor, MD, VP, Chief Analytics and Informatics Officer, Memorial Hermann Health System, says health systems are shifting from purchasing tools to building the conditions that let them deliver results. In an extensive interview, he outlined a program that emphasizes multidisciplinary governance, deliberate training, durable data infrastructure and careful budgeting that accounts for the true cost of adoption.
As an emergency physician of 18 years who also leads both informatics and analytics, Okafor argues that organizations must design for use. The goal is to assemble clinical, operational and technology teams that stay engaged across the product life cycle—selection, go-live, measurement and iteration—so workflows evolve with system upgrades and changing practice standards. The approach reflects the scale of Memorial Hermann Health System, which spans more than a dozen hospitals, hundreds of care sites and tens of thousands of staff in the Houston region.
The central idea is that adoption improves when leadership invests as much in measurement, dissemination and training as in the tool itself. Okafor said: “we need to build those ecosystems, or I would say environments, where the technology can thrive.” He connected that to risk management, noting that consumer-grade intuitions do not translate to clinical settings, where small navigation errors can carry consequences.
Budget Beyond the Sticker Price
Many boards have learned that initial licensing underestimates what it takes to achieve durable value. He pointed to widely cited analyses that show the costs of implementation and value realization can exceed the price of the technology itself. Okafor was explicit about the scale: “the cost of implementation or actually deriving value out of the tool, maybe three times the initial cost of the technology itself.” That ratio guided Memorial Hermann Health System during its recent EHR transition, where leaders deliberately budgeted for ongoing education, optimization and at-the-elbow support.

The funding posture also improves executive alignment. Okafor emphasized that a transparent “all-in” ask—covering licensing, change management, measurement and continuous education—reduces the need to return for incremental allocations, a scenario that tends to frustrate finance leaders. He framed successful requests in return-on-investment terms: quantify the operational, clinical and financial gaps; propose the training or optimization required to close them; and estimate the timing and magnitude of the benefit. That discipline, he said, builds trust for future proposals.
Training That Is Deliberate and Ongoing
Sustainable adoption requires more than one-time classes or passive videos. He described a tiered model built on deliberate practice, where content is targeted to the workflow users must perform and delivered in formats that match how they learn—short in-workflow clips, interactive simulations for high-risk tasks, role-based labs and scheduled at-the-elbow sessions. Leaders, he added, should protect time for training and communicate that proficiency is a core expectation.
Okafor also emphasized the importance of retraining. System upgrades and workflow changes can turn yesterday’s five-click sequence into a single action; without refreshers, staff will keep doing it the old way. Effective teams keep feedback channels open, route pain points to vendors and bring enhancements back to frontline users through concise reinforcement. Governance’s role is to maintain that loop, ensuring that clinical best practices and system capabilities mature together.
Data Foundations and AI’s Role
Measuring whether technology works at the elbow requires a strong data backbone. He described building internal pipelines and dashboards that combine signals from multiple systems to track adoption, efficiency and outcomes, rather than relying solely on out-of-the-box reports.

Robbie Freeman, Chief Digital Transformation Officer, Mount Sinai Health System, is steering a consolidated digital-and-AI agenda that aims to simplify experiences for patients, clinicians, and a 48,000-person workforce, while tightening the link between experimentation and enterprise scale. In a wide-ranging discussion, he outlined a governance model that blends top-down priorities with bottom-up discovery, a disciplined approach to pilots, and an emphasis on training and workflow change to ensure real adoption.
This interview was conducted as part of our recently published Special Report on AI 
In his role, Freeman oversees digital and AI product teams responsible for the myMountSinai app, omnichannel access (phone, text, web, app), and tools supporting clinicians at the point of care, alongside a new “employee digital front door” intended to streamline routine questions and tasks. He said that the workforce front door—powered by generative interfaces—will draw answers from policies and business systems, letting staff ask not only “what is our PTO policy?” but also “what is my PTO balance?”
“We’re pulling that together to create one seamless front door just for our workforce,” he said.
In describing the system’s scope, he framed the work as three “journeys”: the patient journey (access and navigation), the care journey (clinician-facing tools such as ambient documentation), and the workforce journey (HR and work-enablement). He emphasized that each journey is prioritized using a consistent approach, with experience research (focus groups, rounding, asynchronous polling) determining the pain points most worth solving now.

Governance Meets the Front Line
At Mount Sinai, digital and AI review structures have been merged to drive faster, clearer decision-making and to align investments with enterprise goals. Freeman said the unified body evaluates requests through an “experience-led” lens and balances “moonshots” with near-term fixes. The result, he noted, is a portfolio that can flex quarterly while preserving a common operating model for safety, bias testing, and measurement.
He stressed that outcomes hinge on people and process more than technology, and that success rides on the intensity of education, support and feedback loops built into rollouts. “I like to say that our projects, this work, is just 5% technology and 95% the people, process, and change management.” To keep that people focus, the team invites ideas from any staff member and feeds them through a centralized intake, risk scoring, and guardrail process that calibrates assurance requirements to the use case—lighter for back-office productivity tasks, heavier for clinical decision support.
From Pilot to Scale
Mount Sinai runs innovation units to incubate new solutions with enhanced on-the-ground support, then moves promising tools into progressively broader environments once adoption and performance criteria are met. Freeman pointed to an internally developed AI model that flags patients at highest risk for pressure injuries, noting that it outperformed the legacy Braden score used historically by bedside teams. “We’re able to show that we could outperform that with AI,” he said. Early successes, he added, are just a starting point: the team co-designs workflows with frontline users, launches on a single unit, validates onboarding and adherence, and only then phases rollouts across sites.
He described a “silent pilot” pattern for higher-risk clinical use cases: the model runs in real time behind the scenes, its outputs are compared with clinical decisions, and equity checks and operating thresholds are tuned before any intervention reaches clinicians. In parallel, policy requirements spell out expectations for measurement, human oversight, and documentation.

Mouneer Odeh, VP, Chief Data and AI Officer, Cedars-Sinai, is positioning the organization to harness fast-maturing AI while keeping clinical workflow, governance, and scale at the center of decision-making. In a wide-ranging discussion, he traced his path from advanced analytics to enterprise AI, outlined the role of platform vendors versus best-of-breed tools and internal builds, and described how non-IT staff are being trained to co-create agents grounded in Cedars-Sinai policies.
This interview was conducted as part of our recently published Special Report on AI 
Framing data and AI as a single continuum, Odeh said the mission is to accelerate research and discovery, improve patient care, and drive operational efficiency through “data-driven intelligence.” He argued that data quality is the critical differentiator between helpful and hazardous systems, adding, “the difference between AI that behaves like a really good graduate student or a fantastic assistant, and AI that behaves like your drunk friend is quality of the data.” He also emphasized tight linkages with clinical informatics, research leadership, applications, infrastructure, and security so that models can be deployed reliably inside real workflows.
Within the C-suite, Odeh partners closely with the chief health informatics officer and the chief health AI research officer, while maintaining deep ties to applications, technology, and security leaders. He said that collaboration matters because AI is increasingly delivered through applications and agentic interfaces. In his view, bridging operations and technology—while anchoring everything in governance—keeps initiatives focused on adoption and measurable outcomes.
Platform, Best-of-Breed, and In-House: Finding the Mix
At Cedars-Sinai, the AI portfolio breaks roughly into thirds across internal development, platform-delivered capabilities (notably in the EHR), and best-of-breed solutions. Odeh said platform vendors are racing to embed agentic capabilities where clinicians already work, which can compress time to value. He pointed to the EHR’s evolving strategy and observed, “You could almost say that they’re reinventing themselves from a software company to an AI company.” He added that Cedars-Sinai expects platform share to grow as vendor offerings mature, but only where they meet clinical and operational requirements at scale.

To avoid lock-in, Odeh drew a clear line between simplification and dependency. He stressed that Cedars-Sinai will continue to pursue innovative point solutions and internal builds where they offer distinctive value, workflow fit, or earlier availability than platforms can provide. In his words, “I don’t think we’ll ever be all in on just going with the platform play.” He said that whatever the source—platform, best-of-breed, or internal—the output must flow into clinician workflows so that it “feels” native; otherwise, good models will go unused.
From Projects to Products: Governing at Scale
Across deployments, Odeh said implementation now determines impact. He pointed to the shift from one-and-done project management toward product management that sustains engagement, measures use, and iterates based on observed behavior. He argued that customer-relationship skills inside IT are becoming as important as technical depth: without trust and responsiveness, organizations lose momentum, and opportunities to expand successful pilots stall.
He described governance as a practical enabler; multidisciplinary bodies decide who sees what, what actions are expected, how results are interpreted, and when a model is “publish-ready.” He added that informaticists are essential to this work, translating between clinical reality and technical integration so models land in the right place, with the right users,

Chero Goswami, Chief Information & Digital Officer, Providence, is using front line observation, disciplined governance and renewed business-continuity planning to align technology with clinical reality across the seven-state system. In a recent interview, he outlined an approach that favors standard methods where possible, local flexibility where required, and a culture that treats reliability as a clinical imperative.
Goswami emphasizes learning healthcare by “walking the floors,” listening to clinicians and patients before prescribing fixes. He encourages leaders and staff to shadow units, using those sessions to validate how tools are understood and where they fall short. Goswami frames this as a habit rather than a mandate, noting that observations gleaned on rounds often save “50 emails a week” and surface issues that never make it to dashboards or meetings.
On why in-person context matters, he explained: “Work is practiced on the front lines, so how can we understand the value of our work (in IT) if we don’t know how the work is going to be consumed?” That perspective extends to humble problems—like a broken printer—that cause outsized disruption to discharge timing and patient flow. He argues leaders should respond empathetically while still routing fixes through standard processes so ad-hoc “workarounds by title” do not undermine reliability.
Designing for Patients’ Real Needs
Patient-facing technology, he says, should be built with human-centered design, written in plain language, and sensitive to the moments when people are most vulnerable. Goswami cautions that families and patients consume information differently and that systems must present data without overwhelming users. “You have to design the systems in a way that the layperson can understand it,” he said. Goswami also stresses the indirect patient impacts of IT reliability: when a cafeteria register fails during the lunch rush, for example, the line grows, breaks run long, and bedside coverage can thin — creating the risk for small outages to impact clinicians whose time is always at a premium.

Goswami links design choices to system-level outcomes. He urges teams to trace any proposed technology or fix back to the patient within “three hops or less.” That discipline, he argues, shifts conversations from tools to solutions and nudges teams to measure what matters. He adds that modern constraints—crowding in emergency departments and staffing pressures—require workflows and technology to coevolve, not simply graft new tools onto old processes.
Governance, Operating Model and Variations
Enterprise-level governance, Goswami notes, must clarify both what the organization will do and what it won’t. “A true ‘no’ is much better than a fake ‘yes,’” arguing that demand will always exceed capacity and that transparent choices build trust. He is standing up a two-tier structure: system-wide decisions for common processes and platforms, paired with regional governance to honor local regulations and population needs. Governance, he adds, is incomplete without an operating model that assigns ownership, timing and execution methods.
Goswami also separates three kinds of variation that complicate the EHR and its ecosystem: product variation (multiple tools doing the same job), practice variation (different ways of performing the work, sometimes for valid reasons), and performance variation (measurable differences in results). He encourages leaders to examine each type, then elevate the combinations that demonstrably improve outcomes to become the new standard. The corollary is that technology adoption often requires workflow redesign. Goswami cites a guiding maxim he keeps close: swapping modern tools into legacy methods tends to produce a more expensive version of the past unless processes are re-engineered to fit.
Resilience and Business Continuity
System availability remains a constant focus.

Rady Children’s Health is consolidating analytics and AI-enabling services on a governed cloud platform to reduce friction for clinical, operational, and financial users. Caroline Peika, Director, Integration & Analytics, said the program pairs a centralized data environment with a private retrieval-augmented generation chatbot to turn internal documents into reliable answers with citations. The approach aims to raise data quality, clarify ownership, and shorten the path from question to decision for busy hospital teams.
The modernization effort treats the cloud as a curated environment with clear intake rules, lineage, and stewardship. Peika said the operating model sets expectations for source system accountability, common definitions, and documentation so downstream consumers can work from the same reference points. “We put controls around ingestion and transformation so people can trust the outputs that land in shared spaces.” The intent is to move analysts away from duplicate extracts and local spreadsheets toward governed data products that serve multiple use cases across care delivery, finance, and operations.
As the platform scales, she said governance is embedded in routine work. Intake requests must identify owners, business purposes, and refresh patterns; cost forecasting accompanies new pipelines; and role-based access limits proliferation. The result is a single environment that prioritizes reuse, lowers redundancy, and supports rapid provisioning for analytics and data science without sacrificing oversight.
Private RAG Chatbot Surfaces Gaps
The companion initiative is a policy-aware chatbot that answers questions by citing specific passages from approved sources. Peika said the service quickly revealed a familiar challenge: outdated or conflicting policies across departments. “The moment you ask for a citation, you discover where documents are stale, inconsistent, or scattered.”  That visibility becomes a forcing function for departmental clean-up because owners must validate the very sources that power responses.

After the pilot showed value with HR, compliance, and IT policy documents, the team created a feedback loop so users can flag weak answers and request corpus updates. Department leaders now curate their own collections, retire obsolete material, and establish refresh cycles tied to policy review calendars. The chatbot, in turn, reduces email chains and ad-hoc explanations by providing a consistent, searchable record with provenance that stands up to audit.
Buy-or-Build With Continuous Ownership
Commercial platforms help accelerate deployment, yet the enterprise still needs sustained engineering and product ownership. Peika emphasized that vendors can supply components, but health systems remain responsible for validation, corpus hygiene, and upgrades. “Whether you buy or you build, there is always ongoing build.”  That includes re-indexing content as policies change, updating models, and monitoring answer quality as usage grows.
Scope discipline matters. The goal is not to chase feature parity with public assistants like ChatGPT; it is to deliver dependable, governed answers to institutional questions, accept secure file uploads, preserve conversation context within policy, and route feedback into improvement sprints. Peika added that choosing high-value use cases with clear owners increases adoption, because leaders can see fewer interrupts and faster responses for their teams.
Funding, Performance and Resilience
Cloud cost control is a design requirement, something critical with cloud initiatives. Peika said the program bakes in least-privilege access, workload quotas, and spending dashboards to prevent unmanaged experimentation and bill shock. Business partners receive estimates for data movement, storage, and compute before projects begin, aligning expectations with budgets. “Guardrails protect us technically and financially ...

Pallavi Ranade-Kharkar, PhD, Enterprise Director of Research Informatics and Genomics, Intermountain Health, laid out a disciplined approach to AI adoption that balances rising organizational pressure with patient-centered guardrails, emphasizing governance, security, and measurable value for clinicians and consumers.
Health systems are under strain to automate, improve access, and lower costs. National spending projections point upward and boards are pushing digital programs. Against that backdrop, Ranade-Kharkar described a portfolio view of AI—predictive, generative, and hybrid tools—where pilots scale only when they deliver reliable outcomes. “There is tremendous potential for AI to do more, and it’s constantly evolving,” she said, noting that many models still require tight guardrails to prevent errors and protect trust.
Technology budgets already represent a meaningful share of revenue across hospitals, with increases likely as organizations pursue digital health gains. She urged leaders to fund projects that produce tangible clinical and operational results. Overconfidence, she warned, remains a risk in this fast-moving market: “Over reliance on AI can be detrimental.” In her view, executive sponsors should embrace rapid learning cycles while insisting on independent validation and post-go-live monitoring.
Privacy and Security as Table Stakes
The obligation to protect patients and their data sets the tone for every AI conversation. She emphasized that privacy, consent, and security must be integrated into solution design, procurement, and operations. CISOs, compliance, and data leaders should be at the table early and remain involved when tools retrain on fresh data or expand to new use cases. “Data security and patient privacy is everybody’s problem,” adding that governance must clearly assign responsibility for controls, audits, and incident response.

Beyond baseline controls, she called for transparency about model training and validation. Leaders should request documentation that details the datasets used, testing methods, and known limitations, and should insist on bias assessments when deploying to new populations. Policies should require continuous quality monitoring, especially for models that write to the electronic record or influence clinical decisions. In parallel, procurement language should define access, retention, and deletion requirements for any vendor handling patient data or prompts.
Vendor Transparency and Trust
As AI features arrive embedded in routine upgrades, leaders face a new dynamic with long-time vendors. Ranade-Kharkar urged explicit notifications when AI functions are introduced, along with clear instructions for risk review, activation, and controls. She recommended a two-layer test strategy: validate vendor claims on sample datasets and then confirm performance on the health system’s own data before broad release. Trust accrues when partners show their work—how models were trained, how outputs are evaluated, how drift is detected, and how issues are remediated.
She also advocated for human oversight calibrated to the task’s risk. Ambient documentation and meeting-note summarization differ from tools that generate orders or discharge instructions. For high-impact workflows, committees should define required reviewer roles, escalation paths, and thresholds for intervention. For lower-risk automation, product owners can tune prompts, track exceptions, and iterate quickly—while still reporting outcomes and issues to governance.
Measuring Experience,
Turning on technology is not the goal; rather sustained, satisfied use is. She argued for a patient-experience lens that gives as much weight to convenience and clarity as it does to accuracy. Abandonment rates for kiosks, chatbots, and virtual check-in are a leading indicator: if patients quit, the design or flow is failing. Leaders should test these experiences personally an...

Chuck Podesta, CIO, Renown Health, is steering his organization toward an interoperability model that leans on AI “orchestration” rather than large, centralized data repositories—while pairing that shift with tougher data governance and a stronger resilience posture. The three-hospital system in Reno, Nev., which includes an 800-bed regional facility, a community hospital, a children’s hospital and a health plan, is also preparing an AI Innovation Center to accelerate workforce productivity and evaluate clinical tools.
From his vantage point, Podesta sees steady movement but not sufficient progress in connecting health data across vendors and care settings. “We’re still very far behind where we need to be, although with some of the new technologies, especially around AI, there is hope now,” he said, noting that federal rules and vendor advances—such as single-pane patient access features—are nudging the market forward.
He argues that patients’ expectations are setting the bar: they want longitudinal records that travel with them across states and providers. Against that backdrop, he views current cross-system exchange as incomplete and often brittle, even when organizations share the same core EHR. The imperative, he said, is to deliver a unified experience without forcing clinicians or consumers to assemble it themselves.
From Data Lakes to Orchestration AI
Within data strategy, Podesta describes two schools of thought. One approach consolidates information from EHR, ERP and ancillary systems into governed platforms such as data warehouses or cloud analytic environments. That method, he said, can yield trustworthy operational dashboards and support research, but it is expensive and slow to adapt.

He is increasingly focused on a second path: leaving data in place and using intelligent agents to retrieve it on demand. “Orchestration AI leaves the data where it is and uses AI to fetch it, which can be faster and cheaper—as long as governance is sound,” he said. In this model, standards and APIs still matter, but the emphasis shifts to secure access, provenance and auditability at the source, rather than repeated copying into new stores.
Governance, Talent and the Citizen Layer
At Renown, Podesta plans to launch an AI Innovation Center to review EHR-embedded capabilities, enforce data and AI governance, and promote enterprise productivity tools to the full workforce. The near-term goal, he said, is to reclaim time by automating repetitive administrative tasks across departments.
He wants employees closest to the work to help lead that change. “Look at all the mundane tasks you do and figure out how to automate those—not to replace you, but so you can do the work that only you can do,” he said. Early internal analysis showed surprisingly broad, grassroots experimentation with generative tools; thousands of staff interactions with public systems prompted Renown to pursue enterprise licensing and guardrails to protect sensitive information while channeling energy into sanctioned uses.
Podesta also points to “evangelists” already on the payroll—clinicians, analysts and operators who write effective prompts, build lightweight workflows and teach peers. By convening these practitioners inside a formal program, he expects faster diffusion of practical use cases without heavy reliance on consultants or large bespoke builds.
Resilience, Outages and Multi-Cloud Plans
As AI and ambient documentation embed deeper into everyday care, Podesta emphasizes that resilience must advance in step. He expects the industry’s security posture to tilt from detection-and-response toward proven recovery capabilities that keep clinical and business systems available under duress. Recent hyperscale interruptions underscored for him the operational risk of single-cloud concentration and the need to design for failover—between clouds and between cloud and on-premises resources.

Melek Somai, MD, MPH, VP, Chief Technology & Product Officer, Inception Health – the innovation arm of ThedaCare-Froedtert Health, argues that healthcare’s cost and access pressures cannot be solved by staffing alone; they require technology-led redesign of how care is delivered. In a wide-ranging interview, he described why his organization is putting technology at the clinical “front door,” rebuilding workflows with a product mindset, and aiming digital tools at the practical levers of access, scale, and clinician cognitive load.
“Our view is that technology is a tool and capability to drive outcomes,” he said, adding that the objective is measurably better access, quality, and cost.
Technology as the Front Door
According to Somai, the access problem must be confronted directly. Wisconsin faces a primary care retirement wave in the coming decade while patient cost-sharing continues to rise—conditions that suppress demand and strain capacity. He said simply bolting on scheduling widgets or messaging tools will not fix a supply-demand mismatch; if the earliest appointment is 18 months away, a slick interface will not help.
He outlined Inception Health’s answer: lead with digital channels and build the operational infrastructure—people, processes, and platforms—behind them. “We took a model where technology is the front door of the health care service delivery,” he said, noting this flips the traditional pattern in which IT sits behind operations providing support rather than shaping service design. The ambition is anytime, anywhere access that meets consumer expectations without compromising clinical standards.

He emphasized that technology and process cannot be designed separately. Rather than pushing tools into existing clinics, the organization embeds clinicians, clinical informaticians, engineers, and UX researchers on the same product teams to co-develop both workflows and software. Somai said this product orientation differs from time-boxed projects: the work evolves continuously based on outcomes and user feedback.
He added that the approach grew out of early virtual-care attempts that overloaded clinicians—asking them to jump between in-person visits and video or chat, juggling headphones and logins. The friction signaled a process, not a technology, failure. In the product model, care protocols, staffing models, and digital interfaces are engineered together so that the “right” behavior is the easiest one to execute.
Managing Cognitive Load and Change
Somai said sustained adoption hinges on reducing cognitive load for both clinicians and patients. One of his main operating principles is: “Make the right thing easy.” He pointed to preventive care as a test case—if a self-enrollment pathway into evidence-based digital therapy is clinically appropriate, do not require an extra visit to unlock it. Instead, design a one-click path and let the care team monitor progress.
He added that large language models are being tested as assistive layers to suggest appropriate protocols in context and then get out of the way. Early lessons reinforced that “more information” is not inherently helpful; surfacing fewer, more relevant cues can be the better safety and quality strategy. On the patient side, he said the least utilized resource in healthcare is the patient’s own time and motivation. Digital tools should empower patients to complete routine steps at home and reserve appointments for what truly requires human expertise.
According to Somai, the digital-first operating model pushes primary care beyond one-to-one relationships. The vision is a 24/7, team-based service in which technology routes each request—medication refills, preventive care tasks, acute triage—to the right professional at the right time. He said this makes access more convenient, scales scarce clinician capacity, and reduces the “gatekeeper” inefficiencies that force patients through unne...

James Case, VP/CISO, Baptist Health, frames his program around a single theme: balance. Case seeks to harden the enterprise against modern threats while protecting the speed and reliability clinicians require to deliver care. He argues that the test of any control is whether it reduces material risk without creating unnecessary friction at the bedside, in the OR, or across back-office operations.
Identity sits at the center of that balancing act, as credentials have become the preferred path for attackers. He emphasizes automation across the joiner-mover-leaver lifecycle to prevent permission creep and to react instantly when HR records change. “The bad actors are not breaking in as much as they are logging in,” he said.
Case explained that standards are tuned to clinical context rather than imposed uniformly. He pointed to operating suites and other critical areas where default lockouts and session timeouts can undermine safety. He said those settings are adjusted with clinical leaders so authentication never interrupts patient care, yet still records accountability and deters misuse. Case likewise supports risk-based step-ups for higher-sensitivity actions, reserving the strongest checks for activities that create the greatest exposure.
Calibrating MFA, Sessions, and Clinical Context
Multi-factor authentication is treated as a precision instrument. He partners with the CMIO and nursing leadership to map where frequent re-prompts would slow throughput and where stronger verification is warranted. Case measures both attack interception and caregiver experience, using alert volume, prompt frequency, and help-desk trends to recalibrate policies. He summarized the principle: “Security that blocks care is not security.”

Case also ties identity analytics to real-world shifts in duty. He links role changes to automated removals as well as additions so legacy access does not accumulate. He said the organization validates these flows routinely to close gaps created by one-off exceptions, temporary assignments, or vendor on-site work. Case’s team builds dashboards that highlight outliers—accounts with unused elevated rights or unusual access patterns—so remediation becomes a steady operational rhythm.
Consolidation, Costs, and Measured Risk
Platform overlap has become an opportunity to simplify and save. He reviews vendor portfolios regularly to eliminate duplicative features and retire aging tools, freeing funds for higher-value controls such as identity threat detection or improved email defenses. “When we add something, we have to take something away,” he said, noting that every security dollar is ultimately a patient-care dollar.
Case expects vendors to meet that responsibility with transparent pricing and credible roadmaps; in return, he consolidates capabilities where doing so decreases integration burden and sharpens visibility. He evaluates investments through a risk lens that includes patient impact, operational disruption, and measurable reduction in attack paths. Case also experiments in targeted ways—such as considering internal-only mailboxes for specific job codes that have no external correspondence needs—to remove entire categories of phishing risk without touching roles that depend on outside communication.
Governance Built on Shared Accountability
Effective controls stick when business leaders share ownership of risk. He uses formal committees to record decisions and informal conversations to preview impacts, so operational and clinical leaders can surface workflow nuances before a change hits production. Case brings recommendations, not just options, and pairs each with resource and risk implications to make tradeoffs explicit. He views that clarity as essential to keeping both security and service reliable.
Case’s governance model blends documentation with relationships. He ensures privacy, legal, audit,

Adnan Hamid, VP/Regional CIO, CommonSpirit Health, says the next phase of “transforming care through innovation” begins with financial realism: health systems must preserve access for communities while confronting persistent cost pressure. In California, he helps support nearly 30 hospitals and more than 600 clinics inside one of the nation’s largest faith-based systems serving many underserved patients, a mission that requires disciplined prioritization as technology options proliferate.
Hamid said the core challenge is: “No margin, no mission, and no mission, no margin.” He links that equation to a practical planning horizon, noting that organizations—large and rural alike—are reworking strategies to keep doors open amid cuts in aid and rising expenses. Competing priorities are constant, he said, and leaders need credible business cases that protect cash flow and safeguard care delivery.
He said the first filter for any innovation is whether it helps the organization run a steadier operation. That spans both clinical and administrative spheres, but the immediate opportunity often sits in the latter. Executives want staffing relief, predictable revenue, and fewer operational bottlenecks. Success requires clarity about trade-offs, transparent timelines, and the willingness to deliver unwelcome news when a project does not make the cut.
AI’s Near-Term Payoff: Back Office
Hamid views AI as most ready to help in back-office domains, where automation can lift throughput and free time for frontline teams. He ties that to a decade-long shift in which documentation and clicks migrated to caregivers, diluting face time with patients and driving fatigue. “We’ve shifted the technology and administrative burden on to our clinicians,” he said, arguing that early wins should remove tasks.

He added that ambient documentation can be a bridge between patient experience and revenue integrity—but only if it improves coding accuracy and supports compliant billing. That is the heart of the CFO conversation: soft benefits like happier physicians matter, but proof of better documentation and fewer missed charges cements the case. Pilots inside ambulatory clinics have drawn strong clinician interest, and inpatient teams want in; the organization is still collecting evidence before declaring a conclusive result on coding lift. The bar, he said, is balanced impact: better visits, less burnout, and measurable contribution to the bottom line.
Clinically Led, IT-Enabled Execution
Hamid maintains that governance and execution must be owned by care leadership, with IT as an enabling partner. “It shouldn’t be even considered an IT project,” he said of ambient and similar capabilities, calling for CMO and CMIO sponsorship, shared metrics, and unified messaging to finance leaders. Physician champions, he noted, are often more persuasive than technologists when stakes are high and budgets are tight.
He described the CIO’s craft as relationship management across finance, clinical, and operations. Being proactive—returning from CHIME and other forums with concise, relevant trend summaries—builds trust when priorities collide. Partnerships with medical and nursing informatics expand expertise and speed decisions. Generative-AI tools can supplement research, but credibility still rests on judgment, clear trade-offs, and the integrity to say no when resources are constrained.
Interoperability and Legacy Workflow Reality
Hamid acknowledged meaningful progress since the Meaningful Use incentive era but warned that data exchange remains uneven across platforms and even across instances of the same EHR. Health information exchanges help, yet standardization is incomplete, leaving variation that complicates quality reporting, population health, and AI training data. He is optimistic about the trajectory but expects a long journey.
He cautioned against dreaming of starting from a clean slate,

Priti Patel, MD, CMIO, John Muir Health, is steering a measured expansion of AI from long-running predictive models to newer generative tools, pairing administrative relief with cautious governance and education for clinicians and patients. Under her direction, the system has deployed ambient scribing across ambulatory practices and is extending that footprint to inpatient and emergency settings while evaluating voice agents for call centers and care navigation.
This interview was conducted as part of our recently published Special Report on AI 
Early AI investments at the Walnut Creek–based health system centered on risk prediction — clinical deterioration on inpatient units, opioid risk scoring and readmission risk — before pivoting in the last two years toward generative tools that reduce documentation burden. Patel described how ambient scribing, launched in ambulatory clinics, has cut after-hours work and improved the patient visit experience. “Now all of our physicians in the ambulatory setting are able to utilize ambient AI for their visits,” she said, noting the program is expanding to inpatient units and the ED.
As that footprint grows, she is widening the use beyond physicians. Patel is assessing opportunities for nursing, case management, nutrition services and revenue cycle teams, where drafting denial letters, appeals and prior-authorization materials consumes valuable time. She also is piloting simple automations for call-center tasks such as scheduling and medication refills, with an eye toward easing access and standardizing service levels.

Adoption, Training and Human-in-the-Loop
Securing adoption has required segmenting the medical staff and letting data do the persuading. Patel said roughly a third of clinicians embraced ambient scribing immediately, while a “middle third” responded once they saw comparative metrics on documentation time and after-hours work. To support safe use, she is embedding basic AI literacy into training — what the tools do, how they produce text, and why outputs must be reviewed. “With any technology, the end user requires the why, the support, and then the ongoing feedback on how things are going,” she said.
Chart summarization and inbox assistance are next on the roadmap. Patel expects those features to help clinicians rapidly surface relevant history and draft patient messages, though she emphasizes a human-in-the-loop standard. She and her team track tell-tale signals — such as how often physicians edit generated drafts — to ensure users remain engaged reviewers rather than passive approvers. In her telling, this is both a safety practice and a change-management tool: visible, iterative improvement builds confidence.
Pilots, Momentum and Governance
Managing the pace of experimentation has become a strategic question. She has seen how disappointing early experiences can drain momentum — especially among previously enthusiastic “champions” — and make later re-engagement difficult. Patel’s remedy is to cap the number of simultaneous pilots, reserving trials for offerings that are clearly not yet mature, while moving straight to broader rollouts for proven solutions already working in peer organizations. “Pilots are very resource-intensive, time-intensive, and require a lot of collaboration between teams,” she said, adding that too many at once can exhaust scarce clinical time and trust.
That posture aligns with John Muir Health’s identity as a community-based system willing to lead selectively. Patel will back first-mover efforts when they target high-priority problems — burnout and documentation burden drove the early ambient-scribe push — but she otherwise prefers to be a fast follower, drawing on the experiences of academic centers and innovation programs.