Effective IT training is a critical, yet often underappreciated, factor in health system performance. This webinar will examine how information technology executives can oversee and coordinate training for new hires, existing staff learning upgraded applications, and high-level users requiring advanced support. Panelists will discuss strategies for balancing the roles of IT, informatics, HR, vendors, and third-party trainers to ensure consistent education. They will also address how training impacts usability, influences clinician satisfaction, and connects to burnout reduction, while exploring data-driven methods to identify systemic versus individual knowledge gaps.
Speakers:

* Gretchen Britt, Liberty Market VP Information and Technology, CIO, The University of Kansas Health System
* Clara Lin, MD, VP/CMIO, Seattle Children’s
* Dirk Stanley, MD, CMIO, UConn Health

Peter Pronovost, MD, PhD, Chief Clinical Transformation Officer, University Hospitals, is advancing a system-wide push to improve quality while reducing burden and cost. In a recent discussion with healthsystemCIO, he detailed a multi-year effort to reach “zero harm, zero suffering, zero waste, and zero inequities,” described a whole-hospital remote care platform now operating at Lake West, and outlined a change model designed to move ideas from unit-level experiments to enterprise standards. Pronovost also addressed how AI should be governed and deployed—not as a centralized gatekeeper, but as an embedded companion to clinical work.
Scaling a Whole-Hospital Remote Platform
The Lake West initiative grew out of a system pilot spanning five inpatient units, where experienced bedside nurses rotated into a command center one to two days per week and then returned to their floors. By design, he said, that model built trust, preserved team cohesion, and accelerated learning across units with different workflows. The lessons informed a whole-hospital deployment that quickly drew in care managers, social work, and physicians, expanding the range of use cases beyond core nursing tasks.
In practical terms, Pronovost explained, the program tackles several structural problems at once: unrelenting labor pressure, inconsistent task completion, and the need to support junior nurses who may feel safe with two patients but are routinely assigned five. He emphasized a simple triage for work redesign—stop what does not add value; automate where possible; and if automation is not feasible, consider outsourcing or remote execution—while protecting hands-on tasks that must remain at the bedside. The platform’s value, he said, is less about a single technology than about a repeatable way to redistribute work to the top of license and the top of competence.
A Faster Path from Ideas to Impact
Underpinning the deployment is a transformation approach he describes as “living and leading with love,” coupled with disciplined management and accountability systems. On paper that may sound soft; in practice it is a high-velocity operating model: teams propose changes, those changes are built or configured quickly, and results are evaluated within days on real patients and real workflows. If a change works, it spreads; if it does not, the team iterates or stops.

Pronovost said the organization deliberately avoids bottlenecks that force frontline teams to wait months for EHR configuration or enterprise approvals. Instead, governance focuses on clear goals and guardrails—safety, equity, privacy, and reliability—while enabling local invention. To move ideas across sites, University Hospitals uses a fractal structure in which each organizational level maintains a table where the next lower level has a seat; when a branch becomes crowded, a new branch is created so new practices flow by design rather than by chance. In his view, that structure allows small rural hospitals and flagship sites to contribute equally to the system’s improvement portfolio.
Embedding AI, Avoiding Central Bottlenecks
On AI, the message was direct: avoid designing a “Soviet economy” for algorithm use. Pronovost argued that AI is already part of daily work in ways many clinicians barely notice, and it should be treated as an accelerant rather than a threat—provided the organization sets appropriate guardrails and educates the workforce on strengths and limits. “AI is going to be part of every role.” He added that perfection is the wrong benchmark and urged teams to measure performance against current practice, not an idealized standard. “AI is going to make mistakes just like we make mistakes.”
The safety lens remains central. He pointed to the stubborn prevalence of adverse events as a reminder that improvement is not optional: “The best data we have shows that about one in four hospitalized patients are harmed.

Deepti Pandita, MD, CMIO & VP of Clinical Informatics, UCI Health, thinks that the fastest path to value with AI is to stop treating it as a side project and weave it directly into existing operational priorities. “AI should be embedded into whatever your strategic projects are or whatever problems are being solved at the health system level,” she said in a recent interview, outlining a pragmatic playbook for health systems that want measurable outcomes.
This interview was conducted as part of our recently published Special Report on AI 
Rather than launching standalone initiatives, the approach starts with the institution’s strategic problems—length of stay, ED flow, revenue-cycle leakage—and evaluates where AI can augment or replace current tactics. That framing keeps governance and measurement grounded in familiar management disciplines: define outcomes, assign owners, set KPIs, and report against them.
She emphasized that governance must be multi-stakeholder by design. Operational leaders and IT cannot go it alone; end users, data scientists, and ethics expertise need seats at the table from intake through implementation. The goal is not to debate AI in the abstract but to ensure those who will live with a tool help shape it—and can advocate for it—before deployment.
A second pillar is role clarity. Many organizations struggle to decide whether AI requires separate governance or folds into existing structures. The answer, according to Pandita, lies in recognizing that the intake process should mirror other technologies, while the ongoing oversight will diverge. “A tech lifecycle management is different from an AI solution lifecycle management.” That difference—models that drift, data that changes, and guardrails that evolve—justifies tailored lifecycle checkpoints without fragmenting operational ownership.

Lifecycle and Oversight Without the Hype
The discipline extends beyond committee charts. Metrics must be tied to the business problem, not to AI itself. That means defining success up front, documenting data refresh assumptions, and planning for recalibration. When pilots stumble, the culprit is often not the algorithm but overlooked workflow realities or misaligned data timing. She recommends time-boxed experimentation with explicit go/no-go gates, resisting endless tweaks that consume resources without moving KPIs.
On culture, the view is evolutionary, not revolutionary. Health systems have successfully digested earlier technology shifts—from on-prem to cloud, from licensed software to SaaS—and AI will pass through a similar maturation arc. Education and repetition, she noted, turn anxieties into routine practice, just as governance disciplines transform one-off pilots into standards.
When Vendors “Add AI”: Contracting, Transparency and Control
A growing operational risk is AI arriving through existing vendors via upgrades or “companions.” That can change a product’s data, privacy, and risk profile overnight. Procurement, in her telling, becomes a critical line of defense. “Our procurement has a standard form for any vendor that mentions the word AI in it.” The safeguard helps surface where models live, what data they use, how outputs are audited, and who bears responsibility for failure.
The trickier cases are unannounced feature injections. Those require vigilance—by IT, security, or contracting staff—to spot new capabilities and route them through governance before use. Vendor understanding of local context matters as well: academic environments, employed faculty models, and state-specific rules (e.g., California’s AI posture) can make a “proven” solution elsewhere unworkable without adaptation. Shared goals, she advised, only work if the supplier first understands the system it is trying to serve.

Morgan Jeffries, MD, Medical Director for AI at Geisinger and his colleagues, are reshaping how a large integrated health system organizes, oversees, and educates around AI — moving from a small, model-building shop to a cross-functional product organization with formal risk review and a rising emphasis on workforce literacy for AI tools.
Within Geisinger’s AI function, Jeffries and peers have restructured around product teams—pairing product managers with data scientists, engineers, and design—to convert high-potential ideas into supported solutions. He described a two-track operating model: building internal models end-to-end when Geisinger owns the problem, and “enablement” when vetting third-party offerings to ensure model transparency, local validation on Geisinger data, monitoring, and policy compliance before rollout.
As demand accelerated, Jeffries and colleagues worked with executive leadership to define a shortlist of enterprise priorities and use those as a gate for scarce capacity. He noted that program selection (what to build or enable) is distinct from risk governance (how to ensure safety and accountability). The former aligns investment with strategic goals; the latter applies to any AI-bearing program—homegrown or vendor-supplied—that enters the environment.
Governance that Scales with Risk
Asked what “good” looks like, Jeffries pointed to a systemwide intake and committee review that sorts programs by risk. Low-risk uses receive best practices and light touch. Higher-risk uses require proof of due diligence—owned by the program’s business sponsor and reviewed centrally. “They need to do an assessment of the risks associated with the AI system… and then an equity assessment… and then a monitoring plan… and then an escalation plan,” he said, emphasizing that local context matters even when vendors provide documentation. He also noted the importance of bringing multiple perspectives—technical, clinical, and ethical—into the committee’s deliberations.

He differentiated governance from procurement: new vendors are flagged through IT intake and contracting forms that explicitly ask about AI, but the tougher challenge is volume and drift—longstanding software that starts shipping AI features through routine upgrades. That reality, he argued, forces leaders to think beyond case-by-case review and toward patterns and platforms.
Preparing for Embedded AI Everywhere
The market has shifted from “we are an AI company” to “AI is inside the product,” and Geisinger is adapting its oversight model accordingly. For established platforms that enable many AI-powered workflows, Jeffries and colleagues are working with platform owners on a shared governance cadence so the oversight happens closer to where solutions are assembled. On sheer scalability, he was frank: “the centralized governance, that model is going to fall apart.” Instead, central teams should define policy, coach on risk patterns, and step in on select high-impact or ambiguous cases, while business and product owners take day-to-day responsibility for compliance.
He also entertained a question that many leaders are asking: can AI help review AI? He cautioned against over-reliance—automation bias, complacency, and de-skilling are real—but acknowledged that assistant-style tools could help less-experienced project managers consider risk and equity angles they might otherwise miss. In that sense, a well-designed copilot may be “better than the alternative,” provided subject-matter experts remain engaged and final accountability stays human.
Educating the Workforce, Not Just the Committee
The third pillar is education. Jeffries said the organization is building curricula that do two things: teach employees to use generative tools safely and effectively, and normalize a culture in which frontline staff share small wins and cautionary lessons. He sees this cultural diffusion as a practical risk contr...

Guillaume de Zwirek, CEO, Artera, says health system technology leaders face a simple choice in an increasingly AI-saturated market: master the details or risk falling behind. In a wide-ranging discussion, he argued that the pace of change now rivals the industry’s COVID-era telehealth surge and is forcing CIOs and their teams to make faster, better-informed decisions about where AI belongs and how to deploy it safely.
De Zwirek contends the ambient scribe wave made AI “part of the vernacular” across hospitals, but the next meaningful frontier is automation that handles high-volume, low-acuity operational work across channels—especially the phone. The appeal, he argues, is immediate bottom-line relief from persistent labor pressure, coupled with better patient experience and 24/7 responsiveness. “AI for a while has been a solution in search of a problem,” he said, but call-center workloads offer clear, measurable targets such as appointment verification, rescheduling, and routine information requests that dominate volume.
De Zwirek says agentic AI—task-completing systems stitched from multiple components, including speech-to-text, text-to-speech, and large language models—can manage these flows end-to-end. Health systems, he noted, are already seeing production deployments in specialty areas, and scaling from there. The opportunity is to remove friction at the front door while gathering the oversight documentation that boards expect: transcripts, accuracy scores, handoff rates, and patient-satisfaction markers.

“The technology is there today to allow an artificial voice to complete tasks on behalf of the patient, everything from scheduling to managing prescriptions, doing refills, things of that nature, and resetting portal passwords,” he said. The claim is not that AI eliminates human roles; rather, it concentrates human attention on exceptions and higher-acuity needs while turning routine traffic into consistently executed workflows.
Buy, Build, or Partner: Three Realistic Paths
Asked how a health system should obtain such capabilities, de Zwirek outlined three routes. The first is to build directly “to the metal,” assembling and operating the full stack—from model selection to speech layers to EHR and revenue-cycle integration—with the necessary DevOps, security, and ML engineering. He pegs the floor for a respectable in-house effort at several million dollars, plus ongoing costs to keep pace with infrastructure changes.
The second route is to buy a turnkey wrapper around generic voice-automation middleware. While this can accelerate pilots, he said it often doubles costs without delivering material advantages in latency, reliability, or healthcare tailoring, and it increases dependency on vendors who themselves depend on others.
A third route—contracting with a sector-specific partner that has already gone “to the metal”—can reduce time to value while aligning the stack with healthcare standards (HL7, SIU, payer rules, contact-center metrics).
For executives facing the reality that multiple current vendors now claim similar AI features, de Zwirek recommends prioritizing empirical evidence over marketing. That means requiring live, de-identified transcripts; scorecards that benchmark AI versus human performance for defined tasks; clarity on tenancy models and data isolation; and visibility into how often the vendor refreshes models, prompts, and guardrails as the ecosystem evolves.
Governance at the Speed of Change
A central tension, de Zwirek warned, is that AI infrastructure is shifting faster than many governance cycles. “We are using new forms of AI every two months in this company,” he said, describing a landscape where a single cloud or model upgrade can obsolete custom components overnight. In that environment, paper compliance (for example, HIPAA alone) is insufficient. Leaders should expect modern attestations such as HITRUST and SOC 2,

In a wide-ranging discussion on adoption, governance and the pace of innovation, Edwina Bhaskaran, Chief Clinical Systems and Informatics Officer, Mayo Clinic, outlined how large health systems can ensure new technology isn’t merely installed but actually used. Central to her approach is a “sticky” mindset—one that favors simple, timely, workflow-integrated tools that earn their keep with measurable outcomes for clinicians and patients.
Bhaskaran described “sticky” not as a rigid methodology but as a way of asking disciplined questions at every stage of the technology life cycle—from turning on a small feature to completing a major rollout and, eventually, deciding when to retire a tool. Rather than celebrate go-lives, she urged teams to evaluate whether a system is truly embedded in practice, producing adoption data that drives iterative refinement or a decision to sunset.
She emphasized that “sticky” success must be visible in both outcomes and experience. “We need to make sure that the return is worth the effort for the people by which we’re implementing the change, both from a clinical lens, but also from a patient lens.” That attention to yield, she said, should be paired with evidence that a tool is simple, timely and tightly tied to day-to-day workflows—conditions that keep usage from decaying after launch.
Training That Meets Clinicians Where They Are
Bhaskaran tied training strategy to the reality of scarce attention in modern care settings, arguing for a portfolio of learning modes—from short videos to classroom sessions, peer-to-peer demonstrations and “at-the-elbow” support—matched to a user’s role and the time each spends in the system. She framed the choice of training modes as an investment decision: organizations should scale up modalities when the expected yield (e.g., reduced burden, better outcomes, higher safety) justifies the cost, and pare back when changes are incremental.

Bhaskaran also stressed the power of peer influence and the importance of starting every education plan with a clear “why.” She noted that role-specific training, including for high-impact specialties, is often best calibrated by how much time those clinicians actually spend in the software, not just by their seniority or visibility, ensuring the right users receive deeper enablement while occasional users get efficient paths through the tasks they perform most.
Managing Change Fatigue and Culture
Bhaskaran called change fatigue real and recommended viewing it across the entire enterprise—not only IT programs but also non-IT changes like facility openings or operational restructurings. She advocated a living roadmap that categorizes upcoming work (enterprise-wide “mega” changes versus localized enhancements) and sequences efforts based on each unit’s capacity to absorb disruption.
She argued that durable adoption depends on culture more than on committee structure. In practice that means safe channels for departments to say when they are at a tipping point—and for IT and operations to recalibrate pace, bundle changes or even accelerate to get past an inflection. The guiding principle, she said, is that change should be done with clinicians, and that trust is earned when teams respond visibly to feedback.
Rationalizing the Portfolio, With Pilot Discipline
Bhaskaran is blunt about the downside of excess technology and the need to continually prune. “I’m a big fan of decommissioning. Love that word. I think we have to be brave enough to say, these tools are no longer meeting clinical needs. Let’s take it out.” Sustained adoption data, she noted, can reveal when upgrades have shifted workflows so that yesterday’s helpful tool is today’s clutter.
She warned against over-reliance on the “80/20” rule when consolidating applications across departments. “I’ve been burned by the 80/20 rule because oftentimes the 20% – depending on what we’re talking about – can be the m...

It’s rarely discussed in public forums, but it’s of singular importance to a well-managed career – when and how do you make executive-level job changes. From aligning your next role with long-term career goals to navigating relocation and compensation negotiations, every move requires careful consideration. In this candid, practical session, seasoned leaders will share insights on how to evaluate when it’s time for change, how to think strategically about what’s next, and how to manage the transition process with clarity and confidence. With opportunities on the rise, now is the time to prepare.
Speakers:

* Chuck Christian, VP of Technology/CTO, Franciscan Health
* Chuck Podesta, CIO, Renown Health

At Providence, the conversation about digital health has shifted from turning systems on to making sure clinicians actually use them. That distinction is central to the collaboration between Maulin Shah, MD, CMIO, Providence, and Staci Wendt, PhD, Director, Providence Health Research Accelerator: one side designs and scales rollouts; the other studies whether those rollouts work in the real world—and why. Together, the teams are building a playbook that privileges measured use over mere implementation at one of the country’s largest health systems, which spans 52 hospitals and more than 1,000 clinics.
Providence’s informatics organization aims to reduce burden and improve care through targeted, evidence-based deployments of clinical technology. The emphasis, leaders said, is on selecting interventions that can scale across a system the size of Providence without linear growth in resources, and on pairing each deployment with a plan to drive uptake.
Shah offered a simple analogy: “Having a Ferrari sitting in the garage is not really helpful,” he said, adding that high-end tools left idle create no value.
That is where the Providence Health Research Accelerator (HRA) fits. The HRA partners with informatics and operational leaders to bring research rigor—randomization where feasible, longitudinal surveys, and objective EHR measures—to questions of clinician burden, patient experience and workflow design. The shared aim: translate promising tools into sustained use, then refine playbooks based on what the data say most improves adoption at scale.

What the DAX Study Measured—and Found
Before expanding ambient documentation, Providence ran a randomized, staged rollout of DAX Copilot. Clinicians assigned to early access received training and used the tool for roughly six months; all participants completed monthly surveys on burnout and frustration with documentation, while objective EHR metadata tracked time in notes after visits and so-called “pajama time.” In aggregate, the analysis associated the tool with less after-hours work and lower self-reported frustration. As Wendt put it: “We found about a two and a half hour a week drop in, or difference in, the pajama time for our clinicians who were using [DAX] compared to our clinicians who were not.”
The research design intentionally paired subjective and objective measures. Teams collected usage patterns, looked for subgroups most likely to benefit (for example, those with heavy documentation demand), and triangulated findings across data sources. The method also surfaced confounders that can mask impact—such as staffing churn in a clinic—preventing false negatives or over-generalization from a single site.
Turning Evidence into Uptake
Operationalizing those findings falls to Shah’s team of clinical informaticists—about 500 strong—who own training, at-the-elbow support, coaching and success metrics across service lines. The team uses usage data, local medical leadership input, and “heat maps” to prioritize where one-to-one help will yield the most benefit. That capacity is pivotal because the organization still sees predictable adoption curves: early enthusiasts, a hesitant middle that needs coaching, and a trailing cohort that may never fully engage.
The coaching model reflects a pragmatic view of complexity. “It’s not plug and play… it’s not like pick it up and you’re just going to be an awesome expert,” Shah said, arguing that power users get more value, but they get there through targeted support—not assumption. New features that increase capability can also raise cognitive load, which in turn argues for hands-on enablement beyond a quick start guide.
Measurement is the key to improvement. Leaders cautioned against equating “users” with “impact”; instead, teams should watch time-in-documentation, satisfaction and other operational KPIs, and distinguish monitoring (“How are we doing?

Health system IT executives tasked with diffusing AI into their organizations are facing a serious challenge: how to ensure they get behind the right tools, those that will actually make a difference in clinicians’ lives by helping them become more productive at work and giving them more time at home.
In a wide-ranging discussion, Dr. Thomas Kelly, Co-Founder & CEO, Heidi Health, outlined a playbook for moving beyond proofs of concept to broad, durable adoption—one that starts with super-users, measures activation rather than licenses, embraces workflows inside and outside the EHR, and anticipates emerging regulatory obligations tied to clinical reasoning. Kelly argues that systems that operationalize adoption mechanics early will see the compound benefits in throughput, documentation quality, and clinician sentiment. It’s the approach his company uses and finds much success with around the world.
Building Around Super-Users and Specific Workflows
The center of gravity, Kelly said, should be a cross-department council of clinically credible champions who help map where AI actually fits day today. The area where AI can help is deliberately broader than EHR notes and covers multidisciplinary team meetings, operative documentation, form summaries, results synthesis, and pre-visit preparation—often the cognitive work that precedes the formal chart. In his experience, adoption rises when each specialty sees its own use cases reflected in the initial configuration, rather than receiving a generic scribe. “One of the most important things that we find is bringing together what is almost like a council or committee of super users across organizations.”

From there, the team inventories workflow friction service-line by service-line and builds templates, examples, and short demos clinicians can reference on day one. Kelly favors a train-the-trainer cascade—champions teach ten, ten teach a hundred—supported by self-service materials and department-specific content. That structure, he noted, reduces hand-holding and normalizes use across varied clinical settings where the value of AI may differ.
Measure Activation, Not Pilots
Kelly notes that in other parts of the world, where Heidi is an established and popular tool, success as a vendor depends on customer use and adoption. For example, in order for pilots in other parts of the world to expand, a majority of eligible clinicians must be using the tool. “We have to get at least 80% of the clinicians using it, at least once a week, ideally every day.”
He cautioned that buying a block of seats or running a small pilot can mask low real-world engagement; the measure for CIOs is how quickly usage concentrates among practicing clinicians.
Activation, in this framing, is not just a dashboard number; it is a gate to expansion. Kelly argued that systems that insist on explicit exit criteria for alpha and beta phases—weekly-active thresholds, specialty coverage, and satisfaction targets—avoid the risk of a “switch-on-for-everyone” launch before workflows are ready. He added that specialties vary widely in terms of where AI helps so activation must be read locally and managed accordingly.
Design for Use Inside and Outside the EHR
According to Kelly, adoption falters when tools are welded to the record and optimized for primary care alone. Many specialties do their highest-value thinking before a note, and much of that work—triage synthesis, evidence review, and handovers—doesn’t require immediate insertion into the chart. Enabling clinicians to use AI both within the record and as a companion alongside the record expands the surface area for value and increases the frequency of daily use. That flexibility, he said, is why cross-specialty activation can exceed 80% when workflows are mapped first and integration follows the use case rather than dictates it.
Kelly advised CIOs to encourage departments to start where value ...

Tiffany Kuebler, Medical Director of Clinical Informatics, University of Maryland Medical Center – R Adams Cowley Shock Trauma Center, says the arrival of generative tools is less a software upgrade and more a change in how health systems make decisions, prepare clinicians, and measure success. Kuebler runs clinical informatics and is a physician assistant, giving her a unique organizational view into how frontline teams can safely integrate AI into everyday care.
The traditional division of labor no longer fits the AI era, she argues. The work spans model behavior, clinical risk, patient communication, and workflow change, which makes it inherently interdisciplinary. Informaticists who speak both clinical and technical dialects become the connective tissue. As she put it, “AI is a tool in your toolbox. It’s not a technology decision anymore and shouldn’t be thought of as a technology decision.” Selection and oversight of AI should be co-owned by clinical leadership, not delegated solely to procurement or infrastructure teams. “These decisions shouldn’t be driven by your CTO; nor are they business decisions alone.”
That reframing also alters how buyers engage vendors. Rather than treating AI as an invisible feature embedded in familiar applications, leaders should insist on explicit disclosures about training data, bias testing, hallucination safeguards, and drift monitoring. Contract language and governance gates, Kuebler suggests, must reflect that AI can influence clinical cognition and documentation patterns. Informaticists are well placed to translate technical claims into bedside realities and to ensure operational guardrails keep pace with capability.
From Implementation to Use
Many health systems still track success at go-live. Kuebler’s view is that adoption must replace box-checking. She points to a widening gap between deployed functionality and daily use. The governance and analytics stack, therefore, should pivot to behavioral metrics: time in notes and orders by role, after-hours documentation, completion rates for templated workflows, and untreated variation at the service-line level. Those signals, coupled with qualitative feedback, allow leaders to prioritize optimizations where they will matter most.

That emphasis on “use” recasts the informatics charter. Instead of leaving adoption to individual departments post-implementation, clinical informatics teams should run structured optimization programs and then re-measure. The bar for success, she argues, is whether the tool reduces cognitive load or administrative time without compromising clinical judgment. Anything short of that risks quiet abandonment—an outcome that erodes trust and wastes scarce capital.
Training That Sticks
Education is where many promising tools stall. Traditional lecture-style classes and long slide decks rarely survive contact with busy services, rotating trainees, and varied baseline skills. “Nobody wants to be talked at,” Kuebler said. Her team has shifted toward interactive, asynchronous modules that require clicks and short task completions, supplemented with brief, role-specific refreshers at the elbow. “It’s not then just the module talking at you—now it’s interactive,” she said. “And so now you’re actually having to pay attention and show that you are understanding.”
And because communication channels are saturated, delivery matters as much as content; as she noted, “Nobody reads their email anymore.”
Equally important is teaching the “why,” not just the “how.” Clinicians need literacy about bias, hallucinations, and drift to supervise AI appropriately and sustain trust with patients. Informaticists, she argues, are uniquely credible in delivering this content because they can connect technological concepts to clinical outcomes and communication. “We can bridge the gap of two parties that don’t really like to talk to each other and don’t speak the same languag...

Health systems should treat technology failures as a public-health threat with direct and measurable effects on patient care. To prepare, organizations need real-time monitoring, specialty-specific playbooks, and incident structures that bring IT and clinical leaders together, according to Jeff Tully, MD, Co-Director of the Center for Healthcare Cybersecurity and Associate Clinical Professor of Anesthesiology at UC San Diego Health.
Drawing on recent studies of ransomware and a nationwide software outage, Tully argues that the industry now has enough evidence to move from anecdotes to action on resilience and clinical continuity.
The Center for Healthcare Cybersecurity frames cyber incidents and other digital failures as clinical safety events whose impacts ripple across a region, not just the affected hospital. In 2023, the group analyzed conditions in a market where one health system was hit by ransomware: emergency departments saw higher census, longer waits, more “left without being seen,” and a sharp rise in EMS diversion hours, peaking above pandemic levels. Those findings led the team to view cyberattacks like mass-casualty events, where the weakest link in a regional chain can strain neighbors that are not directly attacked.
The research also underscored a paradox: it is difficult to measure patient-safety outcomes during downtime because the tools used to track quality and operations may be offline. That reality pushed the team to pair clinical operations data with independent signals of digital disruption and to avoid “fear, uncertainty and doubt” in favor of empiricism. “We have data that is definitely correlative, not necessarily causative, but enough to get us to be able to ask questions,” Tully said, adding that the aim is to give stakeholders reliable signals to guide response.

Measuring the Impact: From Ransomware to a Software Bug
To move beyond case studies, the center—working under ARPA-H’s Healthcare Ransomware Resiliency and Response program—mapped hospital domains and public endpoints and now monitors availability across thousands of U.S. hospitals. When a faulty software update triggered a widespread outage on July 19, 2024, the platform captured a wave of hospital endpoint disruptions, giving the team a chance to observe a non-malicious technology failure at national scale.
The monitoring is not intended to tell an affected organization something it already knows; rather, it enables early situational awareness for regional and state stakeholders, neighboring health systems, and federal partners who may need to anticipate surges or resource constraints. As Tully noted, the goal is to track “digital vital signs” for critical health infrastructure to support early warnings and planning when disruptions are likely to affect patient-facing tools.
From Command to Care: Governance and Playbooks
Tully urges leaders to adapt traditional disaster frameworks to technology-driven downtime that can last days or weeks. A hospital incident command structure can be modified for prolonged outages, with clearly defined authority for an incident commander and a cyber-savvy clinical liaison who can translate system status into bedside impact. The center has even piloted a “ransomware resiliency specialist” role to sit alongside incident command and triage communication, workflow, and safety decisions in real time.
Preparation, he argues, must be clinical and highly specific. The team is producing downtime procedures tailored to specialties and subspecialties, recognizing that what a cardiologist needs during a multi-week outage differs from the needs of hematology-oncology, surgery, or anesthesiology. Those resources are slated to be released as open-source tools so hospitals can adapt them to local contexts.

For CIOs and other IT leaders, the reality is stark: there will always be more demand than there are people or dollars to meet it. Beyond simple constraints, some requests are simply off the table—blocked by vendor roadmaps, contractual limitations, or regulatory requirements. So how can IT leaders maintain user satisfaction when only a portion of needs can be met? In this webinar, we’ll hear from executives who are effectively navigating this challenge by combining a deep understanding of available resources with a clear grasp of organizational priorities. Through consistent transparency, open communication, and disciplined governance, they’re managing expectations, aligning efforts, and building trust—even when saying “not now” is the only option.
Speakers:

* Naomi Rapoza Lenane, CIO/VP of Information Services, Dana-Farber Cancer Institute
* Muhammad Siddiqui, Chief Digital & Information Officer, Reid Health
* Rich Temple, Former CIO, Deborah Heart & Lung Center

Raymond Lowe, SVP/CIO at AltaMed Health Services, is navigating a classic safety-net dilemma: rising demand, volatile policy signals, and a mandate to deliver more with less. Serving a largely Medicaid population across Los Angeles and Orange counties, the organization operates as a federally qualified health center (FQHC) with tightly managed margins and a technology budget calibrated to hard operational returns. As policy changes reshape eligibility and reimbursement, Lowe is tightening governance, prioritizing measurable productivity gains, and asking his team to translate AI from experiment to repeatable, validated workflows. “We serve over 500,000 lives, primarily Latino, multi-ethnic, non-English speaking here in Los Angeles and Orange County,” he said, framing the scale and complexity of the enterprise.
A Lean Operating Model at Scale
AltaMed’s payer mix leaves little cushion for discretionary investments, and that constraint anchors the information services strategy. Lowe pegs the organization’s IT spend at roughly 2.8% of revenue—below the 3.5%–4% he sees at many peer institutions. “We came in around 2.8%, which is very skinny,” he said, noting the run state must still support an Epic EHR, Workday, enterprise networks, cybersecurity, and analytics. That lean posture becomes more consequential as California’s coverage dynamics evolve and federal reimbursement models shift toward managed-care rates over the next several years. Internally, the planning premise is that every new technology must either generate revenue or create quantifiable efficiency. That discipline has not kept AltaMed from pursuing modernization; it has forced a narrower aperture. The portfolio favors platforms the organization already owns, optimization over net-new tools, and projects with clear paths to scale—particularly those that shrink documentation time, accelerate patient access, and automate routine back-office tasks.

Ambient Scribing, Measured ROI
One example is ambient clinical documentation. After going live in late spring with an ambient listening vendor, adoption quickly exceeded expectations. Across roughly 400 providers, more than 280 requested access, and early data show an average gain of about 20 minutes per physician per day in reduced “pajama time.” Lowe’s team is quantifying impact with Epic Signal and other workflow telemetry, pairing that with informatics-led coaching to raise utilization and consistency. The next milestone he’s targeting is order-entry assistance, a change he believes can drive another step-function in productivity once it is validated for safety and reliability. The approach illustrates his philosophy: don’t pilot forever, don’t scale prematurely. Set thresholds for efficacy, stop experiments that stall, and redeploy capacity to what demonstrably moves the needle. He calls this ethic “execution as innovation,” and the results—such as AltaMed’s standing as a 10 Gold Stars organization in Epic and a top-tier utilization ranking—suggest the formula can deliver material gains without expanding the spend envelope.
AI Governance With Guardrails
Lowe has formalized AI oversight with an executive steering committee co-chaired with legal counsel. The committee’s scope ranges from policy and risk to testing protocols and vendor posture. Before opening the door to generative tools, the organization inventoried and restricted unsanctioned AI domains, then stood up a safe environment for internal experimentation to reduce data-leakage risk. On the security stack, the roadmap is to push beyond alerting into autonomous response where appropriate—using extended detection and response platforms to identify threats, recommend fixes, and execute them under human supervision. The standard for introducing AI into operations is rigorous: controlled pilots, model validation, and clear metrics for accuracy, bias, and downstream workflow effects.

As cyber threats become more sophisticated and health systems diversify their operations, new roles are emerging to close the gap between business needs and cybersecurity imperatives. One such position is the Business Information Security Officer (BISO), tasked with tailoring security strategies to the unique demands of each operational unit. At Michigan Medicine, Ashley Gelisse serves in this role, working to align risk management with the institution’s research, academic, and clinical missions while ensuring cybersecurity measures support productivity rather than impede it.
Gelisse’s position shows how cybersecurity is evolving beyond traditional, centralized models toward a more nuanced, relationship-driven approach that recognizes the complexities of large, federated health systems.
Defining the BISO Role
The BISO role functions as a bridge between cybersecurity teams and business operations, translating technical requirements into practical strategies that fit diverse workflows. At Michigan Medicine, Gelisse liaises between information security leaders and operational units spread across multiple sites and missions. “My role really is to be a liaison with the business side of the organization,” she explained. “We found we were missing that voice of the business.”

This perspective is particularly crucial in environments where applying a single, uniform set of controls can disrupt essential functions. Research teams, for example, often operate under tight grant deadlines, using novel tools or processes that don’t align neatly with standardized compliance frameworks. “What we were doing in terms of assuring, say, the clinical practice, it wasn’t always tuned adequately for the research practice,” Gelisse said. By serving as a translator between security requirements and operational realities, BISOs help organizations manage risk without sacrificing agility.
Customizing Controls Across Varied Risk Profiles
In a health system with both standardized and highly specialized IT environments, treating all departments the same from a security standpoint is impractical. Michigan Medicine’s clinical operations reveal this diversity: while 60% of its clinical IT environment is standardized under shared governance, the remaining 40%—such as radiology—maintains independent IT practices due to specialized tools and workflows.
Gelisse’s team addresses this by analyzing risk tolerance across different groups and adapting controls accordingly. “It’s not necessarily a one-size-fits-all approach,” she said. “Very different needs and use cases, different risks. So part of my role is to help understand those and translate back to the technical teams.” This approach often involves triangulating data from strategic objectives, threat intelligence, and operational priorities to strike a balance between protection and productivity.
Revenue cycle operations provide a case in point. When new threats emerged that required stronger safeguards, Gelisse’s team collaborated with revenue leaders to avoid disruptions that could jeopardize financial targets. “We were able to come up with a solution for them,” she said. “It required us to think differently. It was not a compliance solution.” Such negotiations—focused on both mitigating risk and preserving efficiency—reveal the value of BISOs as facilitators of compromise in high-stakes settings.
Building Relationships Before a Crisis
A central component of the BISO role is relationship-building, often well before any incident occurs. “One of my favorite sayings my boss uses is, ‘There’s no pope of UM Health,’” highlighting the intentionally federated nature of Michigan Medicine’s governance. To navigate this structure, her team holds regular mission-aligned meetings with leaders across the organization, fostering trust and familiarity in advance of emergencies.
This proactive outreach enables cybersecurity teams to be brought in earli...

Reducing burnout by easing technology burdens has become central to Providence’s IT strategy, so it’s not surprising that SVP of Clinical & Revenue Cycle Applications Adar Palis focused in on repeated complaints about slow logins, inconsistent workstations, and frequent timeouts. And that scrutiny prompted the launch of the EasyPass and Clinical Workstation Modernization programs.
“We really want to focus on giving back time to our caregivers,” he said. “Why does it take so long to log into a computer? Why is every PC different? We wanted to make the environment as easy as possible so they could spend more time with patients.”
To address these frustrations, Providence standardized its desktops using virtual desktop technology and introduced badge-enabled single sign-on, which allows clinicians to tap into any workstation and access their applications instantly. “Now they just tap and go from room to room,” Palis explained. “You would never have thought that something as simple as logging in and out of a computer could take away so much frustration and time.” The combination of reduced login delays and consistent interfaces has significantly decreased time lost to repetitive tasks, particularly for nurses moving between multiple patient rooms.
Seeing is Believing
Workflow observation was essential to identifying these inefficiencies. Palis emphasized that IT teams must leave their offices to shadow clinicians: “If IT sits behind this wall and never gets out into the hospitals to observe workflows, you won’t be able to pick up these things.” Observing nurses logging in repeatedly, sometimes spending several minutes per computer, made clear the scale of the problem and helped build the case for investment.

Importantly, this approach distinguishes between systemic problems and training gaps. If inefficiencies stem from lack of familiarity with features or shortcuts, they can be addressed with targeted education. If they are organization-wide issues, technical interventions become necessary. “You need to understand if it’s a training opportunity or a systematic problem occurring all over the organization,” Palis said.
Continuous Training to Reduce Burnout
Clinician education at Providence is not limited to onboarding or system go-lives. Palis described training as an iterative process designed to adapt alongside clinicians’ growing familiarity with systems. “Even when you go live, putting someone through four or eight hours of training is just scratching the surface,” he said. “It’s a constant state of learning.”
Providence’s clinical informatics team, composed of nurses and providers, rounds regularly to reinforce skills, teach shortcuts, and introduce updates directly in clinical settings. This hands-on model also allows informaticists to observe workflows and offer personalized tips. “They might not know about a shortcut or order set that could save them time,” Palis noted. “Our team can sit down and say, let me show you this tool.”
Staging training in phases helps avoid overwhelming staff during onboarding while still improving efficiency over time. “Six months in, you’re more comfortable,” Palis said. “That’s when we can teach you shortcuts and efficiency tips.” This layered approach has proven particularly effective for managing frequent updates and introducing emerging technologies like ambient documentation.
Providence relies on vendors to train its informaticists, who then train staff. “Vendors don’t know our organization,” Palis said. “Our informaticists get the training, and they can tailor it to the workflow. Take the 25-page manual and show clinicians how to use the system to take care of patients.” This method allows Providence to address differences across hospitals and units, recognizing that workflows vary widely across specialties.
Rationalizing Applications Through Governance
Managing more than 2,

Just take a look at the LinkedIn posts of healthcare IT leaders and it’s clear there’s no shortage of job openings. And while that may be good news for those looking for work, it presents a troubling trend for executives trying to staff up. In this timely webinar, panelists will discuss how leaders can respond by creating environments that attract and retain skilled professionals, emphasizing adaptable management styles, meaningful engagement, and connection to mission. With limited ability to compete on salary, health system executives must rely on culture, purpose, and effective leadership to remain attractive in an increasingly demand-heavy labor market. Learn how to stand out in this very competitive crowd.
Speakers:

* Michael Carr, CIO, Health First
* Steve Stanic, CIO, Lake Charles Memorial Health System
* Brian Sterud, VP/CIO, Faith Regional Health Services

To ensure consistent and high-quality digital service delivery across a massive health system, Providence has designed and implemented a proprietary telemetry monitoring platform that captures, interprets, and responds to network and application issues in real time. The result: a data-driven approach to diagnosing impairments, improving uptime, and supporting clinicians in delivering uninterrupted care.
“We started with the network because, frankly, nothing works if the network is down or if users can’t log in,” said Kellie Larkin, VP, Identity, Networking & Data Engineering, Providence. “Our objective was to create a level of situational awareness that went beyond traditional monitoring—to give our team and our clinical colleagues a real-time understanding of application impact when something isn’t performing as expected.”
Engineering a Smarter Network
The initiative began with a shift away from a costly MPLS infrastructure toward a software-defined wide area network (SD-WAN) design optimized for performance, cost efficiency, and observability. Providence selected a mix of regional carriers and private fiber links, creating a redundant mesh that ensured minimal latency across diverse geographies. That new foundation allowed the system to introduce granular, dynamic routing between sites and cloud-based assets.
The team incorporated both public and private pathways into the architecture, with encrypted traffic flowing through the most performant route at any given moment. As a result, latency was reduced by up to 60% in some areas, improving performance for clinicians and back-office users alike.

But to truly capitalize on the new infrastructure, Providence needed better visibility. The organization invested heavily in telemetry to capture live signals from the environment and align them with operational expectations. “We didn’t want to just know that something failed,” said Larkin. “We wanted to understand how that failure translated to the clinical experience.”
That meant designing a telemetry system that could correlate physical network data—packet loss, jitter, latency—with application responsiveness and the subjective experience of the user.
Quantifying Impairment and Prioritizing Resolution
The team developed a user experience algorithm, informed by years of ServiceNow ticket history, incident response patterns, and application metadata. The result was a real-time scoring system that classifies performance as good, impaired, or non-functional. These scores were then mapped to clinical impact levels.
By treating “impairment” as a continuum rather than a binary event, Providence was able to characterize issues with far more nuance. A brief slowdown in image rendering for a radiologist, for example, could be prioritized over an administrative portal loading slowly, depending on the clinical context.
“Our radiologists talk about milliseconds or brain cells, milliseconds or heart cells, when it’s an emergency,” Larkin noted. “If an image doesn’t arrive quickly, it can impact care. So we set performance standards in collaboration with clinical leadership—and we built telemetry around those benchmarks.”
The system can now verify whether a specific imaging transaction met the agreed-upon service level by analyzing timing, route, and destination. If it didn’t, engineers can investigate root causes with precision. In one instance, the system identified that a radiologist’s local workstation was underpowered for rendering high-resolution studies. Although the network had delivered the data properly, the end device created the bottleneck. The user was then reprovisioned with higher-performance equipment.
This kind of post-event analysis, enabled by a vast repository of time-stamped telemetry data, allows Providence to continuously refine service delivery and close feedback loops with clinical departments.

As health systems intensify efforts to modernize infrastructure, the risks associated with technical debt, fragmented applications, and over reliance on cloud and AI tools are becoming more pronounced. For Darrell Keeling, PhD, Senior Vice President of IT and CISO at Parkview Health, navigating this minefield requires not only technical insight but also business acumen and diplomacy.
The Fort Wayne-based system comprises 14 hospitals and employs more than 16,000 staff across Indiana and Ohio. It also extends its Epic platform to affiliated hospitals via a Community Connect model. Despite its size and resources, Parkview—like most health systems—carries some legacy IT systems and niche applications that accumulate over time and resist consolidation.
Fragmented Systems and the Rationalization Challenge
Keeling said that technical debt stems from both aging infrastructure and the accumulation of overlapping applications—many of which serve narrow functions but persist due to entrenched user preferences.
“We’re probably using maybe 50% of the functionality of what some systems can actually do,” he said, noting that organizations often purchase tools with broad capabilities but ultimately implement only a subset. The result is application sprawl, which increases maintenance costs and expands the attack surface for cyber threats.

Efforts to rationalize applications face significant headwinds, Keeling explained, because each tool typically has at least one internal stakeholder advocating for its retention. “It takes time to influence leaders,” he said, “especially in a system with hundreds of decision-makers.”
The challenge is compounded during mergers and acquisitions, when health systems inherit the technical debt of affiliated organizations. According to Keeling, most acquisitions proceed based on business considerations, with IT assessments occurring largely after the deal is signed. “The cost to upscale an organization after you purchase it is costly,” he said, citing the millions required to stabilize and secure outdated systems.
While security teams are increasingly involved in pre-acquisition assessments, including inquiries into prior breaches or unpatched vulnerabilities, technical readiness rarely influences whether a deal proceeds. “It’s a risk-based decision,” he said. “You look at all businesses—they were built on risk considerations.”
Cloud Mandates Introduce New Dependencies
Cloud migration has become a preferred strategy for reducing technical debt, particularly as vendors discontinue on-prem support. But Keeling cautioned that moving to the cloud is not a panacea—and that it carries its own risks.
“Even the cloud has technical debt,” he said. “It’s still going to have outdated operating systems and unsupported components unless actively managed.” He also noted that cloud subscriptions often come with hidden infrastructure costs, particularly when layering third-party security tools onto public platforms like AWS or Azure.
Beyond cost, the shift to cloud computing introduces new business continuity risks. “If the internet goes down or there’s a cyber incident, and everything is in the cloud, then what?” Keeling said. For mission-critical systems like EHRs or AI-driven clinical workflows, cloud outages can be just as disruptive as ransomware attacks.
He pointed to hybrid models as a likely outcome for most health systems, particularly where local control of patient data or medical device integration remains essential. “You don’t want all your controllers running in the cloud,” he said. “If there’s a disconnect, it could shut down your facility.”
Keeling acknowledged that some vendors are accelerating this shift by offering only cloud-based products, with defined timelines for deprecating on-prem versions. While this helps vendors scale features across a multi-tenant architecture, it can strain health systems that lack robust inter...

As AI becomes increasingly central to clinical, operational, and administrative functions, health systems face growing pressure to deploy it both responsibly and efficiently. This webinar brings together health IT executives to explore how governance can serve as an enabler—not a barrier—for AI adoption. Panelists will discuss how their organizations are navigating legal, compliance, cybersecurity, and patient safety risks while ensuring innovation isn’t stalled by bureaucracy. With AI poised to distinguish leaders from laggards in healthcare, the conversation will focus on practical strategies to structure governance models that mitigate risk without slowing momentum. The session will offer candid insights into what’s working, what’s not, and how to strike the right balance between oversight and agility.
Speakers:

* Stuart James, VP, Chief Operations Officer & Deputy CIO, CHRISTUS Health
* Reid Stephan, VP/CIO, St. Luke’s Health System
* Tanya Townsend, Chief Information & Digital Officer, Stanford Children’s Health | Lucile Packard Children’s Hospital Stanford

Tapping into advanced analytics and automation, the pediatric hospital focuses on outcome-first AI design
When Alda Mizaku assumed the role of Chief Data and AI Officer at Children’s National Hospital, the position did not yet exist. With a background in biomedical engineering and predictive modeling, she brought both technical and clinical perspectives to what would become a transformative role. Her first priority: establishing the data foundation necessary to drive analytics and AI across the organization.
Children’s National, ranked among the top five pediatric hospitals in the United States, serves the Washington, D.C., Maryland, and Virginia regions and attracts patients from around the world. In an environment defined by both complexity and scale, Mizaku’s mission has been to develop enterprise-wide capabilities while demonstrating immediate value. That required rethinking traditional sequential approaches.
“We really had to build the plane while flying it,” she said. “It’s not how we’re trained, but it doesn’t work in healthcare to wait two years to build the platform before showing results. We had to bring value quickly while establishing the infrastructure underneath.”
This approach included launching a cloud-based data platform and defining a centralized enterprise data model—a single source of truth to support analytics, automation, and AI initiatives.

AI as a Means, Not an End
While excitement around generative AI and autonomous systems grows, Mizaku emphasized the importance of beginning with problems—not technology. She described AI as a toolbox containing multiple instruments, from predictive models to generative agents to automation workflows. Selecting the right tool, however, requires clear alignment with operational goals.
“Technology for technology’s sake doesn’t accomplish much, particularly in healthcare,” she said. “We have to start with the problem, understand the clinical and operational context, and then determine the right tools to support it.”
This mindset also helps temper the appeal of the so-called “shiny new toy.” Mizaku noted that while breakthrough technologies such as GenAI demand exploration, feasibility and value assessments are essential. Even high-impact ideas must be weighed against resource constraints, with questions of scalability, safety, and implementation cost playing a central role.
Data itself becomes a bridge between theory and practice. Understanding how workflows truly function—through both direct observation and analysis of real-world data—enables leaders to identify variations, bottlenecks, and inefficiencies that might otherwise remain hidden. That intelligence, in turn, guides not only which technologies to adopt but also how to apply them effectively.
The Paradox of Change
Implementing AI at scale requires more than good technology. It requires trust, governance, and cultural buy-in. According to Mizaku, a successful strategy for change relies on two equally important components: engaging decision-makers directly in the design process and leveraging early adopters to build momentum.
“You want to do it together,” she said. “Bring people along from the start, get their fingerprints on the solution, and let them help shape it. That way, it becomes theirs.”
But for every enthusiastic partner, there may be skeptics. Mizaku’s approach to scaling innovation focuses first on finding champions who are eager to lead. Once a project proves successful, its results serve as a proof point that encourages adoption elsewhere in the organization—often in areas that initially resisted change.
Another nuance of the role involves balancing competing forces. On one hand, Mizaku’s team is tasked with enabling broad, safe use of AI technologies. On the other, they must manage a growing list of requests from advanced users eager to pilot new and often unvetted tools.