Are organizations adopting AI technology too quickly or too slowly? And what's the future of payer relationships?
The 47 executives featured in this article are all speaking at Becker's 9th Annual Health IT + Digital Health + RCM Meeting: The Future of Business and Clinical Technologies which will take place Oct. 1-4, 2024, at the Hyatt Regency in Chicago.
If you would like to join this event as a speaker or a reviewer, contact Randi Haseman at rhaseman@beckershealthcare.com.
As part of an ongoing series, Becker's is talking to healthcare leaders who will speak at our conference. The following are answers from our speakers at the event.
Question: What is the biggest threat in health IT and RCM right now?
Bimal Desai, MD. Assistant vice president, chief health informatics officer at Children's Hospital of Philadelphia: Payer programs to control utilization via prior authorization are designed to ensure patients get the most 'appropriate' care, but often result in enormous churn and workflow burden for providers and practices. By some estimates, providers and their staff spend 14 hours per week on prior auth, and studies have shown the process can harm patient care by introducing delays or causing patients to abandon seeking the care they need. The threat we face is the growing call to design health IT systems that honor three distinct goals: to make it easy for providers to deliver care, to reduce the number of hoops patients must jump through and to give payers the assurance that providers are being responsible stewards of expensive healthcare resources. In just the past few years, there may be cause for optimism in the form of innovative digital interfaces between health system EHRs and payer infrastructure, along with AI solutions that can gather and summarize the necessary clinical details that payers need. While these solutions may not be enough, they are a great start towards tackling a complex problem.
Alda Mizaku. Chief data and artificial intelligence officer at Children's National Hospital: A big challenge in health IT and RCM is the need to modernize legacy systems while ensuring data security and compliance. Healthcare organizations must invest in cloud-based solutions and emerging technologies to automate and optimize RCM workflows all while maintaining robust data privacy and cybersecurity measures. Achieving this balance between innovation and data protection is crucial for enhancing operational efficiency, improving patient experience and maintaining financial stability.
Ann Cappellari, MD. System vice president, chief medical information officer at SSM Health: I see cyber-crime events as the biggest external threat. Internally, irregular and non-standard data collection is the biggest 'threat' to efficient and informed analytics.
Ebrahim Barkoudah, MD. System chief and regional CMO at Baystate Health: The sector, particularly within health IT and RCM, is navigating a landscape filled with complex challenges, primarily driven by cybersecurity threats and operational inefficiencies. The rise in ransomware attacks poses a significant risk as healthcare institutions are prime targets due to the high value of their data. Cybercriminals often use phishing tactics to impersonate trusted entities, leading to data breaches that expose sensitive patient and financial information. This risk is compounded by malware infiltrations through malicious links. Additionally, account takeover attacks, facilitated by credential stuffing, highlight the vulnerability of healthcare data to unauthorized access. The sector also grapples with data breaches, causing extensive financial and reputational damage. The shift towards remote work has further amplified these vulnerabilities, necessitating robust security protocols like VPNs and ongoing employee training to protect critical data accessed from potentially insecure locations. Healthcare organizations must also rigorously evaluate their vendors' data protection capabilities to ensure compliance with security standards.
The inefficiencies in RCM systems are exacerbating these challenges as many healthcare providers are still reliant on outdated technology that struggles with data integration and interoperability. This leads to billing errors and claim denials which can severely affect cash flow and financial performance. The rapidly evolving healthcare landscape demands that organizations swiftly adapt to new policies and regulations to prevent compliance issues and potential revenue losses. Moreover, the sector faces significant human resource challenges, such as staffing shortages that hinder effective revenue cycle management. Innovative approaches, such as leveraging technology to streamline operations, are essential to alleviate the burden on existing staff. However, the key to addressing these challenges lies in modernizing RCM systems. Transitioning to advanced platforms that offer improved data integration and accuracy can significantly reduce billing errors and enhance financial outcomes. Regular training in data security and compliance is crucial for RCM employees to understand cyberattack vectors and adhere to regulations like HIPAA. Economic pressures further strain the system with rising costs and financial instability compelling organizations to reduce expenses while maintaining a robust accounts receivable process. Patients now expect seamless financial interactions, akin to experiences in other industries, which necessitates efficient processes and well-trained staff.
In my opinion, to address these multifaceted challenges, organizations must adopt comprehensive strategies. Strengthening cybersecurity is paramount; this includes implementing data encryption, conducting regular penetration testing and providing extensive employee training to safeguard against cyber threats. However, it's not just about defense but also offense. Modernizing RCM systems is also critical as is transitioning to advanced platforms that offer improved data integration and accuracy, thereby reducing billing errors and enhancing financial outcomes. But the real game-changer is embracing technology. Particularly, AI and data analytics can optimize revenue cycle processes and improve patient engagement. Effective vendor management is essential, necessitating collaboration with reliable partners who can support robust data protection and breach management. Regularly updating staff training programs on cybersecurity best practices and compliance requirements is vital to minimizing risks and ensuring smooth operations.
Jeffrey M. Hoffman, MD. Chief medical information officer at Nationwide Children's Hospital: Excitement surrounding generative AI’s potential to relieve provider and staff burden in all sorts of clinical workflows is real and, in many cases, appears justified. However, the cost of these systems – especially if deployed at scale – is significant and, I fear, unsustainable over time. Either these tools need to evolve into commodity resources, with commodity-level price tags, or we run the risk of devolving into an unfortunate system of haves and have-nots, even among users within the same health system.
Richard Zane, MD. Chief innovation officer at UCHealth: While my visceral response was to answer that the seemingly never-ending and increasingly burdensome state and federal legislation that is being piled on to healthcare and must invariably be built into the EHRs and revenue cycle processes or maybe the incessant assaults from bad actors trying to infiltrate our systems to get our data or hold us hostage are the biggest threats, the real answer is that the biggest threat is truly how little innovation really makes its way to the front-line of healthcare. While virtually everyone has an EHR, many health systems are at the mercy of their vendor and the next upgrade release cycle. The result is that everyone is doing the same thing and next-generational functionality invariably lags or never even gets adopted. Very few health systems truly innovate with partners and do the hard work of figuring out how to integrate innovation within their digital platform and clinical workflows. Although cloud-computing and the potential for AI, however defined, should make this easier, innovation takes courage, patience and the ability to dream. We need leading health systems to pave the way, run through the briar patch of change management, work with industry, especially EHR vendors, and show what right looks like.
Babatope Fatuyi, MD, MPH. Chief medical information officer at UTHealth Houston: The biggest threat in health IT and RCM at UTHealth Houston is the growing challenge of ensuring secure and compliant data interoperability, particularly in light of incidents like the recent Change Healthcare breach. This breach underscores the risks of data breaches, privacy violations and operational disruptions that can arise from inconsistent data exchange practices. Additionally, the evolving regulatory landscape around data access adds complexity, making it difficult for healthcare institutions to navigate compliance confidently. Ensuring that all data exchange is secure, transparent and in line with patient care objectives is critical to mitigating these threats.
The ongoing tension between major EHR systems and the vulnerabilities exposed by breaches, like the one at Change Healthcare, also threatens to fragment the interoperability landscape, potentially leading to silos that hinder seamless patient care. For UTHealth Houston, staying ahead of these challenges requires robust governance, proactive compliance strategies, and a focus on maintaining trust and transparency in all data exchanges.
Bethany Percha. Chief data and analytics officer at New York-Presbyterian: While there are many technical challenges in health IT, the biggest threat is actually human error. Most data breaches happen not because of a technical glitch or system failure, but because a human did something foolish, like reusing a password, not setting up multi-factor authentication or not taking appropriate care with data that contains PHI. As technology leaders, many of us would love to see far more people throughout our organizations accessing data and basing their decisions on data and analytics, but we also need to build robust processes and governance to minimize the chance of catastrophic human error.
Mark Townsend, MD, MHCM. Chief clinical innovation officer at Bon Secours Mercy Health: Gen AI 'mission-creep' is the biggest health IT and RCM threat that I see right now; don’t get me wrong – I believe in the potential of generative AI to help us work smarter and not harder! We are working hard to create new technology using generative AI, we are selectively investing in Gen AI and Gen AI is not a panacea for patient care or for operational performance. The mission-creep of Gen AI is to oversell its potential and under-deliver on its performance (which absolutely requires a human being in the loop to validate every output). Said differently, challenging ourselves to truly quantify the value of Gen AI tools is a tall order at this point.
Lisa Stephenson, MSN, RN, NI-BC. Chief nursing informatics officer at Houston Methodist: With the growing complexity, integration and network reliance of our IT systems, healthcare is very vulnerable to extended systems downtimes whether from a cyber-attack or other unplanned event. The risk is not only the potential financial loss or a PHI data breach, but also from a patient safety perspective. We’ve achieved a state of digital success such that many organizations have not experienced a significant system outage in several years. This means that many clinicians have never experienced healthcare without computers and the support they provide to everyday practice. In addition, we are moving so fast to stand up new technologies that we forget to consider what happens when those tools are not available. As we continue to move forward in this age of AI, automation and virtualization, we should be preparing not only for redundancy within our IT infrastructures, but also for that operational 'plan b' for when digital solutions aren’t available.
Sheri Strobel, MSHI, CPA. CIO at Chapters Health System: The velocity of technological disruption is the biggest threat in health IT and RCM. AI, machine learning and automation are transforming the health IT landscape. However, the challenge lies in integrating these recent technologies with legacy systems which can be costly and complex. Organizations that fail to adopt these technologies risk falling behind in efficiency, revenue optimization and staff burnout.
Our healthcare industry remains a prime target for cyberattacks including ransomware, data breaches and phishing attacks. The increasing velocity of attacks enabled through AI and automation exacerbates this risk to the entire organization from direct patient care to collecting revenue. Any breach can result in significant financial, operational and reputational damage. Increased costs for cybersecurity, business continuity solutions and automation impacts funds available for patient care, creating financial challenges.
Lastly, the healthcare sector is subject to an increased velocity of regulatory disruptions. Changes in billing codes, reimbursement models, third party integrations can create significant challenges for RCM teams. Failure to stay compliant can lead to fines, audits and revenue loss.
Roberta Schwartz, PhD. Executive vice president and chief innovation officer at Houston Methodist: Health IT is moving incredibly quickly with the introduction of new generative AI and other programs that have leapfrogged current technology, and often it is hard for those of us in the field to keep up. But, even more difficult is getting a culture to change in response to new technologies. In an era where we are trying to reduce the cost of care, it remains a challenge to embrace change. If 'culture eats strategy for lunch,' then it stands to reason that IT strategy and technology advances will be thwarted if the culture is not excited about the advances we are making and willing to navigate a new path forward.
At Houston Methodist, we’ve made great progress when it comes to change management and encouraging a culture that embraces innovations in IT and RCM, knowing these changes are for the benefit of our patients and clinicians.
Jessica Schlicher, MD. CMO, virtual care and digital health at Providence: Our mission is the best medical care for every person. So tech has value only insofar as it measurably grows the capacity of people to care for each other.
Nolan Chang, MD. Executive vice president of strategy, corporate development and finance at The Permanente Federation: Cybersecurity, which is on everyone’s mind, is among the biggest risks, and we work diligently to protect our members and patients, so they have confidence in us and the care they receive. Another threat, that is really an opportunity, is to meet people where they are by leveraging technology to break down barriers and make healthcare more accessible and affordable.
Brian Hoberman, MD. Executive vice president and CIO at The Permanente Federation: The greatest threat is cyberattack. The loss of core IT systems can profoundly impact the delivery system. Cyberdefense and cyber resiliency are critical.
Khang Nguyen, MD. Assistant executive medical director for care transformation at the Southern California Permanente Medical Group: The biggest threat to Health IT right now is data security, information overload and the era of data transparency. Unfortunately, as more data becomes transparent and accessible, the risk of unauthorized access, breaches and potential misuse also increases.
Stephen Parodi, MD. Executive vice president, external affairs, communications and brand at The Permanente Federation: There are three significant threats.The first is clinical: We fail to use technology to enable our health system to evolve and meet the needs of our patients in the comfort of their homes and address their total health including social needs. The second is that we fail to create a policy environment that facilitates the transition to value-based care. The last is that we fail to create a policy environment that enables healthcare organizations to embrace the iterative improvement power of AI and machine learning-based software while providing safety and effectiveness.
Balaji Raman, MS/MBA. Director, financial IT systems at Catholic Health Services of Long Island, Catholic Health: The biggest threat in health IT and RCM right now is the growing risk of cybersecurity breaches and system outages. Recent incidents, such as the Optum/Change Healthcare RelayHealth outage, highlight the vulnerability of healthcare organizations to disruptions that can cripple critical operations. These outages not only delay billing and revenue processes but also jeopardize patient care by interrupting the flow of essential health information. As healthcare organizations increasingly rely on digital solutions, they become prime targets for cyberattacks, which can lead to significant financial losses and compromised patient data. The rapid adoption of new technologies, often without sufficient security measures, exacerbates these threats. It's essential for healthcare organizations to prioritize robust cybersecurity and system resilience strategies, including continuous monitoring, staff training and investment in advanced security tools, to protect both their patients and their revenue streams. Understanding and addressing these risks is vital to ensuring the stability and security of healthcare operations.
Michael Knipple. Chief information security officer at Summit BHC: Administrator access has always been a challenge in my healthcare experiences. As a CISO, one of my top priorities is to build, manage and audit administrative rights within the company’s network and especially sensitive areas like RCM. Contributing factors that increase risk around RCM administrative access include immature approval processes, legacy RCM systems and implementation of offshore resources in the RCM workflow. Out of these three factors, integration of offshore resources has been the most challenging. Not only do you ensure proper protection of sensitive data when a person from another country has administrative rights to that data but then, and most importantly, you must convince an external auditor as well.
Benjamin Armfield. CFO at Sonoma Valley Hospital: From the perspective of a CFO of a small independent hospital, cybersecurity is a particularly daunting (and frightening) challenge. Hospitals are already stretched thin when it comes to the ability to fund critical operational initiatives, and we are constantly under pressure to do more with less due to the systemic shortfalls of our reimbursement system. As healthcare costs continue to outpace reimbursement rates, cybersecurity measures present a unique vulnerability for smaller hospitals especially when considering upcoming regulatory mandates such as seismic compliance which will require significant financial outlay to comply with. Allocating the needed funding to further strengthen critical infrastructure and IT systems will significantly constrain our ability to reinvest in other prioritized initiatives aimed at enhancing access to care for the patients we serve in our community. This ultimately means we have to make difficult decisions on where to focus our spending at a time when cyberthreats are becoming more aggressive and sophisticated than ever.
Melissa Cohen. Chief innovation and transformation officer at Cayuga Health System: One of the most significant threats in health IT and RCM today is the massive surge in cybersecurity breaches within healthcare. Over the past few years, healthcare organizations have experienced a sharp increase in ransomware attacks, data breaches and other cyberthreats. This has resulted in a massive shift in how healthcare systems approach security. Notably, this year's Change Healthcare breach served as a wake-up call for the entire industry and highlighted the growing vulnerability of health IT infrastructures.
The impact of these breaches goes beyond just data loss – there’s a direct effect on patient care. The costs associated with these breaches, including regulatory penalties and recovery efforts, place a massive financial strain on healthcare systems already operating under tight margins. This forced change has led to reevaluating security measures, with more organizations moving towards advanced encryption, zero-trust frameworks and AI-based threat detection systems. However, despite these efforts, the rapidly evolving threat landscape makes cybersecurity an ongoing and ever-present concern in healthcare IT and RCM.
Another pressing concern is the issue of interoperability. Many healthcare providers use fragmented IT systems that need help to effectively communicate with each other, causing inefficiencies and potential errors in both patient care and billing processes. The push for greater interoperability, driven by regulations like the CMS Interoperability and Patient Access final rule, requires health systems to modernize their technologies, often involving significant financial and operational investments. These fragmented systems create bottlenecks in patient information exchange and complicate the flow of revenue cycle management data, further threatening the financial health of organizations.
Lastly, the healthcare industry must adopt automation more, particularly in RCM and address our industry’s adoption lag. While automation technologies, such as robotic process automation and AI, have the potential to streamline billing, coding and payment processing, many organizations need to be faster to embrace these solutions. This reluctance to adopt automation leads to inefficiencies, higher labor costs and an increased risk of human error. In an environment where workforce shortages and burnout are already straining resources, the lack of automation can result in significant delays in claims processing and collections, directly impacting cash flow and financial sustainability. Addressing these automation gaps is critical to improving operational efficiency and competitiveness in a rapidly evolving healthcare landscape.
Angel Islas, MBA, FMC, CHFP. Finance director of the surgery department at Montefiore Health System: A significant opportunity for health RCM lies in embracing continuous innovation and identifying operational and financial efficiencies. Health systems must diligently monitor the costs associated with back-office processes. By streamlining these processes through a balanced integration of human expertise and technological solutions, they can reduce unnecessary expenditures and enhance overall efficiency. This approach ensures that technology handles repetitive and data-intensive tasks while human oversight maintains the quality and adaptability of operations. This proactive strategy not only helps in managing costs but also ensures that resources are allocated effectively, allowing health systems to provide high-quality care at the best possible prices. Ultimately, achieving this balance between cost management, technological innovation and human insight is essential for the sustainability and success of health systems.
J. Brett Tracy. Vice president, revenue cycle at Arkansas Heart Hospital: The biggest threats to healthcare IT are cybersecurity and end-user awareness / education. Organizations must remain steadfast in ongoing employee education, awareness and support to ensure information and system security. Critical investments in cybersecurity and education will pay dividends and will insulate organizations from bad actors.
The biggest threat to RCM is maintaining business agility to keep pace with payers, edits and technology. The influx of automation, generative AI and RPA is rapidly accelerating the gap between high and low performing organizations. High performing organizations are prioritizing efficiency through automation and increasing levels of output and analytics to advance financial performance.
The rapidly accelerating gap in skills, knowledge and insight further tighten the margin of error for optimal revenue cycle and financial performance. No longer can organizations rely upon reserves to sustain them or carry them through. They must adopt radical models to ensure viability.
Carol Yarbrough. Business operations manager at Telehealth Resource Center, UCSF Health System: The biggest threat is relying on automation for claim approvals or denials: look at various commercial payers denying claims based on 'usual' dates of admission and causing real harm to patients whose admissions may not be paid in a timely fashion or delaying treatment based on a reliance on AI algorithms. This is 'augmented intelligence' – not intelligence and the human factor cannot be disregarded when dealing with human beings.
Edward Lee, MD. Director, informatics and chair, clinical education at California Northstate University College of Medicine: AI is poised to become the most transformative technology in the history of healthcare. However, this promise may fall short of expectations – both in the speed of execution and the magnitude of impact – unless the industry undertakes thoughtful and strategic planning. Moving forward with AI requires robust governance processes that ensure responsible and safe implementation, particularly in mitigating biases. It necessitates structures that promote evidence-based evaluations of AI tools, assessing their effectiveness for patients, clinicians and the healthcare system as a whole. Successful integration into the workforce also demands careful attention to change management efforts. While I remain fervently optimistic, a single, well-publicized catastrophic event – especially if these considerations are overlooked – could significantly set back our pursuit of AI's benefits in healthcare.
Michael Archuleta. CIO and HIPAA and information security officer at Mt. San Rafael Hospital: In my view, the biggest threat in health IT and RCM today is the escalating complexity and frequency of cyberattacks targeting our industry. As healthcare organizations increasingly adopt digital technologies and interconnected systems, they inadvertently expand their attack surface, making them prime targets for sophisticated cybercriminals. A successful breach can have devastating consequences from compromising sensitive patient data to disrupting critical care services, ultimately undermining the trust patients place in our institutions.
To counter this threat, it’s crucial for healthcare leaders to view cybersecurity not just as a technical challenge but as a strategic imperative that must be embedded into the very fabric of digital transformation efforts. This requires investing in robust security frameworks, fostering a culture of continuous cybersecurity awareness and staying proactive in identifying and mitigating emerging threats. By making cybersecurity a cornerstone of our digital strategies, we can protect not only our systems but also the well-being of the patients we serve.
Walker L. Dupre, MBA. Telemedicine director for virtual hospital services at Ochsner Health: In my opinion, cybersecurity threats. Ransomware or data breaches represent the most significant risk in health IT and RCM today. They not only jeopardize patient safety and data integrity but also pose substantial financial and operational risks to healthcare organizations.
Zafar Chaudry, MD, MS, MIS, MBA, CITP. Senior vice president, chief digital officer and CIO at Seattle Children's: The healthcare industry faces several significant threats, including cybersecurity breaches from ransomware and data breaches, interoperability challenges due to data exchange issues and integration complexities, and regulatory compliance burdens stemming from evolving regulations and penalties for non-compliance. Rising costs for technology investments and skilled labor shortages further exacerbate these challenges. Additionally, emerging technologies like artificial intelligence and quantum computing pose new risks, such as bias, privacy concerns, increased authorization denials, job displacement and threats to current encryption methods, requiring proactive security measures.
Reed Smith. Chief consumer officer at Ardent Health Services: The biggest current threats are cyberattacks, interoperability challenges and regulatory changes, which can lead to data breaches, inefficient care, financial strain and operational challenges. To address these issues, healthcare organizations must invest in security, promote data sharing and stay updated on regulations. They should also strategically adopt new technologies that focus on keeping the consumer at the center of their services.
Ken Dunham, MD, FAPA, CPE. Executive director medical operations for behavioral health at Sentara Health: An AI avalanche in healthcare is on the horizon (and already being incorporated). I believe AI offers a much-needed asset in healthcare. Specifically, I believe it will be a workforce multiplier that helps us predict morbidity and mortality, so that we can intervene proactively to alter the course of bad outcomes. The growing pains will be 'retrofitting' what has been done with AI in the corporate tech sector into healthcare. Our system of healthcare requires application of ethical principles as well as appropriate governance.
Here’s some background. In 2012, the advancements of deep learning enabled AI to interpret massive and diverse datasets. The machine learning revolution was born and embraced by tech giants like Google, Facebook, Amazon and Microsoft. The results are what many of us interact with daily (Siri, Alexa, Netflix, etc.). For over a decade tech companies have advanced AI operating beneath an umbrella of proprietary intellectual property with primarily commercial endpoints in mind. This means the big data and algorithms involved are black boxed, a kind of corporate secret, that includes what data is collected and what is done with this data. Also, because of its birthplace in the commercial tech sector, AI advancements have developed in parallel to each other and are less likely to be able to be harmonized, or interoperable. Unlike the tech sector, the healthcare sector functions in a realm of ethical principles, like privacy, informed consent and patient autonomy, as well as governance, like what constitutes PHI and how data from disparate EMRs should be harmonized and shared. Without an overarching system to manage AI in healthcare, we will face many issues along the way. However, there is a way we can usher in AI into healthcare. Many of these problems have been outlined by the WHO and I invite my peers to consider reviewing WHO’s recommendations (WHO calls for safe and ethical AI for health) and consider how these guidelines fit into your health system’s governance structure and/or tech company partnerships. I believe if you follow these guidelines, you and your system will have better long-term outcomes with AI.
William Gress, RN, MHA, BSN, CHFP, CRCR. Director for revenue cycle operations at Cottage Health: It's hard to nail down a single biggest threat from the regulatory, competitive and managed care pressure facing physicians and facilities. A concerning theme is the evolution of denials over the last five to seven years. Not only have denials increased across the board by 26% according to Kodiak, but they have greatly increased in collection costs. Beyond simply a rise in volume and personnel costs, there has been a shift to more clinical and coding denials. Unfortunately, the cost of a coder, nurse or physician advisor to dispute these denials is significantly higher than a traditional biller. This tactic increases the cost to collect and in-turn payers are increasing the cost of care. The only respite for physicians and facilities is future regulation in this area. Until this change occurs, continuous pressure through denials and appeals programs and managed care disputes are essential strategies in the revenue cycle.
Marc Perkins-Carrillo. Chief nursing informatics officer at Moffitt Cancer Center: The biggest threat to healthcare IT is malicious activity from cybercriminals aiming to disrupt healthcare operations. Healthcare organizations must defend against a multitude of attacks, including phishing, accidental data disclosures and ransomware while simultaneously delivering high-quality patient care. The substantial investments in IT security required to mitigate these threats can divert valuable resources away from core healthcare functions such as prevention and treatment.
Michael Mercurio. Vice president, revenue cycle operations at Mass General Brigham: There are a number of challenges in the health IT and RCM space: staffing challenges, regulatory challenges and cybersecurity threats. The latter are on the rise and as our systems become more and more interconnected the risk of a significant adverse event becomes greater and greater. We continue to experience staffing shortages across many roles, and for many of them, this will continue for the foreseeable future; AI and automation will not reduce all of the pain and frustration in this area anytime soon. Finally, the ongoing belt tightening at the federal level will continue to put downward pressure on reimbursement even as privacy and program initiatives are expanded.
Shelly Nash, DO, FACOOG, FABPM-CI. Senior vice president and chief medical information officer at Fresenius Medical Care: The biggest threat in healthcare information technology relates to cybersecurity. Phishing attempts, malware and data breaches that lead to the need to take down systems and force organizations to go backwards and revert to antiquated ways (down-time procedures) not only affect clinical care but affect the financial health of an organization. We all went through the Change Healthcare incident and then had more issues and down-time from the CrowdStrike incident. Every healthcare organization needs to be diligent in securing their own systems and training their users to be diligent, and also really understanding what measures every vendor or organization we connect to or work with is doing to ensure our systems are safe, secure and functional.
Yasir Tarabichi, MD, MSCR. Chief medical informatics officer and interim medical director of quality at Ovatientas well as director of clinical research informatics at MetroHealth: The biggest threat in health IT is the unchecked adoption of point AI and digital technology solutions, leading to significant sunk costs in systems that don't deliver value. In the face of rising healthcare costs and reduced reimbursement, these inefficiencies compound financial pressures, diverting resources away from patient care. To address this, healthcare organizations must focus on robust governance, data standards and interoperability to ensure that investments in AI and digital tools can enhance operational efficiency and care quality at scale.
Keith Givelekian. Executive director for digital business at Cleveland Clinic: In my opinion, the biggest threat in health IT and RCM right now is that as AI/GenAI continues to mature, healthcare institutions, that have low margins, will be unable to keep pace with payers, which will result in higher denial rates and bad debt increasing. If that comes to fruition, healthcare institutions will have less revenue to invest in innovation within the clinical practices, which ultimately is a major detriment to the patients we serve. Payers and providers need to come together, ideally through payer interoperability networks, to transform the financial component of healthcare, which includes prior authorizations, so that the patients can get the treatment they need and deserve and that is affordable.
Mandy McGowan, RN, BA. Director for home-based care programs at UWHealth: Acknowledging cybersecurity issues as the primary threat, the next biggest threat is health systems trying to boil the ocean, and therefore getting in their own way. With the variety and speed at which new technology is being offered, it is easy to get caught up in the possibilities and idealism of what COULD be, instead of what SHOULD be within each health system. Just like a S.M.A.R.T. goal, a digital health or IS roadmap (and each project contained within it) needs to be specific, realistic and timebound to keep all parties moving forward in the right direction, and to see sustainable results that positively impact all aspects of the Quintuple Aim of enhancing patient experience, improving population health, reducing costs, improving the work life of health care providers, including clinicians and staff, and achieving health equity.
Tanvir S. Sahsi, MD, MHA. Senior director for business operations and senior director for revenue cycle in the neurosurgery department at The Mount Sinai Health System: The biggest threat in health IT currently is cybersecurity, ransomware and data breaches. Let’s face it: Healthcare operations are becoming increasingly digitized; the risks associated with cybersecurity are evolving at a rapid pace. Healthcare organizations store vast amounts of sensitive patient data, making them attractive targets for cybercriminals. Data breaches can occur due to various reasons, including insider threats, phishing attacks or inadequate security measures.
Research has shown that ransomware’s increased sophistication is its relative effectiveness rate – as per the American Hospital Association, ransomware accounted for more than 70% of the successful cyberattacks on healthcare organizations in each of the past two years. Technological innovations like connected remote patient monitoring devices have created a new attack surface for cybercriminals. Vulnerabilities in these devices can be exploited to compromise patient safety.
The biggest threat in RCM right now is an inefficient RCM process. Manual workflows are common for tasks such as verifying a patient’s insurance information, obtaining prior authorization, checking the status of a claim and appealing denials. These manual processes are time-consuming and subject to human error, so they lead to added expenses — most notably, in the form of employee time. This contributes to payment delays, which means it takes healthcare organizations longer to get paid for the services they provide.
- Pre/Prior-authorization challenges: These roadblocks need to be addressed by regulators. Prior authorization is costly, inefficient and responsible for patient care delays. As per the American Medical Association, a third of patients who get stuck in this prior-authorization process don't ever pick up their medications. The fact that health plans eventually relent and admit that the treatment is appropriate evidence that the health plan didn't need to put up these barriers in the first place. These eventually cause delays in treatment resulting in delayed reimbursement impacting the revenue cycle process.
- Decreasing revenue and rising costs: From a reimbursement standpoint, inflation has been everywhere from salaries, supply chain to construction. CMS has been decreasing Medicare reimbursement somehow, year over year, for the last few years. Reduced revenue along with shrinking margins from continued fallout of revenue shortfalls and rising supply and labor costs requires out-of-the-box thinking about reducing costs while ensuring accounts receivables stay high.
- Keeping pace with regulatory changes: Revenue cycle management teams are already challenged by a number of regulations: The No Surprises Act, price transparency mandates and reimbursement changes to telehealth and behavioral health can all impact payment models and the revenue cycle. As, of course, can provisions in the older HITECH and HIPAA regulations that remain important to comply with or risk financial penalties.
Amy Zolotow. Director for operations at Mercy Personal Physicians: Aside from the pressing threat of cyberattacks in healthcare, the most prominent threat in health IT and RCM right now is the failure to fully embrace interoperability. Without seamless data exchange, we risk siloed information that undermines patient care and inflates operational costs. This lack of integration not only hinders efficiency but also stifles innovation. To truly drive transformation, we must prioritize systems that communicate and collaborate across the entire healthcare continuum. In doing so, we not only enhance care delivery but also build a more resilient and agile healthcare ecosystem.
Karen E. Hunter, DNP, RN, NI-BC, CENP. Chief nursing informatics officer at Adventist Health Roseville: While cybersecurity remains the foremost concern in health IT, I will defer to specialists in that domain. The second most pressing challenge is our lag in adopting new and emerging technologies, a gap largely driven by the complexity of healthcare systems and a shortfall in both IT training and strategic adoption efforts. Successful integration of technology in clinical settings requires a nuanced understanding that goes beyond technical training; it demands expertise in clinical informatics to guide effective adoption. Investing in this specialized knowledge is essential for not only keeping pace with technological advancements but also ensuring these innovations are leveraged to enhance patient care and operational efficiency.
Matt Andazola. Director for experience innovation at UCHealth: From my vantage point in digital patient experience, I think the greatest threat to health IT at the moment is, paradoxically, how polished and refined patient-facing technology is getting. We know as health systems that we are engaging patients where they are, on their phones and computers, in ways that are increasingly similar to consumer experiences of retail or hospitality industries. There's a generally positive desire to use technology to make care more accessible and approachable for everyday users, but the complexity of clinical situations and the limitations inherent to operational capacity mean that we are always going to struggle to meet patient expectations. A slick scheduling interface doesn't lessen the sting of waiting months for an appointment nor does a generative AI agent make receiving a cancer diagnosis less frightening. In other words, at least currently, patient-facing technology's greatest threat is its success.
Anjali Bhagra, MD, MBA. Medical director of Automation at Mayo Clinic: Cyberattacks targeting confidential business information and protected health information pose the greatest threat to health IT and RCM. Infrastructure to support comprehensive monitoring, employee education and training, multifactor authentication and third-party vendor security are critical to preventing, mitigating and managing cyberattacks.
Patti Cuartas, DMSc, PA-C, MBA, PMP, FACHE, ACHIP. Executive director and associate chief medical informatics officer at Mount Sinai Health System: Outside of cybersecurity threats, the biggest threat, in my opinion, is poor and ineffective communication on how we will incorporate AI tools in healthcare and how much our most important assets, our staff and our patients, may be internalizing their organization’s, poor or lack of, adoption of AI.
As we know, AI is not new to technology, and like other technology, it is advancing and becoming more accessible – however, if governance and implementation of AI is messaged poorly, it can be one of the biggest threats where we could lose staff and patients alike before we can make the proper use of AI a reality.
Haris Ackerman. Director for integration and strategic operations at Virtua Health: Over the next several years, I see the biggest IT risks and the biggest RCM issues as slightly different, but linked, challenges for health systems. On the IT side, implementation tactics for new technology to provide more efficient care will be crucial. Building out processes based on solid data backed findings and voice of the customer is tantamount to success, and being mindful of not using an IT solution to fix something broken, but instead improving process by utilizing technology to further enhance that process. This can lead to what we are seeing around the country of technology-assisted care models that can improve patient care and experience, provide much more accurate data reporting and also remove the idea of 'silos' within larger organizations.
With that being said, RCM is slightly different. My view is that the biggest risk to RCM is ad-hoc attacking revenue cycle issues as opposed to looking at general trends within the health system to understand where the biggest opportunities in the revenue cycle are. In order to address this, it is crucial to have integrity of system data and reporting, and exploring human resources as well as technology implementation that can support in the process of taking these trends and allowing leaders to address these themes of opportunity.
Reba McVay, MBA, MSN, RN, CNS-BC, CNS. Center for Nursing Excellence at Wellstar Health System: Currently, a challenge in health IT and RCM is the ability to reimburse for the latest virtual and AI technologies when used in the clinical setting. The use of Smart Room technology for virtual patient care is an example of AI utilization without reimbursement. The newest technologies, such as the Smart Room or those in radiology and diagnostic labs, which are crucial for patient treatment, must be factored into the revenue cycle to offset the cost of providing the technology. However, there are currently few ICD-10-CM codes for Smart Room use or other methods to establish their use in healthcare for reimbursement. The study of handheld diagnostic devices in the ED or the cardiac catheterization lab during procedures with no printout or transfer of images to show for use is another example of technological advancement without the ability to charge for services. It's important that we find a way to convey these abilities in electronic records, which can lead to reimbursement. The potential benefits of finding a solution to this issue are significant and can greatly improve our healthcare system.
Brian Imdieke, RN, CNP. Nurse practitioner, internal medicine and interim chief health information officer at Hennepin County Medical Center, Hennepin Healthcare: We are in the early stages of rapid evolution in Healthcare. Artificial intelligence, virtual and asynchronous care, remote patient monitoring, proactive patient engagement all hold great promise to improve our care delivery model. This innovation gives hope to improved health outcomes, improved access to care and most importantly, allows clinicians to return to a more authentic human connection with their patients. Yet, the greatest threat to this progress is, that if current antiquated reimbursement models do not effectively and efficiently pivot, organizations will not be able to keep pace and the potential impact of this exciting progress is at risk of being stifled.
Paul Capello, PMP. Corporate IS project manager at Shriners Hospitals for Children as well as adjunct instructor at University of South Florida: The biggest threats in health IT and RCM right now can be categorized into several key areas:
1. Cybersecurity Threats
- Data breaches: Healthcare organizations are prime targets for cyberattacks due to the sensitive nature of patient data. Ransomware attacks can lead to significant data loss, financial penalties and compromised patient care.
- Phishing attacks: Increased sophistication in phishing schemes targeting healthcare employees can lead to credential theft and unauthorized access to systems.
2. Regulatory Compliance
- HIPAA violations: Non-compliance with regulations like HIPAA can result in hefty fines. Keeping up with changing regulations and ensuring that all systems comply can be challenging.
- Data privacy: As patient data privacy concerns grow, organizations must navigate complex regulations regarding data sharing and storage.
3. Interoperability Issues
- Lack of standardization: Many healthcare IT systems do not communicate effectively, leading to inefficiencies in data exchange and patient care.
- Fragmented systems: The use of multiple software solutions can lead to data silos, making it difficult to obtain a comprehensive view of patient information.
4. Revenue Cycle Disruptions
- Denials and rejections: Increased claim denials can strain revenue cycles resulting in delayed payments and increased administrative costs.
- Patient payment models: The shift towards high-deductible health plans places more financial responsibility on patients, complicating collections and impacting cash flow.
5. Technology Adoption and Integration Challenges
- Implementation of new technologies: The rapid pace of technological change can overwhelm healthcare organizations, particularly smaller practices that may lack the resources for proper implementation.
- Staff training: Insufficient training on new systems can lead to errors that affect patient care and revenue collection.
Addressing these threats requires a proactive approach from healthcare organizations, including investing in robust cybersecurity measures, ensuring regulatory compliance, fostering interoperability and enhancing staff training. By prioritizing these areas, healthcare providers can mitigate risks and improve the overall efficiency of health IT and RCM.