< + > Bonus Features – September 21, 2025 – 19% of cyberattacks cost healthcare orgs at least $200,000, only 49% of healthcare leaders think AI will solve their cost efficiency problems, plus 26 more stories

Welcome to the weekly edition of Healthcare IT Today Bonus Features. This article will be a weekly roundup of interesting stories, product announcements, new hires, partnerships, research studies, awards, sales, and more. Because there’s so much happening out there in healthcare IT we aren’t able to cover in our full articles, we still want to make sure you’re informed of all the latest news, announcements, and stories happening to help you better do your job.

News

• The EHR Association released comments on two CMS proposed rules. The organization advocated for a one-year delay on reporting median payer-specific negotiated charges, until 2027, and also cautioned against moving quickly on advancing performance-based requirements.
• The Joint Commission and the Coalition for Health AI released Guidance on Responsible Use of AI in Healthcare, which aims to help provider organizations implement AI at scale.
• DirectTrust posted new versions of program criteria for its 28 accreditation programs for public review, and the comment period is open until November 17. New this year: An AI program based on the NIST AI Risk Management Framework.

Studies

• Only 49% of health system leaders surveyed see AI and advanced analytics as a solution for cost efficiency and ROI, according to a Becker’s Healthcare and Net Health survey.
• Research from the Peterson Health Technology Institute found patients using virtual solutions for opioid use disorder remain in treatment an average of 13 more days over six months, which is only slightly longer than usual care.
• Non-essential procedures make up more than 32% of all data collected in Phase III clinical trials, according to a study from TransCelerate BioPharma and the Tufts University School of Medicine.
• Nearly 1 in 5 (19%) of cyberattacks in healthcare result in losses of more than $200,000, according to a report from Netwrix. That’s nearly four times as many as the 5% total reported in 2024.

Partnerships

• Decision support vendor EvidenceCare has integrated InterQual clinical data review technology into its AdmissionCare product.
• Translation technology vendor Pocketalk launched the Pocketalk Enterprise App on Zebra Technologies‘ mobile computers, tablets, and kiosks.
• Swisslog Healthcare is partnering with Diligent Robotics to bring autonomous delivery robots to U.S. hospitals.

Products

• Cenevo launched Labguru Assistant, an AI-enabled extension to its lab management system.
• CentralReach launched CR ClaimAcceleratorAI, a revenue recovery product for autism and intellectual and developmental disabilities care providers.
• CharmHealth launched CharmHealthSquare, a Slack community built exclusively for physicians.
• Data intelligence vendor Evidently launched Ask Evidently, an AI chat interface.
• datma announced the Federated Biomarker Explorer for Health Systems, which lets provider organizations validate pharmaceutical demand for their data before committing to partnership.
• Behavioral health care provider Lucet launched Lucet at Home and announced branding changes for 2026.
• NaphCare announced TechCare GO, a browser-based feature of TechCare, its corrections-specific EHR.

Implementations

• Tennessee-based Ardent Health deployed Ambience Healthcare‘s AI documentation tool across its ambulatory network.
• The Washington State Department of Corrections selected Unite Us to connect people leaving incarceration to community resources to help promote self-sufficiency and reduce recidivism.

Company News

• Acentra Health launched the Safe AI in Medicaid Alliance (SAMA), which will develop Medicaid-focused frameworks for AI adoption.
• eHealth Exchange announced its annual meeting, which will be in Nashville on November 18.
• A report from Omada Health found 63% of its members maintained or continued to lose weight 12 months after discontinuing GLP-1s.

People

• CareQuest Institute for Oral Health named Wade Rakes as CEO; he previously served as Chief Growth Officer at Centene.
• Workflow automation vendor Penguin Ai named Mark Caron as Chief Strategy Officer.
• EHR downtime management company Spare Tire appointed Jeanine “Nini” Martin as Chief Commercial Officer and added Randy McCleese as a Healthcare IT Strategy Consultant
• PointClickCare appointed David Pessis as Chief Product and Technology Officer.
• Chronic eye care vendor Lumata Health named Annu Singh as Chief Technology Officer.
• Health information network Availity promoted Bala Sekaran to Chief Customer Officer to support the company’s new Customer Success organization.

If you have news that you’d like us to consider for a future edition of Healthcare IT Today Bonus Features, please submit them on this page. Please include any relevant links and let us know if news is under embargo. Note that submissions received after the close of business on Thursday may not be included in Bonus Features until the following week.

< + > Weekly Roundup – September 20, 2025

Welcome to our Healthcare IT Today Weekly Roundup. Each week, we’ll be providing a look back at the articles we posted and why they’re important to the healthcare IT community. We hope this gives you a chance to catch up on anything you may have missed during the week.

Oracle Health Is Betting Big on AI, Supply Chain, and Collaboration. From Orlando, Colin Hung reported on the company’s strategy of embedding AI in its EHR while leaning into its established suite of enterprise platforms across ERP, HR, and finance. Read more…

Staffing, Outsourcing, and the Digital Workforce. John Lynn connected with Ray Lowe at AltaMed and Bill Grana at HCTec to discuss how to juggle in-house, contract, and service partner staff – a task made easier following an IT staff audit. They also address why IT teams don’t always have the right labor mix. Read more…

The Governance Factor: Putting Healthcare’s Back-Office Data to Work. In an interview with Chris Arey from RPI Tech Connect, John covered how to leverage data governance to improve patient outcomes, particularly when it comes to non-clinical data sources. Read more…

Life Sciences Today Podcast: Data Cleaning and Standardization. Danny Lieberman talked to Viraj Narayanan at Cornerstone AI about maintaining human oversight while accelerating data cleansing processes from months to days. Read more…

Healthcare Interoperability Barriers.  Check out this roundup of healthcare interoperability experts as they explore the main barriers to achieving true health data sharing and how they think healthcare organizations can overcome those barriers.  Read more…

Healthcare IT Today Podcast: The Digital Front Door. John, Colin, and Brittany Quemby got together to unpack the digital patient experience based on Brittany’s trip to the ED and family doctor and John’s take on Epic’s announcements from its annual User Group Meeting. Read more…

Securing Healthcare’ Expanding Attack Surface. Amid the rapid rise of mobility, healthcare must treat endpoint security as the new frontline of patient safety, noted DJ Oreb at DMI. That means encryption, access control, and centralized endpoint management. Read more…

Protect Your Organization From Ransomware as a Service. As attacks get much more frequent and sophisticated, Thomas Ritter at Ritter Gallagher emphasized the importance of framing cybersecurity in the context of patient care, revenue, and regulation. Read more…

A Path to Practice Optimization and Revenue Growth. Poorly optimized EHR workflows are linked to clinician burnout, inefficiency, and frustration. The answer, according to Pat Williams at iScribeHealth, means embedding documentation into EHR workflows. Read more…

The Power of Trust-Driven Digital Medtech. The shift to home-based care needs a new way of thinking to build patient trust, according to Sharad Patel and Radhika Bogahapitiya at PA Consulting. Privacy, data governance, cybersecurity, and user centricity are the keys to this approach. Read more…

Secure Communication With HIPAA-Compliant Faxing. This piece outlined how end-to-end encryption makes digital faxes HIPAA compliant. Better document management and EHR integrations are a plus, too. Read more…

This Week’s Health IT Jobs for September 17, 2025: Boston-area Community Care Cooperative (C3) is looking for a Chief Medical Information Officer. Read more…

Bonus Features for September 14, 2025: One-third of patients find incorrect information in provider directories, while 39% of patients avoid seeking care if it means finding a new doctor. Read more…

Funding and M&A Activity:

• CitiusTech acquired Health Data Movers, a healthcare technology services firm.
• CentralReach acquired SpectrumAi and AI.Measures, providers of tech-enabled and outcomes-based care for the autism and intellectual and developmental disabilities field.
• Front-desk and call center operations automation vendor EliseAI secured $250 million in Series E funding.
• Provider credentialing technology company Medallion raised $43 million in new funding.

Thanks for reading and be sure to check out our latest Healthcare IT Today Weekly Roundups.

< + > Data Cleaning and Standardization with Cornerstone AI – Life Sciences Today Podcast Episode 27

We’re excited to be back for another episode of the Life Sciences Today Podcast by Healthcare IT Today. My guest today is Viraj Narayanan, CEO at Cornerstone AI. Cornerstone uses AI to clean and standardize healthcare data. Cleaning healthcare data is a non-sexy job that consumes staggering amounts of resources in the industry. When Narayanan was at McKesson, he had 25 PhD biostatisticians who spent 70% of their time on data cleaning.

Cornerstone AI reduces data cleaning time from 8-12 weeks to days. They maintain human oversight while accelerating processes, improve data quality while reducing processing time, and scale data volume without a linear time increase. Their primary long-term growth driver is biopharma companies. Data companies like Komodo Health embed Cornerstone technology in the data pipeline for laboratory data cleanup and LOINC code assignment. They improve LOINC assignment rates from 20-30% to 80-90%.

Check out the main topics of discussion for this episode of the Life Sciences Today podcast:

• Tell me about your journey to Cornerstone AI.
• How do you create value for your drug and data customers?
• How do you measure the value?
• What are 3 things you’d like to achieve in the next 12 months?

Now, without further ado, we’re excited to share with you the next episode of the Life Sciences Today podcast.

 

Be sure to subscribe to the Life Sciences Today Podcast on your favorite podcasting platform:

• Apple Podcasts
• Spotify
• iHeartRadio
• Amazon Music
• Pandora
• YouTube

Along with the popular podcasting platforms above, you can Subscribe to Healthcare IT Today on YouTube.  Plus, all of the audio and video versions will be made available to stream on Healthcare IT Today. As a former pharma-tech founder who bootstrapped to exit, I now help TechBio and digital health CEOs grow revenue—by solving the tech, team, and go-to-market problems that stall your progress. If you want a warrior by your side, connect with me on LinkedIn.

If you work in Life Sciences IT, we’d love to hear where you agree and/or disagree with our takes on health IT innovation in life sciences. Feel free to share your thoughts and perspectives in the comments of this post, in the YouTube comments, or privately on our Contact Us page. Let us know what you think of the podcast and if you have any ideas for future episodes.

Thanks so much for listening!

< + > Managing the Mobile Surge: Securing Healthcare’s Expanding Attack Surface

The following is a guest article by DJ Oreb, President of Managed Services at DMI

When a health emergency strikes, every second matters. Increasingly, those seconds aren’t measured in hospital corridors; they’re measured through mobile devices, telehealth platforms, and connected sensors delivering care in real time.

Telehealth has evolved from a niche convenience to a cornerstone of modern medicine. During the COVID-19 pandemic, adoption soared from 14% to more than 66% in just four years, and it remains high. Patients see the value: reduced travel, lower costs, and faster access to care.

Meanwhile, connected medical devices, the Internet of Medical Things (IoMT), are redefining treatment. Wearable monitors, smart pill dispensers, and remote sensors allow providers to intervene earlier and tailor care to individuals. McKinsey estimates IoMT could create $1.8 trillion in economic value by 2030, powered by millions of devices streaming data every second.

But the rapid rise of mobility also brings risk. Each new connection is not only a tool for better care, it’s a new entry point for cybercriminals.

The Double-Edged Sword of Connectivity

Healthcare is under siege. Data breaches and ransomware attacks have surged in recent years, making the industry one of the most targeted by cybercriminals. The reason is clear: many providers still rely on outdated security strategies never designed for today’s volume of mobile devices and connected endpoints.

The irony is striking. The very tools enabling faster diagnoses, better patient engagement, and improved outcomes can quickly become liabilities if they’re not properly managed and secured. A single unprotected endpoint, whether it’s a doctor’s tablet or a patient’s wearable, can expose sensitive medical records, personally identifiable data, or even critical care systems.

To keep pace, healthcare must treat endpoint security as the new frontline of patient safety.

The New Cybersecurity Frontier: Endpoint Security

Protecting modern healthcare IT requires securing every endpoint across its lifecycle, from deployment to decommissioning. This means more than firewalls and antivirus; it requires embedding security into every step of how devices are configured, managed, and monitored.

Key safeguards include:

• Encryption and multi-factor authentication to protect sensitive records
• Access controls that ensure only the right people access the right data
• Real-time monitoring and automated updates that patch vulnerabilities before attackers exploit them

Just as important is visibility. Blind spots open the door to breaches, compliance violations, and operational disruption. As security leaders often say: ‘You can’t protect what you can’t see.’ Full visibility into every endpoint is no longer optional; it’s essential.

From Complexity to Clarity: Centralized Endpoint Management

For many organizations, the real challenge isn’t intent, it’s complexity. With thousands of mobile devices and connected sensors, managing them manually or across siloed systems is unsustainable.

The answer is centralization. A cloud-based endpoint management platform consolidates oversight into a single pane of glass, giving IT teams clarity and control.

This unified approach delivers:

• Security at Scale: Configure, deploy, and protect all devices from one platform
• Rapid Response: Lock, wipe, or track devices showing suspicious activity
• Smarter Operations: Use analytics on performance and usage to guide investments and staffing

The payoff is twofold: stronger security and more efficient operations. Endpoint management shifts from a defensive necessity to a strategic advantage.

The Future is Mobile, and It Must Be Secure

The trajectory is clear. Healthcare will continue to lean on mobility: more telehealth visits, more wearables, more connected devices. The question isn’t whether healthcare will be mobile. It already is. The question is whether it will be secure.

Patient trust today depends not only on compassionate care and accurate diagnoses, but on the confidence that their information is safe. That means healthcare leaders must move beyond patchwork defenses and adopt unified endpoint management strategies that scale.

With centralized visibility, automated safeguards, and integrated management tools, providers can empower clinicians while protecting infrastructure. Devices become assets, not vulnerabilities. Mobility becomes an advantage, not a liability.

The mobile surge isn’t slowing down. The responsibility, and the opportunity, for healthcare leaders is to ensure it drives progress, not risk.

About DJ Oreb

As President of Managed Services at DMI, DJ leads the Managed Services group, overseeing its operations, growth, and strategic market positioning. With extensive expertise in procurement, telecom expense management, and IT operations, DJ has successfully built high-performing, results-driven programs that enhance operational efficiency and business growth. His expertise in mobile lifecycle management, telecom expense management, IT operations, and vendor strategy enables him to build programs that empower enterprises to optimize and scale their IT Managed Services.

< + > CitiusTech Acquires Health Data Movers, Enhances Healthcare Provider Offerings with Epic Implementation Capabilities

CitiusTech, a leading provider of healthcare technology, services & solutions, today announced that it has acquired Health Data Movers, a Best in KLAS healthcare technology services firm, with deep expertise in Epic Systems, Workday, ServiceNow, and other core healthcare platforms.

As healthcare providers work to improve the quality of care and deliver more connected patient and clinician experiences, they face the challenges of unifying complex technology ecosystems while accelerating innovation. The rapid rise of Agentic AI, Cloud, and AI Scribes has only heightened the need for seamless integration into the core systems clinicians and staff use every day. Epic, as the digital backbone of many healthcare providers, has been central to this transformation, driving digital adoption, enabling interoperability, and opening new pathways to embed advanced analytics and AI directly into clinical workflows.

The combination of CitiusTech’s AI, data, and automation solutions and Health Data Movers’ deep integration expertise creates a unique ability to embed intelligence and automation directly into core operational platforms such as EMR, ITSM, and ERP. By bringing advanced digital capabilities directly into the daily workflows that health systems trust, this approach minimizes change management risks and delivers scalable, end-to-end solutions that enable Providers to achieve greater efficiency, quality, and impact in patient care.

“This is a pivotal moment and a huge opportunity for CitiusTech and Health Data Movers, as we meet the demands of a rapidly transforming healthcare landscape. By combining forces, we are redefining the path to seamless integration and infusing AI and intelligent automation into clinical operations. Together, we empower our customers to unlock transformative efficiencies, deliver connected patient care, and accelerate innovation, all within the systems they trust. This partnership strengthens CitiusTech’s position as a strategic partner across the healthcare ecosystem,” said Rajan Kohli, CEO at CitiusTech. By bringing Health Data Movers’ Epic implementation and integration expertise into CitiusTech’s portfolio, this partnership has the ability to operate at the very core of the Epic ecosystem, solving some of healthcare’s most critical challenges.

“At Health Data Movers, our commitment has always been to empower patients and providers by harnessing the potential of data and technology,” said Tyler Smith, CEO at Health Data Movers. “Joining forces with CitiusTech allows us to pair that expertise with unmatched scale, advanced technologies, and expanded capabilities. Together, we can deliver future-ready solutions that not only improve patient outcomes and lower costs, but also redefine how patients and providers fully benefit in an AI-powered healthcare ecosystem.”

CitiusTech and Health Data Movers share a vision of advancing healthcare through human-centered technology, operational excellence, and trusted partnerships.

Founded in 2012, Health Data Movers is a US-based, specialized healthcare IT services firm, with a mission to empower patients and Providers by unleashing the potential of healthcare data and technology. They are trusted partners to healthcare organizations, biotechnology companies, and digital health enterprises, delivering unique, data-driven solutions through their Data Management, Integration, Project Management, and Clinical & Business Applications services. Health Data Movers brings with it a highly skilled team of healthcare technology professionals with deep expertise in large-scale EMR program delivery, clinical workflows, and operational transformation.

Health Data Movers was advised on this transaction by Equiteq.

About CitiusTech

CitiusTech is a global technology services, consulting, and business solutions enterprise 100% focused on the healthcare and life sciences industry. We enable 140+ enterprises to build a human-first ecosystem that is efficient, effective, and equitable. Leveraging deep domain expertise and next-generation technologies, including AI, Cloud, Data, and Intelligent Automation, we assist our clients in realizing their vision, accelerating transformation, and achieving business outcomes. With over 8,500 healthcare technology professionals worldwide, CitiusTech powers digital innovation, business transformation, and industry-wide convergence through next-generation technologies, solutions, and products. Follow CitiusTech on Twitter or LinkedIn.

About Health Data Movers (HDM)

Health Data Movers (HDM) is a “Best in KLAS” healthcare technology services firm. They are trusted partners to healthcare organizations, biotechnology companies, and digital health enterprises through their Services – Data Management, Integration, Project Management, and Clinical & Business Applications – they are the smart choice for creating unique solutions that empower patients and providers by unleashing the potential of healthcare data and technology. Recognized as a leader in the industry, HDM has been named to the Inc. 5000 list six times (2020, 2021, 2022, 2023, 2024, 2025). Additionally, HDM was honored as one of the “Best Firms to Work For” by Consulting Magazine in 2020 and 2025.

Originally announced August 19th, 2025

< + > Main Barriers to Achieving True Interoperability and How Organizations Can Overcome Them

We all know that true interoperability is something that will drastically improve the lives of our patients, the lives of our staff, and our organizations as a whole — I don’t think there’s anyone who doesn’t want to achieve true interoperability in their organization. However, knowing how amazing it is and wanting it for ourselves does not automatically mean we can have it. Tragically, there are various barriers throughout different sections of the healthcare system that are preventing us from achieving this goal.

To help us identify these barriers, as well as invent solutions to remove them, we reached out to our incredible Healthcare IT Today Community to ask: What are the main barriers to achieving true interoperability in healthcare IT, and how can organizations overcome them? The following is what they had to share.

Luigi Leblanc, Vice President of Technology at Zane Networks
Achieving true interoperability in healthcare data sharing remains challenging as national frameworks like the Trusted Exchange Framework and Common Agreement (TEFCA) continue to evolve. While TEFCA presents promising opportunities for compliant data exchange, current implementation requires hybrid approaches that leverage existing infrastructure while meeting market demand to expand network access through modern APIs such as FHIR. A common framework provides opportunities for various national partners—QHINs, HDUs, HIEs, and public health platforms such as AIMs—to access critical capabilities like decision support, scalability, and security.

However, the hybrid approach needs to empower “last mile” interoperability while organizations transition to data sharing within TEFCA. The downstream capabilities and technical requirements don’t just need to be enabled but will require providers and organizations to realize the value added by using modern APIs. Depending on the use case, such benefits can be amplified when leveraging a national network.

Katie Devlin, Vice President, Interoperability at Cotiviti, Inc.
Achieving true interoperability requires organizations to move beyond meeting CMS mandates and focus on aligning standards, data governance, workflows, and incentives across the healthcare ecosystem. Today, multiple standards—FHIR, HL7, and CDA—coexist, often with inconsistent implementations. To succeed, organizations should adopt a scalable, multi-faceted approach that supports legacy formats like CDA and HL7 while enabling FHIR R4/R5 to power emerging workflows such as digital quality reporting. Equally important is linking interoperability to measurable ROI, including enhanced risk stratification, and leveraging regulatory frameworks like TEFCA to accelerate compliance and adoption.

Dr. Lucienne Ide, Founder and Chief Executive Officer at Rimidi
True interoperability in healthcare IT remains frustratingly out of reach — not because the industry lacks technology, but because dedication to implementing it effectively and incentives to encourage its use are lacking. Fast Healthcare Interoperability Resources (FHIR) has been transformational, but its full potential hasn’t been realized. Many EHRs technically meet requirements to offer FHIR APIs, which let systems communicate and interact with each other, but in practice, these APIs are often poorly implemented or functionally limited.

Instead of moving forward, healthcare is regressing, repeatedly falling back on legacy interfaces and proprietary APIs that undermine the progress that standards-based data exchange was meant to achieve. This stagnation increases pressure on providers and harms patients by obstructing timely, coordinated care.

Healthcare organizations need to take a more strategic and assertive role in demanding open interoperability. Supporting SMART on FHIR, a data standard that enables applications to access information in EHR systems, and other standards-based frameworks is a great place to start. Also, avoid defaulting to closed, vendor-specific solutions. Policymakers should consider more impactful incentives, such as requiring interoperability for EHR certification, and enforceable penalties for entities that intentionally or unintentionally block data sharing. As AI and advanced analytics become more integrated into care delivery, the industry must have access to normalized, high-quality data. Interoperability is not a compliance checkbox; it’s a crucial enabler of better care, innovation, and health equality.

Vivek Desai, Chief Technology Officer of North America at RLDatix
One of the most prominent barriers to true interoperability in healthcare is siloed information. Despite the healthcare industry collecting more data than any other, disconnected systems and a lack of standardization force healthcare organizations to chase problems with fragmented data, duplicating efforts and slowing response times that hurt patients and staff alike. Eliminating data blocking and silos is key to addressing these hurdles head-on to ensure that health systems can access the insights needed to deliver safer, high-quality patient care.

A key step forward is modernizing IT infrastructure through strategic investment in modular platforms that unify critical functions. With the ability to connect key focus areas like safety, compliance, provider oversight, and experience, healthcare organizations can measure progress and scale more effectively. By breaking down data silos and using real-time, standardized data, they can further enhance interoperability and unlock insights needed to raise the standard of care within hospitals and health systems, while working to improve patient safety outcomes and reduce risk across the entire healthcare ecosystem.

Robert Duffy, Chief Technology Officer at HealthEdge
One of the biggest barriers to true interoperability is simply prioritizing what to integrate, when. Organizations that want to achieve seamless care coordination, reduce costs, and increase efficiencies need an interoperability strategy that’s based on both internal goals and external market factors. Without a comprehensive strategy in place that the organization is committed to, it’s too easy to become distracted, lose focus, or become paralyzed with competing priorities.

Within the payer business alone, there are numerous different systems that have historically operated in silos that will help with care coordination and the overall healthcare experience when they’re integrated. These range from systems housing clinical data to those for letters and correspondence, business rules, business intelligence, and even Social Determinants of Health (SDOH) data. Payers need to prioritize what’s most important and map out a plan to get there.

However, priorities aren’t always determined by what a payer feels is most important. External factors like regulations need to enter the equation too. For example, CMS is mandating Application Programming Interfaces (APIs) for prior authorization processes by January 1, 2027. Important requirements like this may shift internal priorities and have to be taken into consideration as they arise.

David Navarro, Senior Product Manager at Harmony Healthcare IT
One major challenge in achieving healthcare IT interoperability is organizing the vast amount of digital data generated throughout the patient care process. Without standardized categorization and formatting, sharing this data across systems for care, billing, or research becomes difficult. Many organizations use the FHIR specification to structure and exchange this data effectively.

Another key issue is determining what data should be shared. While the USCDI offers a starting point, many interoperability efforts require additional data elements. Organizations often develop custom specifications, like a Designated Record Set, to meet specific needs — requiring time, planning, and collaboration across stakeholders.

Bob Hackney, Chief Technology Officer at PerfectServe
Real interoperability in healthcare IT remains elusive because, to be frank, all (or at least most) of the incentives encourage data hoarding instead of data sharing. Vendors cling to proprietary formats to lock their customers in, and far too many health systems are trapped with aging technology infrastructure that was never built to play nicely with others. Until such time as interoperability becomes a requirement, rather than something that’s just nice to have, we’ll keep seeing half measures that fall way short of the progress we really need.

Standardization is another part of the problem. There’s momentum with FHIR, but inconsistent implementation and a lack of enforcement mean it’s still more of a loose framework than some kind of guarantee. We need to explore legislation that heightens the consequences. If your system doesn’t interoperate, it shouldn’t be certified. Period.

We need to align the incentives to make this work. Interoperability is a great, high-minded concept, but ultimately it has to deliver ROI for patients, providers, and vendors if it’s going to become a reality instead of a work in progress. Things like reimbursement, accreditation, and certification should be tied to measurable outcomes, and everyone needs to be held accountable. Unless that happens, we’ll have to keep patching systems together instead of solving the root problem.

Liz Lewis, Director of Product at Commonwell Health Alliance
One of the most significant barriers to achieving true interoperability in healthcare is trust—or more accurately, the lack of it. In a complex ecosystem of data exchange, it can be challenging to fully understand and trust all parties involved. While the technical capabilities to enable data exchange continue to advance rapidly, the ability to move data is only part of the equation. It is imperative that data requestors not only have the legal authority to access the information but also understand how to do so securely and in compliance with privacy requirements. Trust is built over time but can be broken in an instant.

As such, we urge the broader health IT community to actively seek opportunities to establish and reinforce trust. This includes strict adherence to HIPAA Privacy and Security rules, as well as ensuring that health information is only requested and used for purposes supported by appropriate legal and regulatory authority.

Coleman Young, Senior Product Manager at RXNT
The biggest challenge with interoperability is simple. Too many systems still don’t connect in a way that actually works for the people using them. Even with TEFCA making progress and QHINs beginning to emerge, a lot of practices are stuck with old, siloed technology that slows everything down. The first step is to choose systems that follow national standards and actually talk to each other. For example, using FHIR-based integrations or connecting through a QHIN makes it easier for your EHR to securely share patient records with other providers outside your organization. That kind of interoperability helps reduce manual work, cuts down on errors, and ensures patients receive better-coordinated care—especially when they’re seeing multiple specialists or switching providers.

Matt Ernst, VP Technical Ops & Support at Tendo
Key barriers include fragmented data systems, lack of standardization, proprietary vendor practices, and cultural resistance to change. Additionally, concerns around data security and ownership often stall progress. To overcome these, organizations need to adopt open standards, invest in API-driven architecture, and prioritize usability in integration workflows. Leadership alignment and incentives for outcomes-based care can also shift the focus from siloed operations to system-wide collaboration. Cross-industry coalitions and aligned incentives will be crucial to scale sustainable solutions.

Jeremy Friese, Founder and CEO at Humata Health
The biggest barrier to interoperability in healthcare is motivation. We’ve spent hundreds of billions of dollars on electronic medical records and health IT infrastructure, but we’re still far apart on true interoperability. Why? Because most of the use cases for interoperability have been focused on clinical needs that don’t directly involve money. We need to follow the money, because that’s what will ultimately motivate organizations to act more quickly. Interoperability needs a financial motivator, and we have one – it’s prior authorization.

Interoperability is key to automating prior authorization and making it fast and efficient so patients get the care they deserve more quickly.

The administrative burden and associated cost of prior authorization for both providers and payers are immense. But what’s even more motivating is that prior authorization is directly tied to payments. That’s why providers and industry groups like the AMA, payers and industry groups like AHIP, and the government at both federal and state levels have all been very vocal and active about solving prior authorization. Everyone is motivated to solve prior authorization, so they’re willing to sit down and work together towards solutions. It’s an issue that can break the interoperability logjam. Once it does, we’ll be able to use the foundational infrastructure and lessons learned to push interop forward in other critical areas.

Pete Srejovic, Chief Product & Technology Officer at Intelerad
Entrenched data silos, multi-vendor environments, and a lack of universally adopted data-sharing standards are the main sources of barriers to interoperability in healthcare IT, particularly in radiology and medical imaging. Legacy systems often operate in isolation, with radiology, cardiology, and other clinical specialties using separate workflows, archives, and tools. This fragmentation increases operational costs, hinders interdepartmental communication and coordination, and leads to delays in diagnoses and the delivery of value-based care.

Transitioning away from proprietary, vendor-locked systems toward cloud-based solutions is a key step in overcoming these barriers. Cloud technology enables secure, scalable image sharing and remote access to enhance effective collaboration among radiologists and clinicians, regardless of location or department. Also, healthcare organizations should prioritize the adoption of interoperable platforms, such as enterprise imaging systems and PACS solutions that unify data across departments. By embracing interoperability and cloud innovation, health systems can reduce complexity while improving clinical workflows and patient outcomes.

Anish Arora, Vice President of Product at TigerConnect
One of the most persistent barriers to achieving true interoperability in healthcare isn’t disconnected systems — it’s disconnected people. While healthcare IT leaders have made significant progress toward data-sharing standards, many hospitals and healthcare systems still rely on outdated communication methods like pagers, phone trees, and siloed emails. These channels delay care decisions and increase provider burnout.

To truly unlock the benefits of interoperability — better patient safety, more secure data exchanges, and faster innovation — organizations must prioritize integrated communication and collaboration. Fragmented workflows can be bridged by pulling in data from EHRs, labs, imaging systems, nurse call, schedules, and patient monitoring platforms and delivering it instantly via secure text, voice, or video right to a clinician’s mobile device. When communication and data flow together, it speeds decisions, streamlines discharges, and improves patient outcomes. Interoperability is as much about connecting care teams as it is about connecting systems, and that starts with unified communications.

Kevin Erdal, Managing Director & Practice Lead – Digital Health at Nordic
The barriers to a better healthcare system are cultural and organizational, not technical. Research shows that the top obstacles to healthcare interoperability aren’t insufficient APIs or software systems. The real challenges can be found within the cultures of healthcare organizations themselves. Misaligned incentives, competing governance priorities, one-off technology solutions, and a compliance-as-checking-a-box mentality are significant hindrances that many organizations struggle to solve. Executives who pursue a multi-pronged strategy to shift cultures and align initiatives with internal values will achieve the true intent of interoperability—simplified healthcare interactions that lead to better care – and will be better positioned to lead in their industries.

Stephen Vaccaro, President at HHAeXchange
One of the primary barriers to achieving true interoperability in home- and community-based services (HCBS) is the widespread fragmentation of data across disjointed platforms that don’t communicate with each other. Agencies often rely on a mix of single-point solutions like scheduling tools, billing software, and EVV systems, which create digital silos and isolate valuable insights. This lack of integration leads to inconsistent client records, time-consuming manual workarounds, and limited visibility into the delivery of care — ultimately weakening outcomes, increasing administrative work, and widening care gaps.

Overcoming these barriers requires the adoption of centralized data aggregation platforms that unify information from disparate sources into a single, accessible system. Tools that standardize data and documentation while reducing compliance risks will help to lay the groundwork for future-ready strategies such as AI-driven risk prediction, value-based care alignment, and real-time communication across the care continuum. By investing in interoperable, cloud-based technologies now, HCBS providers and managed care organizations (MCOs) can improve efficiency, transparency, and member-centered outcomes in the long run.

So many incredible insights here! Huge thank you to everyone who took the time out of their day to submit a quote to us! And thank you to all of you for taking the time out of your day to read this article! We could not do this without all of your support.

What do you think are the main barriers to achieving true interoperability in healthcare IT? How do you think organizations can overcome them? Let us know over on social media, we’d love to hear from all of you!

< + > Protect Your Organization From RaaS Raiders

The following is a guest article by Thomas Ritter, Attorney and Founder of Ritter Gallagher

In a recent episode of the podcast Cyber Survivor, I discussed the fast-changing landscape of ransomware attacks. It’s a message I’d like to amplify by sharing it with Healthcare IT Today readers.

Five years ago, there were really only eight to ten recurring threat actor groups in the ransomware economy – almost like a thieves’ country club. Now it’s become the Wild West, where some ransomware operators provide ransomware as a service (RaaS). In RaaS, operators sell malware strains to relatively unsophisticated lower-level affiliates around the globe for a portion of the victim payout. This evolution has significantly fragmented the ransomware ecosystem, resulting in a greater number of attackers who are now more aggressive and agile than ever before.

While the ransomware economy may now look different than it did before, the motivation of criminals remains the same: money, and lots of it. According to the 2024 Crypto Crime Report published by blockchain analysis firm Chainalysis, ransomware payments went from an estimated $220 million in 2019 to $1.1 billion in 2023. I’ve personally witnessed the devastating nature of this criminal industry countless times throughout the course of my career, helping organizations navigate catastrophic cybersecurity incidents. I was once on a Zoom call with a healthcare client when a bad actor actually joined the meeting, gruffly saying (in a thick foreign accent), “You’d better pay up or else.” Another time, I had a ransomware group extort a healthcare client by waving its cyber insurance policy in front of its nose. The attacker knew the exact amount of money my client was insured for and considered that amount to be the “floor” in the ransomware negotiations.

Ransomware’s Widening Costs

In addition to the high cost of ransom demands, healthcare facilities that are temporarily locked out of their own systems face many additional costs, including lawsuits and hard-to-quantify reputational damage.

One Alabama hospital was sued in 2019 because a baby suffered complications from a birth interrupted by ransomware downtime. While an undisclosed settlement was reached, the lawsuit made national news and was emblematic of the growing trend in private and class action lawsuits arising out of ransomware attacks against healthcare providers.

A Call to Action

Ransomware attacks are getting much more frequent and exponentially more sophisticated. Here are some suggestions for how to reduce your organization’s risk exposure:

Remember Your Top Three Priorities

Every healthcare organization has three overarching priorities: patient care, revenue, and regulation. Some hospitals feel that they can’t divert dollars from the bedside to the IT staff, yet ransomware can have a devastating impact on all three priorities.

If your system gets frozen by ransomware attackers, patients could die as a result. And the financial impact is staggering: an average of nearly $2 million per day of downtime. Finally, failure to maintain HIPAA compliance can be costly as well. In April of this year, the Office for Civil Rights announced a settlement with a public hospital in Guam who suffered a ransomware attack, finding violations of the HIPAA Security Rule.

Change the Organizational Mindset

It’s imperative to shift from passive to active in your planning. Dealing with ransomware is now much more than a “we checked these compliance boxes” task.

Preparedness is Vital

You need to continuously pressure-test your incident response plan and business continuity strategies, such as backup cadence and core application redundancies. Perform annual ransomware tabletops with your executive leadership to identify shortcomings and areas of improvement.

Evaluate 3rd Party Risk

The unprecedented Change Healthcare breach exposed the uncertainty around the security of third-party vendor management and legacy applications. Now is the time to thoroughly examine your organization’s tech stack and architecture and understand how your network interacts with outside applications.

Stay Informed About CISA Recommendations

The Cybersecurity & Infrastructure Security Agency (CISA) frequently updates its security recommendations concerning third-party risk assessments and software bill-of-materials. These guidelines can help you stay one step ahead of cyber-criminals.

If You’re Hit with Ransomware, Don’t Stonewall

When faced with ransomware demands, some healthcare organizations take the combative stance of “we don’t negotiate with terrorists.” But that response is seldom useful. When you communicate with the bad actors via experienced negotiators, you can buy time and glean valuable information on how to respond effectively. Simply negotiating doesn’t mean payment is a foregone conclusion.

Taking the measures outlined above will help safeguard your organization from this new generation of avaricious, opportunistic attackers.

About Thomas Ritter

Thomas Ritter is an attorney and the founder of Ritter Gallagher in Nashville, Tennessee.