< + > Unexpected Vulnerabilities: How to Contain Cyberattacks and Protect Patient Safety

The following is a guest article by Dr. Jaushin Lee, Founder and CEO at Zentera Systems

If you see “healthcare” and “cybersecurity” in the same sentence, the discussion usually focuses on protecting electronic health records (EHRs), patient portals, or core enterprise platforms. Given the amount of sensitive data they hold, it makes sense to devote significant resources to protecting them.

However, some of the most serious cybersecurity risks in the healthcare industry aren’t found in hospital EHR systems or clinical applications. Instead, they can be found woven into the thousands of connected devices and systems that support the critical work that these facilities provide—systems that aren’t often designed with leading-edge cybersecurity controls in mind.

Across the country, critical infrastructure, such as HVAC systems, oxygen supply systems, imaging equipment, and other devices, is frequently connected to the same networks as EHR systems and other healthcare applications. Many of these devices also run on specialized operating systems that make it hard to run security agents or even patch.

This interconnected environment, in which embedded but vulnerable systems play an essential role in providing effective healthcare, creates levels of risk that many organizations are just beginning to recognize. Without integrating the protections that Zero Trust provides, healthcare organizations can face consequences that extend beyond data exposure to include broad service disruptions.

Recognizing Overlooked Cyber-Risks in Hospital Infrastructure

Prioritizing security investments for major software, such as EHR systems, billing platforms, and clinical applications, makes perfect sense because they’re obvious targets for many attackers. Yet today’s more sophisticated attackers rarely begin with the most protected systems. Instead, they hunt for the weakest entry points within a network.

Several of the most commonly overlooked attack vectors are:

Building and Environmental Control Systems

HVAC controls, air filtration, and temperature management systems are often network-connected, but they’re rarely designed with modern security protections in mind, let alone tested for vulnerabilities. When attackers target these systems, they can disrupt sterile environments or critical care spaces or use them to pivot to other parts of an enterprise network—or both.

Medical Imaging and Diagnostic Equipment

Devices such as X-ray machines, CT scanners, and cardiac care systems often use embedded software that can’t support standard security tools or enable regular patching. Artificial intelligence makes it easier than ever for attackers to probe these systems and create targeted exploits to gain a foothold in a network.

Critical Infrastructure and Operational Technology (OT) Controllers

Core infrastructure and OT controllers—such as systems responsible for controlling oxygen supply and power management and utilities that operate on proprietary firmware—often lack modern authentication mechanisms or threat monitoring capabilities. This makes these OT systems low-hanging fruit for persistent threat actors.

Understanding How Cyberattacks Can Spread Inside Hospital Networks

Finding a vulnerable device or service and exploiting it to gain a foothold is rarely the most damaging part of a cyberattack; the real risk comes from what happens next: expansion across the network.

Attackers then use their newfound access to move laterally across connected systems on their hunt for more valuable targets, pivoting from device to device until they reach critical datasets or infrastructure. Because of the wide range of connected systems often comprising new and legacy equipment, hospital networks are particularly susceptible to what is known as “east-west” network movement. This allows attackers to move undetected for extended periods of time.

This means that a seemingly minor vulnerability in one OT or medical device can quickly escalate into a large incident with the potential to affect broader hospital operations.

Containing Breaches Without Network Redesign with Zero Trust

For most healthcare organizations, the idea of redesigning their entire network architecture to prevent the rapid spread of malicious activity and to improve cybersecurity isn’t realistic. Replacing, restructuring, or updating large swaths of the network can be costly, operationally risky, and time-consuming. That’s why healthcare organizations should instead focus on containing potential breaches, preventing attackers from pivoting once they have initial access.

A Zero Trust security architecture addresses this challenge by requiring system and user verification for every connection. This flips the traditional model of “assumed trust,” which is typically assigned to traffic inside a network, on its head.

Implementing a Zero Trust architecture begins with placing protective controls around one critical system at a time, slowly broadening the Zero Trust principle. These network-level controls are established to match real business operations performed by authenticated users for predefined reasons using approved devices.

By isolating sensitive infrastructure and devices, healthcare organizations can create security boundaries that limit how devices communicate with the rest of the network, ensuring that each connection request is legitimate. This type of control and segmentation ensures that even if one device is compromised, attackers can’t easily spread to other systems.

Using Zero Trust to Secure What Matters Most

Modern Zero Trust platforms give healthcare cybersecurity teams the ability to introduce strong access controls around their critical systems and applications without requiring expensive and risky changes to their network infrastructure. By verifying users, devices, and applications before allowing connections, Zero Trust helps ensure that only legitimate activity is allowed to flow through the network.

By making this shift to a Zero Trust architecture, healthcare organizations can then focus their security efforts where they matter most: protecting the systems that directly support patient care and hospital operations. Instead of relying on perimeter defenses alone, Zero Trust security platforms provide a way to ensure that trust is continuously evaluated and access is tightly controlled. Ultimately, this helps healthcare providers to not just prevent data breaches and protect patient care but also build network environments that are more resilient and better able to withstand tomorrow’s rapidly evolving threats.

About Jaushin Lee

Dr. Jaushin Lee is the Founder and CEO at Zentera Systems. He is a serial entrepreneur with many patents. He is also the visionary architect behind CoIP Platform, Zentera’s award-winning Zero Trust security overlay. Jaushin has more than 20 years of management and executive experience in networking and computer engineering through his experience with Cisco Systems, SGI, and Imera Systems.

< + > Century Health Raises $5M Seed Round as AI-Powered Platform Achieves 97% Accuracy in Clinical Data Abstraction

• The Round was Led by Origin Ventures with Participation from InnovateHealth Ventures, 25madison, Next Play Ventures, 2048 Ventures, Alumni Ventures, and Strategic Angels
• The Century Health Abstraction & Retrieval Model (CHARM) has Achieved 97% Accuracy Compared to Clinical Expert Judgment as it Scales Across Life Sciences
• Century Health’s Data Network and Abstraction Platform Supply Proprietary Real-World Clinical Data; A Critical Resource for Accelerating AI Use Cases in Life Sciences

Century Health, a pioneer in applying AI to real-world clinical data to accelerate research, today announced an oversubscribed $5 million seed round led by Origin Ventures, with participation from new investors InnovateHealth Ventures, 25madison, and Next Play Ventures, and continuing investors 2048 Ventures and Alumni Ventures. Strategic angel investors in the round include Zorba Lieberman, founder of Citeline, and clinicians across nephrology, neurology, and ophthalmology. The funding will be used to scale collaborations and use cases with pharmaceutical and life sciences partners, grow its specialty provider data network, and expand its AI-powered data curation infrastructure.

Century Health was founded to reimagine how clinical data is used to benefit patients. The company’s Century Health Abstraction & Retrieval Model (CHARM) is a tailored, AI-powered platform that automates the curation and enrichment of fragmented clinical data, creating high-quality real-world evidence (RWE) to accelerate therapeutic development and drive clinical outcomes.

Clinical research has long been constrained by the time and cost of manual data curation. While electronic health records (EHRs) contain rich longitudinal patient information, much of it remains locked in unstructured formats, such as clinical notes, radiology reports, and physician documentation. Century Health automates the data identification and abstraction process, creating high-quality, research-ready datasets.

CHARM now achieves 97% accuracy when validated against clinical expert judgment, the standard pharmaceutical and research partners apply when evaluating data for research and regulatory use.

The company grew its data network 60x over the past year, spanning leading provider groups across neurology, nephrology, ophthalmology, respiratory, metabolic, and immunology. Multiple “Top 5” pharma companies are among its partners.

A wave of AI investment flowing into life sciences has created new demand for proprietary clinical data. As drug developers and AI researchers push into trial design, patient stratification, and therapeutic development, the publicly available datasets that powered earlier biomedical models have largely been exhausted. High-quality, structured real-world clinical records are now a scarce input, and Century Health’s provider network and abstraction infrastructure are positioned to fill this gap.

“Century Health is accelerating medical breakthroughs by unlocking real-world clinical data across the entire drug lifecycle, creating a win-win for providers and life sciences companies,” said Prashant Shukla, Partner at Origin Ventures. “Upstream, it’s the fuel for AI models driving discovery, disease modeling, and patient stratification; downstream, it’s the evidence needed to demonstrate safety and effectiveness, differentiate their drugs, and win payer negotiations.”

“Structuring clinical data historically required extensive manual work that can now be automated and scaled, creating unprecedented opportunity for healthcare data infrastructure. Century Health operates with the speed the life sciences industry needs and the clinical rigor it demands. This funding lets us expand our network, go deeper into priority disease areas, and generate the critical evidence that shapes patient care,” said Vish Srivastava, Co-Founder and CEO at Century Health.

Century Health is continuing to expand its disease-specific registry network, deepen pharma collaborations, and advance CHARM’s capabilities for complex abstraction and data harmonization.

The company’s vision is to make real-world clinical data usable and reliable for every researcher, provider, and life sciences partner that are working to shorten the path to discovery and better treatments for complex diseases.

About Century Health

Century Health is a health technology company transforming how real-world evidence is generated from clinical data. With its AI-powered platform, Century Health unlocks rich, high-quality datasets from fragmented and siloed clinical information to fuel groundbreaking research and industry collaborations. By automating data curation and enrichment, the platform eliminates manual data entry while upholding the highest standards of patient privacy. Partnering with leading academic institutions, healthcare providers, and life sciences organizations, Century Health accelerates medical breakthroughs with the power of AI. For more information, visit century.health.

Originally announced May 19th, 2026

< + > Strategies to Ensure Patients Have Secure and Meaningful Access to Their Health Data

The digitization of healthcare has created a lot of change, with none as clear as the changes that have happened with health data. Transferring between clinics is much easier, patient care is improving thanks to continuous monitoring and diagnostic accuracy, and organizations are increasing their operational efficiencies. People have also taken advantage of digital health data to monitor their own conditions. Personal health devices such as Apple Watches and Oura Rings have been on the rise, allowing people to track their heart rate, sleep patterns, and more, all in the interest of bettering their health.

However, there have also been some negative changes, the main one being privacy concerns. Healthcare is not the only aspect of people’s lives that has become digitized. People have seen their data in these other digital spaces being sold to other parties without their consent, and as such, trust isn’t always very high. This mistrust is only compounded by the rise of ransomware attacks that specifically target health data.

This puts healthcare organizations in a high-wire balancing act of making sure that health data is easily accessible to their patients to do with as they wish, while also keeping health data securely locked up to keep it from becoming a target for cybercriminals. To get a better understanding as to how to best stay on this wire, we reached out to our incredible Healthcare IT Today Community and asked — what strategies are organizations using to ensure patients have secure, meaningful access to their health data? Below are their responses.

DJ Tucker, Managing Director, Healthcare Informatics at Healthcare IT Leaders
Meaningful patient data access has to be built on three simultaneous layers: frictionless portals that remove the incentive for workarounds, digital literacy embedded directly in the care experience, and governance frameworks that ensure your EHR configurations meet both regulatory requirements and real human usability. Get any one of those wrong and you haven’t solved the problem, you’ve just moved it.

The stakes are higher than most realize. Interoperability is a patient safety strategy. Fragmented records don’t stay in the background; they surface at the bedside, at the most critical moments. Solving for meaningful data access means investing in the governance layer, the Oracle Health and Epic configurations, the identity frameworks, and the patient-facing literacy.

Matt Ernst, VP, Technical Operations and Support at Tendo
Access to health data has expanded significantly, but the next step is making that information meaningful and easier to access for patients. Health systems are increasingly focused on bringing together fragmented data from EHRs, care teams, and digital tools, so patients have a clearer understanding of their health and care plans.

Equally important is ensuring that access is secure and trusted. That requires strong interoperability standards, thoughtful data governance, and patient-centered design.

Ultimately, meaningful access means patients can not only view their information, but also use it to make informed decisions and stay connected with their care teams throughout their care journey.

Paul Wilder, Executive Director at CommonWell Health Alliance
Patients deserve secure, meaningful access to their healthcare data, and this reality relies on the adoption of Individual Access Services (IAS). IAS is the technical paradigm shift required to move beyond information from a single provider towards agnostic, seamless, accurate, and complete information.

By leveraging the highest levels of verification to confirm a patient’s identity, IAS can help ensure patients can securely view their information from any provider that has contributed to their care, no matter who they see or where they live.

Our call to action? The entire healthcare community should prioritize exchanges and apps that align with IAS standards for patient access to accurate, complete, and secure information.

Jonathan Burk, Software Engineering Director at Full Spectrum
There is no shortage of healthcare apps, ranging from fitness trackers to patient portals. But the real key to ensuring patients have the data they need is building open, API-first architectures based on zero-trust cybersecurity principles. Embracing openness prevents app overload. With too much information spread across too many sites or apps, patients will be less likely to engage, resulting in the consumption of less data, not more.

Niki Panich, MD, Chief Medical Officer at Penguin Ai
Meaningful access is more than a patient portal login. It is giving patients data they can actually understand and act on. The organizations doing this the best are pairing open APIs and FHIR-compliant infrastructure with plain-language summaries and care team follow-through. Security and usability are both key requirements. Patients engage with data they trust, and they build that trust by actually being able to use it.

Dr. Scott Schell, Chief Medical Officer at Cognizant
Health systems are increasingly using interoperable APIs and modern patient portals to provide individuals with easier access to their health records, test results, and care plans. At the same time, strong identity management, multifactor authentication, and zero-trust security frameworks are helping organizations balance accessibility with appropriate protection of sensitive health information.

Such great responses to consider here! Huge thank you to everyone who took the time out of their day to submit a quote to us! And thank you to all of you for taking the time out of your day to read this article! We could not do this without all of your support.

What strategies do you think organizations are using to ensure patients have secure and meaningful access to their health data? Let us know over on social media, we’d love to hear from all of you!

< + > How Continuous Risk Monitoring Is Transforming Healthcare Revenue Integrity Amid Rising Audits

One of the biggest challenges facing healthcare organizations today has to do with revenue integrity and healthcare compliance.  Every organization is focusing on improving its revenue while still ensuring compliance.  Plus, this is becoming even more challenging as the government is leveraging AI to increase the number of audits and holding payments from many providers. This crackdown means provider organizations operating in Medicare or Medicaid programs will feel the impact across their entire compliance and revenue cycle footprint.

What’s interesting about this is that MDaudit was built for exactly this situation.  With that in mind, I had a chance to chat with Ritesh Ramesh, CEO at MDaudit, to learn more about what he’s seeing in the market and some of the ways MDaudit uses its AI-powered continuous risk monitoring platform to help hospitals and health systems.

We start off our discussion with Ramesh talking about the major shifts he’s been seeing in the healthcare compliance and revenue integrity landscape. He also highlights the major risks provider organizations face today and how those risks are evolving.

After hearing about the current revenue integrity and compliance landscape, I ask Ramesh to share what continuous risk monitoring actually looks like operationally for a health system or physician organization.  Most organizations are used to random audits, but the idea of continuously monitoring and “auditing” your organization’s revenue is a new idea for many. Ramesh shares how it works, along with examples of how proactive monitoring and AI-driven auditing have helped organizations identify and prevent major financial and compliance issues.

Of course, we couldn’t talk about this without diving into some discussion of AI.  Ramesh shares how MDaudit built AI into the platform from the beginning rather than layering it on afterward and how that makes all the difference for its customers.  What’s particularly impressive is that MDaudit has helped their customers achieve more than $500 million in ROI in 2025.  So, I had to learn more about what was actually driving these savings. We wrapped up our interview with Ramesh sharing his advice on how healthcare organizations can move from a reactive to a more proactive revenue integrity strategy.

Check out our interview with Ritesh Ramesh from MDaudit to learn more about how your organization can benefit from continuous risk monitoring that improves your organization’s revenue.

Learn more about MDaudit: https://mdaudit.com/

Listen and subscribe to the Healthcare IT Today Interviews Podcast to hear all the latest insights from experts in healthcare IT.

And for an exclusive look at our top stories, subscribe to our newsletter and YouTube.

Tell us what you think. Contact us here or on Twitter at @hcitoday. And if you’re interested in advertising with us, check out our various advertising packages and request our Media Kit.

 MDaudit is a proud sponsor of Healthcare Scene.

< + > Rethinking Clinical Denials and Clinical Documentation Integrity Strategy

The following is a guest article by Amanda Dean, Director of Clinical Education at AGS Health

Picture a patient admitted for heart failure, treated appropriately, discharged in stable condition, then denied. Not because the care was wrong, but because the documentation didn’t clearly articulate why inpatient admission was medically necessary. By the time the denial lands on a reviewer’s desk, the attending physician has moved on to dozens of other patients, the appeal window is narrowing, and the revenue cycle team is already buried in last month’s backlog.

This scenario plays out countless times every day in U.S. health systems, and it is almost entirely preventable. Clinical denial rates have climbed more than 20% over the past five years, driven by payer automation that has industrialized the scrutiny once reserved for only the most complex claims. The administrative cost of fighting those battles, in staff time, delayed reimbursement, and clinician frustration, can come close to rivaling the cost of the denials themselves.

The appeal-first response to this pressure is no longer sufficient. Leading organizations have come to the realization that their focus should be on: 1) streamlining communication between utilization review and physician advisory services; 2) enhancing clinical documentation integrity (CDI) practices; and 3) leveraging advanced analytics to identify denial trends early.

That kind of change doesn’t happen by tweaking a process here or adding a staff member there. It requires clinical, operational, and revenue cycle teams to function as one coordinated effort with a shared goal: keeping preventable denials from happening in the first place.

Why Clinical Denials are Growing

The payer automation described above is only part of a broader set of industry trends accelerating denial rates across hospitals and health systems.

Automated review tools now allow payers to flag claims for additional scrutiny at a scale and speed that wasn’t possible even a few years ago. These tools can rapidly identify cases in which documentation appears insufficient or medical necessity criteria are unclear, applying consistent algorithmic pressure across claim volumes that would overwhelm any manual review process.

Retrospective audits have expanded the problem further. Claims that were once paid and considered closed can be revisited and reversed well after initial reimbursement, creating financial exposure that stretches beyond the initial claim cycle and puts additional pressure on already stretched clinical teams.

Medical necessity requirements compound both issues. Standards are more complex than ever and applied inconsistently across payers. Small gaps in clinical documentation, such as incomplete physician notes or unclear admission rationale, can lead to denials even when the care provided was entirely appropriate.

Taken all together, these pressures increase denial volume by capitalizing on every weak point in the handoff between clinical care and documentation. Preventable documentation issues often lead to lost or delayed reimbursement, and organizations without a coordinated response across those functions will continue to absorb significant financial consequences.

The Hidden Cost of Fragmented Workflows

Weak points in the clinical-to-documentation handoff rarely occur in isolation. In most cases, they are symptoms of a deeper structural problem where the teams responsible for catching them are operating on separate tracks.

Utilization review teams may flag potential admission status or documentation risks early, but their findings often do not reach physician advisors or CDI specialists in time to act on them. CDI may uncover documentation gaps after the window to influence a claim has already closed. Revenue cycle teams typically enter the picture only after a denial has been issued. Each function is doing its job, and likely quite well, but without visibility into what the others are seeing.

The financial consequences of that disconnect are significant and largely invisible—until they compound. A single missed timely escalation from utilization review to physician advisor may result in only one denied claim, but multiply that across hundreds of admissions a month, and that same gap eats into reimbursement at a scale that becomes visible in aggregate (but long after any proactive opportunities to intervene have passed).

When these workflows operate independently, the organization is left managing the damage rather than preventing it, processing appeals for denials that should never have occurred in the first place.

A Proactive Framework for Denial Prevention

Addressing these gaps requires moving denial prevention upstream, into the care episode itself rather than the claims process that follows it. Payers have already made that investment on their side, deploying automated tools that flag documentation issues at scale and speed no manual review process can match. Organizations positioned for optimal response are those building equivalent capability on their own.

The foundation of that effort is earlier, more structured collaboration between utilization review teams and physician advisors. When potential medical necessity concerns are identified at the point of admission or during the hospital stay, there is still time to clarify documentation, adjust clinical rationale, and ensure the record accurately reflects why the level of care was appropriate. That window closes quickly once a patient is discharged.

CDI programs extend that foundation by ensuring the documentation captured during the stay holds up to payer scrutiny. CDI specialists working alongside physicians in real time can identify gaps in how patient acuity, severity of illness, and care complexity are recorded before those gaps become denial triggers. The quality of the clinical record at discharge determines much of what happens downstream.

Analytics and automation make both functions more precise and more proactive. Platforms that surface denial trends, identify documentation patterns that draw payer scrutiny, and flag high-risk cases early allow teams to direct their attention where it matters most. Automation reduces the manual burden of documentation workflows and improves consistency in how clinical details are captured and communicated across teams, applying the same systematic rigor to prevention that payers are already applying to scrutiny.

Together, these capabilities shift the organization’s posture from responding to denials to systematically reducing the conditions that produce them by focusing on upstream denial prevention, fostering closer collaboration between teams, implementing advanced analytics, and ensuring consistent, timely documentation to minimize lost revenue.

Scaling the Model Through Hybrid Expertise

Even well-designed frameworks run into a practical constraint: the clinical specialists needed to execute them, physician advisors, CDI professionals, and utilization review experts, are in short supply at most health systems. Building internal capability is the right goal, but for many organizations, the staffing gaps are too significant to close quickly enough to keep pace with rising denial volumes.

Hybrid staffing models address that gap directly by combining local clinical teams with specialized external expertise, including both onshore and global talent, to extend coverage, reduce turnaround times, and maintain continuity across time zones. Rather than replacing internal teams, the model is designed to amplify what they can do.

The results of that approach can be substantial. One Midwest health system, facing rising denial volumes and limited internal capacity, partnered with AGS Health to deploy a nearshore clinical support model aligned with its denial management workflows. The team included physicians and CDI specialists who worked alongside internal staff to improve the quality and consistency of documentation review and appeals while strengthening upstream documentation practices.

The outcome was more than $12 million in annual revenue recovered from previously denied claims, a 55% recovery rate, and an approximately 40x return on investment. Those results reflect not just improved appeals performance but a more proactive documentation strategy that reduced downstream denial exposure over time.

For complex appeals, clinical validation reviews, and documentation improvement initiatives requiring deep clinical knowledge, hybrid models offer both the scalability to handle volume and the specialization to handle complexity, without the overhead of building capacity entirely in-house.

Turning Appeals into Evidence-Based Strategy

Even with a strong prevention framework in place, some denials will occur. The goal at that point is not to appeal them en masse and indiscriminately, but instead to appeal strategically and in a way that maximizes recovery while informing upstream prevention efforts.

That starts with treating denial patterns as data. When appeals are tracked and analyzed systematically, by payer, denial type, and clinical category, it becomes possible to identify which cases are most likely to succeed on appeal, where internal documentation practices are consistently falling short, and which specific payer challenges or trends warrant a more structured response. Appeals can cross-function as an intelligence loop.

Evidence-based appeal strategies built on that analysis, supported by detailed clinical documentation and payer-specific insights, can significantly improve overturn rates and accelerate revenue recovery. Equally important, the patterns surfaced through appeals work can feed directly back into CDI and utilization review priorities, tightening the prevention framework over time.

The result is a denial management strategy that operates as a continuous cycle rather than a series of disconnected responses: prevent what can be prevented, recover what slips through, and use both to reduce future exposure.

Payer scrutiny is not going to ease. Reimbursement pressures will continue to push automated audits further into clinical territory, and the documentation bar will keep rising. Organizations that treat that reality as an administrative burden to manage will remain in a reactive posture, absorbing costs that compound over time. Those that treat it as a structural challenge requiring coordinated clinical, operational, and analytical investment will be better positioned to protect revenue, reduce waste, and free their clinical teams to focus on care rather than paperwork.

< + > This Week’s Health IT Jobs – June 3, 2026

It can be very overwhelming scrolling through job board after job board in search of a position that fits your wants and needs. Let us take that stress away by finding a mix of great health IT jobs for you! We hope you enjoy this look at some of the health IT jobs we saw healthcare organizations trying to fill this week.

Here’s a quick look at some of the health IT jobs we found:

• HIMS Tech – Encompass Health
• Revenue Cycle Patient Representative – Centra Health
• Clinical Engineering Cyber Specialist – Sodexo
• Chief Information Officer (CIO) – Summa Health
• AI Strategy Associate Director – State Health – Guidehouse
• Healthcare Payer Relations Credentialing and Contract Support Specialist – VITAS Healthcare
• Coding Rep I – Cincinnati Children’s
• Patient Experience Representative I – MultiCare Health System
• Healthcare Operations Analyst (Provider Data) – Healthfirst
• Patient Access Assoc I – R1 RCM
• Associate Chief Digital Information Officer – AMN Healthcare Leadership Solutions | B.E. Smith
• ROI Medical Records Specialist – MRO
• Healthcare AI Engagement Lead (Remote) – Cognizant
• Database Administrator II – Health Outcomes – CHRISTUS Health
• Technology Director, Billing and Enrollment – Medica
• HIM ROI Analyst II – Intermountain Health
• Cybersecurity Advisor – Healthcare TPRM – Cortile
• Patient Care Technician – DaVita Kidney Care
• Fractional CIO/IT Executive Advisor – Hackley Community Care
• Director, Quality & Patient Safety – Boston Medical Center (BMC)

If none of these jobs fit your needs, be sure to check out our previous health IT job listings.

Do you have an open health IT position that you are looking to fill? Contact us here with a link to the open position and we’ll be happy to feature it in next week’s article at no charge!

*Note: These jobs are listed by Healthcare IT Today as a free service to the community. Healthcare IT Today does not endorse or vouch for the company or the job posting. We encourage anyone applying to these jobs to do their own due diligence.

< + > The Payment Integrity Reckoning

The following is a guest article by Mark Noel, SVP and GM of ClaimInsight at AMPS

Why transparency and defensibility have become non-negotiable for health plans — and what it takes to build a program that actually holds up.

Payment integrity is at an inflection point. Scrutiny is increasing across the industry, and the structural vulnerabilities that many health plans have operated around for years are surfacing. The consequences are no longer theoretical.

The core issue is not whether savings are being generated. It is whether those savings are accurate, explainable, defensible, and ultimately realized. For many plans, the honest answer to at least one of those questions is uncomfortable.

This piece is for the health plan leaders who are asking hard questions about what their payment integrity program is actually producing and what a better model looks like.

The Structural Problem No One Wants to Name

For years, the payment integrity market has operated on a deceptively simple value proposition: find claims savings, report the numbers, collect the fees. Vendors compete on volume. Health plans track “identified savings” as the headline metric. Everyone moves on.

The problem is that identified savings and realized savings are not the same thing and that gap has become one of the most consequential blind spots in health plan finance.

When a claim is adjusted and an appeal follows, the logic behind the original decision matters enormously. If that logic is opaque, buried in a proprietary algorithm the health plan cannot explain, reproduce, or defend, then the finding erodes. An overturn is not just a lost dollar. It is a signal that the original savings never really existed.

This is the structural problem the industry has avoided naming directly: a meaningful portion of reported payment integrity savings is, under scrutiny, not durable. And health plans that cannot see inside their own programs have no way to know how much of their book falls into that category.

Four Ways Health Plans Absorb the Cost

The financial and operational consequences of this model are well distributed, which makes them easy to underestimate. They don’t show up in a single line item. They accumulate across four vectors.

1. Appeal Erosion

Provider disputes and insufficient clinical rationale reduce identified savings after the fact. The gap between what was reported and what was collected is often larger than plans realize and rarely tracked rigorously enough to surface the full picture.

2. Missed High-Dollar Opportunities

High-cost inpatient claims are among the largest drivers of medical spend and among the most likely to receive generalized review rather than the clinical depth they require. Volume-based processing systematically underperforms on the cases where precision matters most.

3. Administrative Friction

Dispute volume drives resource strain, internally and across provider relationships. When adjustments aren’t defensible, every challenge takes longer, requires more documentation, and strains the relationships that operational efficiency depends on.

4. Unpriced Reputational and Regulatory Risk

As industry scrutiny intensifies, the inability to explain how claim decisions were made creates real exposure. Regulatory inquiries, provider disputes that escalate, and the reputational costs of decisions that appear arbitrary under examination are all downstream of the same root cause: a lack of transparency into methodology and outcomes.

The Transparency Gap: Why Opacity Is No Longer a Differentiator

Many legacy payment integrity models were built around proprietary, algorithmic logic. The pitch was straightforward: trust the black box. For a period, this was commercially viable. The market didn’t demand accountability at the claim level, and most health plans lacked the internal capability to interrogate vendor methodology in detail.

That era is ending and faster than most plans have recalibrated for.

The transparency gap is a practical liability across multiple dimensions.

Accountable. When a plan cannot independently validate how a payment decision was made, it is wholly dependent on the vendor’s interpretation. This is not a partnership, it is a dependency. And dependencies are vulnerabilities during disputes, audits, and litigation.

Provider relationships. Providers are sophisticated counterparties. When they challenge a claim decision and the health plan cannot articulate a clear clinical or contractual rationale, the dispute escalates, the relationship strains, and the original finding often fails. Transparency is a prerequisite for defensibility.

Regulatory scrutiny. The regulatory environment for payment integrity practices is not static. Plans that rely on opaque vendor logic and cannot demonstrate that their processes are clinically grounded, consistently applied, and fully documented are poorly positioned as that environment evolves. What is currently a performance risk can become a compliance risk without meaningful advance notice.

Legacy vs. Modern: The Standard Has Shifted

The gap between where payment integrity programs operate today and where they need to operate is best understood by placing the two models side by side.

Legacy model:

• Opaque, proprietary algorithms
• Savings identified (gross), not realized (net)
• High appeal overturn rate
• Vendor-owned methodology
• Volume-based edits
• Limited auditability

Modern standard:

• Transparent logic, explainable at the claim level
• Savings realized after appeal, not just identified upfront
• High uphold rate, findings built to withstand challenge
• Plan-owned decisions, vendor is tool, not authority
• Clinically precise, case-specific review
• Full claim-level defensibility

The move from one model to the other is not just a technology upgrade. It is a fundamentally different philosophy about what a payment integrity program is for. Legacy models optimize for finding discrepancies. Modern programs optimize for findings that hold up and for the financial, operational, and institutional credibility that comes with them.

The High-Dollar Claim Problem Deserves Special Attention

The case for a more rigorous, transparent model is most acute in the context of high-dollar inpatient claims. These are the cases where the financial stakes are highest, appeal risk is greatest, and clinical nuance has the most direct influence on outcome validity.

High-cost claims represent a disproportionate share of medical spend for most health plans. They are also the cases most likely to receive inadequate depth of review under volume-driven models, because generalized rules and algorithmic processing are poorly suited to the complexity these claims actually contain.

A claim involving an extended inpatient admission, complex procedure coding, or uncommon clinical scenario does not yield to a standardized edit. It requires physician-level review, case-specific analysis, and a working understanding of how coding and reimbursement standards apply to the actual clinical record at hand. These are not capabilities that scale through automation alone.

When findings are clinically grounded, clearly documented, and built to withstand challenge, the result is not just higher savings but more durable savings. The financial difference between “savings identified” and “savings realized” is largest precisely where clinical depth is most often absent.

What Health Plans Actually Need to Demand

The question is not whether the payment integrity market will change, it is whether individual health plans will lead that change or follow it. Plans that continue to accept opaque, volume-based programs without demanding claim-level visibility will absorb the costs of that decision for as long as they remain in that posture.

At minimum, every claim adjustment should be:

• Explainable — The health plan should be able to state clearly and specifically why any given claim was adjusted, in clinical and contractual terms a provider, regulator, or judge could evaluate.
• Grounded — Adjustments must be anchored in clinical evidence, coding standards, or contract language, not statistical pattern-matching. Clinically grounded decisions hold up under scrutiny.
• Reviewable — The health plan, not only the vendor, should have meaningful visibility into how outcomes are produced. This is what separates a plan that owns its program from one that rents another organization’s black box.
• Realized — The ultimate measure is not the number at the top of the funnel. It is the number at the bottom, after appeals, after disputes, after the program has been stress-tested by real-world challenges.

The Right Starting Point: Visibility, Not Disruption

For health plan leaders who recognize the problem but are uncertain where to begin, the answer is not a vendor replacement or a program overhaul. The right starting point is simpler and considerably less disruptive: an independent view of what your current program is actually producing.

There is almost always a gap between what is suspected and what can be demonstrated at the claim level. Plans that operate without independent validation of vendor performance are, in effect, accepting reported savings figures without review. That is a posture that creates financial risk, not manages it.

An independent, physician-led review of a targeted sample of high-dollar claims can surface a precise picture quickly: where is savings potential being left on the table? Where are existing findings at risk of not holding up on appeal? Where does the current program’s logic diverge from defensible clinical or coding standards?

This kind of analysis does not require operational disruption. It delivers immediate financial insight, produces data to support internal decision-making, and creates meaningful leverage for vendor conversations, whether the outcome is optimizing an existing relationship, adding targeted capabilities, or making a broader program change.

The Bottom Line: A New Bar for Payment Integrity

The health plans that will lead on payment integrity in the years ahead are not the ones with the most vendor relationships or the longest list of edits. They are the ones that know, at the claim level, what their program is producing and can demonstrate that every dollar of savings is accurate, defensible, and real.

That standard is not aspirational. It is increasingly the baseline expectation, from regulators, from providers, and from plan leadership that is asking harder questions about where reported savings actually go.

Health plans that adapt to this reality will gain materially: higher net savings, greater internal confidence in outcomes, stronger positioning with providers and regulators, and meaningful control over how medical spend is managed. Those that don’t will continue absorbing costs that are easy to overlook until they’re not.

The question is not whether savings are being generated. The question is whether you know, with confidence and specificity, how those savings are produced and whether they will hold up when challenged.

Getting that answer is the first step. And it is available faster than most plans expect.

About Advanced Medical Pricing Solutions

AMPS is a healthcare cost savings technology company helping organizations take control of rising healthcare costs while delivering a better, more supported member experience. With over two decades of experience, we bring together medical claims strategy, payment integrity, and pharmacy benefits into a connected ecosystem designed to reduce costs, improve accuracy, and support the people behind every claim. Through our three solutions (ClaimInsight, PriceDynamix, and Drexi), we deliver Healthcare Cost Savings, AMPLIFIED. For more information visit www.AMPS.com or www.ClaimInsight.com

AMPS is a proud sponsor of Healthcare Scene.