Health News: December 2024

Tuesday, December 31, 2024

< + > Brain Cipher begins to leak stolen Rhode Island data

Protected health information from Ocean State's online health and human services platform may be part of the cache of personal data posted to the dark web.

< + > Top 10 most-read stories of 2024

This past year was a busy one, with new policy changes, cybersecurity challenges, EHR optimization advancements, innovations in patient care and, yes, a whole lot of AI.

< + > Healthcare Interoperability and Cloud Services – 2025 Health IT Predictions

As we wrap up another year and get ready for 2025 to begin, it is once again time for everyone’s favorite annual tradition of Health IT Predictions! We reached out to our incredible Healthcare IT Today Community to get their insights on what will happen in the coming year and boy did they deliver. We in fact got so many responses to our prompt this year, that we have had to narrow them down to just the best and most interesting. Check out the community’s predictions down below and be sure to follow along as we share more 2025 Health IT Predictions!

Check out our community’s Healthcare Interoperability and Healthcare Cloud predictions:

Sufian Chowdhury, CEO at Kinetik
Conquering interoperability will unlock efficiencies. Healthcare spending continues to climb throughout our country, even as healthcare outcomes show little or no improvement. This massive inefficiency within the system is due to the lack of connectivity and data sharing with the healthcare ecosystem. There will be a huge push to unlock efficiency in healthcare, and a key driver will be conquering interoperability.

Despite the wealth of technology available, much of it is underutilized because of fragmentation. Healthcare providers increasingly realize that incorporating technology and sharing data is essential to ensure collaboration and mitigate interoperability. Looking ahead, expect a consortium of companies to come together to address these data challenges. Working as a network rather than in silos, we can tackle inefficiencies in our healthcare system to drive better outcomes.

Sonja Tarrago, MD, Director of Commercial Strategy at DexCare
The future of healthcare hinges on achieving true interoperability, defined as the seamless exchange of patient health information across health systems in a way that improves patient care quality and clinician efficiency. To unlock the full potential of care teams, we must have access to actionable, real-time data. Patients are still coming to their doctor’s appointments frustrated that their provider does not have their records from a recent urgent care visit, previous primary care provider, or a specialist. And providers are still combing through years, sometimes decades, of records to understand the whole patient sitting in front of them. Diagnostic tests are unnecessarily repeated when results are not readily available.

In 2025, true interoperability will be a strategic imperative for healthcare organizations aiming to optimize both patient outcomes and operational efficiency. With frictionless data exchange and automated summarization, clinicians can shift from working in silos to delivering personalized, coordinated care. Real-time access to critical data will empower care teams to identify effective treatments, minimize redundant testing, and enhance decision-making. True interoperability requires a shift in the way we view people, processes, and technology. But this shift can redefine the way healthcare providers engage with patients, driving a more dynamic, agile, and patient-centered model of care delivery.

Mike King, Senior Director, Product and Strategy at IQVIA
Increasing integration between quality, regulatory, and safety teams in pharmaceutical companies as well as the existing strong integrations in these departments in MedTech and IVD organizations. The industry is working to optimize information and data transfer between these groups, aiming to reduce redundancy and minimize manual processes that can introduce risks, whilst also generating process and product insights through technologies such as AI.

Shay Perera, Co-Founder and CTO at Navina
With patient data traditionally siloed, the demand for interoperable systems has never been higher. 2025 will likely be a pivotal year where we see improved but gradual integration between systems, as regulatory bodies and vendors work toward greater consistency and reliability. However, stability and scalability will be essential. These developments will help AI tools access and consolidate data more effectively, paving the way for deeper and more comprehensive connected patient insights. We can also expect to see a surge in connected devices, like heart monitors, integrated directly with EMRs, facilitating a flow of data that creates a fuller patient picture.

Nichole Sweeney, General Counsel and Chief Privacy Officer at CRISP Shared Services
The election saw 7 more states enact new protections related to reproductive health and abortion, joining others in previous years, like Maryland and California–leaving a disparate state regulatory landscape in tension with federal interoperability priorities of former administrations. In 2025, our industry will grapple with new legal and technological implications that, left unsolved, will halt national interoperability or expose patients’ private information in states with less restrictive laws than their home states. We must unite to create a national landscape for operationalizing state-based laws and regulations, honoring both the protections of our federalized system and patient choice while ensuring data critical for care gets to where it needs to go.

Valerie Reich, VP of Healthcare Strategy at Hero Digital
In 2025, healthcare will continue evolving into a connected network of services centered around the consumer. Building on recent trends, we’ll see greater emphasis on interoperability, consumer ownership of data, and the integration of niche service providers with traditional healthcare systems, for example, partnerships between health systems and virtual chronic care solutions. To thrive in this networked landscape, organizations will need to evaluate their role and focus on key factors like discoverability, content, platforms, and overall digital experience.

Carney Taylor, Co-President of Eastern Nephrology Associates at Eastern Nephrology Associates
In the push toward value-based care, more providers will begin to prioritize true interoperability. This will not only help connect the dots in patient care but also support the creation of data platforms that unify patient records across diverse providers which is increasingly important for coordinating complex, personalized care. You can expect healthcare leaders to invest in standards for secure, seamless data sharing, an essential step toward the interconnected intelligence that value-based care promises. We have already begun to see this at scale in nephrology and no doubt will see it reflected across other specialties more in 2025.

Marcus Perez, President at Altera Digital Health
In 2025, the public cloud will continue to play a pivotal role in healthcare’s evolution, driven by the demand for scalability, interoperability, and secure data management. The public cloud will enable advanced analytics and machine learning to process vast healthcare datasets. These capabilities will support predictive analytics, real-time patient monitoring, and personalized care, significantly improving decision-making and patient outcomes. As cyberattacks on healthcare systems increase, robust security measures within public cloud platforms will be critical. Enhanced compliance with regulations like HIPAA and FHIR standards will prioritize the secure exchange and storage of healthcare data. Public cloud infrastructure will bridge gaps between healthcare providers, payers, and pharmaceutical companies, promoting seamless data sharing.

This collaboration will drive innovations such as faster drug development and coordinated patient care. With rising medical costs, public cloud platforms will offer cost-efficient solutions for scaling healthcare services, particularly as demand for telemedicine and digital health grows. Cloud services will enable remote care and decentralized clinical trials, aligning with patient preferences for more accessible and consumer-centric healthcare. Additionally, the public cloud performance and availability enable a reliable platform for providers to deliver a patient-focused healthcare delivery ecosystem.

Craig Mengert, Chief Executive, Cognizant TriZetto Healthcare Products at Cognizant
Over the next one to two years, we’ll see a shift in healthcare Payers moving to the Cloud despite the significant investment it will take. This shift will enable interoperability between providers and payers, allowing providers to make real-time, data-driven decisions and payers to easily access this data to inform their care and claims decisions. Without these investments, Payers will risk losing their competitive edge and won’t be able to further the engagement experiences that members and providers are demanding.

Iddo Peleg, Co-Founder and CEO at Yonalink
The era of fragmented data collection and management in clinical trials is nearing its end. As the volume and complexity of clinical data increase, manual data entry methods, often error-prone and costly, are becoming untenable. Today, 20-35% of a study’s budget is spent on inefficient processes like data verification, driving a shift towards technologies that prioritize automation and integration. The coming year will see accelerated adoption of solutions that directly integrate electronic health records (EHRs) with electronic data capture (EDC) systems, enabling real-time, automated data streaming.

These technologies not only reduce costs and improve accuracy, but enable the integration of real-world data (RWD) into clinical trials, breaking down data silos and fostering seamless collaboration across systems throughout the research process. Cloud-based and interoperable platforms are expected to lead this transformation, addressing challenges like disparate data standards and privacy concerns. These tools will support the creation of faster, lower-cost trials, ultimately enhancing trial outcomes and paving the way for more scalable, accessible, and efficient research methodologies in 2025 and onwards.

Joe DeVivo, CEO at Butterfly Network
As healthcare data has become increasingly digitized and interconnected, concerns about data privacy and security have intensified, requiring a renewed focus on cloud security in healthcare technology. In the coming year, cloud security in healthcare will reach new heights, as companies that are leading the charge become the first to achieve certifications like StateRAMP in medical imaging. The trend toward robust cloud security and certifications in healthcare imaging is expected to accelerate in 2025, as more healthcare institutions recognize the benefits of cloud-based solutions. This shift will likely lead to improved data management, enhanced collaboration among healthcare professionals, and, ultimately, better patient care through more secure and efficient medical technologies.

Chris Thomas, Chief Revenue Officer at AlgoSec
Healthcare organizations are under pressure to balance rapid resource deployment with the fortification of digital infrastructure, applications, and systems while facing increased cyber threats. To address this challenge, we will likely see increased utilization of cloud technology, which will provide opportunities for concepts like hybrid ecosystems to integrate traditional data centers with cloud solutions, allowing for increased efficiency and reduced risk.

Additionally, as healthcare cyber threats such as ransomware and insider attacks continue to rise, we will see more healthcare organizations adopting a zero-trust cybersecurity approach. Zero-Trust, which requires verification for all access to a network or application, can help healthcare organizations combat ransomware by implementing segmentation strategies and access controls that prevent patient information leakage and minimize the attack surface to contain ransomware threats.

Alicia Staley, Vice President, Patient Engagement at Medidata
From clinical trials to everyday care, technology, especially artificial intelligence, has the potential to transform the patient experience. IT leaders must work to reinforce data interoperability across providers, granting patients unprecedented access to their medical records and empowering them to take control of their healthcare journeys. Simultaneously, providers will gain access to comprehensive medical histories, better equipping them to provide personalized care to their patients.

Technology is also reshaping the clinical trial space by promoting accessibility and engagement through telemedicine and remote monitoring, reducing historical burdens on participants, and enhancing diversity in clinical trials. As we look to 2025, leaders must drive technological innovations that are purpose-built to improve the patient experience and the delivery of care, fostering a more equitable, accessible, and comprehensive healthcare system.

Thank you so much to everyone who took the time out of their day to submit a prediction to us and thank you to all of you for taking the time to read this article! We could not do this without all of your support. What do you think will happen for interoperability and the Cloud in 2025? Let us know on social media. We’d love to hear from all of you!

Be sure to check out all of Healthcare IT Today’s Interoperability and Cloud content and our other 2025 Health IT Predictions.

< + > Verisma Acquires Olah, Streamlining Patient Data Management for Hospitals and Healthcare Facilities Nationwide

Advances Strategy to be the Leading End-to-End, Secure, Intelligent Data Management Company

Verisma, a leading provider of intelligent health data management solutions, announces today the company is acquiring Olah Healthcare Technology. Olah’s Enterprise Archiving Solution (EAS) seamlessly integrates with electronic health records (EHR), offering secure and efficient ways to retire, archive, and access legacy data. Together, the companies will empower healthcare providers with a scalable, interoperable, and trusted platform safeguarding patient information, enhancing regulatory compliance, and optimizing data accessibility and security.

“Olah is thrilled to join Verisma,” says Chad Hill, CEO at Olah joining as SVP of Data Archiving at Verisma. “We’re eager to further invest in our EAS capabilities to continue to simplify the archiving process while leveraging Verisma’s expertise to improve data management. We look forward to driving efficiency gains, saving providers money, and reducing IT frustration – allowing the focus to remain on patient care.”

Verisma, honored for the fifth consecutive year as the top release of information (ROI) and audit management provider in Black Book’s 2024 client survey, has been a trusted partner in patient privacy and data management for over 22 years – now supporting 20,000 healthcare facilities nationwide. With this extensive experience, Verisma has a unique perspective on data usage and is well-equipped to integrate archiving into a comprehensive data management solution built on the promise to protect truth and accuracy.

At the time of publication, the Data Archiving 2024 report by KLAS Research rated Olah the highest company among KLAS segments in their market – highlighting the organization’s strengths in flexibility, interoperability, and strong customer support. Black Book’s 2023 and 2024 user surveys also recognized Olah as a top-performing vendor driving the industry forward in Enterprise Data Archiving and Migration.

“Acquiring Olah furthers Verisma’s vision to be the market leader in data management across the healthcare continuum,” says Marty McKenna, President and CEO at Verisma. “Millions of patient records are accessed and delivered between systems and non-healthcare third parties every day – creating the need for health systems to partner with a technology vendor to manage this process in a private, secure, and compliant manner. Providers require a trusted solution, and we’re a one-stop shop delivering the complete picture – helping manage accurate patient data across multiple sources flowing into, and out of, systems reliably.”

About Olah

Olah makes it easy for healthcare systems and hospitals to let go of old applications without letting go of the critical information inside them. Olah’s modern enterprise archiving solution (EAS) can move just one or all critical legacy systems at once using lift-and-shift technology that preserves data integrity and vital access. Olah’s solution works for any system, from EMRs to business systems, patient records to finance. For more information, please visit olahht.com.

About Verisma

Verisma’s leading technology and solutions empower healthcare providers to streamline the exchange of protected health information (PHI) that facilitates value-based care programs, bridges gaps in care coordination, and supports legal proceedings. Verisma’s HITRUST-certified technology enhances interoperability to deliver cutting-edge release of information (ROI) and care coordination solutions (CCS) adhering to the highest standards in data security and patient protection. For more information, please visit verisma.com.

Originally announced November 20th, 2024

Monday, December 30, 2024

< + > Top 15 largest U.S. healthcare provider data breaches of 2024

It was another record-breaking year for healthcare cyberattacks, and healthcare providers' network servers were again prime targets for hackers.

< + > HHS releases notice of HIPAA Security Rule update

The agency seeks to make its first HIPAA Security Rule update since 2013 to clarify what health plans, healthcare clearinghouses, providers and their business associates must do to protect the security of electronic protected health information.

< + > CIO Podcast – Episode 87: CHIME and KLAS Synergy Awards with Jeffrey Sturman

For the 87th episode of the CIO podcast hosted by Healthcare IT Today, we are joined by Jeffrey Sturman, Senior Vice President and Chief Digital Information Officer at Memorial Healthcare System to talk about their recent wins of the CHIME and KLAS Synergy Award! We kick this episode off with Sturman sharing what it means to him and his organization to have won the KLAS Arch Pinnacle Award focused on EHR User Experience and the CHIME Digital Health Most Wired (9 or above) focused on Digital Health Innovation Award which combined won them the CHIME and KLAS Synergy award. Then we talk about what it took to achieve these awards and why other CIOs should strive to earn them with their own teams. Next, Sturman shares what he heard from clinicians during this process as well as what he did after learning from them. We then talk about how Sturman leverages the EHR and other IT and AI to both meet his current needs and prepare for his future needs. Next, we discuss the other efforts Sturman has been working on that are making an impact. Lastly, we conclude this episode with Sturman sharing the best piece of advice he’s gotten in his career.

Here’s a look at the questions and topics we discuss in this episode:

What does it mean to you and your organization to win the CHIME and KLAS Synergy Award (KLAS Arch Pinnacle Award and CHIME Digital Health Most Wired (9 or above))?
What did it take to achieve these awards? Why should other CIOs strive to work with their teams to earn them?
What did you hear from clinicians in the process? What are some of the things you did after learning from them?
How are you leveraging the EHR and other IT and AI to meet your needs? How are they preparing you for future needs?
What are some of the other efforts you’re working on that are making an impact?
What’s the best piece of advice you’ve gotten in your career?

Now, without further ado, we’re excited to share with you the next episode of the CIO Podcast by Healthcare IT Today.

We release a new CIO Podcast every ~2 weeks. You can also subscribe to the Healthcare IT Today podcast on any of the following platforms:

NOTE: We’ll be updating the links below as the various podcasting platforms approve the new podcast. Check back soon to be able to subscribe on your favorite podcast application.

Thanks for listening to the CIO Podcast on Healthcare IT Today and if you enjoy the content we’re sharing, please rate the podcast on your favorite podcasting platform.

Along with the popular podcasting platforms above, you can Subscribe to Healthcare IT Today on YouTube. Plus, all of the audio and video versions will be made available to stream on HealthcareITToday.com.

We’d love to hear what you think of the podcast and if there are other healthcare CIO you’d like to see us have on the program. Feel free to share your thoughts and perspectives in the comments of this post with @techguy on Twitter, or privately on our Contact Us page.

We appreciate you listening!

Listen to the Latest Episodes

< + > Healthcare Decisions at an Organizational Level – 2025 Health IT Predictions

Check out our community’s pedictions related to healthcare decisions at an organizational level:

Harshit Jain, MD, Founder and Global CEO at Doceree
The complexities of healthcare have established it as a science in its own right. In 2024, as digital adoption expanded across the healthcare industry, marketing communications also evolved, significantly influenced by technologies like Artificial Intelligence. Brands have increasingly shifted focus from merely engaging healthcare professionals (HCPs) to achieving healthcare outcomes through improved script lifts, in partnership with HIPAA-certified, data-compliant platforms, all thanks to advanced AI solutions that are helping brands reach HCPs at scale and with precision.

Moving into 2025, the ability of brands to leverage AI for ‘personalized communication’ and delivery of the ‘right messaging at the right time’ will be observed with even established brands prioritizing data security and privacy alongside technological advances. At Doceree, we shall remain dedicated to enriching HCP-patient engagement, strengthening global partnerships, and empowering the life sciences sector to reach new milestones responsibly and ethically.

Pete Heydt, President at PatientPay
In recent years, we’ve seen EMR vendors promote internal solutions for patient financial responsibility communications and payments. They’ve even touted the use of AI without proving practical results of more payments and less cost. In 2025, we’re going to see these vendors start to loosen up and realize they can’t be everything to everybody. You’ll see them start to accept and use third-party integrations that offer best-in-breed solutions that incorporate predictive analytics to drive results-oriented patient financial communications. By investing in tools specifically crafted to address consumer payment behavior, EMR vendors and revenue cycle leaders will work together to improve organizations’ margins and overall financial health.

Adam Farren, CEO at Canvas Medical
Clinician entrepreneurship and private practices will grow in 2025 and beyond. As larger healthcare entities divest and improved AI tools reduce the burden of administrative tasks, it will become much more accessible for clinicians to form their own medical practices, given both supply and demand factors. With higher demand for insurance products, virtual care, and new treatments, an influx of doctor-owned practices will be the only thing that can meet demands directly.

In particular, we will see new practices starting up in non-traditional specialties that can take advantage of advances in technology on both the consumer and provider side. As consumers become more conscious of their healthcare data through connected devices, they will seek help with wellness, sleep, and other non-acute conditions that lend themselves to on-demand or virtual care. New practices will be most equipped to meet that demand, which creates an entrepreneurship opportunity for clinician owners.

Chris Sullivan, VP, Commercial Segment, Health Clinical Effectiveness at Wolters Kluwer Health
Retail pharmacy will continue to see a retraction of the traditional store model as brick-and-mortar pharmacies grapple with financial headwinds and scale back their footprint. We’re starting to see retailers and retail pharmacies accelerate their shift toward e-commerce to align with patient expectations and meet them where they are. At the same time, our recent research shows Americans still value the personal touch and accessibility of their community pharmacies and have genuine concern about closures threatening to disrupt access to care and medication.

However, the digitization of the pharmacy uniquely positions pharmacists to guide patients through their care journey. When it comes to healthcare, we all want that human connection for guidance and empathy. Pharmacies have the potential to emerge stronger in 2025 and grab market share by engaging with a hybrid of digital patient education and experiences to maximize time spent with patients and help them find answers to their questions.

Katrina Rice, Chief Delivery Officer of Biometrics Services at eClinical Solutions
To foster greater inclusivity, sponsors will rethink recruitment strategies by partnering with urban leagues, faith-based organizations, and HBCUs, enhancing greater accessibility and building trust. This shift, driven by the FDA’s Diversity Action Plans, will accelerate trial enrollment, improve representation, and ultimately enhance patient safety by ensuring more diverse data in research. Additionally, AI can be a game-changer for risk and design; predictive analytics can reshape trials by identifying high-impact patient populations and preventing adverse events, thus, offering practical strategies to reduce inefficiencies and align trials with real-world patient needs.

Mintu Turakhia, Chief Medical & Scientific Officer and EVP of Product Innovation at iRhythm Technologies
While AI in healthcare is booming, most startups face a critical flaw: they lack a hardware platform. Without it, their solutions risk becoming mere ‘features’ difficult to scale, commercialize, and easily displaced by hardware-embedded AI. Success lies in pairing AI with hardware, creating validated, use-case-specific models that integrate seamlessly into care without added data or workflow burdens. The future of healthcare AI belongs to those with a home for their algorithms, not just ideas.

Mike Brandofino, President and COO at Caregility
The shine has come off of flashy AI companies as pilot after pilot has been canceled after the technology failed to deliver the expected results or was simply too expensive to scale. In 2025 I think we will see a more focused back-to-basics approach to applying technology to the modernization of care, with health systems being more laser-focused on addressing one or two specific pain points as opposed to a shotgun approach of throwing technology at problems to see what sticks.

Bethany Robertson, Clinical Executive at Wolters Kluwer Health
During the third quarter of 2024, there were 27 announced hospital mergers and acquisitions, representing $13.3 billion in transacted revenue marking the highest number in seven years. As healthcare mergers and acquisitions reshape the industry, one critical yet often overlooked factor is cultural alignment, especially within care teams. This is where nursing leaders must step in, bridging the gap between clinical excellence and strategic integration. Nurse leaders, such as Chief Nursing Officers/Chief Nurse Executives, are uniquely positioned to ensure seamless integrations across healthcare facilities, promoting patient-centered care and clinical excellence while building trust and cohesion across diverse teams. These cultural and competency alignments are vital for effective collaboration in newly merged organizations, supporting a stable, unified approach to patient care and organizational success.

Oliver Kharraz, Founder and CEO at Zocdoc
Amazon will materially restructure its healthcare offerings. Tech giants have had a notable lack of traction in healthcare, and Amazon, Apple, Google, and Microsoft have all learned firsthand that this space is not easy to disrupt from the outside in. While most have retrenched, Amazon has persisted. Despite various pivots, it has not yet been able to show traction in this space. For a company that prizes efficiency, it is untenable to continue to carry hundreds of millions in losses. 2025 will be the year that they determine that they don’t have the margins to make healthcare work, and managing healthcare providers is a very different business than managing logistics. We may see a pivot that prioritizes pharmacy, which is more aligned with their core competencies, is more scalable, and divests other care services.

Dr. Kevin Wang, Chief Medical Officer at apree health
The U.S. healthcare affordability crisis can be solved by 2030 if we can improve access to primary care. There’s truly a crisis of affordability in US healthcare today: 1 in 3 Americans have medical debt, and 1 in 5 don’t think they’ll ever pay it off. Primary care has been proven to play a key role in helping drive down healthcare costs and is the single biggest lever we have to address the affordability crisis. The U.S. could save $67 billion in health costs if every American used a primary care physician as their go-to, usual source of care. The challenge is that access to quality care isn’t always easy to come by, with appointments often booked out for months.

What’s more, the healthcare industry faces a primary care physician shortage that makes it even more difficult for patients to be seen. In 2025, we’ll begin to see a renewed focus on reimagining primary care through more effective policies implemented to remove barriers to care and address the physician shortage the industry currently faces, as well as tax incentives to encourage employers to drive down health costs by prioritizing primary care.

Allison Combs, Head of Product, Payer, Clinical Effectiveness at Wolters Kluwer Health
In 2024, Medicare Advantage faced decreasing reimbursement rates alongside surging enrollment, and both trends are likely to continue into and beyond 2025. These trends will compress the system, as more people require costly medical care, highlighting a nationwide affordability challenge. Additionally, the industry must prepare for further pressures. Looking ahead, Payers and Pharmacy Benefit Managers (PBMs) will continue to adapt their business models to meet shifting expectations and reimbursements. Specifically, with advanced analytics, Payers and PBMs are leveraging smarter interventions to pull forward the value of longer-term impacts into the short-term to address these challenges.

Charlie Byrge, SVP at Tendo
As healthcare costs continue to climb, 2025 will see a surge in self-insured employers taking greater control over their healthcare strategies. By directly managing their employees’ health plans, these employers aim to curb costs while delivering tailored, high-quality care. This shift is reshaping the healthcare landscape, driving demand for solutions that combine cost-efficiency with exceptional access. For self-insured employers, access to high-quality, nationwide networks is critical. These networks ensure employees can receive top-tier care regardless of location, enhancing satisfaction and improving health outcomes.

Furthermore, nationwide coverage allows employers to standardize benefits across a dispersed workforce, offering consistency and equity in care. To support this evolution, providers and platforms must prioritize transparency, bundled pricing, and streamlined navigation tools that connect employees to the right care at the right time. Employers are no longer passive purchasers, they are active drivers of value, and their focus on quality, affordability, and accessibility will continue to shape the future of healthcare.

Kent Dicks, Chief Executive Officer at Life 365
Healthcare costs in the U.S. are expected to reach $6 trillion by 2027, representing roughly 18% of the GDP. Healthcare providers and payers recognize that this growth is not sustainable for the country, especially given the steep rates of clinician burnout and labor shortages expected for the foreseeable future. That is why, in 2025, I expect to see a more serious commitment and significant forward progress among stakeholders in embracing a shift from reactive to proactive care. Technology will play a critical role in this shift, with more providers adopting an AI-powered, virtual-first approach to chronic condition management to keep patients at home and prevent emergency department visits and hospitalizations.

Donald Rucker, MD, Chief Strategy Officer at 1upHealth
Modern IT will come to healthcare in 2025. Our enterprise systems have been monolithic EHRs recreating paper charts with near-zero automation. In 2025, the same software that has built our smartphone economy – namely APIs (application programming interfaces) – will power a rethink of HIT. APIs allow many types of software to talk with each other. They make the whole greater than the sum of the parts. Today we have the technology (RESTful) and data (FHIR) standards needed to make this work. This API-first approach will be driven by health plans needing to perform with Medicare Advantage and managed Medicaid. Government-funded capitation has to ensure care is adequate.

Given the plan incentives to do less, countervailing payment incentives for adequate care also need to be robust. Today we see those incentives, the CMS Star Ratings, exerting pressure on all Medicare Advantage players with major effects on earnings and stock prices. In July 2024 MedPAC stated that MA is “22% more expensive” per capita than classic Medicare – pricing pressure will continue! MA and Medicaid plans will be working overtime to harvest data and influence rating outcomes. APIs connecting the data sources and digital leverage points with patients and providers will be the battleground for winning in the capitated payment world.

Chris Stenglein, Chief Executive Officer at Curae
A large number of highly populated states will implement populist medical debt laws prohibiting providers from collecting balances if a patient is under a multiple of FPL and prohibiting selling patients bad debt under any circumstances. This effectively ends the medical debt industry and its access to capital and triggers the promotion of retail-like patient financing by healthcare providers to gain payments for patient responsibilities. Patient financing programs will surpass traditional payment plans as the preferred option for health systems in 2025.

Rising interest rates are making standard payment plans increasingly impractical for patients, while financing programs offer flexible, structured payment options to address high out-of-pocket costs. Patient financing programs differ from payment plans by providing loans or credit through third-party institutions, with clear terms and consumer protections under the same regulations banks adhere to. This framework makes them increasingly more appealing to health systems as they ensure reliable cash flow and reduce reliance on collections. Financing solutions also enhance the patient experience, offering increasingly accessible, personalized, and manageable repayment options that improve satisfaction and payment adherence.

As economic pressures grow, health systems will prioritize financing programs for their ability to balance patient affordability with financial stability. In 2025, these programs will set the standard for patient financial engagement, replacing payment plans with a more sustainable solution.

Caroline Statile, Chief Product & Technology Officer at CipherHealth
The US has a healthcare spending problem. As a share of Gross Domestic Product, healthcare spending stands at over 17%, almost $14,000 per year for every person in the country. And still, health systems face intense financial pressures, with reimbursements under strain and rising costs across the board, particularly in staffing. The current landscape points to a need for real change, and many systems are looking to technology and standardized pathways as a way to sustain quality care amidst these financial constraints. Those who can adapt by embracing efficiency and support tools will find themselves better equipped for the road ahead. In 2025, systems that adapt by maximizing efficiency through standardized care pathways and AI-backed decision support will be best positioned to maintain high-quality care under intense financial pressures.

Joe Dore, President at USBenefits Insurance Services
High insurance premiums and medical costs don’t discriminate or differentiate based on your political affiliation. Therefore, healthcare should be one of your top priorities for the new administration. As a country, we have been passengers passively watching the medical costs increase while the services deteriorate, only reacting when the problem lands on our doorstep. I don’t see the gas pedal on cost easing but rather pressed closer to the floor. Healthcare in the US is among the most expensive in the world. To add insult to injury, the level of care provided is subpar to other countries of similar economic stature. I am not opposed to paying top dollar to receive the best in service and treatment. Therefore, the cost should directly commensurate to the services received, however when the two do not align, that’s a red flag.

What’s the solution? Unfortunately, legislation and enforcement of such. I’m a supporter of capitalism, however when the product or services do not align with the cost, the consumer’s options are handcuffed and being leveraged, and the government must establish some boundaries. The medical industry is entitled to make a profit, but not at the expense of financially collapsing the system and bankrupting individuals.

Frank Sposato, Senior Director Clinical Trial Payments Technology & Operations at IQVIA
The clinical trial payment landscape is set for a major transformation in 2025, with AI driving significant changes in financial operations management. Currently, less than 15% of investigative sites use system portals, but emerging AI systems will automate invoice processing by converting emailed attachments into structured data and automating budget comparisons. Traditional straight-line enrollment predictions will be replaced by machine learning models that generate dynamic enrollment curves based on therapeutic area-specific patterns. AI systems will master clinical trial agreement processing by extracting payment schedules from inconsistently formatted PDF exhibits. Financial reconciliation will advance through automation, with AI systems handling real-time matching of funds and automated currency exchange calculations. The implementation roadmap includes deploying invoice ingestion automation, protocol and budget ingestion capabilities, and cross-platform reconciliation systems.

These changes will benefit stakeholders by improving forecasting accuracy, reducing processing costs, and enhancing compliance monitoring. Sites will experience reduced administrative burdens and faster payments. While AI will reduce routine tasks, human roles will evolve to focus on strategic oversight and quality control. Beyond 2025, developments will include blockchain integration, advanced fraud detection, and more sophisticated predictive analytics. Success depends on thorough implementation planning and continuous system improvement.

Thank you so much to everyone who took the time out of their day to submit a prediction to us and thank you to all of you for taking the time to read this article! We could not do this without all of your support. What do you think will happen for Healthcare Organizations in 2025? Let us know on social media. We’d love to hear from all of you!

Be sure to check out all of Healthcare IT Today’s Healthcare Organizations content and our other 2025 Health IT Predictions.

< + > TigerConnect Acquires Twiage, Enhancing Real-Time EMS to Hospital Communication for Streamlined Emergency Care

The Acquisition Expands Capabilities in Emergency and Pre-Hospital Care, Revolutionizing Communication Between EMS Teams and Hospitals for Faster Clinical Workflows and More Informed Patient Care

TigerConnect, the leading clinical collaboration platform in healthcare, today announced the acquisition of Twiage, a health technology innovator that streamlines pre-hospital communication and care coordination between EMS, hospitals, and other healthcare providers. The acquisition strengthens TigerConnect’s portfolio by introducing pre-hospital communication and transfer center workflows, that go beyond what can be achieved via EHR-based chat systems. By connecting EMS operations to hospital care teams before a patient arrives, the solution accelerates time to care through the sharing of real-time patient information.

“This acquisition marks another step in our evolution to unify communications for health systems by connecting care teams both inside and outside the hospital,” said Brad Brooks, CEO at TigerConnect. “Twiage combined with TigerConnect further strengthens our ability to empower care teams to streamline emergency and critical care coordination, reduce patient handoff times, and ensure faster, more informed decision-making from the moment a patient is in transit to the hospital bridging the care continuum.”

Twiage, founded in 2015 and headquartered in New York City, is an award-winning healthcare technology company providing communication workflows between EMS and hospital emergency departments, which allows real-time patient information to flow directly to hospital care teams while a patient is en route. Trusted by over 100 hospitals and health systems, including Atlantic Health System, Hartford Health, Mayo Clinic, and Yale New Haven Health, Twiage accelerates emergency and non-emergency communication to improve life-saving care.

“Twiage was built on the belief that better communication leads to better care,” said John Hui, Co-Founder and CEO at Twiage. “Joining TigerConnect will allow us to expand our vision and bring our innovative solutions to a larger scope of healthcare systems. Together, we can make a more meaningful impact on how care is delivered, starting from a patient’s first point of medical contact.”

This move is a key part of the broader TigerConnect strategy to empower health systems by enhancing clinician productivity, strengthening care team connections, making data actionable, and extending care beyond the four walls of the hospital. TigerConnect’s platform now connects even more of the healthcare journey, ensuring faster and more effective collaboration between care teams and EMS providers.

About TigerConnect

TigerConnect continues to transform healthcare with its comprehensive clinical collaboration platform. Trusted by over 7,000 healthcare facilities, TigerConnect’s solutions span care communication, patient engagement, scheduling, alarm notifications, and nurse call systems. The platform’s reliability is evidenced by its 99.995% verifiable uptime, facilitating over 10 million messages daily.

For more information about TigerConnect and its industry-leading solutions, visit tigerconnect.com.

Originally announced November 19th, 2024

Sunday, December 29, 2024

< + > Korea starts recruiting for 1 billion bio data project

Also, AIIMS Delhi is setting up a hub for healthcare AI development with GE HealthCare.

Saturday, December 28, 2024

< + > Weekly Roundup – December 28, 2024

Welcome to our Healthcare IT Today Weekly Roundup. Each week, we’ll be providing a look back at the articles we posted and why they’re important to the healthcare IT community. We hope this gives you a chance to catch up on anything you may have missed during the busy holiday week.

Coupling Analytics and AI Medical Scribes for PT and OT. John Lynn interviewed Pedro Teixeira at PredictionHealth about the unique needs of ambient voice solutions for PT and OT, where practitioners are walking around and there’s a lot of background noise to filter out. Read more…

Why LG Is Becoming More Valuable to Hospitals and CIOs. At RSNA, Colin caught up with Jim Salamon at LG Medical Displays to learn how the familiar consumer electronics brand is tailoring its products to the hospital setting. Partnering with CIOs has helped them better understand the industry’s needs. Read more…

2025 Health IT Predictions: Digital Transformation in Healthcare. At this time of year, it’s fun to think about what may lie ahead. Digital transformation predictions from Healthcare IT Today community include the importance of care coordination, the rise of evidence-based AI, and the value of high-quality data. Read more…

2025 Predictions: Healthcare Cybersecurity. This one’s always a hot topic. Our experts have their eye on sophisticated threats driven by advanced AI – but also AI’s potential to automate key security tasks such as threat detection and mitigation. Read more…

2025 Predictions: AI and Automation in Healthcare. We began our predictions series with a look at AI automation. Our community experts expect more refined use cases for automation, especially when it comes to documentation and prior authorization. Read more…

Healthcare IT Today Podcast: Year in Review. John and Colin looked back at an eventful year, with a focus on the people, places, or companies that make their notable list for 2024. Read more…

Bonus Features for December 22, 2024: 83% of providers want virtual care to be a permanent part of their practice; meanwhile, Medicare home visits have dropped 17% since 2017. Read more…

Funding and M&A Activity:

Mental health and wellbeing platform StoryCatch Partners acquired EmpiraMed, which performs post-market clinical research.
Healthcare job training vendor Stepful raised $31.5 million in Series B funding.
Fertility decision support platform FertilAI raised a $4.5 million seed round.

Thanks for reading and be sure to check out our latest Healthcare IT Today Weekly Roundups. See you in 2025!

Friday, December 27, 2024

< + > PredictionHealth Couples Analytics with an AI Medical Scribe for PT and OT

PredictionHealth produces an ambient voice solution for physical therapy and occupational therapy settings, applying AI not just create the various post-visit notes they need but also to offer analytics.

Pedro Teixeira points out some of the challenges that differentiate PT and OT from other clinical settings: sessions take place in gyms, the presence of music and clanging weights produces an “interesting audio environment” that the transcription tool must deal with, and people are often walking around, so some clinicans want to speak into a device clipped to their clothing and turn it off and on during a session.

The solution generates notes, including compliance information, patient goals, and interventions. A note can be generated for each section of a session, and be checked immediately by the clinician.

A dashboard allows practice leaders to check notes for completeness, correct coding, and compliance. Teixeira points out that nobody learns medical coding in school, but doing it right has big financial implications.

PredictionHealth avoids the need for copying and pasting notes by integrating with EHRs that are popular in PT and OT environments. Most of this integration is through a Chrome extension, but they also do some direct integrations and support desktop EHRs too.

Watch the video for more details about how automated note creation happens with PredictionHealth and the EHRs supported.

Learn more about PredictionHealth: https://www.predictionhealth.com/

Listen and subscribe to the Healthcare IT Today Interviews Podcast to hear all the latest insights from experts in healthcare IT.

And for an exclusive look at our top stories, subscribe to our newsletter and YouTube.

Tell us what you think. Contact us here or on Twitter at @hcitoday. And if you’re interested in advertising with us, check out our various advertising packages and request our Media Kit.

< + > HIMSSCast: Nurses want AI to enhance patient interactions

Because we're still in the early days of artificial intelligence transforming the patient care environment, it's imperative to watch its impacts closely, says Oriana Beaudet, VP of nursing innovation at the American Nurses Association.

< + > StoryCatch Partners Acquires EmpiraMed

Combined Organization will Unlock Patterns in Complex Participant Populations, Driving Physical and Mental Health Improvement

StoryCatch Partners, a Public Benefit Corporation leveraging the power of individual stories to improve mental and physical well-being, today announced that it has acquired Maynard, Mass.-based EmpiraMed Inc., a digital health technology leader in the field of virtual clinical studies for real-world evidence.

EmpiraMed performs post-market, prospective, virtual clinical studies to generate real-world evidence for life sciences, pioneering site-less virtual studies. Its software helps clients produce evidence for expanding market access, deploy patient-centered rare disease registries, and support faster regulatory approval of new indications and label extensions. Driven by a desire to optimize health and the human experience, StoryCatch Partners is growing a portfolio of scalable, interoperable companies that improve global mental well-being. This merger builds on StoryCatch Partners’ mission to bring clarity, empathy, and evidence to better understand mental, emotional, and physical health concerns.

“EmpiraMed was the first company to run site-less studies while leading the way in engaging patients to self-report data,” said Keith Parent, Founder of EmpiraMed. “StoryCatch Partners’ vision to improve total health with evidence and understanding aligns with our commitment to gain real-world evidence simpler, faster, and more cost-effectively than traditional methods. Joining StoryCatch Partners will help us deliver the best value to our clients and team.”

StoryCatch Partners brings empathy when needed most and evidence to create change using the healing and informative power of story sharing to build peer connections, stakeholder engagement, and real-world insights. It is dedicated to improving health and well-being by using high-accuracy health data and information. The combined EmpiraMed and StoryCatch Partners offerings will better address and understand the physical and emotional health of complex participant populations.

“StoryCatch Partners combines technology, connection, and information to improve access to quality help and offer insights while recognizing the interconnection of emotional and physical health,” said Samantha Burman Trotman, Co-Founder and CEO at StoryCatch Partners. “EmpiraMed’s strength in generating real-world evidence and measuring health outcomes will be instrumental in our ability to better understand, research, and address the emotional health concerns of those that struggle and the people supporting them.”

The EmpiraMed team and current solutions will remain in place with the combined offerings delivering additional value. Industry veteran and StoryCatch Partners Partner James Cavan will lead EmpiraMed during the transition and StoryCatch Partners CEO Samantha Trotman Burman retains the role of CEO for the combined entity. She brings a strong leadership background as the founder of Isleworth Group, as a former deal professional at Bain Capital, and Partner at Parthenon Capital.

About EmpiraMed

EmpiraMed is a digital health technology company that performs as a digital CRO offering post-market, prospective, Virtual Clinical Studies to generate Real World Evidence for the life science industry. The company sits at the intersection of DCT (Decentralized Clinical Trials) and RWE. Formed in 2011, EmpiraMed pioneered the methods and delivery of 100% site-less virtual studies. Please visit empiramed.com for more information.

About StoryCatch Partners

StoryCatch Partners lives by its charter as a public benefit corporation. We invest in technology and services that offer empathy and evidence to improve mental and physical well-being. With the healing and informative power of story sharing, we provide peer connection, engagement, and real-world insights. Our resources support people managing their well-being as well as those who care about them. StoryCatch believes in optimizing health and the human experience, partnering with other organizations that share its vision for community, best practices, and social good. For more information, please visit us on LinkedIn and storycatch-partners.com.

Originally announced November 20th, 2024

Thursday, December 26, 2024

< + > IoT and ransomware are big security risks, and health systems feel unprepared

"The usage of AI and automatic vulnerability scanning performed by the attackers allows them to find an exposed IoT device and conduct an attack on it much quicker than they used to be able to," says one security researcher in a new report.

< + > UVA Health RAMPs up AI and real-time analytics

The success the health system has had with its real-time analytics monitoring platform, RAMP, is the focus of an artificial intelligence-themed session at HIMSS25 in March.

< + > What will AI do for telemedicine in 2025? More than you might think

Computer vision and sensor integration, evolution in virtual specialty care and other innovations are transcending the hype cycle and showing results, says one telehealth leader.

< + > Healthcare Cybersecurity – 2025 Health IT Predictions

Check out our community’s Healthcare Cybersecurity predictions:

Bill Murphy, Director of Security and Compliance at LeanTaaS
As we enter 2025, AI is revolutionizing cyber threats in concerning ways. Cybercriminals are leveraging AI to craft highly persuasive phishing campaigns that overcome traditional red flags. With AI tools, attackers, especially those operating from outside the U.S., can generate highly convincing messages without easy-to-spot indicators like poor grammar or awkward phrasing. By analyzing targets’ digital footprints, AI enables highly personalized attacks that are increasingly indistinguishable from legitimate communications. The accessibility of AI tools has dramatically lowered barriers to entry for cybercrime, enabling less sophisticated actors to launch complex attacks that previously required significant technical expertise and resources.

Deepfake technology presents another critical threat, with AI-generated video and voice content enabling unprecedented impersonation attacks. Recent incidents involving fake video calls and voice cloning demonstrate the technology’s potential for sophisticated fraud. Perhaps most concerning is how AI’s perceived authority may lead users to accept its outputs without verification. As organizations integrate AI systems, they face a dual challenge: protecting against AI-enabled attacks while ensuring employees maintain critical thinking and verification practices rather than defaulting to blind trust in AI-generated content.

Joel Burleson-Davis, SVP Worldwide Engineering, Cyber at Imprivata
Identity security challenges in healthcare will make way for a passwordless future. A new GAO report revealed that the Department of Health and Human Services has faced challenges mitigating cybersecurity risks in the healthcare sector. One of the biggest struggles has been identity security, largely attributed to hospitals balancing large workforces, contractors, billing systems, strict compliance and privacy regulations, and the need for quick, always-on access to patient data across multiple shared devices.

While healthcare remains a top target for breaches, next year I anticipate an acceleration in the shift toward passwordless, whether it is adopting passwordless technology or preparing to adopt it, authentication across the healthcare industry. Passwordless authentication is an important step along the path to enhanced security and workflow efficiency, moving organizations from password-based access to fully passwordless workflows over time. For example, masking passwords from users significantly reduces cyber risks and improves clinical workflows today, getting rid of the password entirely only improves that benefit. By adopting passwordless authentication tailored to diverse healthcare workflows, organizations can protect sensitive data, boost operational efficiency, and enhance patient care.

Kel Pults, DHA, MSN, RN-BC, NREMT, Chief Clinical Officer and VP Government Strategy at MediQuant
In 2025, healthcare organizations are likely to significantly increase budgets for cybersecurity and infrastructure projects in response to the large breaches of recent years. This heightened focus on data protection may drive greater adoption of SaaS models. Organizations will also prioritize gap analyses to identify vulnerabilities, addressing both external threats from bad actors and internal risks, whether intentional or inadvertent. By proactively strengthening defenses and mitigating risks, healthcare providers can better safeguard their systems and maintain trust in an increasingly challenging digital environment.

Ty Greenhalgh, Industry Principal of Healthcare at Claroty
Critical vulnerabilities in healthcare’s supply chain pose significant risks to patient care. Proactively identifying and securing these choke points is essential to minimizing disruption and safeguarding vital resources. The recent attacks on organizations like Change Healthcare and One Blood highlight the importance of understanding and protecting these critical facilities. The need to address weaknesses in the healthcare supply chain is more pressing than ever for these organizations.

By mapping out the workflows and dependencies within the healthcare supply chain, especially focusing on third-party access, organizations can pinpoint areas of vulnerability and implement robust security measures. This includes segmenting the supply chain, identifying connections, and reviewing access credentials. If Change Healthcare had mapped out and understood the access their third-party vendors had, the detrimental impacts of this breach could have been significantly reduced.

To be prepared for evolving threats in 2025, healthcare organizations must adopt a proactive approach to security. By thoroughly mapping out third-party access points and continuously reviewing security protocols, providers can significantly reduce the severity of attacks and ensure continuity of care and the availability of essential medical supplies.

Tony Lauro, Senior Director, Security Technology and Strategy at Akamai Technologies
As we move into 2025, the healthcare industry faces a growing threat from ransomware attacks, with far-reaching consequences, as we saw in this year’s cyberattack on Ascension Hospitals. Healthcare organizations highly value reputation and attackers know they will pay to avoid controversy. Conversely, rural hospitals, in particular, will become increasingly attractive targets due to the desperation factor, which significantly influences the likelihood of ransom payments. Once considered “off limits,” healthcare facilities under immense stress and with limited resources are expected to become prime targets for cybercriminals.

Petros Efstathopoulos, VP of Research at RSAC
Healthcare IT will overhaul identity management in 2025 with AI and ‘decentralized identity.’ In 2025, healthcare IT will face increasing pressure to modernize their identity security protocols to combat increasing cyber threats and meet operational demands. The Change Healthcare ransomware attack, which stemmed from a lack of MFA, highlighted the urgent need for stronger identity protections. And as AI-powered tools become central to healthcare, AI-driven IAM will be crucial for securely managing human and machine identities.

Patient-centric access controls enabling granular data privacy protections will also be key to maintaining trust and regulatory compliance. While decentralized digital identity approaches are still in the early stages, they offer a glimpse of a more secure, interoperable future for the industry. Healthcare leaders who invest in advanced IAM now will strengthen their defenses and position organizations for long-term success in an increasingly connected and risky ecosystem.

Michael McNerney, SVP of Security at Resilience
2025 is shaping up to be the most challenging year on record for the healthcare industry when it comes to cybersecurity. Health plans, providers, insurers, and others are facing a perfect storm: the new presidential administration has injected renewed uncertainty around policy and regulation; the Change Healthcare attack and subsequent fallout have emboldened other eager hacking groups; continued digitization and interconnectedness have been shown to open up new points of failure simply waiting to be exploited; and an expected rise in M&A in the sector has the potential to introduce entirely new kinds of vulnerabilities as two companies come together. It’s not all doom and gloom, though.

Often, a perfect storm like this is, unfortunately, exactly what’s needed for an industry to wake up to the reality of today’s cyber threat landscape, then act accordingly to pull themselves together and invest in safeguards and thorough risk management strategies that they may have previously lacked. Airlines had their own security wake-up call over the summer after the CrowdStrike outage; while that doesn’t necessarily mean I predict a 2025 outage of that magnitude for the healthcare sector, I do believe that the challenges facing healthcare now are so novel and dangerous that we may very well end up seeing a more resilient version of the industry by 2026.

Cecil Pineda, SVP, Chief Information Security Officer at R1
By 2025, the rise of digital tools, AI, and automation in revenue cycle management will amplify the need for robust cybersecurity measures. Providers must deploy advanced threat detection and real-time monitoring systems to protect sensitive patient and financial data from increasingly sophisticated cyberattacks. Integrating proactive security protocols and automated responses will safeguard revenue cycle operations from breaches and downtime, ensuring compliance and preserving trust. These measures will be essential to maintaining the integrity of healthcare financial systems in an interconnected, high-tech landscape.

David Deas, CTO at Red Rover Health
The escalating threat of cyberattacks in healthcare will demand a proactive approach to data security in 2025. Organizations will prioritize advanced cybersecurity frameworks to safeguard sensitive patient and organizational data while maintaining trust. Seamlessly integrated security measures that protect systems without disrupting workflows will become a baseline requirement as healthcare continues to digitize and expand its reliance on interconnected networks.

Robert Bobel, Founder and CEO at Cayosoft
Nation-state-run ransomware groups will sharpen their focus on critical infrastructure organizations and their supply chains. In early 2024, we saw ransomware groups shed what ethics they had to target large organizations that served critical functions for society – Change Healthcare and Ascension Healthcare being prime examples. Traditionally considered off-limits as targets, the disruption and urgency caused by such attacks create Catch-22 scenarios in which targets more reliably paid high ransoms for quick resolutions. For this reason, I expect we’ll see increasingly daring ransomware attacks against critical infrastructure targets in 2025. In response, we’ll see a sharp increase in disaster recovery demand to complement the defense solutions on the frontlines.

Richard Wallace, Cyber Security Threat Analyst at Vercara
In the past year alone, nearly 400 healthcare institutions were successfully hit by ransomware. Healthcare organizations have become lucrative targets for cybercriminals due to the value of their nature, considering things like sensitive data and protected health information (PHI), the urgent need for data access, the use of legacy systems and software, and critical, time-sensitive services. In 2025, we’ll likely see increasing threats in the sector, but on a larger scale, as attackers become more sophisticated and use more advanced techniques like AI to make detection more difficult for security teams. Organizations must improve visibility across the network, endpoints, devices, and partners to keep pace with more attacks next year. Organizations should also consider using enhanced access controls and DNS solutions to counteract attacks like ransomware.

Yuval Wollman, Chief Cyber Officer at UST
In 2025, cybersecurity will be the top business function benefiting from AI, and analysts report they are seeing time savings of 40% on core tasks, including investigation. Specifically for incident response, Generative AI will augment security operations teams to boost detection capabilities and reduce the alert backlog analysis within the SOC. Furthermore, it will continue to enable healthcare security professionals without a full developer skill set to perform detection-as-code-related tasks, enhancing the overall efficiency and effectiveness of security operations teams for healthcare organizations.

This, in turn, will reduce the Mean Time to Detect (MTTD) as well as the Mean Time to Resolve (MTTR), a crucial task when these metrics have a real-world impact on human safety and patient care. While healthcare data will always be valuable to attackers, healthcare organizations in 2025 will reduce the likelihood of a breach through Cyber Threat Intelligence (CTI) services that reveal any exposed security risks. In particular, CTI leads automatically correlate with environmental logs to help identify suspicious behaviors early, and analysis of C2 architecture and metadata can assist further.

Additionally, if the worst occurs, healthcare organizations can limit the fallout from an attack by prioritizing the development of an incident response plan and working with outsourced MDR/MXDR vendors to fill gaps in expertise and resources. This also allows them to leverage the latest advancements in AI and automation without spending time and resources to build or develop in-house. With so many fires to fight (79% of security teams say they currently have 500 or more alerts open), there is no longer a way to ensure a truly risk-free enterprise environment. Instead, what McKinsey dubbed a risk-based model for security back in 2019 will be more crucial in 2025 than ever.

Anand Naik, CEO at Sequretek
As healthcare’s reliance on digital systems deepens, cybersecurity in 2025 must tackle the complexities of interconnected networks managing patient data. AI-powered security will transform threat detection, utilizing machine learning models trained on global intelligence feeds to recognize and mitigate cyber risks in real-time. Generative AI will accelerate proactive threat hunting and attack path analysis, addressing vulnerabilities before breaches occur. Autonomous parsing and advanced contextual analytics will simplify threat identification across diverse endpoints, including IoT devices and telehealth platforms. Zero-trust frameworks will integrate with AI-driven capabilities, ensuring continuous verification at every access point.

Blockchain-inspired solutions, combined with AI-driven attack surface management, will secure data interactions, enhancing both transparency and resilience. Leveraging extensive threat intelligence, healthcare systems can pre-emptively defend against sophisticated attacks while ensuring data integrity. By embedding these robust AI and blockchain-enabled security measures, healthcare providers will demonstrate a solid commitment to protecting patient information. This approach will foster patient trust and ensure safe, resilient operations in a rapidly evolving digital landscape.

Steve Cagle, CEO at Clearwater
In 2025, healthcare organizations will continue to advance their cybersecurity and risk management programs, building on the progress we’ve seen. Many have already embraced industry best practices, conducting business impact analyses to identify critical systems, developing robust continuity plans, and practicing incident response. Those lacking internal resources are partnering with expert providers to strengthen their defenses.

Next year, we expect broader adoption of these proactive measures as awareness grows among business leaders, making cyber risk management a priority. Organizations will increasingly invest in long-term strategies to tackle evolving threats and secure both legacy and emerging technologies. However, progress won’t be universal. Healthcare remains a critical infrastructure sector, and we cannot depend solely on voluntary action. Anticipate new regulations, enhanced enforcement, and potential funding initiatives, especially for underserved hospitals, to drive accountability and ensure patient safety in an era of growing cyber.

Vijaya Krishna Veeravalli, Senior Vice President – Cloud Engineering at AGS Health
In 2025, the healthcare sector’s cybersecurity landscape will be shaped by evolving ransomware tactics, increased regulatory pressures, and the integration of advanced AI-driven defenses. As the threat of ransomware attacks pose risks and disruptions to operations and patient care, healthcare providers will need to adopt proactive measures to prevent service delays and protect patient safety. Financial impacts will likely escalate, with healthcare organizations not only incurring direct ransom demands but also higher costs related to compliance, cybersecurity improvements, and reputational recovery. AI will play a larger role in cybersecurity, with new AI-powered tools providing enhanced detection and automated response capabilities.

However, as AI itself becomes a target for cybercriminals, healthcare IT leaders must implement rigorous oversight to manage these tools responsibly. To stay resilient, organizations should prioritize advanced strategies like network segmentation, vulnerability disclosure policies, and regular third-party assessments. Additionally, proactive approaches, such as reducing dependence on legacy systems, applying multi-factor authentication, and maintaining a strict security patch schedule, will be critical to maintaining robust defenses against both established and emerging threats.

Heather Randall, PhD, Chief Compliance Officer at TrustCommerce, a Sphere Company
With healthcare organizations constantly under threat of data breaches and cybersecurity incidents, they must continue to take new steps to protect themselves against the increasing sophistication of these threats. For example, AI offers new ways for bad actors to illegally access sensitive data, making it imperative that providers and staff members limit access to patient data, evolve their risk analyses to adapt to the changing threat landscape, and regularly review their control environment to ensure it’s appropriate to their level of risk.

Ganesh Nathella, Senior Vice President and General Manager – HLS Business at Persistent Systems
By 2025, the intersection of AI and cybersecurity will redefine how healthcare systems protect sensitive data. As healthcare networks grow more complex, AI will become indispensable in detecting and neutralizing threats in real-time. For instance, machine learning algorithms can flag anomalies, such as unauthorized access to patient records or unusual activity on IoT devices, before damage occurs. Zero-trust frameworks, already a critical part of today’s cybersecurity strategies, will continue to evolve and become more pervasive, ensuring every access point, from wearables to telehealth platforms, is continuously verified.

Additionally, blockchain-inspired technologies may emerge as a standard, offering transparent and tamper-proof data interactions. Imagine a system where every patient data access or modification is logged immutably, ensuring trust and compliance. These advancements are not just about preventing breaches; they’re about reinforcing patient trust. A secure digital environment is critical for the adoption of innovative care models, making cybersecurity a cornerstone of healthcare’s future.

Navroop Mitter, CEO at ArmorText
As companies, venture capitalists, and other stakeholders come to terms with the inevitability of breaches, investments in post-breach preparedness will rise substantially. While regulatory mandates are driving compliance, venture capitalists are recognizing an under-served market: post-breach resilience. Previously dominated by pre-breach cybersecurity tools, the investment landscape is shifting. Organizations, witnessing gaps in their response capabilities following breaches, are increasingly prioritizing incident response planning and testing. This trend is expected to make post-breach resilience the new cornerstone of cybersecurity strategies.

Investments in out-of-band preparedness for incident response and business continuity will also multiply significantly. During incident response, organizations often find themselves unprepared for taking communications out of band securely, a critical gap that leaves them vulnerable. Effective response relies on communications continuity, and organizations will increasingly look to bolster their capabilities to ensure safe and secure out-of-band communication not only for cybersecurity professionals but also to support broader operational resilience across the enterprise.

Thank you so much to everyone who took the time out of their day to submit a prediction to us and thank you to all of you for taking the time to read this article! We could not do this without all of your support. What do you think will happen for Healthcare Cybersecurity in 2025? Let us know on social media. We’d love to hear from all of you!

Be sure to check out all of Healthcare IT Today’s Healthcare Cybersecurity content and our other 2025 Health IT Predictions.

< + > Stepful Secures $31.5 Million Series B Led by Oak HC/FT to Address U.S. Healthcare Worker Shortage

Investment will Expand Scalable Programs and Partnerships with Healthcare Providers, Aiming to Close Critical Workforce Gaps by 2025

Stepful, the company dedicated to re-imagining healthcare training for allied health professional jobs, today announced it has raised $31.5 million in Series B funding. The round was led by Oak HC/FT with participation from Y Combinator, Reach Capital, AlleyCorp, SemperVirens, Company Ventures, Green Sands, ECMC Education Impact Fund, Intermountain Ventures, and Cedar Pine.

Today, Stepful offers educational training programs for both entry-level positions, including medical assistants, medical admins, and pharmacy technicians, and advanced programs for licensed practical nurses and surgical technicians. Unlike other trade schools, Stepful is an AI-powered learning platform with an accelerated format, lower costs, and placement for students who successfully complete the program. To date, the company has seen strong growth in its business, expanding from 50 students in 2021 to more than 30,000 enrollees projected in 2024. With this new funding, Stepful will expand its B2B offering and continue growing its health system partnerships.

Stepful’s platform is designed for working adults, particularly from historically underserved communities, providing virtual instructor-led courses that include live, cohort-based learning sessions and one-on-one coaching for those looking for entry-level positions in hospitals and healthcare settings. Additionally, the program’s bite-sized, asynchronous, interactive learning modules allow students to manage their studies alongside other commitments, while AI-powered feedback offers personalized support and outreach to ensure students don’t fall behind.

“This funding supports our mission to make healthcare training more accessible while addressing the U.S. shortage of healthcare workers,” said Carl Madi, CEO at Stepful. “It enables us to reach more students, ensuring that our graduates can transition into high-demand roles more quickly, grow our practical nursing offerings, and open new schools in key regions. We’re also enhancing our capabilities to better serve healthcare employers by adding tools for screening and vetting, analytics, on-site learning support and to pursue strategic acquisitions.”

The U.S. healthcare system will face a shortage of 3.2 million allied healthcare workers, nurses, and mental health professionals by 2026, according to the American Hospital Association, which could result in $86 billion in increased expenses and employee burnout. Traditional educational models, such as community colleges and trade schools, often require in-person attendance, have enrollment caps, and are costly—limiting their scalability in addressing these shortages.

Stepful’s approach has yielded industry-leading outcomes, including an 87% NHA CCMA exam pass rate—ten points higher than the national average—and a 75% completion rate. Stepful currently serves 13,000 monthly active students and boasts a network of over 8,000 healthcare partners where students complete hands-on clinical training.

“Stepful is addressing a significant unmet need to mitigate the health professional labor shortage, and they’re doing it while creating a win-win situation for both students and employers,” said Vig Chandramouli, Partner at Oak HC/FT. “The quality and outcomes of Stepful’s program have proven to be superior to current options with higher graduation rates, certification pass rates, and job placement rates, all at a lower cost. We’re proud to partner with Stepful as they scale their impact.”

As the $28 billion healthcare training market continues to grow amidst labor shortages, Stepful is positioning itself as an end-to-end workforce solution for healthcare employers, adding tools like online training, on-site learning support, and analytics. By collaborating with major healthcare providers like Providence, Ohio State University Physicians, and Johns Hopkins All Children’s Hospital, Stepful’s growing B2B segment is positioned to help systems directly feed their labor pool with well-trained, skilled workers.

About Stepful

Stepful offers accelerated, affordable training programs for healthcare roles. Through partnerships with healthcare providers, Stepful connects students to job opportunities after certification. Stepful was co-founded by Carl Madi, Tressia Hobeika, and Edoardo Serra. For more information, visit stepful.com.

About Oak HC/FT

Oak HC/FT is a venture and growth equity firm specializing in investments in fintech and healthcare. Using partnership as a foundation, Oak HC/FT guides companies and founders at every stage, from seed to growth, to create businesses that make a measurable and lasting impact. Founded in 2014, Oak HC/FT has invested in over 85 portfolio companies and has over $5.3 billion in assets under management. Oak HC/FT is headquartered in Stamford, CT, with an office in San Francisco, CA. Follow Oak HC/FT on LinkedIn and X and learn more at oakhcft.com.

Originally announced November 13th, 2024

Wednesday, December 25, 2024

< + > Merry Christmas!!

As you can probably imagine, we’re taking the day off for Christmas. We hope you’re enjoying time with the people you love and and are having an amazing holiday. However, we did take time to create this little holiday video with the Healthcare Scene team to celebrate this holiday season. Turns out that we have a very multi-lingual team here at Healthcare Scene, so this year we decided to celebrate the holidays in our second language. We hope you’ll enjoy!

We appreciate each of you in the Healthcare IT Today community. We’ll be back tomorrow with some more amazing healthcare IT content.

Merry Christmas!

Tuesday, December 24, 2024

< + > Key Challenges in Maintaining Compliance with Regulatory Standards in the Context of Health Information Management

Rules and regulations are an integral part of life, especially in the world of healthcare where you are dealing with very sensitive information and situations. Though it may not always be clear at first glance, rules and regulations are put in place to help protect people and make things as fair as possible. Where it gets tricky, however, is the span of time between when we implement our systems and when the rules and regulations were written and enacted. During that time span, technology has advanced, new ideas and plans have been created, and what we value may have shifted.

This can result in situations where you are trying to do something new that will be a great benefit to your organization, staff, and/or patients, but it’s extremely complicated to near impossible to do it while maintaining your compliance with current regulations. Or the complete opposite can happen to you. There can be situations where your organization has been functioning in a specific way for a while – only for new regulations to be written and/or old regulations to get updated in such a way that you are suddenly no longer in compliance. Currently, one such tricky area is health information management.

To learn more about this, we reached out to our brilliant Healthcare IT Today Community and asked them — what are the key challenges in maintaining compliance with regulatory standards, such as HIPAA, in the context of health information management? The following are their answers.

Bill Olsen, Co-Founder and CTO at UptimeHealth
The primary challenge in maintaining compliance with regulatory standards like HIPAA in health information management lies in data governance. Strict regulations govern the sharing of Protected Health Information (PHI) to safeguard patient privacy. However, these restrictions can conflict with the need to utilize this data in analytics and AI systems aimed at enhancing patient outcomes. Developing these systems often requires using real or closely approximated statistical data.

John Squeo, Senior Vice President & Market Head, Healthcare Providers at CitiusTech
Maintaining compliance with regulatory standards like HIPAA in health information management is challenging due to the ever-evolving nature of regulations and the increasing complexity of healthcare systems. Additionally, the culpability of health systems for third-party-caused breaches makes privacy assurance and digital security programs even more complex to implement and consistently execute. Furthermore, the growing volume of electronic health records and the need for interoperability between different systems can make it challenging to ensure compliance with all relevant regulations.

Brian Laberge, Solution Engineer, Health Language at Wolters Kluwer Health
Constant evolution to address new technologies that are brought into the healthcare workflow- such as AI-enabled tools that provide Clinical Decision Support to providers or patients or regulations for data sharing across stakeholders, makes it challenging to keep up with the regulatory standards. Further, there are state-specific variations in the laws which makes it challenging for technology vendors to provide solutions with state-specific variations and customizations based on the markets they serve.

All technology platforms aren’t created equal, and the influx of technology companies into healthcare offers an opportunity for risk if these new entrants aren’t taking the proper precautions to protect patient data. There are rules on the transparency of AI models (including HTI-1) and the data they are trained on as well as HIPAA requirements. Health information professionals need to ensure they have a solid data governance process and understand the models they are incorporating into processes to stay compliant. Technology also should have the necessary security certifications to ensure security and data privacy and can control who sees what only when they need to see it. Further, technology platforms should rely on the most current regulatory guidance (annual ICD-10 updates, HCC version model changes, etc.), and should have a process in place to keep track of these updates to ensure compliance.

Bridget O’Connor, Chief Operating Officer (COO) at Fortalice Solutions
The key challenge in maintaining compliance is always remembering that HIPAA compliance goes deeper than the surface level within the organization. It’s more than just completing your annual HIPAA assessment. The remediation items from the assessments need to be tracked through resolution and, in some cases, need to be re-tested or audited to ensure they’ve been addressed. Additionally, with third-party risk being one of the leading causes for breaches, ensure you have a robust Vendor Management Office and process to make sure your vendors (if applicable) are also compliant and ask them to attest to it.

Jason Griffin, MBA, CISM, Managing Director of Digital Health Strategy and Cybersecurity at Nordic Global Consulting
Compliance with regulatory standards like HIPAA presents several key challenges for health information management (HIM) professionals. One significant hurdle is the ever-evolving nature of technology and cybersecurity threats, which require constant vigilance and adaptation. As healthcare organizations increasingly adopt digital solutions and electronic health records (EHRs), the potential for data breaches and unauthorized access escalates. HIM professionals must implement robust security measures and stay informed about the latest regulations and best practices to mitigate risks. Ensuring that all staff are adequately trained in compliance requirements and security protocols further complicates the landscape, as ongoing education is essential to prevent costly violations. Another challenge in maintaining compliance arises from the complexity and diversity of healthcare environments.

Organizations often need help to integrate and standardize data across various systems and departments. Fragmentation can lead to inconsistencies in data handling and privacy measures, making it difficult to ensure the consistent compliance practices needed to meet HIPAA standards. Additionally, the need for collaboration among multiple stakeholders—including healthcare providers, IT personnel, and legal teams—can create communication barriers that hinder compliance efforts. Navigating these challenges requires a concerted effort from HIM professionals to foster a culture of compliance, ensuring that all aspects of health information management are aligned with regulatory standards while safeguarding patient privacy and data security.

Diana Sonbay-Benli, VP & Chief Product Officer, Cognizant TriZetto Healthcare Product at Cognizant
Maintaining compliance with regulatory standards like HIPAA is increasingly complex, especially as lesser-known aspects of HIPAA grow in significance. Further, compliance extends beyond HIPAA; health information management must navigate a broad range of federal and state-specific regulations. Meeting the demands of this wider regulatory scope is challenging, particularly as regulations constantly evolve and vary by jurisdiction. Organizations must also track regulatory changes impacting other stakeholders, such as providers monitoring payer regulations and vice versa. This is essential because new regulations can open strategic opportunities for data use and influence the timing of technological advances and adoption. The key challenge is staying agile—maintaining data integrity, security, and privacy—while balancing compliance with changing regulatory landscapes and capitalizing on new opportunities.

Susan Clark, Senior Director of Community & Advocacy at DirectTrust
Health information management (HIM) professionals face numerous challenges in maintaining compliance with evolving regulatory standards like HIPAA, particularly as new rules emerge. For instance, the recently finalized HIPAA Reproductive Rule introduces additional consents and attestations for law enforcement, creating complexity around what qualifies as reproductive data. HIM must also balance federal rules with state-specific legislation on data privacy, reproductive or gender-affirming care, and artificial intelligence.

The introduction of the Information Blocking Rule has expanded HIM’s role in data asset management, helping to define and track the flow of information. Yet another challenge is adapting consents to electronic environments, which could reduce the burden on both patients and staff. While some electronic consent systems show promise, standardization and widespread adoption remain limited. But there are many collaborative industry initiatives, including Sequoia Project’s Interoperability Matters Privacy & Consent Workgroup that are trying to create more uniform, compliant, and efficient workflows.

Ram Krishnan, CEO at Valant
Many practices rely on email for communication, but this presents substantial risks to HIPAA compliance. First, email addresses are often mistyped, which can result in dangerous disclosures of protected health information (PHI). Even if they reach their intended recipient, emails are often overlooked or misdirected to spam folders, and they are usually unencrypted. As a result, emails can more easily be intercepted by third parties than information conveyed through a secure web portal. This does not mean you should skip email entirely, but you can help ensure compliance by limiting the use of email to alerts and reminders that direct patients to a patient portal.

Effective EHR software with a fully integrated patient portal helps ensure HIPAA-compliant interactions and allows patients to manage their care in a secure and HIPAA-compliant way. This includes viewing and paying bills, managing appointments, and completing and e-signing forms. Mobile app functionality is another thing to consider, as many patients prefer to use mobile devices for these types of tasks.

Marlena Herrera, Director, Customer Success at Protegrity
The key challenge in maintaining compliance with regulatory standards in the context of health information management is that there are guidelines and requirements but often, there are no specifications on the requirements and how they need to be implemented to be considered compliant. This causes organizations to take an independent assessment of the regulatory standards which may vastly vary from one organization to another depending on their leadership, risk appetite, and maturity in technology and their approaches.

In addition, there are often new regulatory standards and requirements that may vary from state to state or emerge with new requirements based on governmental requirements that create challenges to adherence. Reviewing these requirements holistically and creating a strategic approach to meeting the requirements in alignment with organizational risk, leadership, and technical maturity often results in faster results with the ability to quickly adjust and meet new requirements.

What great answers! Huge thank you to Bill Olsen, Co-Founder and CTO at UptimeHealth, John Squeo, Senior Vice President & Market Head, Healthcare Providers at CitiusTech, Brian Laberge, Solution Engineer, Health Language at Wolters Kluwer Health, Bridget O’Connor, Chief Operating Officer (COO) at Fortalice Solutions, Jason Griffin, MBA, CISM, Managing Director of Digital Health Strategy and Cybersecurity at Nordic Global Consulting, Diana Sonbay-Benli, VP & Chief Product Officer, Cognizant TriZetto Healthcare Product at Cognizant, Susan Clark, Senior Director of Community & Advocacy at DirectTrust, Ram Krishnan, CEO at Valant, and Marlena Herrera, Director, Customer Success at Protegrity for taking the time out of your day to submit a quote to us! And thank you to all of you for taking the time out of your day to read this article! We could not do this without all of your support.

What do you think are the key challenges in maintaining compliance with regulatory standards, such as HIPAA, in the context of health information management? Let us know either in the comments down below or over on social media. We’d love to hear from all of you!

Health News