As we wrap up another year and get ready for 2025 to begin, it is once again time for everyone’s favorite annual tradition of Health IT Predictions! We reached out to our incredible Healthcare IT Today Community to get their insights on what will happen in the coming year and boy did they deliver. We in fact got so many responses to our prompt this year, that we have had to narrow them down to just the best and most interesting. Check out the community’s predictions down below and be sure to follow along as we share more 2025 Health IT Predictions!
Check out our community’s Healthcare Regulations and Healthcare Compliance predictions:
Shubh Sinha, CEO at Integral
In 2025, compliance will get a seat at the decision-making table. Until now, senior leaders have viewed compliance as a box to check off or, worse, a bottleneck to innovation. That has changed in an era of rising risk, especially in the past year, as healthcare data breaches have exposed vulnerabilities, strangled cash flow, and broken consumer trust. Now, leaders recognize the importance of bringing compliance in at the start of discussions around business strategy, how to incorporate advanced tools for innovation, including AI, and what to consider in leveraging data for advanced analysis.
Simultaneously, we’re poised to witness an evolution in risk management among healthcare leaders. This will lead to more sophisticated security frameworks that enable innovation while maintaining robust protection. Ultimately, this will double organizations’ dataset purchases in 2025 as companies invest in solutions that deliver critical insights faster to better understand consumers at scale.
Keavy Murphy, Vice President of Security at Net Health
In 2025, the Health Infrastructure Security and Accountability Act (HISAA) could significantly impact the healthcare industry through its influence on policy and practice. If passed, healthcare organizations will face mounting expectations to implement rigorous cybersecurity measures, including regular security assessments, compliance certifications, and business resiliency plans. Noncompliance, with penalties similar to those under HIPAA, will compel many organizations to prioritize these efforts as part of their core operational strategies.
This regulatory shift will drive innovation, with vendors developing advanced, compliance-focused tools to help healthcare entities manage risks more effectively. Even if it doesn’t pass, HISAA’s development has already raised the bar, prompting accelerated efforts to establish robust security standards across the industry, ensuring safer operations and bolstering patient trust.
George Pappas, CEO at Intraprise Health, a Health Catalyst Company
Cybersecurity standards and requirements will continue to rise in 2025. In some cases, such as in New York state, this will happen through new legislation. In other instances, healthcare leadership at the board level will recognize that basic protections and HIPAA compliance are no longer enough to ensure comprehensive security. Additionally, cybersecurity insurers will require clients to implement more robust safeguards before offering coverage, especially as insurance pricing begins to stabilize.
Scott Stuewe, President and CEO at DirectTrust
My predictions for cybersecurity in 2025 fork between my hopes for continued progress and my fear that progress may be halted by a hard reset in the new administration. If existing laws, bi-partisan bills are already introduced, and continued focus on the work done by the Healthcare Sector Coordinating Council (HSCC) can remain the focus, progress can be made. With the HSCC’s collaboration between government agencies and over 400 industry participants, healthcare has an opportunity to set the standard for how to harden a critical sector to these threats.
My hope is that with the support and advocacy of HSCC, more organizations will pursue independent assessments of recognized security practices and continue to increase cybersecurity focus and budgets. My worry is that the progress of the industry and this robust public-private partnership will be ignored and a new, less inclusive, and less coordinated effort will emerge.
Ronen Gordon, MBBS BSc, VP of Medical Product at Navina
Regulatory uncertainty will continue to shape the healthcare technology landscape, raising critical questions on whether current and new frameworks offer sufficient guidance or leave too much room for ambiguity. A balanced approach will be necessary to protect patient safety while providing access to cutting-edge solutions. Ethical considerations, especially with AI-driven diagnostics and direct patient interactions will continue to heighten the need to manage potential risks and ensure accountability.
Melissa James, Senior Consultant, Health Language at Wolters Kluwer Health
The 2024 OIG reports revealed significant overpayments tied to unsupported diagnosis codes, underscoring the urgent need for MAOs to bolster their compliance efforts. With Risk Adjustment Data Validation (RADV) audits resuming and introducing extrapolated repayment penalties for the first time, the financial stakes are higher than ever, potentially resulting in substantial repayment demands. MAOs must prepare for heightened regulatory scrutiny by implementing robust compliance frameworks, increasing retrospective chart reviews, and enhancing coding accuracy. Organizations that effectively integrate and analyze siloed clinical data while prioritizing internal audits will be better equipped to adapt to the shifting regulatory landscape in 2025 and beyond.
Akshay Sharma, Chief AI Officer at Lyric
Fewer regulations, more chaos, but way more ideas that will materialize. 2025 may see more leniency of AI regulations under a shifting political landscape, leading to an explosion of innovative models, which may trade off risks for features. Companies that embrace early AI governance strategies will gain a critical edge as they navigate the growing threats of adversarial attacks and ethical challenges. As complexity and capabilities grow by leaps and bounds, so does the need for “superalignment” and protection from adversarial attacks.
Annie Lambert, PharmD, BCSCP, Clinical Program Manager for Compliance Solutions at Wolters Kluwer Health
With recent updates to USP standards, pharmacies have braced for a heightened regulatory environment, while balancing staffing and drug shortages. This will continue in 2025 as enforcement of the regulations becomes clearer and pharmacies strive to maintain compliance with the new standards. To navigate these shifts, healthcare leaders must prioritize readiness, invest in adaptable systems, and leverage technology to enhance limited resources. Early action will be crucial for continual readiness and operational resilience.
Metin Kortak, Chief Information Security Officer at Rhymetec
There should, and will, eventually be a compliance framework developed solely for healthcare organizations. While HIPAA is a law and provides regulations, there’s no formal certification process for compliance right now, which leaves a real gap. HITRUST, the Health Information Trust Alliance, covers privacy regulations like ISO 27001 as well as HIPAA and could potentially be used as a model, although it’s not strictly for healthcare. There’s still a need for a compliance framework that is.
Another prediction I have revolves around the adoption of AI in healthcare. First, it will be limited due to existing regulations, like HIPAA. So while organizations can use AI, they’ll have to take care to anonymize any data they’re using to avoid violating privacy laws. Naturally, this will make AI implementation a challenge. It wouldn’t surprise me at all if there are updates made to HIPAA, or dedicated regulations created specifically around AI in healthcare, to make pairing the two possible, without sacrificing privacy.
Flavio Villanustre, SVP, Technology & Global Information Security Officer at LexisNexis Risk Solutions
Regulatory enforcement in healthcare can impose hefty fines and even personal liability and criminal prosecution of directors and executives upon compliance failures. HIPAA, for example, can impose up to $100,000 in fines and 5 years imprisonment to those who knowingly obtain or disclose protected health information. This illustrates exactly why it is so important for health information management professionals to implement appropriate records management systems that create and maintain tamper-proof audit trails, and to utilize the principles of “need to know” and “least privilege” throughout their processes and systems.
Nicholas Barger, Pharm.D., V.P., Product at DrFirst
In the face of looming regulatory mandates, health IT developers will be at a crossroads in 2025, and the path they choose will have implications on their readiness to meet evolving business priorities. With the uncertainty that comes with a new administration, these companies will have even more reasons to outsource their development needs to stay nimble and lean. This is a significant opportunity for platforms that can reduce compliance burdens while enhancing workflows and data-driven insights.
Sarah Reed, Data Science Leader at Janus Health
Recent advancements in LLMs, generative AI, and intelligent agents will demand a fundamental shift in skillsets and mindsets among stakeholders, product managers, and technical teams throughout 2025. To fully capitalize on these transformative technologies, healthcare systems will need to prioritize targeted training programs and pilot projects that explore practical, high-impact applications. Human oversight will be essential to prevent hallucinations and ensure AI performs effectively in complex or nuanced areas.
Investments in scalable IT infrastructure and AI governance will also be crucial to support the integration of these AI tools, robust performance, and adherence to HIPAA and other regulations. As AI capabilities evolve, regulatory frameworks will need to catch up, demanding proactive AI governance to maintain compliance. As always, interoperability will remain a significant challenge in healthcare IT, and deploying LLM-based tools across diverse systems will create friction, requiring investment in standardized APIs and workflows.
Thank you so much to everyone who took the time out of their day to submit a prediction to us and thank you to all of you for taking the time to read this article! We could not do this without all of your support. What do you think will happen for Regulations and Compliance in 2025? Let us know on social media. We’d love to hear from all of you!
Be sure to check out all of Healthcare IT Today’s Regulations and Compliance content and our other 2025 Health IT Predictions.
No comments:
Post a Comment