Is there a hacker in the house? | Partner news | Newsmakers: Clinicians with questions, patient technology technicians, more

Almost one in three healthcare organizations allow their people to use AI without formal restrictions. Half permit AI utilization as long as the models have been OK’d by management. Only 16% prohibit AI outright.  

The findings are from a new survey conducted by the Healthcare Information and Management Systems Society, aka HIMSS. The project’s focus was not limited to AI—the researchers were interested in uncovering the broader landscape of cybersecurity across healthcare. But AI ends up consuming a considerable patch of real estate in the survey report. 

The survey drew representative responses from 273 healthcare cybersecurity professionals working not only for providers (50%) but also for vendors (18%), consulting firms (13%), government entities (8%) and other organizations (11%). 

Respondents ranged from C-suite leaders (50%) to non-executive management (37%) to non-management (13%). 

What all had in common was holding some level of responsibility for day-today cybersecurity operations or cybersecurity activities.

Here are highlights from the AI section of the report. 

AI use cases. 

37% of respondents reported using AI for technical tasks like support and data analytics, 35% for clinical services such as diagnostics, and cybersecurity and administrative tasks (each 34%). HIMSS comments: 

‘More AI technology use cases are anticipated for the future as AI becomes more prevalent.’

AI guardrails. 

Nearly half the field, 47%, indicated that their organizations have approval processes, while 42% reported that they do not. An additional 11% were unsure whether such processes exist within their organizations. The authors remark: 

‘An approval process serves as a proactive guardrail by vetting AI technologies before adoption, reducing the likelihood of unauthorized or inappropriate use. Meanwhile, monitoring AI usage functions as a reactive guardrail, providing ongoing oversight of AI activities to identify and address potential misuse, compliance issues or security risks.’

Active monitoring of AI. 

31% of respondents reported their organizations actively monitor AI usage across systems and devices, while 52% said they do not and 17% did not know. HIMSS points out: 

‘The lack of monitoring poses risks such as data breaches and others. There is a need for robust monitoring strategies to ensure safe and responsible use of AI technologies.’

Acceptable use policies. 

42% of respondent stated that their healthcare organizations have written AUPs for AI, 48% indicated they do not, and 10% did not know. HIMSS notes: 

‘An acceptable use policy sets clear guidelines for the safe and responsible use of technology, including AI, and can be standalone or integrated into a general policy based on the organization’s AI adoption.’ 

Future cybersecurity concerns involving AI. 

75% of respondents cited data privacy as a top concern, followed by data breaches (53%) and bias in AI systems (53%). Nearly half expressed concerns about intellectual property theft (47%) and lack of transparency (47%), while 41% highlighted patient safety risks. HIMSS writes: 

‘These findings underscore the need for robust safeguards, ethical frameworks and proactive measures to address the risks.’

Insider threat and AI. 

A small percentage of respondents reported negligent insider threat activity (5%), malicious insider threat activity (3%), or both negligent and malicious insider threat activity (3%). HIMSS states: 

‘While these numbers may seem small, it is likely that many organizations have not yet implemented monitoring specifically for AI-driven insider threats, leaving potential risks undetected.’

Amplifying the implied call to arms against insider threats, the authors write: 

‘The growing reliance on AI tools and systems introduces new opportunities for both negligent and malicious insider activity, which can amplify risks to sensitive data and operational integrity.’

HIMSS doesn’t specify which geographic regions it included in the survey, but the group operates in North America, Europe, the U.K., the Middle East and Asia-Pacific.

Download the full report here.

Nabla Expands AI Offering with Dictation to Further Streamline Clinical Workflows - Nabla, the leading ambient AI assistant for clinicians, strengthens its ambient AI technology with the addition of Nabla Dictation, a voice-to-text solution to further streamline clinical workflows for more than 55 specialties. Built in close partnership with leading health systems, Nabla Dictation introduces new enhancements while leveraging its signature ease of use to work seamlessly across all EHR platforms. Learn more here.

Buzzworthy developments of the past few days.

• Medical device companies navigating regulatory pathways should know: Large language models are not reliable guides. Veeva Systems found this out when it put six of the top LLMs through their paces for this use case. The cloud application vendor tested the models’ chops on three discrete tasks. These were a.) giving strategic advice on the EU AI Act, b.) retrieving and summarizing information, and c.) classifying medical devices in order to illuminate marketing or regulatory pathways. The models were Perplexity, Mistral, Gemini, OpenAI, Llama and Claude. Veeva found that, on average, LLM performance ranged between 25% and 79% when benchmarked against human experts (100%). The author of the paper describing the project, Veeva director of med-tech regulatory strategy Diogo Geraldes, offers some advice. When analyzing and applying regulatory guidance, he writes, regulatory affairs professionals “may only want to use an LLM as a ‘sparring partner.’” 
   
• Healthcare AI ‘nutrition labels’ have taken a big step toward fruition. Officially called CHAI Applied Model Cards, the acronym standing for the Coalition for Health AI, the labels are getting their own registry. CHAI is working with Microsoft experts at Avanade to set it up. The main idea behind the cards is to let health systems evaluate AI products before buying them. One major reason for the registry is to help AI vendors standardize their means of informing customers and prospects. CHAI hopes to see more sharing of info among and between both providers and developers. At UMass Memorial Health in Massachusetts, an early adopter of the card system, associate CMIO Elisabeth Garwood, MD, says the model cards will “play a crucial role in the AI governance process by consolidating information in an easily digestible format, facilitating product comparisons and providing standardized data that meets the needs of various stakeholders.” The information to which she refers includes model training data as well as any known risks for legal exposure. CHAI announcement here, Newsweek coverage here. 
   
• The buzz over AI agents in healthcare is getting more insistent. If you need to play a little catchup on agentic AI—the general concept as well as some of the specific capabilities and products—you could do worse than to spend a few minutes with Harvey Castro, MD, MBA. Breaking down the basics at KevinMD, Castro says AI agents will soon be essential to modern healthcare systems. “These intelligent systems are increasingly applied in medical documentation, diagnostics and patient engagement, offering substantial potential for improved patient outcomes and reduced physician burnout,” he writes. However, as with any AI for healthcare, agentic AI “must be guided by rigorous clinical evidence, ethical oversight and regulatory compliance to ensure measurable and beneficial outcomes.” Read the piece. 
   
• Clinicians have questions. Before beginning to adopt AI tools, those at some of the most tech-forward healthcare institutions in the country wanted to know some things. “How accurate is the model? Was it trained on local data? Does it represent the kind of patients we see?” Things like that. Plus “How transparent is it? Who developed it? How’d they do it? And how up-to-date is it?” Smart cookies, those clinicians. And patients-first advocates all. Healthtech Analytics found this out after speaking with AI technology leaders at Duke Health, Mayo Clinic and Vanderbilt University Medical Center. Sometimes anecdotal examples are no less enlightening than survey results. 
   
• AI’s big sin in healthcare billing is supposed to be denying claims. But that may be on a good day. The technology is often still failing to prevent duplicate charges, standardize invoice formats and make sure bills reach intended recipients. It’s not always great, either, at synchronizing the timing of bill sends from providers and insurers. Or at extending grace periods for even smallish delinquencies. Did Benefits Pro leave out any other basic billing fumbles AI doesn’t reliably prevent? 
   
• Young Brits are good with the use of AI in healthcare. And they don’t worry it will be used to replace doctors. Then again, maybe they’re good with the use of AI in healthcare because they don’t worry it will be used to replace doctors. Either way, their positive disposition bodes well for the future of healthcare AI in the U.K. See the full survey results in BJR Artificial Intelligence. 
   
• The upbeat AI outlook is echoed by an erstwhile American radiologist who now works in industry. “Do I think doctors are going to be out of a job? Not at all,” says Shez Partovi, MD, who once practiced neuroradiology at Barrow Neurological Institute in Arizona and today works as chief innovation officer at Philips. Technology “can help deliver better care for more people,” he tells The Guardian, “and it also brings the joy of medicine back to radiographers and radiologists.”
   
• Nurses too busy minding technology to tend to patients? Maybe your hospital needs to staff up with patient technology technicians. That’s what they’re doing at UCHealth in Colorado. The tech experts filling the new roles “are on the scene whenever there is an issue with wearables, telemetry, safety view cameras, medication scanners and other devices—both at the bedside and via the system’s Virtual Health Center,” SmartBrief reports. “With their help, nurses can get back to serving patients and working at the full scope of their licensure.”
   
• Palm scans are said to be 100 times more accurate at confirming identity than iris scans. Healthcare people are putting the claim to the test at NYU Langone Health, where the newer technology is rolling out for patients who wish to use it for checking in. Before heading in to receive care, the patient needs to scan his or her own palm using the Amazon One application. Amazon explains it all.   
   
• Recent research in the news: 
   
  • Texas A&M: Researcher compares AI, human evaluators in swine medicine
     
  • Washington University in St. Louis: Foundation AI model predicts postoperative risks from clinical notes
     
  • Frontiers: AI-powered curation turns research data into a catalyst for breakthroughs 
     
• Notable FDA approval activity:
   
  • FDA breakthrough designation awarded to Onc.AI’s CT scan analysis tool
     
  • FDA clears Google smartwatch tech that calls 911 when a user’s heart stops
     
  • The DOGE-fueled firing of AI experts at the FDA endangers lives and worsens the hospital crisis
     
  • What to expect from Trump’s pick to lead the FDA
     
• Funding news of note:
   
  • Camber announces $30M Series B, bringing total funding to $50M, to redefine insurance reimbursement in healthcare
     
  • Avitia launches $5M seed investment in AI-powered platform for rapid & point-of-care cancer testing
     
  • Enveda gains backing from Sanofi to advance AI-driven drug discovery, bringing total Series C financing to $150M
     
• From AIin.Healthcare’s news partners:
   
  • Cardiovascular Business: Cleerly and Bunkerhill Health unite in the name of AI-based cardiac imaging evaluations
     
  • Health Imaging: AI reduces CT lung cancer screening workload by nearly 80%
     
  • Cardiovascular Business: How AI and CCTA help heart teams plan ahead before PCI