WASHINGTON, January 26, 2025 – Healthcare is bracing for a wave of technological shifts, but the path forward isn’t without hurdles. A core tension is emerging: how to leverage powerful new tools like agentic AI and evolving cybersecurity standards while simultaneously controlling costs and maintaining patient trust. The industry is at a pivotal moment, balancing innovation with practical realities.
Agentic AI: Promise and Peril
Table of Contents
Trust and affordability remain significant barriers to widespread adoption of agentic AI, particularly for smaller healthcare organizations. The very nature of agentic AI—its ability to independently interact with data and complete tasks—raises concerns. At the 2025 CHIME Fall Forum, Nichole Niesen, director of automation at Corewell Health, cautioned that healthcare organizations should proceed with care when allowing AI agents to make decisions without human oversight.
Beyond autonomous decision-making, agentic AI introduces new security vulnerabilities. Managing machine identities adds another layer of complexity to an already challenging landscape of human identity management.
Despite these challenges, adoption of agentic AI is expected to grow as healthcare organizations seek increased productivity in the face of rising care delivery costs.
Organizations Balance Security and Clinical Workflows
A proposed update to the Health Insurance Portability and Accountability Act (HIPAA) from the U.S. Department of Health and Human Services, outlined in a document dated January 6, 2025, could mandate data backup and recovery, regular security testing, multifactor authentication, real-time monitoring, encryption, network segmentation, and anti-malware software.
If enacted, healthcare organizations with limited resources may struggle to comply with the new regulations.
“The proposal would dramatically expand and fundamentally alter existing federal cybersecurity requirements for hospitals and healthcare providers. While providers firmly agree that cyber safety is patient safety, signatories warn that the rule would impose significant unfunded mandates, mandate prescriptive technical controls that conflict with modern healthcare IT architectures, and substantially increase documentation, reporting and compliance burdens for already stretched IT and security teams,” stated a press release accompanying a letter signed by over 100 healthcare organization representatives led by the College of Healthcare Information Management Executives.
Many healthcare organizations are navigating a delicate balance: bolstering data protections and cybersecurity to prevent financial losses from ransomware attacks, while simultaneously prioritizing patient care and positive patient experiences.
AI is further complicating the cybersecurity landscape, necessitating a robust focus on security practices in 2026. However, organizations must also address the escalating cost of care and maintain high-quality patient care.
Successfully navigating this complexity is possible. Healthcare organizations will likely prioritize foundational security elements, such as addressing identity and access management, while embracing automated processes and continuous monitoring.
Focus On the Smart Care Continuum, and Patient Experience Grows
Patients now expect the seamless digital experiences they encounter in other sectors, like banking and travel, to extend to their healthcare interactions. While the industry recognizes this need, many patients still face fragmented and frustrating processes, particularly when transitioning between different care settings, such as post-acute care and home health.
Healthcare engagements are often treated as isolated events, and a lack of electronic health record integration can lead to inefficiencies. For example, a patient with a specialist appointment within a larger health system may end up in the hospital; this information may not be updated across the patient’s record, potentially leading to a missed appointment and a disputed fee.
