Chris Bowen is the CISO and founder at ClearDATA. Chris leads ClearDATA’s privacy, security and compliance strategies.
Artificial intelligence is reshaping every industry. In healthcare, the stakes couldn’t be higher. Leaders everywhere are asking the same question: “If we haven’t started with AI yet, where do we begin?”
The temptation is to shoot for the moon: predictive diagnostics, digital twins or AI-driven clinical decision-making. However, rushing into high-stakes projects without the proper foundation can lead to wasted resources, clinician distrust, regulatory backlash and, at worst, patient harm.
The smarter answer? Begin with governance, and then scale with confidence.
Organizations that embed AI governance and data governance now will lead the industry in trust, compliance and ethical innovation.
Governance First: Trust Before Tools
AI without governance is a recipe for bias, opacity and ethical missteps. In healthcare, where trust and safety are nonnegotiable, that’s unacceptable.
Over the course of my time in the security and compliance industry, I’ve learned that governance is not just paperwork. It’s culture, structure and process. It embeds trustworthiness into every AI decision, not just compliance checklists. Core governance elements that I urge all leaders to embrace include:
• Regulatory alignment with HIPAA, GDPR, ISO 42001 and emerging rules like the EU AI Act and U.S. HHS guidance.
• Frameworks such as NIST’s AI Risk Management Framework (AI RMF) to monitor accuracy, fairness and explainability.
• Data governance practices that define ownership, lineage and quality standards for the datasets feeding AI models.
• Accountability, which should include clear roles for who validates outcomes, who monitors performance and who raises red flags.
Governance isn’t bureaucracy. It’s risk prevention, protecting against fines, reputational damage and, ultimately, harm to patients. Every AI initiative should begin here.
Data Readiness: Clean, Governed And Bias-Aware
AI is only as strong as the data behind it. That’s why data governance and AI governance go hand in hand. Without disciplined data practices, AI can’t be trusted.
For healthcare, that means ensuring data is:
• High Quality: Data should be free of duplicates, inconsistencies and stale records.
• Governed: Data should be governed with stewardship, metadata and lineage, so training data is traceable and accountable.
• Secure And Private: Data must be encrypted in transit and at rest, with tightly managed access under HIPAA and GDPR.
• Bias-Aware: Legacy claims data or EHR notes often reflect systemic disparities. Governance must detect and mitigate bias before it reaches a model.
Healthcare also faces unique data challenges, such as unstructured physician notes, massive imaging files and siloed data across payers and providers. Strong governance keeps that complexity from undermining trust.
Put simply, bad data produces bad AI. Governed, trusted data is the real launchpad.
Low-Risk Pilots: Walk Before You Run
AI adoption doesn’t need to start with high-risk clinical bets. The faster path to value comes from low-risk, high-impact pilots that improve efficiency without jeopardizing patient safety.
Examples of this include:
• Automating prior authorizations
• Accelerating claims processing
• Optimizing patient scheduling and call routing
We’re already seeing results from pilots in the industry. Mandolin Health’s AI agents cut insurance verification times from about 30 days to just three—now serving more than 700 clinics. A scheduling platform deployed across 12 hospitals reduced nurse overtime by 32% while improving staff satisfaction by 27%.
Augmentation, Not Replacement
Healthcare staff need to see AI as a partner, not a threat. I’ve found that adoption grows when AI augments clinicians rather than replaces them.
The NHS’s AI-powered physiotherapy app is a clear example of this. It reduced back-pain clinic wait times by 55%, saved 856 clinician hours each month, and expanded access—while keeping clinicians in the loop.
When AI is positioned as an assistant rather than an authority, adoption accelerates and burnout declines.
Iterate And Expand: Building On Early Wins
With governance in place, data appropriately governed and pilots delivering results, organizations can expand responsibly into higher-impact areas such as:
• Predictive population health analytics.
• Real-time AI-powered patient engagement tools.
• Explainable AI for clinical decision support.
This phased approach—grounded in trust and evidence—can create a sustainable and scalable path for AI adoption.
Balancing Optimism With Realism
AI in healthcare offers enormous potential, but unchecked, it carries serious risks:
• Bias can reinforce inequities.
• Vendor lock-in can trap organizations in costly, inflexible platforms.
• Shadow AI can cause issues when clinicians experiment with unapproved tools.
Governance is the safeguard:
• Bias can be mitigated through audits, fairness benchmarks and diverse datasets.
• Vendor lock-in can be prevented through multicloud strategies, data portability and strong contract terms.
• Shadow AI can be managed through approved vendor lists, sandbox environments and clinician education.
Good governance, of both AI and data, keeps optimism grounded in responsibility.
Defining Success: Early KPIs
Governance also means measurement. Early AI initiatives should track metrics such as:
• Reduction in manual processing time (e.g., prior authorizations)
• Improvement in patient satisfaction scores post-pilot
• Compliance readiness, which includes time to audit completion and issue resolution
• Data governance maturity, which includes the percent of datasets with assigned stewards, lineage and quality checks
The real question isn’t whether healthcare will adopt AI; it’s whether it will do so responsibly. Those who lead with governance won’t just avoid risk. They’ll define the future of trusted AI.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
