By Stephanie Lavoie, VP of Operations at Verisma and Steven Du Bois, Director of Operations at Verisma

June 3, 2026

Every year, clinical and administrative teams spend thousands of hours chasing, appealing and resubmitting denied claims. But for most health systems, the conversation is stuck at the wrong point in the revenue cycle – focused on managing denials after they happen rather than preventing them before they do.

The real problem isn’t process speed. It’s data integrity across the entire claims journey – from patient registration and documentation to coding, utilization review, and submission. When health systems gain visibility across those connected layers, denial prevention stops being aspirational and starts being operational.

The Issue: Denials are a Data Problem Wearing a Claims Costume

Ask any CFO or VP of Revenue Cycle what keeps them up at night, and claim denials will be near the top of the list. The financial exposure is significant: individual facilities can lose millions annually in denied claims, and for large integrated delivery networks operating dozens of hospitals and hundreds of clinics, that number multiplies dramatically.

But the sources of those denials are often misunderstood. The denial letter is the end of the story, not the beginning. The real breakdown occurs much earlier, and in several places at once:

• Patient identity errors at registration create downstream claim mismatches difficult to trace after the fact
• Coding inaccuracies, sometimes as small as a diagnosis code that’s too broad for a specific payer’s criteria, trigger automatic rejections before anyone has a chance to intervene
• Utilization review gaps allow claims to move forward without adequate pre-authorization, medical necessity documentation, or payer-specific clinical evidence
• Denial letters get lost – routed to dozens of different locations across a sprawling system, missed entirely, or acted upon too late to recover the revenue

For large health systems operating across multiple sites, denial correspondence is often delivered in a fragmented, decentralized way – mailed or routed to facilities with no centralized intake or triage process. By the time the right person sees the correct denial notice, deadlines have passed, appeals windows have closed, and the revenue is gone.

This isn’t a niche operational complaint. It’s a consistent pain point voiced by health information management (HIM) leaders across the industry – and it represents a significant, solvable gap in the current vendor landscape.

What a Real Solution Delivers: From Reactive to Preventive

Solving the denial problem at its root requires connecting data across the entire revenue cycle, from the moment a patient registers to when a claim clears. A comprehensive denial prevention solution built on that foundation delivers value in four interconnected areas:

Cross-Team Collaboration
Connect billing, coding, UR and HIM under a shared denial prevention workflow eliminating handoff failures and enabling seamless coordination.

The financial impact of this kind of integrated approach is material. Organizations implementing machine learning-based denial intelligence within clinical and coding workflows have reported substantial reductions in denial rates, with some health systems saving tens of millions of dollars in previously unrecoverable claims across thousands of at-risk accounts.

The productivity gains extend beyond revenue. When teams aren’t spending hours on low-dollar, high-volume denials that could have been prevented, they can focus time on the complex, high-value accounts requiring human judgment. Quality over quantity, applied to one of healthcare’s most resource-intensive processes.

The Untapped Advantage: Release of Information as a Denial Prevention Asset

Here’s what makes denial prevention uniquely solvable for teams managing release of information (ROI), they own the records.

Coding-focused denial management platforms can identify what was billed and how it was rejected, but they can’t access the underlying clinical record to understand whether the documentation supports the claim. ROI-integrated denial prevention can. When the department managing ROI is the same one surfacing denial risk signals, that creates a fundamentally different level of clinical and administrative intelligence.

That integration point unlocks capabilities coding-side tools cannot deliver:

• Validating clinical documentation supports the submitted diagnosis code, before the payer sees the claim
• Surfacing documentation gaps a utilization review (UR) team can close pre-authorization
• Feeding denial pattern data back to CDI and coding teams to shift behaviors real-time
• Closing the loop on the record when a claim is resolved, so the next similar case benefits from what was learned

This is a category of value existing at the intersection of HIM, revenue cycle, and clinical documentation – and it’s one the market hasn’t fully realized yet.

Clean Data Starts before the Claim: The Patient Identity Factor

One of the most underappreciated drivers of claim denials isn’t on the clinical side, it’s on the identity side. When a patient’s demographic or identity data is inconsistent, incomplete or mismatched across systems, the resulting billing errors can propagate through every downstream touchpoint in the revenue cycle.

Health systems with large enterprise patient populations often carry significant legacy data complexity: patients seen before a major system migration, auxiliary clinical systems not fully integrated into the primary EHR, and enterprise master patient index (EMPI) records that may not fully reconcile across all facilities. When a patient’s identity isn’t reliably resolvable across systems, it creates operational friction and denial risk.

An upstream investment in EMPI integrity and patient data cleanliness is a denial prevention strategy. The business office and HIM teams collaborating on that data quality work, before claims are generated, are eliminating an entire category of denial exposure at its source.

The Future: Centralization, Visibility, and the Role of HIM Leadership

The most forward-thinking HIM executives today are thinking well beyond medical records. They’re looking at a broader mandate: centralized oversight of information governance across coding, documentation, UR, billing, and denial management. The silos separating those functions are increasingly seen as the problem, and the technology needed to bridge them is increasingly within reach.

For large integrated delivery networks, that vision looks like a single command center. One dashboard gives leaders line-of-sight into what’s happening across facilities in ROI and workflows touching claim integrity:

• Where are the documentation gaps?
• Which facilities are trending toward higher denial rates?
• What’s the payer behavior pattern emerging this quarter?

As automation takes on more of the routine workflow burden, the story data tells becomes even more critical. Organizations using operational data to identify deficiencies early – in coding, documentation, registration, UR – will be in a stronger position than those reacting to denial letters after the fact.

That’s operational improvement and strategic shift from HIM as a records function to an intelligence occupation driving better financial and clinical outcomes across the system.

Denial Prevention Readiness: A Self-Assessment Checklist

How ready is your organization to move from reactive denial management to proactive prevention? Here’s a handy checklist to identify your gaps:

Intake & Visibility

• Do denial letters from facilities route to a centralized, trackable intake system?
• Can your team see denial status and deadlines across your system from a single view?
• Are response SLAs being met consistently, or are some denials timing out before they’re acted on?

Root Cause Analysis

• Do you have aggregated data showing which payers, codes, or clinical areas are driving the most denials?
• Can you distinguish between administrative denials (process errors) and clinical denials (documentation/coding)?
• Is that data reaching CDI, coding and UR teams who can act on it?

Pre-Claim Prevention

• Are denial risk signals surfaced to coders or CDI specialists before a claim is submitted?
• Does your UR process include real-time access to the clinical record for pre-authorization support?
• Are your coding teams aware of payer-specific coverage criteria for high-denial diagnosis categories?

Data Integrity & Patient Identity

• Is your EMPI data reconciled across facilities, including legacy system records?
• Do registration workflows include identity validation checks preventing downstream billing mismatches?
• Is there a formal process for the business office and HIM to collaborate on patient data quality?

Future-State Centralization

• Does your HIM leadership have visibility into denial trends and ROI metrics?
• Is there a roadmap for unifying denial management, coding, and ROI under a shared workflow platform?
• Can you tell the story of what’s happening in your organization’s revenue cycle, across facilities, at any moment?

The Opportunity Ahead

Denial management has been a pain point in healthcare revenue cycle for decades. What’s changed is the availability of the data, technology, and cross-functional integration needed to solve and manage it.

Health systems investing now in connecting clinical, HIM, coding, and billing workflows around a shared denial prevention intelligence layer will see results in revenue cycle performance – and reduced burden on teams spending time reacting to a problem that, in many cases, was preventable from the start.

The denials are symptoms. The data is the disease. And the cure is within reach.

By Chad Tillman, Vice President and General Manager of Release of Information and Care Coordination Solutions at Verisma

May 13, 2026

Clinical teams in practices nationwide work hard to provide excellent, coordinated care daily. And yet, quietly, silently – referrals fall through the cracks. Patients don’t show up. Results never make it back to the ordering provider. Revenue disappears. This isn’t intent failure, it’s infrastructure failure.

Fictional instance, Emily’s story

To see how these issues play out in real life, let’s look at a day-to-day example highlighting the consequences of a broken referral workflow.

Consider Emily, a fictional patient with a very real story.

Emily never made it to her specialist appointment. She left her primary care visit with a referral. However, no one followed up, confirmed scheduling, or tracked the outcome. The specialist never saw Emily, results never came back, and no one in the practice knew. Six months later she showed up in the emergency department with a condition that could’ve been caught early. This isn’t an isolated failure. It’s happening daily inside referral workflows nationwide.

Referral management is one of the most administratively demanding workflows in ambulatory care, and one of the most underestimated sources of clinical and financial risk. When it breaks down, consequences are real: delayed diagnoses, care gaps, reduced quality scores, and significant revenue loss never appearing on a single line in your P&L.

Impact: significant to exponential

Up to one-third of patients never complete specialist referrals, leading to missed diagnoses, delayed treatment, and potential revenue losses nearing $900,000 per physician. For a single physician, the impact is significant. For a 10-provider practice it’s exponential, with up to $9 million in downstream revenue at risk annually, and:

• Missed downstream services and procedures
• Gaps in care impacting quality scores
• Lost performance incentives in value-based care models
• Increased patient referral gaps to competing systems
• Potential malpractice exposure tied to missed follow-up

Referral breakdowns delay care and erode the entire economic model of the practice.

Why referral management is so hard to get right

The referral workflow touches nearly every part of your practice. It’s a chain of handoffs, each of which must be executed correctly for the referral to reach a successful conclusion.

Consider what your team must do for a single outgoing referral: verify the patient’s insurance, identify an in-network specialist, obtain authorization, prepare and send the referral packet, coordinate scheduling with the patient and the specialist, then follow up until results are returned to the ordering provider. That’s before accounting for urgent referrals, authorization denials, patients who can’t be reached, and specialists who don’t return consult notes.

A referral is nine coordinated actions across staff, systems, and external providers:

 

1. Insurance verification
2. In-network specialist identification
3. Prior authorization
4. Clinical documentation assembly
5. Referral transmission
6. Patient scheduling
7. Appointment completion
8. Consult note retrieval
9. Provider follow-up

Where the process typically breaks down

• Patient follow-through: Even when a referral is sent correctly, patients may not schedule or attend the appointment, often because no one is following up to make sure they do.
• Administrative overload: Staff responsible for referrals are often also handling scheduling, phones and billing – making it nearly impossible to track dozens of open referrals simultaneously.
• Results never arriving: Half of referring physicians report they don’t know if the patient saw the specialist, much less received the consult notes they need to update the care plan.
• Inconsistent processes: Without a standardized workflow, referrals are handled differently by different staff members – creating unpredictability, errors, and compliance risk.
• Lack of visibility: Most practices can’t tell you, at any given moment, how many referrals are open, which are aging, or what percentage were never completed.

If you can’t see your referral pipeline, you can’t manage it. And if you can’t manage it – you’re losing patients, outcomes and revenue daily.

What “closing the loop” means

The phrase is used often in healthcare but rarely put into practice. A closed-loop referral system means every incoming or outgoing referral is initiated, tracked, completed and confirmed. The ordering provider receives the consult result. The patient was seen. The record is updated.

This isn’t aspirational. It’s achievable. However, it requires the right combination of standardized process, dedicated resources, and real-time visibility most practices don’t have in place today.

Before vs. after: what changes when referrals are managed intentionally

After implementing a managed approach, every referral is tracked in real time, with dedicated ownership and accountability. Patient and specialist follow-up becomes proactive, and workflows are standardized throughout the organization. Referral completion rates are measurable, enabling continuous improvement and greater transparency.

How Verisma Closes the Loop

Verisma operates directly within your existing electronic health record (EHR), no new platform or disruption. We bring tech-enabled structure, visibility and accountability to every step:

1. Receive and triage: We receive the referral or order from the provider, identify the payer type, and determine the appropriate specialist based on network, availability, and patient proximity.
2. Gather, authorize and send: Our team pulls necessary clinical information from the chart, obtains authorization, prepares the referral packet, and sends it to the specialist – standard referrals within five business days, urgent within one.
3. Coordinate with the patient: We notify the patient and assist with scheduling, working within whatever protocol your practice prefers – from full scheduling coordination to readiness-only support.
4. Track and follow up: We monitor every open referral and follow-up proactively on pending appointments, missed visits, and aging consults so nothing falls through the cracks.
5. Retrieve and route results: After the appointment, we obtain consult notes via health information exchange (HIE) access, fax or phone – and route promptly to the ordering provider so care plans can be updated without delay.

This isn’t about outsourcing, it’s about gaining control. The most common concern we hear is, “Referral management is too important to hand off.” We agree, and that’s exactly the point. The goal isn’t to give up control. It’s to finally have it. With Verisma:

• You maintain full oversight
• We operate inside your systems
• You gain visibility you likely don’t have today
• Your staff is freed to focus on patient-facing and clinical work

Most organizations are live within four-six weeks, and the most consistent outcome is clarity, control and capacity.

Who benefits most, and why it matters now

Referral management challenges are most acute in ambulatory care settings: primary care practices, specialty clinics, federally qualified health centers (FQHC), and multi-site physician groups. These organizations carry high referral volumes with limited dedicated staff and face the most direct consequences when referrals are incomplete or results go missing.

For FQHCs and community health centers (CHC), referral completion rates are tied to Health Resources & Services Administration (HRSA) reporting and organizational funding. For value-based care (VBC) models, they connect to quality scores and payer performance metrics affecting revenue across the patient panel.

The question is no longer whether referral management matters to organizational performance because it does. The question is how your practice is managing it today, and whether you’re absorbing costs and risks you don’t need to. When referral management is done well, it increases care completion rates, improves patient satisfaction, boosts quality scores, and safeguards revenue.

3 simple questions to ask yourself today

Ask yourself:

1. Do you know how many referrals are currently open?
2. Can you identify which referrals are more than 10 days old?
3. Are you aware of your referral completion rate?

If the answer to any of these questions is no, you’re not alone – but you’re likely absorbing unnecessary costs and risks.

When referral management works, everything improves. Care is delivered faster, patients stay within your network, providers have complete information, quality scores improve, and revenue is protected. Referral management isn’t just an operational function. It’s financial and clinical control point hiding in plain sight.

What’s inside your referral workflow?

Most organizations don’t know where their referrals break down. Let’s find out and show you how to fix it. Connect with a Verisma care coordination specialist today.

By Jeannie Hennum, General Manager of Value-Based Care at Verisma

May 7, 2026

Healthcare is in the middle of a seismic shift. The old fee-for-service model – where providers are paid for every test, visit and procedure – is giving way to something more intentional: value-based care (VBC). While much of the conversation around VBC focuses on clinical outcomes and payment models, there’s a critical operational challenge that doesn’t get enough attention: how we retrieve and manage medical records.

Getting the right chart, from the right place, at the right time isn’t just an administrative task – it’s mission-critical for the financial health and clinical accuracy of every organization operating under a value-based model.

VBC record retrieval is a revenue integrity and risk-control function. Strong retrieval and documentation support can:

• Protect risk-adjusted payments tied to risk adjustment factor (RAF)/hierarchical condition categories (HCC) capture
• Improve quality program payouts by ensuring evidence is found and submitted on time
• Reduce recoupment and audit exposure from unsupported diagnoses or missing information

Put simply: better records = fewer dollars left on the table and fewer dollars clawed back.

What Is VBC, Really?

At its core, VBC is the evolution of how care is delivered and who takes on the risk. It’s a move away from treating conditions in isolation and toward whole-person health. Instead of standardized care plans, the goal is personalized prevention. Instead of volume, the focus is on quality – ensuring services lead to positive health outcomes, improved patient experience, and reduced costs.

Chief financial officers (CFO) can evaluate every VBC program by focusing on these variables:

• Revenue (risk-adjusted payments, shared savings, incentives)
• Cost (labor and vendor cost to retrieve/validate charts)
• Risk (recoupments, audit failures, penalties)
• Cash (how fast you can close the loop before submission deadlines)

Record retrieval touches all four.

Under VBC, providers are rewarded through incentive-based programs for meeting specific quality measures. That means reduced readmissions, better care transitions, and higher patient satisfaction aren’t just nice-to-haves – they translate into performance dollars (bonuses, shared savings, and risk-adjusted payments) only if the supporting documentation is retrieved, validated and submitted on time.

ACO LEAD: The Next Chapter in VBC

While accountable care organization (ACO) realizing equity, access, and community health (REACH) has been a proving ground for provider organizations with VBC expertise, the Centers for Medicare & Medicaid Services (CMS) is looking ahead. The long-term enhanced ACO design (LEAD) model is set to launch January 1, 2027, and represents a significant evolution in how ACOs will operate over the next decade.

What Makes LEAD Different?

ACO LEAD is designed as a 10-year model from 2027–2036, a sharp departure from the shorter program cycles characterizing previous CMS initiatives. That long horizon isn’t just symbolic, it’s structural. Here’s what sets it apart:

• Fixed 10-year benchmark with no rebasing. One of the biggest pain points in existing models is benchmark volatility. When benchmarks reset, organizations that have driven down costs can be penalized for their own success. LEAD eliminates that problem by locking in benchmarks for the full model term, giving ACOs predictability and long-term financial clarity.
• Lower participant alignment minimums. REACH required a scale many smaller and rural practices couldn’t meet. LEAD lowers the bar, making the model accessible to a broader range of provider organizations – including those in underserved and rural populations standing to benefit most from coordinated VBC.
• CMS-administered specialty risk arrangements (CARA). Under REACH, managing specialty care coordination was a significant burden on participating ACOs. LEAD introduces CARA, where CMS takes on the administration of specialty risk arrangements, easing the operational complexity for participants and allowing them to focus on primary care coordination and quality improvement.

Why LEAD Matters for Chart Retrieval

For organizations involved in medical record retrieval and risk adjustment, LEAD’s 10-year stability changes the calculus. With fixed benchmarks, the accuracy and completeness of documentation become even more critical financially. Every RAF score, care gap closure, and quality measure submission compounds over a much longer timeline – meaning small misses can become recurring revenue leakage, and small improvements can create recurring upside.

Organizations investing in scalable, accurate retrieval infrastructure are positioned to protect risk-adjusted revenue (PMPM), strengthen quality program performance dollars, and reduce avoidable recoupment exposure across the full decade of the model. Those treating retrieval as a short-term compliance exercise may find themselves locked into a 10-year program without the operational foundation to sustain financial performance.

Preparing for 2027

The January 2027 launch may feel distant, but the contracting, technology deployment, and workflow redesign required to participate effectively take time. Organizations considering LEAD should be asking themselves:

• Is our record retrieval centralized and scalable enough to support a 10-year commitment?
• Do we have the provider relationships and re-engagement processes to ensure documentation completeness?
• Are we shifting toward prospective retrieval strategies aligning with how LEAD will measure and reward performance?
• Do we know our current cost-to-collect a compliant chart (internal labor + vendor fees), and have we modeled the ROI of improving retrieval speed and completeness against expected incentive revenue and avoided recoupments?

The transition from REACH to LEAD isn’t just a program change. It’s a signal CMS is betting on long-term, stable partnerships with provider organizations. The organizations preparing early will be the ones best positioned to thrive.

ACO REACH vs. ACO LEAD

Key Comparison Takeaways

• Stability vs. agility: REACH rewards organizations performing in shorter cycles. LEAD rewards sustaining performance over a decade, a fundamentally different operational challenge.
• Accessibility is expanding: By lowering alignment minimums, LEAD opens the door to community health centers, rural practices, and smaller provider groups effectively excluded from REACH.
• Administrative burden is shifting: With CMS taking on specialty risk arrangements through CARA, participating ACOs can redirect resources from coordination overhead toward quality improvement and documentation accuracy.
• Retrieval stakes are higher: A fixed 10-year benchmark means early documentation gaps echo across the model term. Organizations need retrieval processes that are accurate and continuously improving.

Why RAF Scores and Care Gaps Matter

RAF scores are the engine behind VBC payment accuracy. Here’s how they work:

• Diagnoses (ICD codes), along with demographic and enrollment data, feed into HCCs.
• Conditions are grouped by cost severity, and hierarchical logic ensures the most severe condition is counted.
• Each HCC carries a relative risk weight, and the final RAF score combines demographic factors with those weights.

If the documentation supporting those diagnoses is incomplete, inaccurate or missing, the RAF score doesn’t reflect reality – or the payments. In simple terms, risk adjustment is a math problem: base rate × RAF. When RAF is understated, revenue is understated; when diagnoses are unsupported, the organization is exposed to audits and repayment. Care gaps go unidentified. Quality measures like MIPS and HEDIS fall short. The downstream effects ripple through the entire care model.

One useful way to size the opportunity is to model RAF sensitivity: even a 0.01 shift in average RAF, multiplied across thousands of covered lives, can become material annual revenue – especially in capitated arrangements.

Finding the Right Data: Retrospective, Prospective and Concurrent

Record retrieval in VBC isn’t one-size-fits-all. Organizations need to understand three distinct approaches:

• Retrospective Risk Adjustment: looks backward at diagnoses and costs from the same period. Often identifies missed capture too late to influence current-year cash flow and can increase fire-drill labor cost near deadlines.
• Prospective Risk Adjustment: uses past data to predict future costs (e.g., a 2025 diabetes diagnosis increases the 2026 payment rate). Protects next-year PMPM by ensuring complete, compliant diagnosis support is retrieved and submitted within the measurement window.
• Concurrent Risk Adjustment: uses current-year diagnoses to adjust current-year payments real-time (e.g., a new cancer diagnosis in March raises the risk score for that same year). Speeds cash realization but raises the bar on operational cycle time, retrieval delays can directly delay or reduce payment.

A shift toward prospective record requests is already happening. Organizations relying solely on retrospective retrieval are leaving money, and clinical accuracy, on the table.

Becoming a Forensic Medical Record Retrieval Expert

Medical charts live in a surprising number of places: archival storage, filing cabinets, multiple electronic medical record (EMR) systems, third-party platforms, and more. The distribution methods are equally varied – health information exchanges (HIE), portals, email, fax, mail, and on-site retrieval play a role.

Effective retrieval requires understanding:

• Where records are stored and how to access them across fragmented systems
• Plan, provider, and third-party relationships affecting availability
• Privacy and security requirements, including minimum necessary standards and patient self-pay protections
• Recoupment risk and the resources needed to manage it

Data fragmentation is real, and it’s one of the biggest obstacles to accurate VBC reporting.

Strategic Best Practices

So how do organizations get ahead of these challenges? A few key strategies:

• Centralize record storage and retrieval: to enable timely, complete submissions.
• Consider outsourcing, but plan: Contracting takes time, and policies may require a request for proposal (RFP) process.
• Embrace workflow automation but be realistic about deployment timelines: New technology is powerful, but it can take time.
• Don’t forget vendor management: Even the best tools and partners need collaboration.

Watch out for Pitfalls

Even with strong processes in place, retrieval comes with inherent financial risks: incomplete charts (lost measure credit and revenue), misplaced pages and missing signatures (denials), PHI mishandling (incident cost), excessive retrieval fees (higher cost-to-collect), purged records (permanent revenue leakage), and provider hardships delaying turnaround time.

Validation is essential. Provider re-engagement is critical when records come back incomplete. Share the “why” with your teams and partners. Missing information can lead to unsupported diagnoses, inaccurate coding, audits, and recoupments – real dollars, not abstractions. Time is of the essence, and collaboration makes the difference.

Leverage AI and QA

Integrating artificial intelligence (AI) into record retrieval and chart validation accelerates processes, flags inconsistencies, and streamlines data management. Maintaining a human-in-the-loop is essential for ensuring nuanced quality assurance (QA), especially when reviewing complex medical documentation or resolving ambiguous cases. Combining AI-powered automation with experienced human oversight creates a robust, reliable workflow maximizing efficiency and safeguarding accuracy.

Prioritize Archival for Compliance and Continuity

Establishing a secure, organized archival system for medical records is crucial. Proper archival supports audit readiness and regulatory compliance and preserves historical data for future analysis and ongoing patient care. Pairing advanced archival tools with thoughtful procedures, ensures records are accessible, protected and available when needed most.

The Bottom Line

VBC continues to evolve, and with it, the demands on how we collect, manage and use medical records. The organizations thriving will be those treating chart retrieval not as a back-office function, but as a CFO-visible lever for revenue (risk adjustment and incentives), cost (lower cost-to-collect), risk (fewer recoupments and audit findings), and cash (faster submission cycles).

The shift from retrospective to prospective record retrieval is happening now. Continuity of care through referrals and provider-based retrieval is expected to grow. And record retrieval? It’s not as easy as you might think. But this mission-critical capability is one of the clearest ways to reduce revenue leakage, strengthen quality payouts, and avoidable clawbacks – one record at a time.

Ready to strengthen your VBC performance? Contact Verisma to learn how our solutions improve record retrieval, support accurate coding, and drive aligned incentives for better outcomes. Let’s discuss your goals and how we can help, today.

By Elizabeth McElhiney, Director of Government Affairs and Policy at Verisma

April 30, 2026

If you work in healthcare, you’ve heard the word “AI” more times in the past two years than in the previous decade combined. But behind the buzz, something substantive is happening. Federal regulators are rewriting the rules for health IT, and major healthcare organizations are issuing guidance to help institutions navigate the shift. For health information (HI) professionals, now’s the time to cut through the noise and understand what’s changing – and what it means for your organization.

Two developments deserve your full attention: the proposed HTI-5 rule from the Office of the National Coordinator for Health IT (ONC), and recent guidance from the American Hospital Association (AHA) on responsible AI adoption. Together, they paint a clear picture of where health IT is heading – and what leaders need to do to stay ahead.

Not All AI Is the Same: A Plain-Language Guide

Before diving into regulation, it helps to understand what we’re talking about when we say “AI.” The term gets applied to everything from simple automated workflows to genuinely sophisticated machine learning systems. Here’s a practical breakdown:

• Machine Learning (ML): Algorithms learning from large datasets to identify patterns and make predictions. In health IT, ML powers case prioritization in clinical documentation integrity (CDI), predictive analytics in revenue cycle management, and security anomaly detection. Example: a system flagging high-risk records for review based on historical billing patterns.
• Natural Language Processing (NLP): A subset of ML enabling computers to read and interpret human language. In practice, NLP drives coding assistance tools parsing clinical notes and suggesting diagnosis codes – reducing manual effort and error.
• Robotic Process Automation (RPA): Often mistaken for AI, RPA is rule-based automation – software following fixed instructions to complete repetitive tasks like data entry or form routing. It doesn’t learn or adapt, but it does save significant staff time.
• Generative AI: The newest category to enter mainstream healthcare. These models can draft clinical summaries, respond to patient inquiries, or generate documentation. They carry significant promise, and substantial governance responsibility.

Understanding these distinctions matters because the regulatory and ethical obligations differ across each type. A rules-based RPA tool carries very different risks than a generative AI model influencing a clinical recommendation.

HTI-5: Less Prescription, More Responsibility

The proposed HTI-5 rule represents one of the most significant updates to the ONC Health IT Certification Program in years. Its intent is largely deregulatory: reduce certification burden, modernize interoperability standards, and streamline the path for health IT developers to bring innovative tools to market.

For healthcare organizations, that sounds like welcome news – and in many ways it is. But here’s the catch: fewer federal certification requirements don’t mean less risks. When the regulatory floor lowers, responsibility shifts to organizations themselves. Under HTI-5, your team will need to independently evaluate AI tools for safety and potential bias, ensure algorithms are explainable and auditable, and maintain strong internal governance over any AI or automated system in use.

Information blocking compliance is particularly urgent. AI systems can inadvertently create violations. For instance, if an automated workflow restricts access to electronic health information (EHI) in unintended ways. Enforcement is active and penalties are real. Leaders must ask vendors tough questions: Does your AI learn from our patient data? How is access to EHI logged and audited? Who governs how our data is used? Transparency isn’t optional, it’s a compliance requirement.

AHA Guidance: Governance Isn’t Optional

The AHA has been clear and consistent: responsible AI adoption is a governance challenge, not just a technology challenge. Hospitals and health systems are urged to ensure any AI deployment is strategically aligned with organizational goals, ethically evaluated with bias assessments conducted locally rather than relying solely on vendor testing, validated in the specific deployment environment, and continuously monitored after go-live.

The AHA’s emphasis on keeping humans-in-the-loop is especially important for HI professionals. When AI influences decisions about clinical documentation, revenue cycle, or patient access to records, human oversight isn’t just best practice, it’s an ethical and increasingly a legal requirement. Responsible AI isn’t a one-time project. It’s an ongoing governance model.

What HI Leaders Should Do Now

The convergence of HTI-5 and AHA guidance points to a clear action agenda:

1. Develop a clear AI strategy. Know what tools you have, how they work, and what decisions they influence.
2. Ask vendors better questions. Go beyond marketing claims. Demand transparency on data governance, model explainability, and audit trails.
3. Build multidisciplinary governance. AI oversight should include HI professionals, clinicians, IT, compliance and legal – not a single team working in isolation.
4. Embed information blocking compliance. Audit automated workflows ensuring no AI-driven process unintentionally restricts patient access to EHI.
5. Stay curious. Terminology and capabilities will keep evolving. Leaders committed to ongoing learning will be best positioned to guide their organizations.

The Bottom Line

The future of health information management isn’t about choosing between humans and machines. It’s about combining human judgment with machine efficiency – responsibly, transparently, and always in service of patients.

HTI-5 and AHA guidance aren’t obstacles to innovation. They’re a framework for doing it right. AI is already embedded in the tools we use every day. The only real question is whether we deploy it intentionally or let it shape us by default.

By Anupriyo Chakravarti, CTO & CPO at  Verisma

March 25, 2026

Healthcare AI has a trust problem.

Health system leaders know AI can reduce costs, improve compliance, and streamline operations. What stops most organizations is the cost of a misstep: training on sensitive patient data, governance gaps creating regulatory exposure, and vendors who can’t explain what’s inside the black box.

At Verisma, we decided early to build AI the hard way. The right way.

Why synthetic data changes everything

We made a non-negotiable commitment: we never use client data, including PHI, to train our AI models.

So, we found a better answer: synthetic data.

Ranjit Kohli put it well in his article “16 Billion — Data Everywhere: Synthetic, Good or Bad?“: synthetic data is like synthetic oil, purpose-built. It mirrors real-world patterns while protecting sensitive information. He also made a point that stuck: real-world data isn’t always available. Synthetic data fills that gap. It got me thinking: why not apply the same approach in healthcare?

We started using Gretel Synthetics to generate medically realistic records – diagnosis codes, drug references, sensitive condition flags, and anomalies. And we never touch real patient data to do it.

How it works in practice

Our engineering and data science teams developed the QA Intelligence model training and testing methodology around three principles:

• Start with context, not records. We trained the model on sentence-level patterns from medical language – teaching it what sensitive information looks like in context, without using full records.
• Generate at scale. Gretel Synthetics produces privacy-safe synthetic documents matching real clinical formats, including the edge cases our models need to learn from.
• Test the edges. Positive and negative test cases – scenarios where the model should and shouldn’t flag something – are all synthetic, reproducible and auditable.

Here’s what makes synthetic data particularly powerful: it fills gaps real data can’t. Need examples of rare events that may never show up in a real dataset? Build them. In healthcare, that means edge cases our models must recognize: sensitive conditions, unusual document structures, ambiguous clinical language – all generated on demand.

The result: a training process we can defend to any client IT or security team.

4 pillars of Verisma’s synthetic data approach

1. Privacy-first. Models trained exclusively on synthetic and public data. No PHI. No client data. Ever.
2. Clinical realism. Synthetic records modeled on real clinical formats, with diagnosis codes, drug references, real-world anomalies, and sensitive condition patterns.
3. Rigorous validation. Edge cases generated on demand, including scenarios that don’t exist in the real world, for thorough model testing.
4. Auditable by design. Every training and testing artifact can be traced, documented and reviewed. That’s a standard real-world data cannot meet.

This is what responsible AI looks like

At CHIME25, I led a focus group on how digital leaders are approaching AI governance. The pattern was clear: most organizations see AI’s potential, but few have built the structure to capture it safely.

Synthetic data is a direct answer to that gap. It lets you move fast without cutting corners on privacy, test thoroughly without regulatory exposure, and give clients something most AI vendors can’t: a clear, auditable record of how the model learned.

The broader industry is heading in this direction. NVIDIA’s synthetic data generation framework for agentic AI tackles the same challenges we faced: scarce data, sensitivity constraints, and the high cost of manual labeling. Synthetic data solves all three by generating diverse, domain-specific datasets at scale. In healthcare, where real data is valuable and tightly regulated. That’s not just a technical advantage, it’s a compliance requirement.

Most AI projects in healthcare stall on data access – waiting for approvals, de-identification work, and legal agreements. Synthetic data removes that constraint. Our teams can generate thousands of realistic test scenarios, including edge cases that may never appear in the real world. That speeds up development, improves model quality, and keeps compliance built in from day one.

Our QA Intelligence models are trained, tested and validated entirely on synthetic data – and they perform with the reliability healthcare demands. You don’t have to choose between moving fast and staying compliant.

Let’s move the industry forward together

Accelerating AI in healthcare without sacrificing reliability, compliance, or patient trust is an industry-wide challenge and requires industry-wide collaboration.

We’re happy to share what we’ve learned: the methodology, the tools, the lessons from testing at scale, and the governance framework making it all defensible. Whether through conference sessions, peer roundtables, or direct conversations with technology leaders, Verisma is committed to helping the industry move forward.

If you’re working through these challenges at your organization, let’s talk.

Anupriyo Chakravarti is CTO & CPO at Verisma, leading technology strategy and product development for healthcare’s leading health information lifecycle platform. He speaks regularly on AI governance, healthcare data transformation, and technology leadership at leading healthcare technology conferences and industry associations.

By Anupriyo Chakravarti, Chief Technology & Product Officer at Verisma

January 30, 2026

Healthcare data management is at a crossroads. Labor costs have risen 15 percent year–over–year, regulatory complexity continues to expand, and the pressure to do more with less has never been greater. In my conversations with health system CIOs and technology leaders, one theme emerges consistently: the organizations treating AI governance as a strategic capability, not a compliance checkbox, will define the next era of healthcare operations.

I had the opportunity to test this thesis at CHIME25 – Fall Forum, where I led a focus group titled “Rewriting Healthcare Data Rules: Digital Leaders, Innovators, and Disrupters Unite.” We surveyed attendees before the conference to understand how they’re approaching artificial intelligence, legacy systems, interoperability, and vendor relationships. The findings confirmed what I’ve observed across hundreds of client engagements: most organizations recognize AI’s potential, but few have built the governance foundation to capture it safely.

Here’s what the data revealed – and what it means for healthcare technology strategy.

Key Findings: An Industry in Transition

1. Data Governance Ownership Remains Fragmented
CIO/IT leadership drives data governance in most organizations, with joint committees and compliance/legal playing supporting roles. Fewer than 10 percent reported no clear ownership. The implication: Organizations with dedicated governance structures will move faster on AI adoption.

2. AI Training Data Concerns are Real – but Nuanced
While there’s openness to AI innovation, organizations remain vigilant about third–party data access. Most enforce strict controls over vendor use of data for model training. The strategic insight: Healthcare leaders aren’t anti-AI; they’re anti-opacity. Vendors who provide transparency, auditability, and clear data boundaries will earn trust.

3. Interoperability Remains a Multi–Front Battle
While organizations struggle equally with standards adoption, system integration, and partner data sharing, no single blocker dominates. Most have policies in place, but consistency and enforcement vary widely. What this signals: Point solutions won’t solve interoperability. Organizations need integrated platforms – built with universal connectors in addition to APIs – that address the full data lifecycle, from intake through archive.

4. Legacy Decommissioning is Reactive, not Strategic
Most organizations archive legacy systems to mitigate risk rather than as part of a deliberate data strategy. There’s growing openness to monetizing de-identified data for research, but risk concerns dominate decision-making. The opportunity: Organizations shifting from reactive archiving to strategic data lifecycle management can unlock cost savings and new revenue streams.

5. Global Resource Sentiment is Shifting
Opinions on using global resources for data-related tasks lean toward caution, but a meaningful minority, about 25 percent, is open to increased global partnerships. Looking ahead: As AI handles more routine tasks, the calculus around global delivery models will evolve.

The AI Maturity Gap

We asked respondents which stage of AI/data governance maturity best reflects their organization:

• Level 1: Ad hoc tools, minimal governance, data silos
• Level 2: Emerging AI/machine learning use with basic automation and foundational policies
• Level 3: Standardized platforms, governed data, formalized policies

The majority cluster at Levels 1 and 2. Very few have reached Level 3, and almost none have progressed beyond it to advanced stages where AI augments decision–making across operations.

This maturity gap represents a risk and opportunity. Organizations remaining at Level 1-2 will struggle to capture efficiency gains while managing compliance exposure. Those accelerating to Level 3 and beyond can achieve 40-60 percent productivity improvements in data-intensive workflows while strengthening compliance posture.

Verisma’s AI Maturity Model: A Framework for Transformation

Based on these findings and our experience partnering with 2,300+ healthcare organizations, we developed an enhanced maturity framework.

The model assesses five dimensions:

1. Technology Infrastructure – From siloed tools to integrated intelligent platforms

2. Data Governance – From ad hoc policies to enterprise–wide standards with automated enforcement

3. Process Automation – From manual workflows to AI–augmented operations

4. Value Realization – From cost–center metrics to measurable business outcomes

5. People and Change – From resistance to adoption to workforce enablement and upskilling

What makes this framework different: It’s not theoretical. Each maturity level includes specific benchmarks, implementation tools, and a phased roadmap with measurable success criteria. We built it for organizations that need to show progress quarterly, not just aspire to transformation over years.

The Strategic Moat: Human-in-the-Loop AI Governance

I’ll share a perspective that may diverge from the industry hype: organizations that win with AI won’t automate the most, they’ll automate responsibly.

Many vendors offer point solutions for robotic process automation or document classification. Verisma’s approach is fundamentally different. We’ve built an integrated platform spanning the full health information lifecycle – intake, retrieval, quality assurance, disclosure, and archiving – with human oversight embedded at every decision point
.
Why does this matter, strategically:

• Regulatory durability: Healthcare AI regulations are tightening. Solutions built on black–box automation face compliance risk. Human-in-the-loop architectures are designed for the regulatory environment that’s coming, not just today’s requirements.
• Quality assurance: Our AI workflows use confidence thresholds automatically triggering human review when certainty falls below acceptable levels. This isn’t a safety net, it’s a design principle. Organizations using this approach achieve 38 percent faster turnaround times while reducing unauthorized disclosure incidents by 50 percent.
• Auditability: Every AI decision is logged with immutable trails, reviewer attestations, and exception documentation. When regulators or auditors ask, “How did this decision get made?” There’s a clear answer.
• Workforce enablement: We don’t replace health information professionals; we amplify them. Staff handle exceptions and complex judgments while AI manages routine processing.

The Path Forward: From Maturity Assessment to Business Outcomes

Based on our CHIME25 research and client experience, here’s what I believe healthcare technology leaders should prioritize:

1. Assess honestly. Most organizations overestimate their AI maturity.

2. Governance before acceleration. The organizations moving fastest on AI adoption aren’t the ones with the biggest budgets. They have the clearest governance frameworks measuring and optimizing outcome metrics.

3. Demand transparency from vendors. Ask tough questions: Where does my data go? How are models trained? What happens when the AI’s uncertain?

4. Measure business outcomes, not AI activity. For instance, for release of information, track turnaround time and compliance incidents, not number of AI models deployed.

5. Plan for workforce transition. AI will change roles, not eliminate them.

Looking Ahead

In the next three years, I expect 75 percent of routine healthcare data tasks to be AI–assisted. The organizations thriving won’t adopt AI first. They’ll build governance, infrastructure, and workforce capabilities to adopt AI well.

Healthcare technology leaders are ready for this transformation. They’re looking for partners understanding operational realities and delivering practical innovation with transparency and accountability. If you’re evaluating your organization’s AI maturity, let’s chat.

About the Author

Anupriyo Chakravarti is Chief Technology & Product Officer at Verisma, leading technology strategy and product development for healthcare’s leading health information management platform. He speaks regularly on AI governance, healthcare data transformation, and technology leadership at industry conferences including AHIMA, CHIME and HIMSS.