Healthcare organizations have moved from experimenting with AI to operationalizing it. What started with a few point solutions has expanded into a growing ecosystem of ambient scribes, prior auth automation, radiology support, patient messaging tools, revenue cycle copilots, contact center assistants, and more. In many health systems, AI is now spread across departments, workflows, and vendors. And few are looking at AI across all of these environments.
Most healthcare leaders I speak with are reasonably confident in the security posture of each individual AI vendor they approve. They have conducted a security review. The BAA is signed. The vendors have done their work — SOC 2 certifications, encryption at rest and in transit, access controls. On paper, each application looks sound.
But governing an AI vendor is not the same thing as governing AI use across the enterprise. That is the gap many health systems are now running into.
Traditional vendor reviews answer an important question: Is this company and product acceptable to bring into our environment? It does not answer the harder question: How is AI actually being used across real workflows, by real staff, with real patient data, every day?
That distinction matters. Because most of the practical risks in healthcare AI do not come from a vendor suddenly becoming reckless. They come from everyday usage drifting beyond what leadership intended, approved, or can currently see.
In healthcare, that can mean PHI entering a tool in ways no one anticipated. It can mean staff falling back to consumer AI when enterprise tools do not meet workflow needs. It can mean approved systems exchanging sensitive context in ways that create privacy, compliance, or trust issues.
Here are three scenarios of real risks of AIin healthcare we’ve seen.
A health system has an enterprise ChatGPT deployment with a BAA in place. It is approved for low-risk operational work such as drafting policy language, summarizing non-patient meeting notes, and creating training materials.
A care manager, under time pressure, pastes a patient discharge summary into the tool and asks it to draft outreach language for a follow-up call.
The problem is not that the tool itself is unapproved. The problem is that the use case was never approved. A BAA does not automatically mean every employee, every workflow, and every category of patient data is in scope.
This is where many healthcare organizations get exposed: not because they chose the wrong tool, but because they cannot see when usage expands beyond the boundaries they intended.
The organization provides an approved clinical documentation assistant, but clinicians find it slow or cumbersome to rewrite patient instructions into simpler language.
So, a physician or nurse copies the instructions into their own personal ChatGPT or Gemini account to get a clearer version in seconds.
That behavior is easy to understand. It is also a governance problem.The staff member is not trying to bypass policy for the sake of it. They are trying to get the job done when the sanctioned workflow feels inadequate.
For leadership, that is the real signal: shadow AI often points to unmet workflow needs, not just employee noncompliance.
A health system uses an approved ambient documentation platform and an approved patient outreach platform. Both vendors are reviewed. Both are covered by contracts. Both are acceptable on their own.
An integration is configured between them. The documentation tool generates structured patient summaries.The engagement platform uses summaries to personalize outreach producing more relevant messages, better patient experience, and stronger engagement.
That sounds harmless until the summary includes sensitive context, such as a behavioral health concern or a note about medication affordability. Now information that may be appropriate in a clinical chart is influencing outbound patient communication in a way leadership never explicitly intended.
Nothing “broke.” No single vendor failed. But the organization still created risk because no governance policy was being enforced at the point where data moved between systems.
Healthcare organizations already have significant security and compliance infrastructure in place. SIEM, DLP, firewalls, IAM, vendor risk review, audit controls. Those are all necessary.
However, they were not designed to answer AI-specific governance questions such as:
This is why AI governance is emerging as its own discipline inside healthcare IT. It is not just cybersecurity. It is not just compliance. And it is not just vendor management. It is the ability to continuously see, evaluate, and govern AI use across the full environment.
Effective AI governance for hospitals and health systems isn't just about vetting applications before you deploy them.
It's about maintaining continuous visibility into how AI is being used, by whom, andwith what data, across your entire environment.
That means monitoring approved enterprise applications. It means detecting unsanctioned AI use by staff. It means understanding how data moves between AI systems. And it means having the ability to act quickly when something looks wrong — before it becomes a breach, a compliance violation, or a patient safety event.
The health systems that get this right won't just be more secure. They'll be better positioned to deploy AI aggressively and responsibly — because they'll have the oversight infrastructure to back it up.
That is the standard the industry should be building toward. In healthcare, AI governance and monitoring are no longer optional.
To learn how Vitea can help you detect, monitor, and govern AI across your health system, connect with us today.
.png)
.png)
