If you’re a healthcare CIO or CDIO, you’re probably having no shortage of “AI governance” conversations right now. Legal wants guardrails, clinical leaders want assurances on safety and bias, operations is pushing for automation to hit margin targets, all while vendors are happy to attach “governance frameworks” to every new AI tool.
Meanwhile, inside your health system, AI, automation, and data work still tends to happen in disconnected pockets. Maybe one clinical AI committee evaluates diagnostic tools, an automation Center of Excellence works the EHR task list, and a data governance council focuses on access and quality. Each has its own intake process, language, and priorities, leading to:
Duplicate efforts chasing the same outcome in different departments
Shadow AI and automation projects that never surface until they’re already live
Multiple “AI roadmaps” competing for funding, with no shared view of value and risk
In other words, even though healthcare leaders care about their AI initiatives, governance is falling short, and it’s because it’s being applied once work is already fragmented. Instead of beginning with one operating model for how AI, automation, and data opportunities move from idea to investment, it’s far too common to instead start with committees, policies, and technology.
What you truly need first is a simple operating model for intake, evaluation, and prioritization of AI, automation, and data work. And it needs to be one that spans departments and ties directly to measurable business value.
Governance is the Outcome
When most organizations say AI governance, they’re really talking about one of three things:
- A committee
- A set of policies
- A checklist for assessing model risk
Those things matter, because you absolutely do need policy, oversight, and clear guardrails.
The problem is that when you start there, governance becomes a series of conversations about specific tools rather than a repeatable way to decide which problems are worth solving in the first place. An AI operating model for healthcare flips that order, giving you the repeatable way to decide first, with policy and oversight following from it.
The first‑order questions for a CIO are different:
- How do AI, automation, and data ideas enter the system?
- How do we make sure the same problem isn’t being tackled three different ways, or with different toolsets or systems? The goal here is to reduce tech stack through better visibility and evaluation.
- How do we consistently weigh value, feasibility, and risk across all of these ideas?
- How do we turn that into a portfolio the COO and CFO can act on?
A Four-Part Operating Model
A practical AI operating model for a provider organization doesn’t need to be a massive transformation program. At a minimum, it should give you four things:
1. One front door for AI, automation, and data ideas
Right now, ideas land wherever they happen to surface, whether in clinical quality committees, revenue cycle huddles, transformation offices, IT steering meetings, or vendor calls. Each lane has its own spreadsheet or email loop.
A unified operating model starts by creating one front door for demand:
- A single intake form for anything labeled AI, GenAI, agentic AI, intelligent automation, machine learning, or major data initiative.
- A small set of required, non‑technical fields:
- The problem or opportunity in plain language
- Current baseline metrics (e.g., average days to schedule, denials rate, credentialing cycle time)
- Who is affected (patients, clinicians, staff)
- Relevant data sources and systems
- Initial risk considerations (PHI, clinical risk, equity concerns)
You don’t need to route every micro‑change through this door, but anything that will require material investment, touch PHI, or change how clinicians and staff work should come through the same lane, whether it’s AI, automation, or data.
2. A cross‑functional evaluation pod anchored by the CIO/CDIO
Once ideas are coming through one door, you need a way to evaluate them against a shared set of questions. That’s where a small, cross‑functional steering committee comes in.
In a provider setting, this group is typically composed of operational and functional leaders empowered by executive sponsorshop from the CIO/CDIO and other enterprise leaders. It often includes: that usually includes:
- IT or digital leadership: coordinates intake and owns the operating model
- Operational leadership: validates operational value and alignment to organizational priorities
- Data and analytics leadership: evaluates data availability, quality, governance, and reporting implications
- Clinical informatics or clinical operations leadership: assesses workflow fit, clinician adoption, and patient safety considerations
- Security, compliance, and privacy representatives: evaluates PHI handling, cybersecurity, vendor risk, and regulatory considerations
- Finance or PMO representation (optional but common): supports prioritization, resource planning, and value tracking
Reports from hospitals and health systems already describe AI committees that blend clinical, IT, and data perspectives, but they often stop short of specifying how that group evaluates and prioritizes opportunities. The steering committee’s mandate should be explicit, too:
- Review new intake submissions on a regular cadence (monthly or bi‑weekly)
- Clarify and combine overlapping ideas
- Apply shared scoring criteria (more on that next)
- Decide whether to advance, merge, defer, or decline each idea
This is about having a single, repeatable place where tradeoffs are made consciously, rather than project‑by‑project in different rooms.
3. A shared value and risk scoring framework
This is where governance becomes concrete. The pod needs a simple scoring framework that balances business value, feasibility, and risk/compliance across all AI, automation, and data proposals.
For example:
- Business value
- Expected impact on cost to serve, margin, throughput, or capacity
- Impact on clinical quality, safety, or patient/clinician experience
- Scale: number of patients, encounters, or staff affected
- Time to impact: near‑term quick win vs. long‑horizon infrastructure
- Feasibility
- Data readiness: is the necessary data available, of sufficient quality, and accessible under current policies?
- Technical fit: is this genuinely an AI problem, or would workflow redesign, basic automation, or better analytics get you 80% of the value?
- Change complexity: number of sites/teams involved and degree of workflow disruption
- Risk and compliance
- Data privacy and PHI exposure
- Clinical risk (what happens if the AI or automation fails or underperforms?)
- Equity and bias concerns
- Regulatory and reputational risk
These dimensions of value, feasibility, and risk are what most leadership teams are already trying to balance, even if they’re not doing it explicitly or consistently.
When you make those trade-offs visible, decisions are easier to explain, and funding conversations are much less subjective.
You don’t have to get the scoring perfect at the start. What matters is that:
- The criteria are documented and understood
- They’re applied consistently across AI, automation, and data proposals
- The rationale for decisions is transparent enough to withstand scrutiny from clinicians, compliance, and finance
4. Transparent prioritization and routing
Once you’ve scored ideas, you can do something most CIOs wish they had already: create a single, cross‑domain AI, automation, and data roadmap.
That portfolio should:
- Rank opportunities by their combined value, feasibility, and risk scores
- Flag ideas that are clearly duplicates or strong candidates for consolidation
- Assign each accepted opportunity to where it needs to go:
- Intelligent automation / RPA and workflow automation
- Generative or agentic AI
- Advanced analytics/decision support
- Process redesign or policy change (no tech required)
Today, the organizations getting substantial value are those that treat AI as part of a modular architecture with reusable components and clear interfaces, and a portfolio mindset, not one‑off pilots.
A portfolio view also gives your CFO and COO something they want but rarely get: a unified, cross-functional picture of where AI and automation spending is going and why.
Why This Matters Now: the Shift From Pilots to Discipline
A few years ago, the dominant question in healthcare AI was, “Should we do something with AI?” Today, that question has evolved into, “How do we scale AI safely, equitably, and profitably?”
The pattern across health systems is that AI adoption has moved well beyond pilots into documentation, scheduling, revenue cycle, and patient communication, but most organizations still lack a mature AI operating model for healthcare that defines how those projects are proposed, evaluated, prioritized, and monitored.
The gap between AI adoption and AI operating discipline is where governance fatigue shows up. Without a shared intake and prioritization model, every new AI proposal feels like another negotiation.
How to Stand This Up, One Phase at a Time
In many health systems, you can stand up a first‑generation operating model by following a phased sequence like this:
Phase 1: Inventory and reality‑check
- Catalog existing AI, automation, and major data initiatives across the organization.
- Document which committees, councils, or CoEs currently touch these efforts.
- Identify overlapping use cases, especially where different teams are chasing similar documentation, scheduling, or claims use cases with different tools.
- Use this inventory as your case for change with your COO, CDO, and clinical leaders.
Phase 2: Design and pilot intake + scoring
- Draft a one‑page intake form and pilot it with a handful of operational and clinical leaders.
- Co‑design a simple scoring rubric with representatives from IT, operations, data, and clinical teams.
- Run your first evaluation session using a small set of upcoming opportunities; refine the rubric based on what felt too complex or too simplistic.
Phase 3: Formalize cadence and communicate the portfolio
- Establish a regular evaluation rhythm and publish who participates and how decisions are made.
- Build your initial AI/automation/data portfolio view and share it with senior leadership.
- Communicate the new process to department heads, emphasizing:
- One front door for AI/automation/data ideas
- How scoring works
- How and when decisions are made
If you already have an AI council, automation CoE, or data governance committee, this is more about connecting them with a shared process than starting from scratch. Many organizations find that simply consolidating intake and publishing a portfolio view materially reduces duplicate work and improves funding conversations.
Where to Go From Here
Across health systems, I’ve seen time and time again that the real value shows up when AI and automation stop being treated as disconnected projects and start being managed through a shared AI operating model for healthcare that’s tied to outcomes.
So, it’s worth starting a conversation inside your organization about:
- How AI, automation, and data decisions are truly being made today
- Where fragmentation, duplication, and shadow efforts are causing risk or waste
- Who needs to be in the room to design your first unified intake and prioritization model
From there, you can bring in outside research, peer examples, or trusted advisors to pressure‑test your design and learn from what other health systems have already tried, both good and bad.
Let’s talk about how your organization is taking in, evaluating, and prioritizing AI, automation, and data work, and where a unified model could provide value. You can start by dropping a question or comment in the chat below, we’d be happy to hear from you.
