Why health care CFOs are caught between AI pressure and governance risk | Fortune

Why health care CFOs are caught between AI pressure and governance risk | Fortune

Briefly

"One of the key findings is that 53% of organizations cannot remove personal data from AI models once it has been used, creating long-term exposure under GDPR, CPRA, and emerging AI regulations. All respondents said agentic AI is on their roadmap, but the controls to govern those systems are lagging. Overall, 63% cannot enforce purpose limitations on AI agents, 60% lack kill-switch capabilities, and 72% have no software bill of materials (SBOM) for AI models in their environment."

"The result: AI systems are accessing, processing, and learning from sensitive data while organizations cannot fully track where that data goes or prove how it is being used, according to the report. Among the 10 industries surveyed, government faces the steepest challenges due to legacy systems. In the private sector, however, health care stands out for weaknesses in controls and AI governance."

"Health care organizations are also among the most conservative in AI spending. More than 80% of respondents said they currently have no API agents planned-technology that enables AI agents to connect with external systems and operate in coordinated workflows. While cautious deployment can reduce near-term risk, organizations that delay may also fail to build the governance capabilities they will need as AI use expands, Kiteworks finds."