Parkview Health has been recognized for the 12th consecutive year on the Digital Health Most Wired Survey by the College of Healthcare Information Management Executives (CHIME), achieving the highest rating, Level 10, for both acute and ambulatory care categories. Parkview was the only health system in Indiana to reach Level 10 this year.
Parkview improved to Level 10 this year after receiving Level 9 ratings in 2023 and 2024. The health system previously received Level 10 ratings in 2019, 2021 and 2022.
“Technology is interwoven into every part of the healthcare experience,” said Jeff Coulter, chief information officer, Parkview Health. “Whether it’s our patient portals allowing individuals to schedule appointments or check their information, robust security and privacy tools, or the many resources available to physicians, nurses and caregivers to treat patients efficiently and effectively, Parkview is staying on the forefront of technology in healthcare. We’re proud to once again receive CHIME’s highest rating in this year’s Most Wired survey.”
The Digital Health Most Wired survey serves as a comprehensive evaluation and digital maturity report card for healthcare organizations across the globe. As success in digital transformation increasingly influences the quality and accessibility of care, this recognition program reflects the progress of leading healthcare providers as they reshape the future of healthcare. This achievement extends beyond information technology to every area of the enterprise, symbolizing a collective commitment to advancing health and care through strategic digital initiatives.
Among the more than 50,000 facilities represented, Parkview distinguished itself by ranking above peers in key focus areas including clinical quality and safety, analytics and data management, cybersecurity, population health, infrastructure, patient engagement and innovation. The survey evaluates the adoption maturity, outcomes and value of technology integration across healthcare organizations at all stages of digital maturity – from early-phase digitization to advanced transformation.
As healthcare organizations continue to face complex challenges in rising cybersecurity threats, evolving care models, workforce shortages, and budget constraints, the need to accelerate digital transformation has never been more urgent, according to CHIME. Over the next several decades, emerging technologies will revolutionize care delivery in fundamental ways.
Innovations powered by interoperable data, artificial intelligence and secure digital infrastructure are poised to redefine the digital health landscape. Navigating this evolution will require sustained commitment and a clear, strategic roadmap.
“Working one-on-one with patients will always be the foundation of great care, but technologyarms our caregivers with the tools to make safe, effective and efficient decisions,” said Dr. Mark Mabus, senior vice president for electronic health records and chief medical informatics officer, Parkview Health. “We are always aiming to make it easier and smoother both for patients to access their healthcare and for our care teams to deliver it. As technology continues to advance and evolve the healthcare industry, Parkview is equipped to evaluate and implement the products that bring real value to our patients and providers.”
VIPRE Security Group, a global leader and award-winning cybersecurity, privacy, and data protection company, has released its Q3 Email Threat Landscape Report.
Processing and analysing 1.8 million emails, this report highlights the most critical email security threat trends identified in Q3 2025, to help organizations strengthen their email defense strategies against the creative, sophisticated, and highly targeted tactics of threat actors, designed to circumvent traditional cybersecurity measures.
Commercial clutter, the perfect cover for cyberthreats
Legitimate but “spammy” commercial messages dominated this quarter at 60%, up 34% year-on-year. Phishing messages rose to 23% from 20%, while scams dropped to 10% from 34%. This flood of routine commercial clutter is designed to desensitize even the most security-conscious users, making malicious emails blend seamlessly into the noise. When inboxes overflow with legitimate-looking messages, users become less vigilant about what they click on.
Overall, more than a third of all spam emails are maliciously designed to cause harm, encompassing phishing attempts, scams, and malware.
Cold outreach marketing and shotgun list bombing dominate commercial spam
Within the 60% commercial spam category, cold outreach marketing emails dominated with 72% of the cases. List bombing claimed another 16%, a tactic where attackers maliciously subscribe victims to hundreds or thousands of mailing lists, newsletters, or promotional sign-ups simultaneously, flooding their inboxes with unwanted content. This overwhelming deluge frustrates users but serves as the perfect smokescreen for concealing genuine threats among the chaos.
Newly registered domains on the rise for phishing, but open redirects preferred
Threat actors increasingly registered large numbers of domains to launch temporary phishing sites, quickly deactivating them upon discovery to evade detection and blacklisting. This trend stresses that traditional blacklisting of email domains and signature-based detection measures alone are inadequate.
However, despite the success of newly registered domains, compromised URLs or open redirects remain attackers’ preferred phishing vector, employed in 80% of campaigns. Newly registered domains account for only the remaining 20%, but is a trend to watch.
Outlook and Google mailboxes top targets for credential harvesting
Attackers are concentrating their efforts on the world’s two largest business and personal email platforms, Outlook and Google, which today form 90% of observed phishing attacks. This strategic focus is enabling threat actors to maximize efficiency by reducing the research and customization required for individual campaigns.
Fetch API emerges as preferred data exfiltration method
One-third of phishing attacks leveraged Fetch API, a sophisticated JavaScript interface for network requests, to exfiltrate stolen credentials. By comparison, fewer than 10% of attacks used POST requests – the traditional HTTP method for transmitting data to servers. This trend suggests attackers are adopting more advanced techniques that may evade conventional security detection mechanisms designed to monitor standard POST-based data transfers.
Apple TestFlight exploits to distribute malicious iOS apps
Sophisticated threat actors abused Apple’s TestFlight platform to deliver malware-laden iOS applications to targeted victims. Exploiting TestFlight’s legitimate beta testing framework allowed attackers to distribute pre-release test software via invite or public links, bypassing Apple’s standard App Store review processes and security controls, to deliver malicious payloads directly to users’ devices.
Geographic distribution is helping malware evade blocklists
Over 60% of spam emails originated from the United States, 9% from Hong Kong, showing a 5% growth in Q1 2025 and 8% in Q2 2025; 6% from Great Britain; and 25% collectively from other developed countries. This geographic dispersion across spam-sending markets makes IP-based geographic blocking impractical and inadvisable – a vulnerability that attackers deliberately exploit.
Attackers used a variety of creative techniques to evade detection and maximize spam delivery.
Most notably, compromised accounts (33%) demonstrate that attackers exploited trusted domains to bypass reputation checks and filters despite email authentication (SPF/DKIM) anomalies. 32% of campaigns exploited free popular services, such as Gmail, Yahoo, and Outlook, alongside lesser-known free relays including GMX, ProtonMail, Zoho, and Yandex.
Misusing the strong IP reputations of bulk mailing services like SendGrid, Mailgun, and Amazon SES, attackers weaponised them either through fake sign-ups or compromised customer accounts.
Usman Choudhary
“Today’s cybersecurity threats are succeeding through creative, pinpointed, and strategic sophistication,” Usman Choudhary, General Manager, VIPRE Security Group, says. “They’re manipulating trusted platforms, layering evasion tactics into seamless attack chains, and using commercial spam as cover for their operations. To counter this, organizations need to deploy equally adaptive and layered defenses. The question isn’t whether defenses work today, but rather will they adapt fast enough for tomorrow?”
To read the full report, click here: Email Threat Trends Report: Q3 2025
VIPRE leverages its vast understanding of email security to equip businesses with the information they need to protect themselves. This report is based on proprietary intelligence gleaned from round-the-clock assessment of the cybersecurity landscape.
MDaudit joins the American Health Information Management Association (AHIMA) in a dynamic film series that shines a light on the vital work of health information (HI) professionals at the intersection of care, technology, and policy.
Health Information: Making Every Patient’s Story Matter showcases how HI professionals safeguard sensitive data, improve patient outcomes, and shape smarter and more connected healthcare systems through a series of short films, expert interviews, and real-world case studies.
Revenue Integrity and Care Quality
Produced in partnership with strategic content creator Content With Purpose (CWP) and available to stream online, the series features two films from MDaudit. The first is a short documentary that examines how healthcare professionals at Reno, Nev.-based Renown Health, Nevada’s largest not-for-profit integrated healthcare network, utilize MDaudit’s billing compliance and revenue integrity platform to prevent fraud, waste, and abuse, ensuring appropriate reimbursement and improving care quality.
Ritesh Ramesh
The second is an interview with MDaudit CEO Ritesh Ramesh, who shares insights into why some hospitals and health networks with strong profit margins can reinvest capital back into new and existing facilities to expand access and offer exceptional patient care despite surging denial rates.
These provider organizations tend to invest in advanced revenue cycle management (RCM) technologies, including AI and automation, to accelerate and improve the processing of health information, achieve revenue integrity, and optimize clinical and administrative operations. This, in turn, provides the financial sustainability necessary to expand provider organizations’ services and service footprint, including into traditionally underserved areas.
“The ability to avoid denials and optimize operations and reimbursements by implementing a pre-emptive continuous risk monitoring strategy within RCM is a significant advantage for high-performing healthcare organizations,” says Ramesh. “MDaudit plays an essential role in achieving proactive revenue integrity by helping healthcare organizations balance accurate revenue capture with risk mitigation, enabling confident reinvestment in the future of patient care.”
Revolutionizing Health Data
Filmed across North America, Health Information: Making Every Patient’s Story Matter highlights the innovation, expertise, and collaboration that drive excellence in the profession. It explores themes such as:
Data for Better Health – how patient data powers improved health outcomes and a deeper understanding of social determinants of health.
Emerging Technologies – the role of AI and digital tools in enabling accurate, secure, and accessible records.
Collaboration & Thought Leadership – how partnerships across governments, academia, and industry strengthen health systems.
Skills, Integrity & Certification – the value of credentials and professional standards in advancing healthcare transformation.
Together, these stories bring the HI profession to center stage, demonstrating how health information is revolutionizing the way data is created, exchanged, and utilized across healthcare. Explore the series here.
Artificial intelligence (AI) is evolving rapidly, reshaping the health IT landscape while state and federal governments race to put regulations in place to ensure it is safe, effective, and accessible. For these reasons, AI has emerged as a priority for the EHR Association. We sat down with EHR Association AI Task Force Chair Tina Joros, JD (Veradigm), and Vice Chair Stephen Speicher, MD (Flatiron Health), to discuss the direction of AI regulations, the anticipated impact on adoption and use, and what the EHR Association sees as its priorities moving forward.
Stephen Speicher, MD
EHR: What are the EHR Association’s priorities in the next 12-18 months, and is/how is AI changing them?
Regulatory requirements from both D.C. and state governments are a significant driver for the decisions made by the provider organizations that use our collective products, so a lot of the work the EHR Association does relates to public policy. We’re currently spending a fair amount of our time working on AI-related conversations, as they’re a high-priority topic, as well as tracking and responding to deregulatory adjustments being made by the Trump administration. Other key areas of focus are anticipated changes to the ASTP/ONC certification program, rules that increase the burdens on providers and vendors, and working to address areas of industry frustration, such as the prior authorization process.
EHR: How has the Association adapted since its establishment, and what areas of the health IT industry require immediate attention, if any?
The EHR Association is structured to adapt quickly to industry trends. Our Workgroups and Task Forces, all of which are led by volunteers, are evaluated periodically throughout the year to ensure we’re giving our members a chance to meet and discuss the most pressing topics on their minds. Most recently, that has meant the addition of new efforts specific to both consent management and AI, given the prevalence of those topics within the general health IT policy conversation taking place at both the federal and state levels.
Tina Joros
EHR: If you were to welcome young healthcare entrepreneurs to take on the sector’s most pressing challenges, what guidance would you offer them?
Health IT is a great sector for entrepreneurs to focus on. The work is always interesting because it evolves so quickly, both from a technological perspective and the fact that public policy impacting health IT is getting a lot of attention at the federal and state levels. There are a lot of paths to work in the industry, so it’s always helpful for both entrepreneurs and potential health IT company team members to have a clear understanding of the complexities of our nation’s healthcare system and how the business of healthcare works. Plus, they need a good grasp of the increasingly critical role of data in clinical and administrative processes in hospitals, physician practices, and other care settings.
EHR: What principles are critical to the safe and responsible development of AI in healthcare? How do they reflect the Association’s priorities and position on current AI governance issues?
One of the first things the AI Task Force did when it was formed was to identify certain principles that we believe are essential for ensuring the safe and high-quality development of AI-driven software tools in healthcare. These guiding principles should also be part of the conversation when developing state and federal policies and regulations regarding the use of AI in health IT.
Focus on high-risk AI applications by prioritizing governance of tools that impact critical clinical decisions or add significant privacy or security risk. Fewer restrictions on other use cases, such as administrative workflows, will help ensure rapid innovation and adoption. This risk-based approach should guide oversight and reference frameworks like the FDA risk analysis.
Align liability with the appropriate actor. Clinicians, not AI vendors, maintain direct responsibility for AI when it is used for patient care, when the latter provides clear documentation and training.
Require ongoing AI monitoringand regular updates to prevent outdated or biased inputs, as well as transparency in model updates and performance tracking.
Support AI utilization by all healthcare organizations, regardless of size, by considering the varying technical capabilities of large hospitals vs. small clinics. This will make AI adoption feasible for all healthcare providers, ensuring equitable access to AI tools and avoiding the exacerbation of the already oversized digital divide in US healthcare.
Our goal with these principles is to strike a balance between innovation and patient safety, thereby ensuring that AI enhances healthcare without unnecessary regulatory burdens.
EHR: In its January 2025 letter to the US Senate HELP Committee, the EHR Association cited its preference for consolidating regulatory action at the federal level. Since then, a flurry of state-level activity has introduced new AI regulations, while federal regulatory agencies work on finding their footing under the Trump Administration. Has the EHR Association’s position on regulation changed as a result?
Our preference continues to be a federal approach to AI regulation, which would eliminate the growing complexity we face in complying with multiple and often conflicting state laws. Consolidating regulations at the Federal level would also ensure consistency across the healthcare ecosystem, which would reduce confusion for software developers and providers with locations in multiple states.
However, while our position hasn’t changed, the regulatory landscape has. In the months since submitting our letter to the HELP Committee, California, Colorado, Texas, and several other states have enacted laws regulating AI that take effect in 2026. Even if the appetite for legislative action was there, it’s unlikely the federal government could act quickly enough to put in place a regulatory framework that would preempt those state laws. Faced with that reality, we’re working on a dual track of supporting our member companies’ compliance efforts at the state level while continuing to push for a federal regulatory framework.
EHR: What benefits will be realized by focusing regulations on AI use cases with direct implications for high-risk clinical workflows?
Centering AI regulations on high-risk clinical workflows makes sense because they represent a higher possibility of patient harm, and that focus would simultaneously ensure room for innovation on lower-risk use cases. Our collective clients have many ideas as to how AI could help them address areas of frustration, and that’s where our member companies therefore want room to move from development to adoption more expediently, unencumbered by regulation—for example, administrative AI use cases like patient communication support, claims remittance and streamlining benefits verification, all of which our internal polling shows are in high demand by physicians and provider organizations.
A smart, efficient risk-based regulatory framework would be grounded in the understanding that not all AI use cases have a direct or consequential impact on patient care and safety. That differentiation, however, is not happening in many states that have passed or are contemplating AI regulations. They tend to categorize everything as high-risk, even when the AI tools have no direct impact on the delivery of care or the risk to patients is minimal.
The unintended consequence of this one-size-fits-all approach is that it stifles AI innovation and adoption. It’s why we believe the better approach is granular, differentiating between high- and low-risk workflows, and leveraging existing frameworks that stratify risk based on the probability of occurrence, severity, and positive impact or benefit. This also helps ease the reporting burden on all technologies incorporated into an EHR that may be used at the point of care.
EHR: Where should the ultimate liability for outcomes involving AI tools lie–with developers or end users–and why?
This is an interesting aspect of AI regulation that remains largely undefined. Until recently, there hasn’t been any discussion about liability in state rulemaking. For example, New York became one of the first states to address liability when a bill was introduced that holds everyone involved in creating an AI tool responsible, although it’s not specific to healthcare. California recently enacted legislation stating that a defendant—including developers, deployers, and users—cannot avoid liability by blaming AI for misinformation.
Given the criticality of “human-in-the-loop” approaches to technology use—the concept that providers are ultimately accountable for reviewing the recommendations of AI tools and making final decisions about patient care—our stance is that liability for patient care ultimately lies with clinicians, including when AI is used as a tool. Existing liability frameworks should be followed for instances of medical malpractice that may involve AI technologies.
EHR: Why must human-in-the-loop or human override safeguards be incorporated into AI use cases? What are the top considerations for ensuring those safeguards add value and mitigate risk?
The Association strongly advocates for technologies that incorporate or public policy that requires human-in-the-loop or human override capabilities, ensuring that an appropriately trained and knowledgeable person remains central to decisions involving patient care. This approach also ensures that clinicians use AI recommendations, insights, or other information only to inform their decisions, not to make them.
For truly high-risk use cases, we also support the configuration of human-in-the-loop or human override safeguards, along with other reasonable transparency requirements, when implementing and using AI tools. Finally, end users should be required to implement workflows that prioritize human-in-the-loop principles for using AI tools in patient care.
Interestingly, we are seeing some states address the idea of human oversight in proposed legislation. Texas recently passed a law that exempts healthcare practitioners from liability when using AI tools to assist with medical decision-making, provided the practitioner reviews all AI-generated records in accordance with standards set by the Texas Medical Board. It doesn’t offer blanket immunity, but it does emphasize accountability through oversight. California, Colorado, and Utah also have elements of human oversight built into some of their AI regulations.
Healthcare providers are under unprecedented strain from rising claim denials, staffing shortages, and mounting margin pressures. To help meet these challenges, AGS Health, a leading provider of tech-enabled RCM solutions and a strategic growth partner to healthcare providers across the U.S., has introduced a new suite of agentic digital workforce solutions powered by AI agents and intelligent automation.
“Labor-intensive processes, fragmented RCM ecosystems, and continuously shifting payer rules have put healthcare finance leaders at a disadvantage,” said Patrice Wolfe, CEO of AGS Health. “CFOs are now dealing with alarming denial trends and significant financial threats that demand new strategies led by a collaborative digital RCM workforce built for scalability and engineered for impact. Through agentic AI, AGS Health empowers healthcare leaders with digital agents that work alongside their teams, taking on autonomous tasks and recommending data-driven next steps to improve decision-making.”
83% of organizations saw claim denials reduced by at least 10%.
68% reported improved net collections.
39% saw cash flow increase by more than 10%.
A New Class of Digital RCM Workforce
“AGS Health is answering the call for change with AI agents that level the playing field for overburdened RCM teams,” said Thomas Thatapudi, CIO of AGS Health. “Our next-generation, AI-infused workforce solutions bring speed, agility, accuracy, and human-like decision-making to critical RCM functions such as eligibility verification, prior authorizations, denials management, and appeals.”
AGS Health was recently recognized with a UiPath AI25 Award for its pioneering use of agentic AI to help healthcare organizations reduce the financial impact of denials. Its digital workforce features AI agents that understand natural language, adapt to changing rules and workflows, and make autonomous decisions to drive measurable business outcomes, including fewer denials and higher clean claim rates.
Key benefits include:
Financial: Faster reimbursement and lower cost-to-collect
Operational: Improved staff efficiency and focus on high-value work
Quality: Fewer errors in coding, data entry, and appeals
The Hybrid Intelligence Advantage
While AI systems can act autonomously, RCM professionals remain central to a successful digital workforce model. Skilled specialists help train and refine the AI, driving strategy while maintaining oversight and accountability.
“Our hybrid intelligence model combines AI’s speed, accuracy, and scalability with human expertise and empathy,” added Thatapudi. “AI agents manage high-volume tasks while professionals handle exceptions and guide continuous improvement. This can be achieved in-house domestically or through our globally distributed workforce model to reduce operating costs and allow for 24/7 production schedules.”
By preparing work, surfacing insights, and managing exceptions, AGS Health’s AI agents empower RCM teams to make smarter, faster decisions without compromising quality.
Email continues to be the lifeblood of communication in healthcare. From coordinating care among clinical teams to sharing lab results and scheduling appointments, email is a fast, familiar, and fully integrated part of nearly every workflow. Yet, the very convenience that makes it indispensable also makes it one of the riskiest points of exposure for patient information and organizational security.
In healthcare, the impact of an email breach goes beyond just financial loss. A misaddressed email, an incorrect attachment, or a single successful phishing attempt can compromise sensitive information, including diagnoses, lab results, and personal identifiers. These details are extremely valuable to cybercriminals, posing risks such as identity theft, fraudulent insurance claims, and tampered medical records that can directly impact patient safety and well-being.
The Shift from Technical Exploits to Human-Centric Attacks
Cybercriminals are increasingly shifting away from complex technical exploits and instead using personalized deception tactics. Recent research indicates that over half (58%) of phishing websites now utilize unidentifiable phishing kits, such as Evilginx, Tycoon 2FA, and 16shop, that are difficult to detect and are increasingly powered by AI. These kits enable cybercriminals to create highly personalized attacks that exploit both technology and human behavior, allowing them to bypass traditional security measures.
Business Email Compromise (BEC) remains a significant threat, with 82% of attacks involving impersonation of CEOs or senior leaders. This tactic is used to pressure employees into transferring funds or revealing sensitive information. Additionally, the targeting of specific regions is changing, with Danish, Swedish, and Norwegian executives increasingly vulnerable, alongside traditional English-speaking targets.
Malware: A Persistent Threat
Malware continues to heighten risks, with Lumma Stealer identified as the leading malware strain. It spreads through attachments or links from compromised cloud services. The malware-as-a-service model is particularly appealing, as it offers cost-effective access and support for both inexperienced and experienced attackers. This approach lowers the barrier to entry while maintaining high effectiveness.
Phishing lures are carefully designed to exploit human behavior. Financial incentives, urgency appeals, and account updates are the primary components of most malicious messages. Open redirects and compromised websites conceal the ultimate destination, making links appear legitimate, while PDFs, often embedded with QR codes, remain the most common vector for attachments.
These attacks are not random but carefully orchestrated to harvest sensitive data — at scale.
Human Error: The Weakest Link
Despite the sophistication of various cyber threats, human error remains the weakest link in cybersecurity. Healthcare professionals operate in high-pressure environments, balancing the demands of patient care with administrative tasks. In these situations, it’s easy to mistakenly send an email to the wrong recipient, mislabel an attachment, or click on a link that seems legitimate.
Additionally, healthcare organizations often rely on external partners for scheduling, billing, and communications, which involve handling protected health information (PHI). If a vendor is compromised, the covered entity remains responsible for the breach and its consequences.
This interconnectedness underscores why email security should not be viewed solely as an IT issue; it is a top organizational priority.
Beyond Perimeter Defenses: A Human-Centric Approach
Mitigating email risk requires more than just perimeter defenses. While encryption, multi-factor authentication, and phishing filters are essential, they are not enough on their own. These tools need to be complemented by user-focused safeguards that provide staff with real-time assistance. Practical measures include recipient confirmation prompts, content alerts when potentially harmful information is detected, and in-the-moment security reminders. These mechanisms serve as checkpoints, helping to prevent mistakes before they happen.
Training is also crucial, but it needs to be ongoing and integrated into daily workflows, rather than being limited to annual modules. Short, bite-sized lessons, simulated phishing exercises, and reminders that are embedded in workflows help reinforce awareness, ensuring that staff keep security in mind even under pressure. When security awareness is woven into daily operations, it becomes second nature for everyone involved.
The Role of Technology in Enhancing Email Security
While human-centric approaches are essential, technology also plays a crucial role in enhancing email security. Advanced email security solutions can detect and block malicious attachments, links, and impersonation attempts before they reach users’ inboxes. Machine learning algorithms can analyze email patterns and behaviors to identify anomalies indicative of phishing or business email compromise (BEC) attacks.
Furthermore, integrating email security with other systems, such as endpoint protection and identity management, creates a layered defense that can respond more effectively to threats. This holistic approach ensures that even if one layer is bypassed, others remain in place to protect sensitive information.
Legal and Regulatory Implications
The legal and regulatory landscape surrounding email security in healthcare is complex and continually evolving. Organizations must comply with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), which mandates the protection of protected health information (PHI). A breach resulting from an email-related incident can lead to significant legal consequences, including hefty fines and damage to reputation.
Moreover, patients trust healthcare organizations to safeguard their personal information. Protecting email communications is not just a legal obligation but is necessary to maintain patient trust.
Practical Steps for Healthcare Organizations
Healthcare organizations can implement several practical steps to enhance email security:
Implement Advanced Email Security Solutions: Utilize email security tools that can detect and block malicious content, impersonation attempts, and phishing attacks.
Educate and Train Staff: Provide ongoing training for staff on recognizing phishing attempts, securely handling sensitive information, and following best practices for email communication.
Establish Clear Policies: Develop and enforce policies regarding the use of email for transmitting sensitive information, including guidelines for encryption and authentication.
Monitor and Respond to Threats: Continuously monitor email traffic for signs of suspicious activity and have a response plan in place for addressing potential incidents.
Collaborate with Third-Party Vendors: Ensure that third-party vendors handling PHI adhere to the same security standards and practices to mitigate the risk of breaches.
Conclusion
Ultimately, protecting email in healthcare is not merely a compliance requirement; it is a critical aspect of ensuring patient safety. It is central to preserving patient trust, safeguarding clinical integrity, and ensuring uninterrupted care delivery. Each secure message helps prevent identity theft, fraudulent claims, and mismanaged records, directly supporting our mission to put patients first.
As cyber threats evolve and human error remains persistent, healthcare organizations must adopt strategies that combine robust technology with human-centered approaches. By doing so, they can reduce both accidental and malicious breaches, protecting the information that matters most, the health and safety of patients.
Electronic health record (EHR) systems now serve as the central nervous system of modern healthcare. They streamline documentation, bring care teams together and give providers sharper tools to protect patient safety and deliver consistent, coordinated care. Yet when it comes to real-time communication, many clinicians and administrators are hitting the same wall: embedded EHR messaging tools often fail to deliver reliable, accountable communication.
If you’ve ever waited hours to find out whether an urgent message got through—or had to track down the right on-call colleague because your EHR didn’t know who was available—you know exactly what’s at stake. In clinical environments, a missed or delayed message isn’t just an inconvenience; it can alter patient outcomes.
This gap between documentation and communication is widening, and healthcare leaders need to take notice. The question is not whether EHRs are valuable—they are—but whether their messaging features are sufficient for modern care. Increasingly, the answer is no.
What Are the Limitations of EHR Chat Tools?
On paper, built-in EHR chat features sound efficient. Clinicians already live inside the record system, so why not communicate there too? But integration does not equal effectiveness. Instead of providing clarity and accountability, these tools often create confusion and delay. In practice, they function more like message drop boxes than intelligent communication systems.
Three critical shortcomings appear consistently:
No escalation path. If a message goes unanswered, it may sit idle indefinitely. Without automated escalation, critical alerts can languish unseen, delaying time-sensitive interventions.
Lack of prioritization. A minor scheduling note looks identical to a stat lab result. When every message appears equally urgent, alert fatigue sets in, and critical updates risk being overlooked.
Unclear accountability. EHR chat rarely offers reliable read receipts or visibility into who is on shift. Clinicians are left guessing whether a message was received or acted upon, often triggering redundant outreach and wasted effort.
Together, these weaknesses illustrate why relying solely on EHR-native chat creates dangerous blind spots in care delivery. Messages may also land with staff who are off duty, in surgery or away from devices, further blurring accountability and delaying care.
The Tangible Costs of Communication Gaps
In healthcare, weak communication goes beyond being an operational nuisance and rises to the level of a clinical liability. When urgent updates are delayed or overlooked, the consequences ripple across patient care, compliance and workforce wellbeing. These challenges aren’t theoretical; they play out daily in hospitals, clinics and practices of every size. The impact shows up in four critical ways:
Delayed treatment. Even short lapses in communication can delay diagnostic or therapeutic decisions, directly affecting patient outcomes.
Compliance exposure. Without audit-ready logs showing delivery and acknowledgment, organizations face increased regulatory scrutiny, legal challenges and financial penalties. Documentation gaps can be just as dangerous as clinical ones.
Clinician burnout. A nonstop stream of notifications—many of them non-urgent—creates emotional exhaustion and disengagement. When every ping feels the same, providers struggle to focus on patient care.
Many teams rely on a patchwork of EHR messaging, texts, personal apps and phone calls. This fragmented ecosystem forces clinicians to chase information instead of delivering care.
The evidence is clear: weak communication slows processes, undermines efficiency, increases liability and compromises patient safety.
What Should Practices Demand from Communication Platforms?
Acknowledging the limits of EHR chat is only the first step. The next step is defining what strong communication should look like. Abandoning EHRs isn’t the answer—they remain essential for documentation and data-driven care. But expecting them to double as robust communication platforms is unrealistic. The smarter approach is to augment EHRs with purpose-built communication tools designed for clinical urgency, accountability and sustainability.
Key features to prioritize include:
Automated escalation. No message should remain unanswered. Escalation workflows reroute alerts to backup providers, ensuring patient coverage isn’t compromised.
Role- and shift-based routing. Messages must reach the right provider, at the right time, without guesswork. Intelligent routing tied to schedules and specialties reduces errors and delays.
Unified communication hub. Text, voice and alerts should flow through one secure platform, reducing fragmentation and providing a single source of truth. Smart prioritization. Tiered alerts or AI-driven filters can separate urgent clinical updates from routine messages, protecting clinicians from notification fatigue.
Boundary controls. Systems must support off-hour protection, silencing non-urgent pings while ensuring true emergencies break through.
Audit-ready tracking. Every message should carry a transparent trail—delivered, read, acknowledged, acted upon—helping meet compliance requirements and supporting legal defensibility.
Seamless integration. Platforms should plug into existing EHRs, calendars and on-call schedules, reducing complexity rather than adding to it.
When practices implement these capabilities, the result is more than streamlined workflows. It becomes a safety net that supports both clinicians and patients.
Communication as a Clinical Imperative
Clear and reliable communication is just as vital to patient care as maintaining accurate records or delivering timely diagnostics. Every message that fails to reach its destination introduces risk into the system. Every delay adds unnecessary stress to already overburdened providers.
Healthcare leaders must treat communication as a strategic investment. Just as EHRs transformed documentation, intelligent communication platforms can transform collaboration and care delivery.
Imagine a future where:
Urgent results automatically route to the right provider and are acknowledged.
Teams no longer juggle six different apps just to keep track of updates.
Clinicians leave shifts confident that non-urgent issues won’t intrude on their off hours.
Patients benefit from faster, safer interventions because the right signals reach the right person, on time.
The change represents both an efficiency upgrade and a cultural shift toward sustainable, accountable, patient-centered care.
A Call to Action
Physicians, nurses, administrators and system leaders each have a role to play. For providers, the need is immediate. Your ability to deliver care depends on communication you can trust. For administrators and executives, the mandate is equally urgent. Your compliance posture, risk exposure, and workforce sustainability hinge on closing this gap.
The bottom line is clear: EHRs are indispensable, but they are not enough. Thriving in modern healthcare requires communication platforms purpose-built for the urgency, accountability and precision of clinical practice.
Better communication supports better care, safeguards providers, strengthens organizations and builds a more resilient healthcare system. By investing in smarter communication, healthcare leaders can create an environment where clinicians thrive, patients receive timely interventions and the entire care continuum moves with greater confidence and clarity.
Inspired eLearning, powered by VIPRE, a global leader and award-winning cybersecurity, privacy, and data protection company, today announced the launch of its new Simulations Lab. This groundbreaking course is designed to equip learners with practical, hands-on experience to identify and react to the most prevalent email phishing, vishing, and SMiShing attacks.
In an era of escalating AI-powered threats, sophisticated social engineering attacks frequently bypass technical defenses. The Simulations Lab empowers an organization’s workforce to become a crucial line of defense, which can be the difference between a close call and a costly data breach.
The Simulations Lab Experience
The Simulations Lab offers organizations a powerful way to build a smarter, savvier security force. By fostering superior information retention through randomized practice and an active, engaging learning methodology, the platform ensures an investment that yields enduring benefits beyond typical Security Awareness Training programs alone. Simulating real workplace scenarios enhances a learner’s ability to apply security best practices effectively.
The platform’s research-driven, purpose-built content connects simulations to real-life scams, while gamified elements and continuous interactions keep learners engaged and motivated to improve. By equipping every employee with the mindset to evade today’s advanced adversaries, the Simulations Lab transforms a company’s workforce into a robust and essential layer of defense.
John Trest
“Technical defenses are essential, but the human element remains the most targeted and critical layer of security,” said John Trest, Chief Learning Officer and Strategic Product Manager, at Inspired eLearning. “With the Simulations Lab, we are giving organizations the tools to turn that potential vulnerability into a powerful strength. We are empowering employees to become the most effective protectors of their organization’s intellectual property, customer data, and sensitive health records.”
By actively fostering a cybersecurity-conscious culture, organizations can demonstrate their commitment to security and inspire their entire team to become a formidable defense against cyberattacks.
About Inspired eLearning
Inspired eLearning powered by VIPRE is a VIPRE Security Group brand and part of Ziff Davis Inc. As part of VIPRE Security Group, an award-winning global cybersecurity, privacy and data protection company, we are committed to delivering eLearning solutions of the absolute highest quality, ones which don’t simply check a box, but which drive positive and measurable changes in organizational culture as well.
We deliver solutions that help clients nurture and enhance workforce skills, protect themselves against cyberattacks and regulatory violations, and maximize the return on their investment in organizational training with our eLearning for employees.
Parkview Health has been recognized for the 12th consecutive year on the Digital Health Most Wired Survey by the College of Healthcare Information Management Executives (CHIME), achieving the highest rating, Level 10, for both acute and ambulatory care categories. Parkview was the only health system in Indiana to reach Level 10 this year.
Healthcare providers are under unprecedented strain from rising claim denials, staffing shortages, and mounting margin pressures. To help meet these challenges, 
