Data & Technology
Thought LeadershipOne of the greatest cybersecurity threats to your health system today might not be a sophisticated external bad actor. Instead, it is likely a well-intentioned clinician sitting at a nurse’s station, frustrated by a backlog of paperwork. Driven by a desire to improve patient throughput, they copy and paste unprotected patient health information into a public generative AI tool to summarize a discharge letter or interpret a lab report.
Shadow AI, the unsanctioned use of artificial intelligence tools by staff, clinicians, or contractors, is climbing the ranks in top vulnerabilities for health systems. It has rapidly evolved from a fringe curiosity to a critical vulnerability for health IT leaders.
Recent data paints a concerning picture of the scale of this issue. A December 2025 survey revealed that 40% of U.S. clinicians and hospital administrators have observed AI tools in use within their facilities. Furthermore, 19% admitted to using these tools personally, and ten percent had applied them directly to patient-care tasks.
For IT leaders, the implications are evident: The threat surface has expanded, and the root cause lies deep within legacy workflows that have failed to keep pace with clinical demands.
The High Cost of Unsanctioned Innovation
Shadow AI represents a significant breach of data governance protocols. When staff bypass approved IT channels, they bypass security controls designed to protect the organization. The financial and reputational costs of these bypasses are staggering.
According to IBM’s 2025 Cost of a Data Breach report, a staggering 20% of all recorded breaches are now attributed to shadow AI. These incidents are not just frequent; they are expensive. A breach involving shadow AI adds an average of $200,000 in incremental costs per incident. In healthcare, which already bears the highest breach costs of any industry at $7.42 million per incident, this added liability is untenable.
The Regulatory Dragnet Tightens
The risk is not merely operational; it is regulatory. The legal landscape is shifting to hold organizations strictly accountable for all AI usage, sanctioned or otherwise.
- HIPAA Security Rule Updates: Recent moves to tighten the HIPAA Security Rule explicitly include AI assets in electronic protected health information (ePHI) risk analyses. This mandates vulnerability scans and rigorous penetration testing.
- State-Level Legislation: New laws, such as California’s AB-489 and the Texas Responsible Artificial Intelligence Governance Act (TRAIGA), impose severe civil fines for unsanctioned or deceptive ai use.
For IT leaders, this means a shadow event can now be considered a regulatory event requiring immediate, transparent disclosure and potentially incurring substantial fines.
The Root Cause: Unstructured Data Friction
To solve the problem of shadow AI, we must understand why it happens. Clinicians do not use unvetted tools out of malice; they use them to solve workflow inefficiencies that consistently drain valuable time and resources.
The primary driver is the volume of unstructured data that healthcare systems must process daily. Despite the digitization of healthcare, approximately 70% of U.S. providers still rely on fax for PHI exchange. That equates to billions upon billions of pages of unstructured documents annually – referrals, prior authorizations, lab results, and more – that arrive as static images.
When a nurse encounters a friction point like a multipage medical record that needs to be summarized for a referral, the temptation to use a clipboard AI solution is high. Pasting text into a public LLM to receive a quick summary immediately violates HIPAA compliance, fractures patient trust, and disrupts cyber liability coverages.
How IT Leaders Are Responding
Forward-thinking IT leaders are moving beyond simple prohibition. Banning AI tools often drives usage further underground. Instead, leaders should adopt a dual-track governance strategy focused on visibility and substitution.
1. Governance and Detection
Organizations are establishing cross-functional AI risk committees to oversee model lineage and bias testing. On the technical side, IT teams are deploying LLM firewalls and Data Loss Prevention (DLP) tools that inspect outbound prompts for PHI, blocking requests to unsanctioned models before data exfiltration occurs.
2. Workflow Substitution
The most effective strategy is to remove the incentive for shadow AI by providing sanctioned, secure alternatives. If staff use public AI because legacy workflows are too slow, the solution is to modernize the workflow. This involves replacing manual processes with a HITRUST r2-certified solution with intelligent document processing capabilities.
Reducing Risk with Modern Cloud-Based Solutions
The best strategic response to shadow AI is to re-architect the inbound document stack. This is where modern solutions like eFax® Clarity provide a critical advantage. By integrating intelligent document processing directly into the document workflow, IT leaders can neutralize the root causes of shadow AI.
Workflow-Native Intelligence
eFax® Clarity is not an add-on; it extends the established eFax Corporate® cloud fax backbone and utilizes an advanced AI engine to convert faxes, scans, and handwritten notes into structured data formats like C-CDA or FHIR. The data is then ingested directly into the EHR.
By delivering structured, actionable data directly to the point of care, eFax® Clarity eliminates the manual data entry and summarization tasks that tempt clinicians to use unsanctioned tools. There is no need for a nurse to paste a fax into a public LLM if the system has already extracted and structured the relevant data within the EHR.
Compliance-First Architecture
For the security-conscious health leader, the architecture of the solution is paramount. Solutions must offer:
- Unified Audit Trails: All inbound PHI passes through a single, monitored platform, simplifying risk analysis for HIPAA and state regulations.
- Private, Secure Environments: Unlike public models, enterprise-grade solutions like eFax® Clarity operate in HITRUST r2-certified environments. Data is not commingled with public datasets, and model parameters are documented for IT review.
- Immutable Logs: End-to-end encryption and separation-of-duties logging satisfy strict reporting requirements.
Operational Efficiency as a Security Feature
Implementing a cloud-based solution that seamlessly integrates into existing workflows isn’t just more secure; it’s a major time saver.
Real-world applications have shown that automating fax intake can clear months-long backlogs and reduce staff time spent on manual data entry by up to 70%. Most crucially, when workflows are efficient and data is accessible, the desire to pursue use of unvetted tools diminishes drastically.
Strategic Alignment for the Future
The rise of shadow AI is a signal that current workflows are failing to meet the needs of the clinical workforce.
By reframing shadow AI as an operations problem—fueled by clunky document workflows—CIOs and other key technology stakeholders can achieve two wins with one program: slash breach liability and deliver the straight-through processing clinicians actually crave. Workflow-native, compliance-first solutions like eFax® Clarity thus become not just a cost-avoidance measure but a catalyst for the broader AI strategy every health system must now articulate.
In an era where data security is synonymous with patient safety, investing in sanctioned, workflow-native AI is not just an IT upgrade – it is a strategic imperative.
