Key Takeaways From the HIMSS 2024 Conference

Seeking to outrun the growing shadow of newer conferences like HLTH and ViVE, the 2024 HIMSS Global Health Conference & Exhibition brought together roughly 30,000 attendees to discuss the latest in health care IT trends and product developments. The topics covered were nothing unexpected: AI dominated session headlines and vendor pitches, but there was still plenty of attention spent on other focus areas, including cybersecurity, virtual care and data interoperability. Below are some observations from the event.

AI Continues Its Reign

AI is still drawing plenty of attention from health care stakeholders after more than a year of exposure to ChatGPT and other similar tools. The preconference AI forum was at capacity as representatives from health systems like Stanford Health Care, Kaiser Permanente, and Duke Health spoke alongside industry vendors like GE HealthCare and Roche Diagnostics on how organizations are planning for and using emerging AI.

The scope of the full-day forum was wide ranging, but there were some clear themes that bubbled up to the top:

• Stakeholders are now generally familiar with what AI is and how emerging generative AI tools operate: we’re past the “let’s start our presentation by defining AI terms” phase.
• Everyone agrees that AI needs to be led by organizational strategy and a strong governance model to maximize utility and reduce wasteful spend or endless pilots: there were plenty of references to familiar truisms like needing high-quality data, “humans in the loop,” and a balance between people, processes and technology.
• AI’s ethical / technical / legal challenges are well established: it was hard to keep count of the number of times speakers mentioned being aware of risks like AI bias or “hallucinations.”

Beyond the AI forum, there were some notable announcements from vendors and other industry bodies:

• Sixteen health systems have partnered with Microsoft, OCHIN and TruBridge to launch the Trustworthy & Responsible AI Network (TRAIN) to support responsible AI deployment. Similar to other industry efforts to establish guidelines for AI (eg, Coalition for Health AI), TRAIN seeks to provide its members with tools and best practices for operationalizing AI, measuring KPIs, and ensuring algorithmic safety and reliability.
• Big Tech firms like Google, Microsoft, Oracle Health and Epic were all touting ongoing developments in their AI suites, with a clear emphasis around alleviating administrative burdens (eg, ambient scribing). For example, Epic showcased plans for its EHR, including using AI for drafting denial appeal letters, answering questions about a patient’s chart, generating patient-friendly billing explanations and more. Early pilot results have also trickled in, showing quantified time savings per encounter for doctors and positive responses from patients.
• Mass General Brigham announced a new phase in its partnership with GE HealthCare, which started back in 2017. The health system is now looking to incorporate more advanced foundation model architecture, allowing for more powerful and versatile research and faster time-to-market for AI applications.
• During the conference it was announced that the European Union’s parliament approved its AI Act, marking the most significant effort to date to regulate AI technologies. While it is still early days for this ruling, it puts additional pressure on US federal regulators to figure out how they want to assign accountability for AI developers and create new market guidance that goes beyond symbolic principles.

Sg2 Perspective: We Have Reached a Clear Point of AI Saturation
Organizations have figured out the “what” of AI as more stakeholders have taken the time to learn about and explore AI tools to keep up with market demand. This means the industry needs to push forward to navigate the “where” and “how” by evaluating use cases and how to best validate market solutions.

Cybersecurity Risk Management Gets Very Real

It’s clear that the health care industry is woefully unprepared for handling the rising threat of ransomware and other cyberattacks. The past few years have shown an escalation in the frequency, sophistication and costliness of such threats, and the latest Change Healthcare ransomware hack pushed cybersecurity to the forefront for many organizations. Change, which is a subsidiary of UnitedHealth Group (UHG), processes billions in transactions per year, touching about one in every three patient records, which shows the magnitude of this breach. According to a survey by the American Hospital Association of nearly 1,000 hospitals, 94% of hospitals are reporting a financial impact from the breach, and 74% are reporting direct impact to patient care as it relates to conducting eligibility verifications or pharmacy transactions.

While Change’s systems slowly come back online, providers and regulators have continued to put pressure on UHG to provide interim cash infusions and technical workarounds to sustain operations. It was also recently announced that the Department of Justice (DOJ) was opening an antitrust probe into UHG and its Optum unit, reflecting similar antitrust investigations the DOJ conducted in 2022 when it challenged UHG’s acquisition of Change.

At HIMSS, the cybersecurity pavilion on the expo floor saw more noticeable foot traffic compared to prior years; however, there were reports that overall conference attendance would be negatively impacted by the Change breach, with many providers seeking to reduce travel to manage the chaos back home. One thing is clear: UHG is getting zero sympathy from the market.

Sg2 Perspective: Cybersecurity Vigilance Is Non-Negotiable
The Change incident adds to a very long list of health care cyberattacks that continue to cripple organizations. Cyber risks are not just a financial threat—the ability of bad actors to shut down operations is now serving as a direct impediment to timely patient care, which can lead to delayed services and even patient harm. This means organizations must proactively build upon their cybersecurity posture, including dedicating more of the IT budget to security; reinforcing cyber risk “hygiene” with staff; and continuously updating disaster recovery protocols for when digital infrastructure is compromised and staff must resort to analog workflows.

While AI and cybersecurity took up most of the spotlight at HIMSS, there were other themes to note:

• The expo floor showed several organizations touting the smart hospital room concept, with companies like care.ai, Caregility, and eVideon Health showcasing how their AI-enabled cameras, digital whiteboards, and other sensor technology can help create new workflows for remote nursing or specialty televisits, while also boosting the care experience for patients.
• The Mayo Clinic Platform announced its “Solutions Studio” digital health accelerator program that will support developers in creating safe and effective technology platforms. As part of this program, developers will be able to tap into Mayo’s extensive data and analytics tools, while also working with Mayo clinical experts, data scientists, and other staff to test drive ideas and build pathways to adoption into health systems.
• The focus on venture capital (VC) was not as prevalent as it might be at other conferences, but representatives from different VC firms upheld a much more optimistic view of the markets for 2024 compared to last year. The general messaging was that many of the “hard cuts” were made in 2023 to provide for a healthier business environment in 2024, but digital start-ups are going to continue to face pressures to demonstrate more tangible near-term ROI as buyers have become more discerning in their digital investments (AI being the exception).

Overall, HIMSS reaffirmed many trends and talking points that industry stakeholders have been pushing in recent months. The heavy emphasis on AI might have crowded the room (with one too many references to the Gartner Hype Cycle and comparing AI to Taylor Swift), but it shows the industry is taking this movement seriously and weighing its true impact on health care. Otherwise, stakeholders must ensure they are making steady progress in their non-AI initiatives as well, as it will take more than just a collection of algorithms to enable true digital transformation.

Related resources:

• Sg2 Perspectives podcast episode 211: Sg2’s Digital Health Expert Is Over These Five Digital Health Cliches

• Previous