Millie Summary:
- Healthcare organizations are moving AI from pilots into enterprise use, but roughly 80% of AI initiatives stall before production because they lack the governance, security, and data foundations needed to scale.
- Strong data governance is what allows healthcare teams to move quickly rather than slowly, since clear policies, lineage, and access controls let them innovate without constantly navigating compliance uncertainty.
- The article lays out a five-step operating model for standing up governance, from a data readiness assessment through visibility and classification with Microsoft Purview, ownership and decision rights, edge and device controls, and continuous oversight.
- MILL5’s Strategy, Build, Operate framework applies this approach in practice, illustrated by the Olympus Smart Operating Room engagement that cut operating room turnover time by 30% through a governance-first design.
Written by Ava Iannessa, Growth Development Analyst
Governance is the foundation that turns healthcare AI into the ultimate enterprise advantage.
What began as a wave of pilots and proof-of-concept projects is rapidly evolving into enterprise-wide adoption. Healthcare leaders are increasingly focused on how AI can improve patient outcomes, streamline operations, and unlock greater value from the vast amounts of data already flowing through their organizations every day.
While AI adoption continues to grow, scaling it successfully remains a significant challenge. Despite growing investment, industry research suggests that as many as 80% of AI initiatives fail to reach production, highlighting the gap between AI ambition and organizational readiness.
Many organizations can launch successful pilots and proofs of concept. Far fewer have the governance, security, data practices, and operating model needed to move AI from experimentation to trusted enterprise capability.
The organizations that lead in AI will establish strong data governance, security, and oversight from the start. Those that fail to build this foundation will struggle to scale with confidence.
AI Is Creating A Competitive Divide in Healthcare
The competitive implications are already visible in market performance, investment activity, and industry strategy. Over the past year, technology companies have significantly outperformed healthcare organizations in public markets. The Technology Select Sector SPDR ETF (XLK) increased by approximately 60%, compared to roughly 25% for the Health Care Select Sector SPDR ETF (XLV), reflecting growing investor confidence in organizations with strong technology, data, and AI capabilities (Figure 1).
Healthcare organizations face a different operating environment than technology companies, but the underlying lesson remains relevant. Organizations that can govern, secure, and operationalize data effectively are better positioned to deploy AI, generate insights faster, and improve operational performance. Those without these foundations risk falling behind competitors that are already embedding AI into clinical workflows, patient engagement, and operational decision-making.
Figure 1. One-year performance comparison between the Technology Select Sector SPDR ETF (XLK) and Health Care Select Sector SPDR ETF (XLV), illustrating the growing market premium placed on organizations with strong technology and AI capabilities. Source: Bloomberg, June 2025–June 2026.
Governance Is What Lets Teams Move Fast
Many healthcare leaders still view AI adoption as a trade-off: move fast or stay compliant. They worry that governance will create friction, slow things down, and limit experimentation.
That view is understandable, but it is becoming increasingly outdated.
Healthcare has always operated in a highly regulated environment. HIPAA, HITECH, HITRUST, state privacy laws, and evolving cybersecurity requirements have shaped how organizations manage Protected Health Information (PHI) and Personally Identifiable Information (PII) for decades. Compliance is not new. In essence, AI introduces far greater scale, speed, and complexity in how this data is used.
The stakes are exceptionally high, as healthcare continues to experience the highest average breach costs of any industry, approaching $10 million per incident1. As organizations adopt AI and expand the use of sensitive data across more systems, the need for strong governance becomes even more critical.
At the center of this challenge, lies the data foundation. Generative AI, predictive models, and automation tools depend on large volumes of structured and unstructured data, including clinical notes, claims information, imaging, patient communications, and operational records. Connected medical devices and healthcare IoT systems add even more complexity by continuously generating data in real time.
As these systems become more interconnected, medical organizations need clear answers to critical questions: Where did this data come from? Who has access to it? How is it being used? How is the model being monitored over time?
That need for oversight extends beyond centralized data platforms. As healthcare environments become more connected, organizations must also manage the growing number of devices that generate, consume, and transmit sensitive data. Device management therefore becomes an extension of data governance: without clear visibility and controls, connected devices can quickly become a source of operational, compliance, and security risk.
This is why the industry’s largest technology providers are investing heavily in healthcare AI infrastructure. Microsoft, Google Cloud, Amazon Web Services (AWS), Epic, Oracle Health, and Salesforce are embedding AI capabilities directly into clinical, operational, and patient engagement platforms. As those capabilities become standard across the ecosystem, competitive advantage will depend less on access to AI itself and more on an organization’s ability to govern, secure, and operationalize it at scale.
AI Magnifies The Data You Feed It
Healthcare organizations have spent years building complex digital ecosystems that span EHRs, patient portals, analytics platforms, cloud services, connected devices, imaging systems, and third-party applications. While these investments have expanded access to information, they have also created greater fragmentation. As a result, data often remains spread across disconnected systems, limiting visibility, consistency, and trust.
Generative AI and machine learning tools amplify the condition of the data they are given, whether that data is reliable or fragmented. High-quality, well-governed data supports more reliable outcomes. Fragmented, inconsistent, or poorly governed data increases operational, compliance, and security risk.
That is why many AI initiatives struggle to move beyond the pilot stage. The obstacle is rarely the model alone. More often, organizations uncover gaps in data lineage, access controls, security, or governance that must be addressed before AI can scale with confidence.
As a result, governance is becoming a core strategic priority rather than a back-office task.
Governance Requires a Sustained Operating Model
Governance begins with a data readiness assessment. Before organizations can scale AI responsibly, they need a clear inventory of where PHI and PII reside, how data moves across systems, and where fragmentation creates risk. This includes EHRs, patient portals, imaging systems, analytics platforms, connected devices, and third-party applications. The goal is to produce a prioritized map of sensitive data, governance gaps, and the risks that need attention first.
The second step is establishing visibility and classification. This is where Microsoft Purview fits as part of the governance work itself. Organizations need a concrete way to catalog data, map lineage, classify sensitive information, and manage access across complex environments. When this step is complete, leaders can answer the essential where, who, and how questions: where sensitive data sits, who can access it, how it flows, and how it should be protected.
The third step is assigning ownership and decision rights. Governance cannot rely on broad agreement alone. Healthcare organizations need named data owners, clear approval paths for access, defined accountability for model oversight, and a response model for when risks appear. The outcome should be documented decision rights, practical policies, and operating expectations that teams can actually follow when they build, deploy, and monitor AI systems.
The fourth step is governing the edge and connected devices. As AI moves closer to the point of care, governance cannot stop at central platforms or cloud environments. Connected devices, edge environments, and clinical workflows need the same expectations for lineage, access, security, monitoring, and oversight. Each connected device is both a valuable source of data and a potential point of risk, which means device management and AI governance have to operate as one model.
The fifth step is operating governance continuously. Governance is not complete once policies are written or tools are configured. Models drift, regulations evolve, data volumes grow, and business priorities change. Healthcare organizations need monitoring for model performance, data quality, access patterns, regulatory change, and emerging risk, supported by a defined cadence for review. The organization should walk away with a governance operating rhythm that makes oversight repeatable instead of reactive.
Taken together, these steps turn governance from an abstract principle into a roadmap leaders can act on. The work begins with understanding the current data landscape, then builds the visibility, ownership, edge controls, and operating cadence needed to scale AI responsibly over time.
What Data Governance Delivered for Olympus
Our Olympus Corporation example shows how this model works in practice. With help from MILL5, Olympus took a governance-first approach while modernizing its Smart Operating Room platform. Rather than focusing solely on deploying new technologies, the organization established a secure framework for integrating connected surgical devices and governing AI-driven insights across its operating room ecosystem.
The goal was to ensure that real-time operational data could be trusted and used responsibly to improve scheduling, increase operating room utilization, and support more efficient surgical workflows. Governance policies were embedded from the outset, creating a foundation that enabled innovation without increasing risk.
Since the appropriate controls were established early, Olympus was able to confidently leverage AI and machine learning to generate operational insights while maintaining compliance with stringent healthcare requirements. The result was a measurable 30% reduction in operating room turnover time, improved utilization, lower operational costs, and greater visibility into surgical operations.
Instead of becoming a barrier to innovation, governance becomes the enabler that allows organizations to scale AI responsibly. With clear policies, trusted data, built-in security, and ongoing oversight, teams can move faster, adopt new capabilities with confidence, and focus on outcomes rather than managing risk after the fact.
As organizations expand their AI initiatives, the question is no longer whether to establish governance, but whether the governance foundation is strong enough to support the innovation they want to achieve.
Governance Has to Be Built, Then Run
MILL5 is a software consulting and AI company that helps enterprises design, build, and operate the systems that move their businesses forward. A significant part of our work is in healthcare, where we help medical and health organizations scale AI without compromising security, privacy, or compliance.
Across these engagements, the pattern is consistent: organizations that reach production treat governance as foundational, while those that stall often plan to address it later. MILL5 designs around that lesson by building governance into the architecture from the outset, using Azure and Microsoft Purview to give healthcare enterprises visibility into where sensitive data lives, how it moves, and who can use it.
That approach comes together through a framework built for how healthcare AI is adopted and sustained: Strategy, Build, Operate.
Strategy
Strategy is where governance becomes intentional. Organizations need to align AI initiatives to business goals, patient outcomes, and risk tolerance before they begin scaling. That means running the readiness assessment, understanding where PHI and PII live, and planning how sensitive data will be protected across the full AI lifecycle.
Build
Build is where that governance foundation becomes architecture. Secure, scalable AI depends on the ability to connect data, applications, and models across the healthcare environment without losing visibility or control. With Azure and Microsoft Purview as the governance backbone, organizations can design systems that support innovation while maintaining lineage, access, classification, and security across sensitive data flows.
This is especially important as AI moves closer to the point of care. Connected devices and edge environments show the value of governing real-time data from the start. Rather than adding technology in isolation, organizations need architectures that help teams use trusted data responsibly wherever decisions are made.
Operate
Operate is what keeps governance working after launch. Healthcare AI requires 24/7 monitoring, governance, security management, and platform support so organizations can respond as conditions change. Models drift, regulations evolve, and new risks emerge, which means oversight must continue across the full lifecycle, not just during implementation.
Scale Requires Trust First
The next wave of healthcare AI will extend far beyond chatbots and productivity tools. AI is becoming embedded in clinical workflows, operational processes, connected devices, and the environments where care is delivered.
As these capabilities become more deeply integrated, success will depend on more than model performance. It will depend on the strength of the data, security, and governance foundation beneath those models.
For healthcare leaders, the priority is clear: build that foundation now, before AI becomes even more central to care delivery.
To learn how MILL5 can help you scale AI with confidence, contact Ava Iannessa at avai@mill5.com.
¹ IBM Security, Cost of a Data Breach Report 2024.
