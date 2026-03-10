LAS VEGAS -- Alongside the positive use cases of AI across healthcare in clinical, operational and administrative settings, shadow AI, or the unsanctioned use of AI by employees, lurks beneath the surface of many organizations.

Approximately 40% of surveyed healthcare workers reported encountering unsanctioned AI tools in their workplaces, and nearly 17% reported using the unapproved tools themselves, according to a report from Wolters Kluwer.

A recent Netskope Threat Labs report found that while the adoption of organization-managed generative AI tools rose from 12% to 56% over the past year, the proportion of users switching back and forth between personal and enterprise accounts rose from 5% to 10%, suggesting a desire for certain functionalities that were not offered by their company's internal tool.

Managing shadow AI risk is a challenge, several experts acknowledged in interviews at the HIMSS conference. But it can be managed through good governance, AI education and foundational technical controls, they suggested.

Using foundational governance strategies to curb shadow AI risk Enthusiasm for AI is high, especially in healthcare, where it is being applied to everything from clinical documentation to revenue cycle management. Healthcare workers who share this enthusiasm for AI might take matters into their own hands, using personal AI tools to improve workflow efficiency. "As an organization, if you don't define what your acceptable uses of artificial intelligence are, people will still just use artificial intelligence," said Dave Bailey, vice president of consulting solutions and strategy at Clearwater. "The great news is, for the most part, that [AI] can be very successful, very rewarding and bring a lot of advancements to an organization," he continued. "But unless you put boundaries around it, people are going to use their own subscriptions, their own tools, and the larger an organization is and the more at scale, the more shadow AI is a problem." This advice for managing shadow AI is not groundbreaking, he noted. It's simply to establish guiding principles and governance around AI use in the workplace. "Once you do that, then you can say what acceptable uses are, and once you have those, you can say what you don't want people to do. They have to have that as a starting point," Bailey said.

Promoting AI literacy, sanctioned AI use Putting foundational principles into practice is not easy, but it doesn't have to be overly complicated either. Jane Moran, Mass General Brigham's (MGB) chief information and digital officer, similarly highlighted the importance of AI governance in an interview. However, she also noted that shadow AI is not an entirely new frontier. "Shadow AI is a huge risk, but it's not unlike 15 years ago, when it was shadow cloud computing, shadow data environments," said Moran, who also presented on MGB's AI strategy at a HIMSS session on Monday. "So, to me, this is just another technology that's ahead of the curve that we need to put governance and structure around for obvious reasons." Those reasons include security and safety, as well as financial implications, given that AI involves high compute and storage costs. Since allowing employees to freely use public-facing AI was not an option, MGB created an internal platform, called AI Zone, that allows its employees to use any approved LLM within MGB's network infrastructure. "We can keep the data safe, we can keep the compute safe and they can store the results in a safe environment," Moran said. Moran stressed the importance of employee education when it comes to AI -- another potential antidote to shadow AI use. "That is an ongoing effort to make sure that our employees are educated around how they go about doing AI and what the processes are. We've created all kinds of AI literacy campaigns," Moran said. MGB currently offers an AI certification specifically for clinicians that is recommended but not required. What's more, all employees, not just clinicians, are required to take a basic AI class. Moran said she envisions getting to a point where the organization requires additional AI training for all employees, especially as more technologies become AI-enabled.