IT Governance Is Now a Finance Problem for Health System CFOs
Interoperability is improving. But if your data is not clean, governed, and computable, AI scales noise — not insight.
Your health system can now send, receive, and retrieve clinical data faster than at any point in the last decade. FHIR-based APIs are mainstream. TEFCA has moved from policy concept to live exchange infrastructure. And yet, your finance team is still running manual workarounds to pull clean data for the next board presentation.
The problem is not that data cannot move. The problem is that moving data and making data usable are two entirely different things. The gap between them is a finance leadership issue.
Graphic highlighting the gap between healthcare data exchange capability and data usability, noting that AI tools require clean, governed data to deliver insight rather than amplify fragmentation
The CFO's Stake in an IT Problem
IT governance has long been treated as a technology department responsibility. The CIO owns the roadmap. The CISO owns the risk framework. Finance approves the capital request and moves on.
That model no longer holds.
When your organization's financial analytics, AI tools, prior authorization workflows, and revenue cycle operations all depend on data quality, data completeness, and data flow, IT governance stops being someone else's problem. It becomes a margin problem.
A structured IT governance framework aligns technology decisions — people, software, hardware, and data standards — with clinical, operational, and strategic goals. It defines who makes decisions, how resources are allocated, and how risk is managed across the enterprise. Without that framework, technology investments get made in silos. Data stays fragmented. And the finance team inherits the consequences.
For CFOs and VPs of Finance, understanding what IT governance means in operational terms — not just in org chart terms — is the first step toward protecting the capital your organization is already spending on technology.
Where Interoperability Actually Stands
Healthcare interoperability has made real structural progress over the past several years. A Healthcare IT News report published today features Zack Tisch, a partner at Pivot Point Consulting, who offered a direct assessment of the current state: the foundation is real, the momentum is real, and the direction is right, but the market is still in a transition phase.
That tracks with what finance leaders are experiencing operationally. Hospitals can now routinely access clinical records from outside providers. API-based patient access is mainstream. HTI-1 raised the data certification baseline to USCDI v3 as of January 1, 2026. CMS's prior authorization rule is pushing payer API requirements to January 1, 2027. TEFCA continues to mature as live exchange infrastructure rather than a policy aspiration.
The structural progress is genuine.
But once you move beyond basic record exchange and into prior authorization, referral management, quality reporting, or AI-enabled analytics, the experience becomes uneven quickly. Health systems still rely on a mix of proprietary APIs, custom interfaces, point-to-point connections, and manual workarounds to keep critical workflows functioning. The technical standard exists. The operating model around it often does not.
That distinction matters enormously for finance leaders. Compliance with interoperability mandates is not the same as having an operational data environment that supports reliable financial analysis and decision making.
Healthcare interoperability policy timeline from 2016 through 2027 showing key mandates including the CMS prior authorization API compliance deadline for health system finance leaders.
Where It Breaks Down — and Why Finance Feels It
Understanding where interoperability breaks down at the operational level is important, because it maps directly to financial risk.
Moving a data integration from pilot to enterprise capability requires alignment across the EHR team, third-party vendors, the security team, clinicians, operational owners, data governance stakeholders, and legal or procurement. That coordination is expensive and slow. And when it does not happen systematically, the finance function absorbs the downstream cost.
Consider what incomplete interoperability looks like in practice. Denied claims that could have been avoided with real-time prior authorization data. Revenue leakage from patient records that do not reconcile across systems. Budget variance reports built on data extracts that are weeks old. AI tools deployed on top of fragmented, poorly governed data that surface outputs no one on the finance team can trust or explain to the board.
These are not IT problems. They are financial problems with IT root causes.
The organizations building durable operational advantage are the ones investing in formal IT governance — defined accountability for data quality, structured prioritization processes for technology projects, and clear decision rights that include finance leadership. They are building the operating model that makes data usable, not just exchangeable.
Organizations that treat IT governance as an IT department responsibility and show up to approve the capital budget are leaving margin on the table.
AI Is the Forcing Function
If interoperability was once a compliance priority, artificial intelligence has made it a performance priority.
Tisch's framing from this week's Healthcare IT News report is worth carrying into your next IT steering committee conversation: in the age of AI, interoperability stops being a compliance project and becomes core operating infrastructure. AI can only be as strong as the data environment around it. If data are incomplete, delayed, poorly normalized, or disconnected from workflow, AI scales noise just as efficiently as it scales insight.
That reframes the CFO's role in technology conversations.
When your organization evaluates an AI-powered revenue cycle tool, the relevant question is not whether the technology performs in the demo. The relevant question is whether your data environment is clean, governed, and computable enough to support it in production. If the foundation is fragmented, AI amplifies the fragmentation. For more on what AI-enabled revenue cycle tools require to deliver measurable returns, see the framework I outlined in AI-Powered Revenue Leakage Prevention: The CFO's Implementation Guide.
From my work supporting technology implementations across health system environments — including performance analytics implementations during the McKesson and Change Healthcare era — the organizations that get durable ROI from clinical and operational AI are almost always the ones that did the governance work first. Defined data ownership. Established data quality standards. Accountability structures for how data flows across the enterprise.
The ones that skip that step tend to spend the first 18 months of their AI deployment cleaning up problems they assumed the technology would resolve.
Ready to evaluate whether your data infrastructure is positioned to support AI at scale? I work with finance leaders at health systems on technology investment strategy and IT governance frameworks. Learn more at hfi.consulting
The Five Governance Components CFOs Should Own
Effective IT governance has five core components. Each one has a direct financial counterpart that finance leaders should be tracking.
Strategic Alignment. Every major IT initiative should connect to a specific clinical, operational, or financial outcome. If a proposed technology investment cannot be tied to a margin improvement target, a patient outcome goal, or a compliance requirement, it should not clear capital approval. Finance owns the accountability for making that connection explicit before resources are committed.
Value Delivery. IT initiatives that deliver promised benefits on time and within budget are the exception in most health systems. Finance should require defined benefit realization plans — with specific metrics and review timelines — before capital is approved. Including finance in post-implementation review is not optional. It is how organizations protect the capital already deployed.
Risk Management. Cybersecurity risk, vendor concentration risk, and data breach exposure all carry direct balance sheet implications. IT governance is the structure that ensures these risks are managed systematically rather than reactively, and that finance leadership has full visibility before exposure materializes.
Resource Management. Technology, data, and skilled IT personnel are constrained resources across most health systems. Formal governance structures — including technology steering committees with finance leadership representation — ensure that resource allocation decisions reflect competing operational priorities, not just technology department preferences.
Performance Measurement. You cannot manage what you do not measure. IT governance frameworks should include defined metrics for system uptime, data quality, integration reliability, and return on technology investment. These metrics belong in the finance department's performance management toolkit alongside operating margin, days cash on hand, and denial rates. If your technology investments are not being tracked on the same disciplined terms as your clinical operations, you are flying blind on a significant portion of your capital base.
Five-component IT governance framework for health system CFOs showing the strategic alignment, value delivery, risk management, resource management, and performance measurement dimensions with finance impact indicators for each.
Questions CFOs Should Be Asking Right Now
The January 2027 deadline for CMS's prior authorization API requirements is not a distant concern. Health systems that have not aligned their payer data exchange capabilities with revenue cycle operations are building toward a preventable disruption — and the window to address it without a crisis response is getting shorter.
Here are the questions finance leadership should be raising in the current budget cycle.
Does your organization have a formal technology steering committee that includes finance leadership? If technology prioritization decisions are being made without finance at the table, capital is being committed without full accountability for outcomes. This is a governance gap with direct financial exposure.
What is your current data quality baseline across revenue cycle, clinical, and operational systems? Before approving capital for any AI-enabled analytics platform, your finance team needs an honest assessment of whether the underlying data is clean enough to trust. This baseline should be a prerequisite, not an afterthought.
How are you modeling EHR vendor concentration risk? Epic and Oracle together represent more than half of the inpatient EHR market. Their product direction drives adoption timelines across the industry — including AI deployment patterns — but that concentration also carries negotiating risk, pricing risk, and dependency risk that belongs in your financial risk register. I covered the operational implications of Oracle Health's recent strategic shifts and what they signal for CFOs managing EHR dependency risk.
What is your readiness plan for the January 2027 prior authorization API requirements? This is a compliance deadline with direct revenue cycle implications. Your payer partners are operating on the same timeline. Finance should be tracking implementation readiness now, not in Q4 2026 when corrective action is expensive.
Who owns data quality accountability in your organization? If the answer is unclear or the responsibility is distributed across multiple departments without a defined governance structure, that ambiguity is costing you. Clean data requires defined ownership. Defined ownership requires governance.
Checklist of five IT governance questions for health system CFOs covering technology steering committee participation, data quality baseline assessment, EHR vendor concentration risk, 2027 CMS prior authorization compliance readiness, and data ownership accountability.
From Reactive to Strategic
The organizations that lead in healthcare finance over the next five years will not simply be the ones with the most technology. They will be the ones with the cleanest data, the clearest governance accountability, and the most disciplined framework for connecting technology investment to measurable financial and operational outcomes.
Every AI-powered revenue cycle tool, predictive analytics platform, and real-time cost accounting dashboard performs in direct proportion to the quality of the data environment underneath it. That data environment is a governance problem as much as it is a technology problem. Finance leaders who understand that connection are better positioned to protect capital, ask the right questions in technology steering committees, and build the operating infrastructure that allows AI to deliver what the demos promise.
IT governance is not an IT department priority handed to finance at budget time. It is a CFO-level strategic responsibility.
If you are building a data governance strategy, evaluating your current technology investment framework, or working through the 2027 compliance timeline, I work with health system finance leaders on exactly these challenges. Visit hfi.consulting to learn more.
P.S. What is the biggest disconnect you see between your IT department's priorities and your finance team's operational needs? Hit reply — I read every response.
