Sutter Health: Tech, People & Process Integration
- Sutter Health is focusing on cybersecurity, data governance and artificial intelligence to streamline operations during mergers and acquisitions, according to Lisa Monson, chief privacy officer.
- Monson cited the Change Healthcare cyberattack as an example of what can happen when security isn't prioritized during mergers.Sutter Health ensures newly acquired entities meet the same cybersecurity...
- Integrating IT systems can be complex, Monson said.Some acquired hospitals still use paper records,while others are on different electronic health record platforms.
sutter Health is strategically integrating technology, people, and processes to enhance cybersecurity and operational efficiency, particularly during mergers and acquisitions. Chief Privacy Officer lisa Monson emphasizes the critical importance of prioritizing cybersecurity from the outset, protecting patient data. AI plays a crucial role in streamlining operations, accelerating decision-making, and improving clinical documentation. Sutter Health is also centralizing data and rationalizing IT applications to bolster security and reduce costs. They are addressing the risks posed by third-party vendors by pushing for stronger security practices. news Directory 3 highlights how Sutter Health aims to stay ahead of regulatory changes and ensure compliance. Discover what’s next in Sutter health’s innovative approach to healthcare technology.
Sutter Health CIO: Mergers, AI, and Cybersecurity strategy
Table of Contents
Sutter Health is focusing on cybersecurity, data governance and artificial intelligence to streamline operations during mergers and acquisitions, according to Lisa Monson, chief privacy officer. A key element is integrating security from the start to protect patient data.

Cybersecurity as Priority
Monson cited the Change Healthcare cyberattack as an example of what can happen when security isn’t prioritized during mergers.Sutter Health ensures newly acquired entities meet the same cybersecurity standards as the parent organization from day one.
Integrating IT systems can be complex, Monson said.Some acquired hospitals still use paper records,while others are on different electronic health record platforms. The immediate priority is establishing the necessary cybersecurity infrastructure, followed by full IT integration.
AI’s Expanding Role
AI is playing an increasing role in Sutter Health’s integration efforts. Monson said AI helps streamline operational efficiencies, including data analysis during due diligence, and improves clinical documentation and reduces administrative burdens.
Monson noted AI can analyze large datasets faster,which allows for quicker,more informed decisions. She cited AI-powered tools that cut down hours of work into minutes for staff and help physicians analyze medical records to identify patterns that might or else go unnoticed.
Despite the benefits,Monson acknowledged that healthcare lags behind other industries in AI adoption. She emphasized the need to embrace AI to keep pace with rapid changes.
Data Governance and Security
Ensuring data consistency across acquisitions is a notable challenge. Monson said sutter Health has acquired hospitals running different versions of Epic, which means data structures aren’t identical. To address this, the system has centralized data and analytics efforts to drive standardization.
Sutter Health found thousands of unused SQL databases, Monson said.Eliminating needless data improves efficiency and maintains security. Inconsistent data structures can lead to challenges in patient care, especially when coding allergies differently across systems.
Application Rationalization
Reducing redundancies across IT systems is critical for financial sustainability. Sutter Health is working to evaluate which applications are essential and eliminate excess. The goal is to move toward a single ERP and contracting system to streamline costs.
Monson said fewer applications reduce the attack surface, which is crucial in today’s cybersecurity environment.
Third-Party Vendor Risks
Monson highlighted the increasing risks posed by third-party vendors.She said third-party breaches remain one of the biggest security concerns because vendors often store patient data longer than necessary or fail to implement basic security measures.
Sutter Health is pushing vendors to adopt stronger security practices, Monson said, noting many breaches could have been prevented if vendors had simply deleted data when it was no longer needed.
Monson also pointed to upcoming regulatory changes, such as revisions to the HIPAA Security Rule, which will require vendors to implement stronger cybersecurity measures. Healthcare organizations need to stay ahead of these regulations and ensure compliance.
Key Takeaways
- Prioritize security from day one in mergers and acquisitions.
- Use AI to accelerate decision-making and improve efficiency.
- Centralize and standardize data to prevent inconsistencies.
- Rationalize IT applications to save money and strengthen security.
- Enhance vendor oversight to ensure strong security practices.
- Prepare for evolving regulations to ensure compliance.
Monson said organizations that embrace AI, streamline operations, and integrate security from the beginning will be the ones that succeed.
