PriSec Is Not Optional for Patient Safety – Ep 556 

If you thought healthcare had enough to juggle already, think again. This episode dives headfirst into the latest “Top 10 Patient Safety Concerns,” and spoiler alert—AI is sitting right at the top like it owns the place. From the growing pains of AI-assisted diagnosis to the not-so-small issue of whether anyone is double-checking the robots, things get interesting fast. Toss in cybersecurity risks, workforce shortages, and a system stretched thinner than your patience on hold with tech support, and you’ve got a conversation that’s equal parts eye-opening and “wait… are we okay?”

In this episode:

PriSec Is Not Optional for Patient Safety- Ep 556

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

Great idea! Share Help Me With HIPAA with one person this week!

Learn about offerings from the Kardon Club

and HIPAA for MSPs!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

When you see a couple of numbers on the left side of the text below click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!

PriSec Is Not Optional for Patient Safety

AI Has A Patient Safety Problem – Ep 503 – Help Me With HIPAA

We took a look at the 2025 report because AI popped up as the #2 Patient Safety Concern: Insufficient Governance of Artificial Intelligence in Healthcare but then we noticed #4 Medical Errors and Delays in Care Resulting from Cybersecurity Breaches.

As we point out often the HSCC tagline Cyber Safety is Patient Safety aligns perfectly with ours HIPAA Is Not About Compliance It’s About Patient Care. These top 10 lists bring the message home like we haven’t done before.

They have released their 2026 report now. Top 10 Health Technology Hazards for 2026 Executive Brief

The ECRI Patient Safety Concerns top 10 List this year hits many of our areas again. It isn’t shocking what has moved up to #1.

The Full List of Patient Safety Concerns for 2026

1. Navigating the AI Diagnostic Dilemma
2. Reduced Access to Rural Healthcare Increases Health Risks and Disparities
3. Increasing Rates of Preventable Acute Diseases in Communities and Healthcare Settings
4. Effects of Federal Funding Cuts on Healthcare Operations and Patient Safety
5. Lack of Recognition and Reporting of Harm Events
6. Structural and Systemic Barriers Inhibit Equitable Pain Management for Women
7. Persistent Workforce Shortages Continue to Burden Staff and Restrict Access to Care
8. The Impact on System Improvement When a Culture of Blame Hinders Learning
9. Emergency Department Boarding Contributes to Worse Patient Outcomes
10. Persistent Gaps in Manufacturer Packaging and Labeling Design Continue to Undermine Medication Safety Efforts

We’ll dive into #1AI and #8 Culture of Blame more, but there is a direct relationship between several others and prisec, though. In the opening discussion for this year’s list they made some interesting points. The commentary explains how current realities create these concerns.

“The patient safety concerns outlined in this report reflect broad, systemic threats to the delivery of safe, equitable, and reliable healthcare. These issues reveal how vulnerabilities in technology, staffing, culture, and public health all intersect to increase patient risk.”

“And even though artificial intelligence (AI) has the potential to streamline workflows, ease clinician burden, and cut costs, unchecked reliance on AI can increase the risk of diagnostic error and erode clinicians’ critical thinking skills.”

“Taken all together, these issues illustrate that patient safety is more than simply preventing isolated errors; it requires leadership investment in order to confront systemic weaknesses that span technology, staffing, infrastructure, culture, and equity.

To address each concern in this year’s list, healthcare leaders can consider our action recommendations, which are organized into four foundational categories:

1. Culture, leadership, and governance

2. Patient and family caregiver engagement

3. Workforce safety and well-being

4. Learning system”

#1 AI Diagnostic Dilemma

• This isn’t a technology problem… it’s a governance problem
• Rapid adoption (38% → 66%)
• Diagnostic failures, hallucinations, bias
• Automation bias (humans trusting AI too much)
• Lack of transparency
• No clear regulation

Privacy/Security angles:

• PHI going into AI tools
• Third-party/vendor risk
• Unknown data handling
• Lack of auditability

Operational requirements (translate ECRI):

• Policies for AI use
• Workforce training
• Documentation of AI involvement
• Incident tracking
• Patient disclosure/consent

HSCC upcoming content

• Glossary
• Third-party vetting
• Governance guide
• Secure by design (devices)

“Incorporate strategies that emphasize critical thinking skills into staff training, including evaluation of physicians’ diagnostic thought processes; lessons on cognitive biases; and regular assessment of critical thinking skills.”

#8 Culture of Blame

Core issue:

• Fear of punishment → underreporting

Expand beyond clinical:

• Privacy incidents
• Security incidents
• Near misses

Key connection:

• Strong correlation across domains, including data privacy

Your teaching moment:

• Breach Rule assumes:
  • mistakes will happen
• Culture determines:
  • whether they get reported

Privacy & Security Are Everywhere

We’re going to group a few of these together – not because they’re the same, but because they all impact privacy and security whether you realize it or not.

#2 Rural Healthcare → Tech Expansion Risk

• Telehealth expansion
• Remote care models

Your point:

• Expanding access = expanding attack surface

Every access solution creates a new security responsibility

#4 Funding Cuts → Security Gets Cut First

• Reduced funding
• Delayed upgrades
• Staffing reductions
• Compliance and security often deprioritized

Budget cuts don’t eliminate risk – they just delay when you discover it

#5 Harm Events → Direct Breach Rule Connection

• Only ~51% of harm events captured

Your key connection:

• Harm is part of breach risk assessment
• If harm isn’t identified:
  • breaches aren’t properly evaluated
• If harm isn’t being recognized, neither are your breaches

#7 Workforce Shortages → Human Risk Layer

• Burnout, turnover, shortages
• Overworked staff:
  • shortcuts
  • mistakes
  • policy bypass

Overworked staff don’t follow policies—they survive their shift

We’ve touched on this before. It’s not just that we don’t have enough people… it’s that we don’t have enough qualified people. HSCC has specific task group discussions about workforce development specifically in healthcare cybersecurity.

Cybersecurity/Privacy reality:

• Roles are hard to fill
• Even harder to fill with trained, experienced staff

Clinical analogy:

• We don’t fix a nursing shortage by grabbing random people… but somehow we think we can do that with cybersecurity. Yeah just get that person that is good with IT and they will know everything about cybersecurity plus healthcare plus HIPAA and other cybersecurity regulations.

Impact:

• Misconfigurations
• Missed risks
• Poor incident response

Key lines:

• Patient safety doesn’t improve with a warm body… it improves with a qualified one
• An untrained cybersecurity person isn’t neutral—they’re a risk multiplier

Privacy + Security are foundational to patient safety. We have made a point of sharing that message for years. This report, much like last year’s, brings the two together better than we could ever do on our own.

At the end of the day, all the innovation in the world doesn’t mean much if it comes at the cost of patient safety. AI is speeding things up but adding uncertainty, technology is expanding access while quietly increasing risk, and shrinking resources are somehow expected to deliver better outcomes. It’s a bit like patching a leaky boat while adding more passengers, something’s bound to get missed. The common thread? Someone still needs to be paying attention. Technology can assist, but it can’t replace curiosity, critical thinking, or that instinct to question when something feels off. So the real takeaway is simple: trust the tools, but don’t stop thinking – because “set it and forget it” might be the riskiest move of all.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

Special thanks to our sponsors Security First IT and Kardon.