Shadow AI's Compliance Gap Has Reached Healthcare. The Regulators Aren't Ready.
ai-governance 15 min read

Shadow AI's Compliance Gap Has Reached Healthcare. The Regulators Aren't Ready.

Banking regulators just admitted their rules don't cover generative AI. Healthcare's rules are 30 years older, and the same gap is already in the chart.

On April 17, 2026, the Federal Reserve, OCC, and FDIC issued their first major model-risk-management update in 15 years. They explicitly left generative and agentic AI out of scope. Banking regulators chose honesty over the appearance of coverage.

Healthcare's regulators have not made that admission yet. HIPAA was written in 1996, 26 years before ChatGPT. The AI spreading fastest inside hospitals, clinics, and payer back offices is outside its design, outside its definitions, and outside any framework HHS has finalized.

That space between what employees actually use and what the rules were built to govern is the shadow AI compliance gap. In healthcare, it is wider, more clinical, and more expensive than in any other regulated sector. One in five organizations has already suffered a breach because employees used AI tools nobody approved. Organizations with high shadow AI exposure saw breach costs $670,000 higher than those with little or none. Healthcare's baseline breach cost sits at $7.42 million, the highest of any industry for 14 consecutive years.

Below: what the banking signal means for healthcare, where shadow AI clusters inside health systems, the four loss modes a board will ask about, and three things to do this quarter before the regulator catches up.

The Banking Signal Healthcare Should Read

What does it mean when a regulator carves something out on purpose? It usually means they know the rule does not fit yet.

The agencies issued SR 26-2 jointly on April 17, 2026, replacing SR 11-7, in force since 2011. The framework is expected to be most relevant to banking organizations with over $30 billion in total assets, and it updates supervisory expectations for traditional statistical and quantitative models. It also says, in the agencies' own language, that "generative AI and agentic AI models are novel and rapidly evolving. As such, they are not within the scope of this guidance."

That sentence is the news. The agencies signaled a planned follow-up Request for Information specifically on AI, which has not been published as of this writing. They did not force-fit a 2011 framework onto 2026 technology.

The 2011 model-risk frame assumed models that were procured, validated, deployed, and supervised. It did not contemplate tools an analyst downloads on a Tuesday afternoon, authenticates against corporate Microsoft 365 in three clicks, and starts feeding sensitive records into by lunch.

Healthcare's parallel is direct. HIPAA does not have a category for "generative AI tool used by a clinician to draft a discharge summary." The statute predates ChatGPT by 26 years, and even its newest major implementing rule, the 2003 Security Rule, predates it by nearly two decades. OCR's May 2024 final rule under Section 1557 of the ACA requires organizations to identify and mitigate discrimination risk in AI-driven patient care decision support tools, effective May 1, 2025, and OCR followed with a Dear Colleague letter in January 2025. That is progress on one slice of the problem. It does not cover BAA gaps, PHI in shadow tools, or AI-shaped clinical documentation.

HHS (ASTP/ONC) published a Request for Information in the Federal Register on December 23, 2025 seeking input on accelerating AI adoption in clinical care. The comment window closed in February 2026, and nothing has issued from it yet. There is no equivalent of SR 26-2 for healthcare AI governance, and nothing announced suggests one lands in 2026.

The Financial Stability Board named the underlying problem in November 2024: regulators have information gaps in monitoring AI adoption, and existing frameworks may not be sufficient. Read plainly, the frameworks assume AI that stays visible. The AI spreading fastest does not.

The honest position, in both industries, is that regulators know the gap exists. The dishonest position is to act covered when the rules predate the tools in daily use.

Where Shadow AI Actually Clusters Inside Healthcare Organizations

Reco's CEO says ungoverned AI tools outnumber monitored ones roughly 4-to-1 across the financial institutions his company works with. Healthcare is worse on the consequence side: 92.7% of healthcare organizations confirmed or suspected an AI agent security or data privacy incident in the last 12 months, the highest rate across any sector tracked in Gravitee's State of AI Agent Security 2026 report.

Wolters Kluwer's December 2025 survey of 518 hospital and health system providers and administrators stacks the prevalence into a ladder:

  • 57% have encountered or used unauthorized AI tools in their organization.
  • 40% have encountered shadow AI without using it themselves.
  • Another 17% admit to using shadow AI personally.
  • 10% used unauthorized AI for a direct patient care use case.

Shadow AI is moving from periphery to clinical work. It is not stuck in marketing or finance. It is in the chart.

The clusters are predictable. Documentation drafting is the clearest. Prior authorization narratives. Triage and patient-callback drafting. Discharge summary cleanup. Payer-portal Q&A. Denial-management appeal drafts. These are decision-adjacent workflows, the healthcare analogue to what Forbes reported at financial institutions, citing Reco: SAR narratives, AML case notes, and risk scoring drafted by unsanctioned tools. The AI is not making the decision. It shapes the document the decision rests on.

Why employees reach for it is also predictable. Wolters Kluwer found almost 50% cite a faster workflow and 1 in 3 point to missing or insufficient approved tools. Among providers who used unsanctioned tools, 26% did so out of curiosity or experimentation, versus 10% of administrators.

The empathy frame is mandatory. The nurse who pastes a patient callback into ChatGPT at the end of a double shift is not a villain. She is exhausted, the official tool either does not exist or takes longer, and the unsanctioned one solves the problem in 30 seconds. A landmark 2016 Annals of Internal Medicine time-and-motion study found physicians spend nearly two hours on EHR and desk work for every hour of direct patient care, and the pressure has not let up since. Treating the people closest to the patient as the threat misses the point. They are the demand signal.

The visibility problem makes everything worse. UVM Health CISO Nate Couture, who pulled Zscaler logs and found shadow AI in use across clinicians, residents, IT, and marketing, put it this way: "Discovering shadow AI in our health system was jarring. Blocking it wasn't a sustainable solution." Vishal Kamat, IBM's VP of Data Security, told TechTarget the core issue is visibility: "when security teams lack awareness of AI tools in use, they're effectively blindfolded."

The C-suite paradox is the part that should keep boards awake. BlackFog's survey of 2,000 US and UK workers, fielded in November 2025, found 49% use unsanctioned AI, and 69% of C-level respondents say speed trumps privacy or security. Permission starts at the top. Leadership is then surprised when the audit comes back the way it does.

These are the conditions every CFO wants automated and every CISO wants visible. Neither side is winning right now.

The Compliance Gap Made Visible: What Healthcare Actually Loses

The board will not ask "do you have shadow AI." The board will ask "what specifically have we lost or are we losing because of it." Here are the four answers.

1. BAA gaps and unauthorized PHI disclosure

OpenAI does not sign Business Associate Agreements for ChatGPT Free, Plus, Pro, Team, or Business. A BAA is available only for sales-managed ChatGPT Enterprise accounts, the API for eligible use cases, and ChatGPT for Healthcare, the healthcare-specific offering OpenAI launched in January 2026. Anthropic offers a BAA for its HIPAA-ready services, meaning the first-party API and HIPAA-configured Claude Enterprise plans, not for Free, Pro, Max, or Team. Coverage across the rest of the market varies by vendor and tier and changes quarterly: Mistral publishes no BAA for its hosted API as of mid-2026, Groq added one for GroqCloud in October 2025, and Perplexity signs them only through enterprise contracts. The tiers employees use personally are almost never the covered ones. Every API call containing PHI sent to a tool without a signed BAA is an unauthorized disclosure under HIPAA. Netskope's 2025 healthcare threat report found 81% of healthcare data policy violations involved regulated healthcare data, and separately found most generative AI use by healthcare workers runs through personal accounts. That is the dominant breach vector.

2. Detection and containment time, paid in dollars

IBM's most recent Cost of a Data Breach Report (2025) found organizations with high shadow AI exposure averaged $670,000 more in breach costs than those with little or none, driven by longer detection and containment. Healthcare starts from the worst position in the industry: $7.42 million average breach cost and 279 days to identify and contain, more than 5 weeks longer than the 241-day global average. Across all industries, breaches involving shadow AI took about six days longer than average to identify and contain. 65% of shadow AI incidents compromised customer PII compared to 53% across all sectors. The math compounds against healthcare specifically.

3. Decision-adjacent risk, even when a clinician makes the final call

The premise inside SR 26-2 will reach healthcare: regulators are starting to treat AI that shapes a human's judgment in a regulated workflow as a model-risk event, even when a person signs off. The healthcare analogue is already running. A clinical decision shaped by an AI-summarized chart. A prior auth approved on the strength of an AI-drafted narrative. A denial appeal won or lost on an AI-generated argument. None of these are logged as model decisions today. None are validated. All will be examined eventually, by examiners or attorneys.

4. Vendor-of-vendor exposure

Compromised apps, APIs, or plug-ins in the AI supply chain were the most common AI security incident vector at 30%, per IBM's data. Healthcare's exposure is the AI inside payer portals, claims clearinghouses, EHR add-ons, and prior-auth chatbots. Your organization did not procure those models. Your organization does depend on them. Section 1557 covers AI-driven discrimination in clinical decision support but does not reach upstream vendor AI behavior, and most existing BAAs were signed before the vendor's roadmap included an AI integration. Censinet describes the shape of the problem with a scenario from its own vendor-management work: a radiology software vendor's unvetted AI subprocessors at a mid-sized clinic network, invisible to traditional assessments until automated monitoring flagged them.

Each of these is a category OCR can audit. Each is a category an attorney can subpoena. Each is a category a regulator will eventually have explicit guidance on, the way banking will after the SR 26-2 follow-up RFI lands. The choice is whether to be ready before that guidance arrives or after.

Three Things Healthcare Should Do Before the Regulator Catches Up

Each of the three actions below can start this quarter. None of them are technology purchases. All of them require the same first step: discovery, not deployment.

1. Understanding: a complete AI inventory, not just a sanctioned-tool list

The asset is the inventory of what is running, not the wish list of what was approved. Reco's telemetry across 50+ enterprise environments puts shadow AI persistence at over 400 days undetected, and only 47% of SaaS applications in a typical environment are authorized. A sanctioned-tool list does not describe reality.

Five places to look:

  • SaaS visibility platforms (Zscaler, Netskope, similar) for traffic to known LLM endpoints like api.openai.com, api.anthropic.com, and generativelanguage.googleapis.com.
  • Expense reports and corporate-card data for AI subscriptions paid out-of-pocket and reimbursed.
  • Browser-extension audits across managed endpoints.
  • OAuth grants connected to corporate Microsoft 365 and Google Workspace identities. These are persistent. Nobody is revoking them.
  • EHR audit logs for unusual export and copy-paste patterns into external destinations.

Treat what you find as a demand signal as much as a risk list. 1 in 3 respondents cite missing or inadequate approved tools in the Wolters Kluwer data. The shadow AI inventory is also the inventory of work the organization is trying to do and currently cannot.

The outcome is a single document listing every AI tool in use, who is using it, what data it touches, and whether a BAA exists.

2. Alignment: people, process, and technology, in that order

People come first. Wolters Kluwer found administrators are more than 3x as likely as clinicians to be involved in AI policy (30% versus 9%), and 42% of administrators strongly agreed AI policies were clearly communicated versus 30% of providers. The policy is not landing where the work is happening. Close that gap by including frontline clinicians in policy development before publishing anything.

Process is the underrated lever. Treat procurement as a control point, not just an IT function. AI tools are entering through corporate cards and free-tier signups, both of which procurement can see if asked. Pair that visibility with a tiered approval workflow:

  • 48 to 72 hour fast-track for tools that do not touch PHI.
  • 1 to 2 week standard track for tools with text or code access to internal systems.
  • Full review for any tool touching PHI directly, including a BAA verification step.

Technology comes last and uses what you already own. Block unauthorized AI endpoints at the proxy layer and redirect employees to approved alternatives at the moment of click. Block-only does not last. Couture at UVM Health learned that early. Redirect-and-enable holds.

The outcome is a published, accessible, current list of approved tools, a defined fast-track for new requests, and a redirect mechanism that makes the compliant path the easier path.

3. Enablement: sanctioned, compliant tools that solve the same problem

The compliant path must require less effort than the noncompliant one, or the noncompliant one wins on Tuesday afternoon. Structural alternatives already exist:

  • BAA-backed enterprise offerings: ChatGPT for Healthcare or a sales-managed ChatGPT Enterprise account, Claude Enterprise in its HIPAA-ready configuration, or Microsoft Dragon Copilot built on Azure OpenAI under your organization's Microsoft BAA.
  • LLM gateways with scoped API keys, centralized logging, and per-team usage limits.
  • Healthcare-specific BAA-covered platforms for ambient documentation, prior-auth drafting, and patient communication.

Pair every enablement decision with a measurable. Time-to-approval. Percentage of AI usage on sanctioned tools versus shadow. Estimated breach-cost avoidance, anchored to IBM's $670,000 figure.

The outcome is that clinicians and administrators have the AI capabilities they were going to use anyway, inside an environment compliance can defend in an audit. A serious intervention can move shadow AI detection rates by an order of magnitude inside a year, recover documentation time, and lift clinician satisfaction. Those are the results governance programs are graded on.

The framework is sequential. Discovery before deployment. Alignment before adoption. Enablement before announcement. Skip a step and the next one quietly fails.

Understanding before action. Governance before automation.

What Failure Looks Like When Two Layers Fail at Once

What does failure look like when both layers fail at once? The following is composite and illustrative. The components are documented patterns from 2025 and 2026.

A 6-hospital regional health system in the Mountain West. A care coordinator uses a free-tier consumer chat tool to summarize a referral packet for an out-of-network specialist appointment. The summary garbles a medication dosage. The coordinator did not notice. The receiving specialist did not either, because the summary read clean and the underlying chart was 47 pages.

Separately, the health system's payer-side prior authorization process runs through a third-party clearinghouse that uses an AI coding assistant to map free-text clinical indications to billing codes. The clearinghouse vendor added the AI integration in late 2025. The original BAA, signed in 2022, did not contemplate AI subprocessors. The clearinghouse AI maps the clinician's handwritten "rule out" note to a definitive diagnosis code, which triggers an automated denial-prevention workflow.

The combined effect: the patient is approved for a procedure based on a code their chart does not support, on a summary that misstated their medication. Three weeks later, an OCR audit pulled for an adjacent reason finds the chart access pattern and asks for the source of the referral summary. Neither AI tool is in the organization's inventory. Neither has a BAA. The clearinghouse vendor's terms never contemplated this volume of PHI flowing through their AI integration.

Three lessons:

  1. The shadow AI tool inside the hospital and the one inside the vendor are both governance gaps. Either can fail. Both failing together is what produces the headline.
  2. The compliance team had no record of the consumer tool. Vendor management had no visibility into the clearinghouse's AI. Neither team owned the surface where the failure occurred.
  3. No framework today required anyone to connect those dots. That will change. The question is whether you find these gaps yourself or OCR finds them for you.

Find Your Gap Before OCR Does

The organizations that come through the next enforcement cycle clean will not be the ones with the strictest blocking policies. They will be the ones that can produce an inventory, show a governance process, and point to sanctioned tools that actually get used.

That is the work we do. AuthenTech AI helps healthcare organizations run the discovery, build the governance layer, and stand up compliant AI tools clinicians choose on their own. Start with the SAFE AI Assessment: 4 layers, 20 questions, and a score that shows you exactly where your gap is.

FAQ

What is the shadow AI compliance gap in healthcare?

The shadow AI compliance gap is the space between the AI tools employees actually use in healthcare workflows and the narrower set of tools and behaviors that frameworks like HIPAA were designed to govern. HIPAA dates to 1996. Generative AI post-dates 2022. The gap is widest in clinical and revenue-cycle workflows where adoption is fastest.

Does HIPAA cover AI tools by default?

No. HIPAA's statute predates generative AI by 26 years, and its Privacy Rule (2000) and Security Rule (2003) predate it by roughly two decades. AI tools that process PHI must be governed under existing mechanisms, including Business Associate Agreements, the minimum-necessary rule, and breach notification. No provision addresses how generative or agentic AI should be validated, logged, or audited. HHS (ASTP/ONC) issued an RFI in December 2025 to gather input; the comment window closed in February 2026.

Is ChatGPT HIPAA-compliant?

Not in the tiers most employees use. OpenAI offers no Business Associate Agreement for ChatGPT Free, Plus, Pro, Team, or Business, so sending PHI to those tiers is an unauthorized disclosure. A BAA is available for sales-managed ChatGPT Enterprise accounts, for the API under an eligible use case, and for ChatGPT for Healthcare, OpenAI's healthcare-specific offering. Microsoft's Azure OpenAI service is also covered under an organization's Microsoft BAA. Default consumer access is not compliant.

How is the SR 26-2 banking guidance relevant to healthcare?

SR 26-2 carved generative and agentic AI out of scope on April 17, 2026, and signaled a follow-up Request for Information. Banking regulators acknowledged the gap rather than pretend existing rules covered it. Healthcare regulators face the same gap with HIPAA. The rules need to change before regulators can enforce them.

How does AuthenTech AI help healthcare organizations close the shadow AI compliance gap?

We start with discovery, not deployment. Step one is a complete AI inventory past the sanctioned-tool list. Step two aligns people, process, and technology, with procurement as a control point. Step three replaces shadow tools with sanctioned, BAA-backed alternatives that solve the same workflow problem. More at authentech.ai/shadow-ai/.

Chance Sassano avatar

Chance founded AuthenTech AI to help healthcare organizations understand how to say yes to safe AI, even in a market that changes faster than policy can keep up. He brings 25 years of enterprise IT and cyber security experience. He hosts the AI & The Art of the Possible podcast, where he explores how AI benefits humans and the leaders building it responsibly. Outside of work, he’s a musical theatre dad and French Bulldog father.