A health system can have an AI committee, a dozen pilots, ambient scribes in clinics, and Copilot in administrative offices and still lack an AI operating program.

That situation is becoming common. An HFMA and Eliciting Insights survey of 233 health system executives found that 88% of their organizations were using AI in some form. Only 18% reported both a mature governance structure and a fully formed AI strategy.

The tools are moving faster than the organizations adopting them.

I have seen this challenge from several sides: managing enterprise applications inside a health system, operating with a healthcare AI company, and advising organizations working through AI strategy and adoption. The pattern is consistent. Progress slows when governance, education, implementation, and value measurement live in separate workstreams.

Health systems need an operating model that connects them.

At Henecorp, we organize that work through five capabilities: Govern, Explore, Educate, Enable, and Empower. We call the model G4E. Governance provides the foundation. The four E’s carry that foundation into decisions, workflows, and measurable results.

Govern: create the authority to make decisions

Governance starts with a named executive who has decision rights, a funded mandate, and a clear escalation path. From there, the organization needs a front door for AI requests, a living inventory of AI systems, risk-based reviews, and monitoring that continues after go-live.

The inventory matters more than it sounds. AI now enters a health system through vendor products, embedded EHR features, homegrown applications, browser extensions, and personal accounts. Each path creates a different set of questions. Who approved the tool? What data does it touch? Who owns its performance? When was it last validated? What happens when the vendor changes the model?

A well-maintained spreadsheet can be enough to begin. The discipline matters more than the platform.

The NIST AI Risk Management Framework describes governance as a cross-cutting function that supports mapping, measuring, and managing risk throughout the AI lifecycle. That lifecycle view is especially important in healthcare. A model that performed well during a pilot can drift as patient populations, workflows, and vendor versions change.

Governance gives the organization a way to make those changes visible and decide what to do next.

Explore: find the real starting point

Every organization begins from a different place. One health system may have a mature data governance program and limited AI education. Another may have enthusiastic clinical pilots with no shared intake process. A third may own dozens of AI-enabled products and lack a complete inventory of what is active.

Exploration is a structured readiness assessment. It looks across leadership, policy, technology, workforce confidence, data practices, and current use cases. It also surfaces the work employees are already doing with AI, including activity that never passed through procurement or IT.

That assessment changes the roadmap. A health system with weak decision rights should strengthen governance before adding more pilots. An organization with strong controls and limited adoption may get more value from role-based education and workflow redesign. A team with several successful pilots may be ready to focus on measurement and scale.

The starting point becomes clearer when leaders can see the whole system.

Educate: prepare people for the decisions they own

AI literacy gives the workforce a shared understanding of how these tools behave, where they fail, and what responsible use looks like. The training becomes more useful when it reflects the decisions people make in their own roles.

An executive needs to understand risk appetite, vendor claims, accountability, and the metrics that belong in leadership reporting. A physician using an ambient scribe needs a consistent standard for reviewing the note, correcting errors, and talking with patients about AI-assisted documentation. Revenue cycle staff need to understand coding risk, payer scrutiny, and the level of human review required for an AI-generated recommendation. Compliance, privacy, and security teams need deeper knowledge of intake, validation, monitoring, and incident response.

These groups share a foundation. Their responsibilities take them in different directions from there.

Education is also how policy reaches daily work. An approved-tool policy only protects patients when employees know where to find the list. An incident process only works when staff can recognize an AI-related event and know where to report it. A human-review requirement needs to describe what a good review looks like inside the workflow.

This is why we see education as part of AI governance. Governance defines the system. Education prepares people to operate within it.

Enable: put the knowledge into the workflow

Training creates capability. Enablement applies that capability to a real tool and a real process.

Consider an ambient documentation rollout. The work includes configuring the product, defining which visits and users are appropriate, validating performance locally, setting a review standard, preparing patient communication, and creating a response path for errors. The training should use the screens, decisions, and failure modes clinicians will encounter during a normal day.

The same principle applies outside clinical care. A revenue cycle team adopting AI-assisted coding needs clear sampling and audit practices. An HR team using AI in recruiting needs defined notice, bias review, and approval processes. An IT team building an internal agent needs testing, access controls, monitoring, and a plan for vendor or model updates.

Enablement closes the space between knowing the policy and performing the work.

It also gives domain experts a meaningful role in AI adoption. Clinicians, coders, analysts, and operational leaders can tell when an output fits the workflow and when it misses something important. Their review creates the feedback the governance program needs to improve the tool, revise the training, or change the policy.

Empower: measure value and improve the program

AI programs need a clear value case. Each use case should have an operational outcome, an adoption measure, and a set of safety indicators that leaders review on a regular cadence.

The right measures depend on the work. An ambient scribe may be evaluated through documentation time, clinician adoption, note quality, and correction patterns. A revenue cycle tool may be measured through turnaround time, denial outcomes, audit findings, and staff workload. A patient-facing assistant may require measures for successful resolution, escalation, accessibility, complaints, and safety events.

Measurement gives leaders a basis for investment decisions. It also gives the workforce evidence that reporting problems leads somewhere. When an incident results in a workflow change, model adjustment, or clearer training, people see that the governance process responds to their experience.

The Joint Commission and Coalition for Health AI guidance places policy, local validation, monitoring, and appropriate use within the health system’s responsibility. Those capabilities depend on people who can recognize risk, apply the controls, and keep improving the program after deployment.

That is where empowerment becomes practical. Teams gain the knowledge and authority to improve how AI works in their environment.

How the five capabilities work together

The value of G4E comes from the connections among the five capabilities.

Governance sets the decision structure. Exploration identifies the gaps and priorities. Education prepares each group for its responsibilities. Enablement brings those responsibilities into the workflow. Empowerment measures what happens and feeds the learning back into governance.

Each capability makes the others stronger. A readiness assessment gives the education program a clearer audience. Workforce training improves incident reporting. Workflow feedback strengthens monitoring. Outcome measurement helps leadership decide which use cases deserve further investment.

This creates an operating cycle that can keep pace as tools, regulations, and organizational needs change.

A practical place to begin

A health system can begin building this model with five concrete moves:

  1. Name the executive who owns AI decisions and document the authority that comes with the role.
  2. Create one intake path and begin an inventory of vendor, embedded, and internally developed AI.
  3. Assess readiness across governance, workforce knowledge, current use cases, data, and measurement.
  4. Choose one active AI workflow and build role-based education around the people who use, approve, and monitor it.
  5. Define the operational outcome, adoption measure, and safety signals leadership will review.

That work will reveal where the organization is ready and where it needs support. It also gives leaders a way to move forward with clarity while the technology continues to change.

AI strategy becomes real when it has an owner, a learning system, a place in the workflow, and a way to measure what happens next.

If your organization already has AI pilots, a governance committee, or workforce training underway, the next question is how well those pieces connect. Schedule a conversation and we can find the capability that deserves attention first.