March 12, 2026

HIMSS26: The Agentic Turn Is Real, and It Came With Receipts

Dr. Niki Panich, MD, CCFP, FCFP, MBA, MS (MDSA), MSCP  •  Chief Medical Officer, Penguin Ai

If HIMSS25 was the year everyone arrived with a generative AI slide deck, HIMSS26 was the year people started showing receipts. The conversation in Las Vegas this week was not about whether artificial intelligence can transform healthcare operations. It was about which vendors have actually deployed it, how many workflows it has touched, and how many hours it has returned to clinical staff. Agentic AI, systems that do not merely surface recommendations but actually execute multi-step workflows without a human approving every action, was the undeniable through-line. For health system executives still weighing pilots against priorities, that distinction matters more than anything else on the expo floor.

The Year Healthcare Stopped Asking "If"

I have attended enough digital health conferences to recognize the difference between a technology that is being sold and one that is being deployed at scale. HIMSS26 felt categorically different from prior years. The exhibit hall conversation has migrated. The question is no longer whether AI can reduce administrative burden or improve clinical documentation. The question is which vendor has deployed it across the most workflows, and what the outcomes data actually shows.

One phrase I heard repeatedly: "pilot purgatory is over." Health systems have spent three years running proofs of concept and building governance frameworks. The organizations showing up to HIMSS26 with measurable outcomes, hard numbers tied to specific workflows, stood apart from those still presenting a six-month roadmap and a promising architecture diagram.

The buyers in the room have changed, too. It is no longer the CIO alone sitting across the table from a vendor. CFOs, CMOs, and COOs are in the room now, asking about medical loss ratio impact, physician time returned per week, and denial recovery rates. That shift in who is doing the buying reflects a maturation that, frankly, is overdue.

"It remains a very complex environment, with few guardrails for the use of AI in healthcare, and still a lot of work to do to create an environment that is going to produce safe, reliable artificial intelligence for clinical use." Tina Joros, Vice President of Policy and Innovation, Veradigm — HIMSS26

That quote captures the tension perfectly. Execution is accelerating. Governance is lagging. And that gap is where the most consequential risks for health systems now live.

Revenue Cycle Gets Its Autonomous Moment

The back office was the most crowded category on the floor, and for good reason. Revenue cycle management has been the persistent proof point for AI in healthcare operations because the ROI is calculable, the failure modes are visible, and the volume of manual work is staggering. What changed at HIMSS26 was not the category but the level of autonomy being demonstrated.

Epic brought the most striking data point of the conference. Its revenue cycle AI tool, Penny, cut medication prior authorization submission time by 42% at Summit Health. In that same deployment, 92% of AI-generated responses were accepted by clinical staff without any edits. At health systems with the highest Penny utilization, coding-related denials dropped more than 20%. Prior authorization is one of the most expensive, most despised, and most clinically disruptive administrative functions in ambulatory care. A 42% time reduction in that specific workflow is not a demo metric; it is a board conversation.

XiFin debuted what it described as an autonomous Appeals Agent. The system reviews denial notices, retrieves medical necessity documentation, drafts patient-specific appeal letters, and submits the full package to payers; all within pre-defined guardrails and without a human completing each step manually. Waystar, now operating across CVS Health infrastructure, cited more than 15 billion dollars in prevented denials since deploying its AI. FinThrive framed agentic AI as an operating model rather than a feature, with autonomous workflows running across more than 50 use cases and recovering 1.1% on underpayments for early adopters.

From my vantage point as a CMO, the common thread across all of these deployments is the same insight that drives everything we are building at Penguin Ai: the administrative workflows that consume the most physician and staff time are precisely the ones most amenable to full-cycle automation. Not assisted automation, where a human still reviews every output. Full-cycle, end-to-end automation where the agent handles the workflow and escalates only the genuine exception cases.

Penguin Ai's prior authorization platform operates on this same architecture. The 87% faster processing and 95% accuracy figures we cite are not theoretical. They reflect what happens when you build agentic AI specifically for the prior auth workflow rather than bolting a general-purpose language model onto an existing manual process. The HIMSS26 data from Epic and XiFin validates exactly that approach. The market has caught up to the architecture.

Clinical AI Grows Up: Domain-Specific and Deployed

The clinical AI story at HIMSS26 was more nuanced than the revenue cycle narrative, but no less significant. The vendors generating genuine attention on the clinical side were the ones who had moved past general-purpose large language models and built domain-specific intelligence: systems trained on specialty vocabularies, clinical ontologies, and evidence-based content rather than general text.

ModMed's Scribe 2.0 is a good illustration. Natively embedded in the ModMed EHR, the ambient documentation tool processed more than 240,000 visits in under 100 days across specialties including dermatology and orthopedics. The performance in specialty-specific contexts is precisely where general-purpose AI tools tend to degrade. Specialty vocabulary, procedure coding patterns, and documentation requirements in dermatology are categorically different from primary care. A model trained on general clinical text will underperform in that environment. Domain specificity is not a nice-to-have; it is the mechanism of accuracy.

Wolters Kluwer's integration of UpToDate Expert AI directly into Microsoft Dragon Copilot and Teams is a different but equally important move. By injecting peer-reviewed clinical intelligence into the documentation and communication workflows clinicians already use daily, the integration creates a guardrail against the clinical hallucination risk that remains the most serious concern with AI in direct care delivery. The framing matters: trusted content embedded in workflow is categorically different from asking a language model to recall clinical evidence from training data.

Stryker's SmartHospital Platform announcement also stood out. The combination of ambient sensors, alarm-filtering middleware, virtual nursing workflows, and voice-activated communication devices is the hospital infrastructure play that health systems have been waiting for someone to build at enterprise scale. The signal here is that clinical AI is expanding from documentation into actual care coordination, not just the administrative wrapper around care.

The principle that runs across all of these deployments is one I articulate regularly in my own advisory work: task-specific models outperform general models in clinical settings. Every time. The risk of using a foundation model for a specialized clinical task is not that it will fail obviously. It is that it will fail subtly, and in healthcare, subtle failures carry patient safety implications that are not acceptable at any utilization rate.

 Interoperability Is No Longer a Compliance Exercise

TEFCA, QHINs, FHIR APIs, data standards. These words have been at every HIMSS for the past several years, and they have largely remained a compliance conversation. Something shifted at HIMSS26. The language around interoperability moved from exchange to action.

The most technically significant announcement of the conference, in my view, was Athenahealth's preview of an industry-first patient MCP server. Model Context Protocol is the open standard that allows AI agents to communicate with external systems in a structured, permissioned way. athenahealth built a formal pathway for authorized AI agents, explicitly including Anthropic's Claude, to access structured patient data directly inside athenaOne. That is not a plumbing announcement; it is a strategic one.

The core bottleneck for deploying AI agents in clinical environments has never been the model quality. It has been secure, structured, permissioned data access. Getting an AI agent to do something useful at the point of care requires it to read and understand a patient's longitudinal record with appropriate authorization, not just process a document that a human hands it. Athenahealth just solved that access problem for 170,000 providers covering approximately 20% of the US population. The downstream implications for agentic AI deployment in ambulatory care are substantial.

The broader interoperability story at HIMSS26 reinforced something I have argued for some time: nominal interoperability, data that can technically be exchanged, is insufficient infrastructure for agentic AI. The data arriving at an agent must be clean, deduplicated, standardized, and semantically aligned before the agent can operate safely. The emphasis on "computable data" throughout the conference reflects a maturation of expectations. The question is no longer whether data can move. It is whether data arrives in a state where an AI agent can act on it without human correction at every step.

CMS's continued push toward TEFCA and the prospect of 300 million participants reachable through a single authorized data-sharing gateway adds the regulatory dimension to this. January 2027, when the full suite of CMS FHIR API requirements under CMS-0057-F come into effect, will mark the inflection point where interoperability infrastructure either enables or constrains the agentic AI deployments health systems are now building.

AI Governance Becomes a Patient Safety Issue

The governance conversation at HIMSS26 was different in kind from prior years. It was not a compliance session tucked into a side track. It was a patient safety discussion on the main stage, and the urgency was proportionate to how quickly autonomous AI is being deployed in clinical and administrative contexts.

Singulr AI's launch of Agent Pulse illustrates the category that has quietly become essential: real-time runtime governance for AI agents. The platform provides context discovery, risk intelligence, and policy enforcement to ensure that AI agents only execute actions they are authorized to perform. In an environment where agents are independently reviewing denials, drafting appeal letters, routing patient data, and coordinating care transitions, governance is not a documentation exercise. It is an operational control.

The FDA's challenge at HIMSS26 was articulated with unusual candor by Jared Seehafer, a senior advisor in the Office of the Commissioner. The FDA has approved more than 1,300 AI medical devices since 1995. The regulatory framework for those devices was built on the assumption of a relatively stable software artifact. Agentic AI, which can operate autonomously and potentially improve through continued deployment, requires a fundamentally different oversight model. The agency acknowledged that the current framework, which requires developers to notify the FDA about update plans in advance, does not map cleanly onto a system that learns and adapts in production.

"A system that has no human oversight would be unacceptable. But a system that relies fully on human oversight likely won't be able to scale." Dr. Haider Warraich, Program Manager, ARPA-H — HIMSS26 Regulatory Panel

That tension is the defining governance challenge of this moment. The administrative workflows that generate the most ROI from agentic AI, prior authorization, denial management, coding, appeals, are also the workflows where errors have direct patient access implications. A prior auth that is incorrectly denied by an AI agent is not a billing inconvenience. It is a patient who does not receive a medication or procedure they need. The failure mode matters enormously for how governance frameworks are designed.

The regulatory environment compounds this. The Trump administration has moved to limit federal AI rules that might slow adoption. Several states are legislating independently. For health systems and payers operating across state lines, the result is a fragmented compliance landscape that creates genuine uncertainty about liability when an AI agent makes a consequential error. Health system CIOs and CMOs building agentic AI deployments right now are making governance decisions without a clear federal framework to anchor them.

My recommendation to every health system executive I work with is the same: govern AI now, before you need to. The organizations at HIMSS26 that had mature governance infrastructure in place were deploying faster, not slower, than peers still treating governance as a constraint. A well-governed AI deployment is a deployable one. An unreviewed one is a liability waiting to be adjudicated.

The Bottom Line

HIMSS26 confirmed what practitioners in this space have been observing for eighteen months: the transition from generative AI as a demonstration technology to agentic AI as an operational reality is no longer a future event. It is the current state of the market. Health systems are deploying autonomous agents in revenue cycle, clinical documentation, patient monitoring, and care coordination. They are generating measurable outcomes. And they are doing so in a governance environment that is still being constructed in real time.

For executives reading this: the right questions are no longer "should we invest in AI" or "is it ready for enterprise deployment." The questions are whether your data infrastructure supports the structured, computable access that agentic AI requires; whether your governance framework can enforce policy at the agent level in real time; and whether your prior authorization and revenue cycle operations are genuinely end-to-end automated or merely partially assisted. The gap between those two states is where the financial and operational opportunity lives. Las Vegas made that very clear.

Site by Ratio
Copyright 2025 Penguin Ai
A few things to adjust Update the date and time in line 2 to your exact launch time and timezone Style the countdown text block in Webflow to match your bar design Make sure the ID on your Text Block exactly matches countdown-timer If you want a pre-built option without custom code, Finsweet and Elfsight both have Webflow-compatible countdown widgets you can drop in as an embed.