Seeking approval to implement new features, especially those powered by artificial intelligence (AI), can be complex in any organization. Epic’s robust rollout of different types of AI, such as Generative AI tools like In Basket Art (In Basket message drafting), Agentic AI like Emmie (patient-facing assistant) and Penny (revenue cycle AI assistant), along with a wave of other available AI features through the system, adds to this complexity. Decision makers must now navigate evolving governance, vendor overlap, and heightened scrutiny around data use, security, and return on investment (ROI).
Some organizations have clear and established guidelines and policies around the use of AI, but many continue to navigate and evolve their governance, policies, risk tolerance, and security posture. An organization’s size and structure often shape how AI is adopted — and how much governance must be in place before it can scale. In practice, organizations sit on a spectrum: at one end (A) AI is prohibited entirely; at the other (B) it is expected to be used broadly and in nearly everything. In between — and this is where most organizations fall — is (C) those still actively developing their policies, risk tolerance, and security posture. This evolving landscape makes the approval process more nuanced and requires a thoughtful, strategic approach.
Whether you are an A, B, or C type of organization, consider these key strategies for gaining approval for AI features:
1. Start with a clear Business Case
Before diving into technical details, define the Why behind your AI initiative.
Consider benchmarking the proposed AI workflow against the existing process or vendor. Take Epic’s In Basket Art as an example: it typically replaces manual, start-from-scratch message writing. Thus, measuring how long it takes clinicians to write a message from scratch vs how long it takes them to review and accept/adjust a generated message can demonstrate whether any time savings occurred. For reference, Epic reports that nurses save an average of roughly 30 seconds per message when they start from a drafted reply and choose to begin from the draft about half the time. Mercy, one of the largest U.S. health systems, average end-of-shift note time fell from about 3.5 minutes to 32 seconds, an 85% reduction. You can then also consider clinician satisfaction with the feature and how it affects the rest of the workflow. A baseline understanding of current processes and investments allows you to assess redundancy, cost savings, and workflow fit. These are all key to focusing on the biggest optimization opportunities and providing clear business cases for approval.
2. Clarify the classification of AI
AI is a broad term. Epic’s AI types encompass a wide range and will only get more robust:
Clarify the type of AI you’re proposing and its intended use. Is patient or confidential data involved? Will it feed into a Large Language Model (LLM)? Is any output transmitted externally?
Also distinguish between native Epic functionality and third-party integrations. Timing and investment may be a factor as native Epic functionality is rolled out and adopted. Using a 3rd party doesn’t always equal innovation and your organization must understand the value proposition and long-term data implications of a 3rd party system vs in-line functionality.
3. Engage the Right Stakeholders Early
AI initiatives often require cross-functional alignment. Beyond your usual change control processes, include Risk Management, Cybersecurity, Legal, Contracts, Clinical Leadership, and Finance.
Consider engaging a trusted advisory partner to support the workload and accelerate success. An experienced partner can help outline costs and risks, prioritize your quickest and most significant wins, and bring patterns and lessons learned across many health systems, especially valuable if your organization is examining new or evolving capabilities.
4. Understand Governance Structures
Typically, organizations will either add to an existing governance structure, create a new AI-focused governing body, or some combination of both. Your role is to navigate these structures (even as they evolve), understanding your organization’s current and future governance plans related to AI strategy, as well as their goals for AI within the organization. You can then relate your AI goals to your organization’s goals through those governance approval channels.
This becomes especially important in large organizations. As AI moves from isolated pilots to everyday use across many departments, the right governance, controls, and oversight are what keep it safe and consistent, whether AI is delivered by a single centralized team or leveraged independently across different areas of the business. Clear ownership, consistent security and data-protection standards (including HIPAA obligations), and enterprise-wide visibility ensure AI is used responsibly no matter where it runs.
Additionally, discover what tools are in place at your organization to assist with AI tracking, such as model explainability and usage tracking. Leverage these tools to demonstrate alignment with your organization’s internal processes and output expectations.
5. Expect Delays – and Plan for Them
High-visibility concepts like AI often face delays due to uncertainty and evolving policies. Realize these delays are part of a responsible innovation strategy and they are a natural part of ensuring alignment with clinical, operational, and ethical standards. Build buffer time into your project plans and set realistic expectations with stakeholders around timing and budget.
6. Drive Follow-up and Maintain Momentum
While getting your AI project approved may be your priority, approval bodies have competing priorities. Track who you are waiting on, follow-up regularly, and use a centralized tracker to monitor approvals, stakeholder feedback, and policy changes. This helps maintain momentum, holds people accountable, and ensures transparency across teams. These efforts help you guard against a stalled initiative, while also highlighting where your bottlenecks might be.
7. Be Strategic, Not Reactive
Epic’s AI roadmap is expanding rapidly, but it’s not imperative to implement everything immediately. Your role is to:
Balancing innovation with operational readiness is key. Building a strong business case is essential to unlocking the full value of AI in your EHR ecosystem without compromising operational stability or strategic focus.
Getting AI approved and adopted is as much about strategy and governance as it is about technology. CereCore’s advisory approach helps healthcare organizations move from AI interest to AI impact. With a heritage rooted in top-performing hospitals and advisors who have sat in operational and clinical seats, CereCore brings practical perspective to every AI decision, helping you separate genuine wins from noise and protect proven solutions while you evaluate new ones.
That approach follows the same principles as the strategies above: build a clear business case with measurable ROI, classify each AI use case and its data implications, engage the right stakeholders early, and align to your governance, security, and compliance requirements. CereCore can help you assess AI readiness, stand up or extend AI governance, prioritize the highest-value and lowest-risk opportunities, and design pilots with clear success metrics and exit strategies so you can scale what works with confidence, whether your AI efforts are centralized in one team or leveraged across different areas of the business.
Whether you are just beginning to shape your AI policies or scaling proven tools across the enterprise, CereCore can help you get AI approved and get it right.