As cyber incidents and system outages become more frequent across healthcare, chief nursing informatics officers say their biggest EHR reliability fears are less about downtime itself and more about what happens to nursing care when digital systems degrade without clear timelines or support.
For Marc Benoy, BSN, RN, chief nursing information officer at Akron, Ohio-based Summa Health, the most serious concern is the loss of clinical workflow continuity at the bedside during outages or system degradation.
“The issue is not simply that systems go down,” Mr. Benoy said. “Nurses are suddenly expected to become the integration layer when deeply embedded digital workflows disappear — often without adequate tools, preparation or real-time clarity.”
In those moments, he said, clinicians must remember orders, track medications, coordinate care and maintain documentation integrity under extreme cognitive load — increasing the risk of missed medications, delayed interventions and communication breakdowns — an expectation Mr. Benoy describes as “unrealistic and unsafe.”
To address that risk, Mr. Benoy said his approach focuses on both prevention and resilience. On the prevention side, he said security cannot be framed as a tradeoff against care delivery.
“My expectation of my team is that security must be proportionate, risk-based and clinically informed,” he said. “Not all risks are cyber risks, and not all safety risks are clinical risks — but they consistently intersect at the bedside.”
At Summa Health, that means bringing together nursing, clinicians, IT, security, risk, quality and compliance to assess where protections reduce risk and where they may unintentionally create it.
“Controls must be embedded into workflows — not added as extra steps that increase cognitive burden for nurses,” Mr. Benoy said.
The health system also invests in scenario-based education so staff understand both the risks and how to respond when issues arise. When mistakes or near-misses occur, they are reviewed through a systemwide lens focused on learning and prevention rather than blame.
However, Mr. Benoy said his team assumes outages and degradations will still occur, often without immediate clarity around cause or duration. That uncertainty, he said, represents the greatest risk for nursing.
“This is where I see the most significant risk,” he said. “Our care environment depends on deeply integrated systems and real-time data.”
For 2026, Mr. Benoy said Summa Health’s top safeguard and investment priority is “enterprise-grade, clinically designed downtime resilience.” Rather than focusing solely on disaster recovery, the organization is prioritizing bedside readiness, including downtime-ready tools that preserve access to critical patient data, standardized workflows that mirror live practice, and clear command and communication structures during incidents.
At Charleston, S.C.-based Roper St. Francis Healthcare, CNIO Jared Houck, BSN, RN, said his biggest EHR reliability fear stems from how quickly cyberthreats can escalate due to human error.
“My biggest EHR reliability concern is that cyberthreats are becoming increasingly sophisticated,” he said, “and all it takes is one well-intentioned employee being duped to trigger a systemwide disruption.”
Looking ahead to 2026, Mr. Houck said his top priority is investing in “human-layer defenses that emphasize both prevention and preparedness.” That includes ongoing cyber education for staff, regular phishing resilience campaigns and structured preparation, such as malware tabletop exercises with clinical and executive leaders.
Downtime drills for frontline teams are also a key focus. “These safeguards are intentionally designed with the assumption that human error will occur,” Mr. Houck said, “and must be contained before patient care is impacted.”
Both leaders pointed to the same reality: EHR reliability is no longer just a technical issue. It is a patient safety and workforce challenge that plays out most acutely at the bedside, where clinicians are left to manage the consequences when systems falter.
