1. The report highlights a gap between AI ambition and readiness. What are the main challenges preventing healthcare organisations from scaling AI safely?
Kyndryl’s Healthcare Readiness Report shows that 76% of organisations report having more AI pilots than they can scale. The ambition is clearly there, but what’s holding organisations back is, more often than not, compliance concerns and structural constraints.
Legacy systems and fragmented technology environments make it difficult for organisations to integrate AI into core workflows in a consistent and governed way. Many organisations are running modern AI tools on top of infrastructure that wasn’t designed to support them, let alone innovate with them. Without the right foundations in place – such as modernised infrastructure, clear governance frameworks and the ability to manage risk proactively – organisations are effectively constrained to experimentation. They can prove the concept, but they can’t confidently move into enterprise-wide deployment – which is where AI starts to have a meaningful system-wide impact.
2. Why is regulatory complexity such a significant barrier for healthcare organisations adopting AI today?
Healthcare operates in one of the most complex regulatory environments of any industry, and in Australia, that complexity has distinct layers. The Privacy Act 1988 is undergoing reform to introduce stronger transparency requirements around automated decision making. These changes have direct implications for clinical AI tools like decision support systems, where organisations will need to explain how an algorithm contributed to a diagnosis or triage recommendation. On top of that, Australia’s National AI Planreinforces that organisations must manage AI risk through existing laws across privacy, consumer protection and healthcare regulation.
The challenge is that these obligations don’t sit neatly in one place. Organisations are navigating a fragmented and evolving compliance environment. Our research highlights that 55% feel worried about keeping pace with evolving policy, and only 30% felt prepared. The gap between concern and preparedness is what keeps many healthcare organisations stuck in pilots – they’re unsure how to scale AI confidently while ensuring patient safety and data integrity.
3. What risks do healthcare organisations face if compliance and governance are treated as an afterthought in AI adoption?
The risks are both operational and reputational. If compliance is treated as something that’s bolted on later, organisations are increasing their own operational risk and exposing themselves to evolving cyber and privacy threats. Without built-in guardrails, AI systems may operate inconsistently, making it harder to ensure safety, accountability and regulatory alignment across environments.
In practical terms, that can lead to biased or inaccurate outputs going unchecked, inappropriate use of sensitive patient data, and a lack of transparency in how decisions are made. It also limits auditability, reducing organisations’ ability to demonstrate compliance or respond to regulatory scrutiny. Over time, that erodes trust among clinicians, administrators and patients, and holds back progress on adopting and scaling AI with confidence.
4. How does Kyndryl’s “policy as code” capability help organisations manage compliance and governance in AI systems?
Kyndryl’s policy as code capability converts regulatory requirements, security standards and operational controls into machine-readable policies that directly govern how AI systems and agentic workflows operate.
This capability acts as enforceable guardrails, ensuring AI operates only within approved parameters and reducing operational risk by eliminating the impact of hallucinations and unintended actions. Each decision is logged and explainable, supporting auditability and building trust as AI is embedded into operational environments.
By integrating policy directly into workflows, organisations can gain greater visibility and control, with built-in human oversight through defined triggers and escalation paths. This ensures compliance and governance are maintained in real time, rather than applied after the fact.
About Kyndryl:
Kyndryl is a leading provider of mission-critical enterprise technology services offering advisory, implementation and managed service capabilities to thousands of customers in more than 60 countries. As the world’s largest IT infrastructure services provider, the Company designs, builds, manages and modernises the complex information systems that the world depends on every day. For more information, visit www.kyndryl.com.
About Roy Lovli:
Roy Lovli is the Vice President of Kyndryl Consult and Practices for Australia and New Zealand and is also the Lead Champion for Culture. He manages a team of experts to support customers wherever they are on their digitisation journey, helping them prepare for the future with end-to-end strategy, innovation, transformation, implementation and delivery.
Roy was previously the Vice President of Delivery for Kyndryl Australia and New Zealand. From 2019 to 2021, Roy was the General Manager of Infrastructure Services at IBM, where he managed technical specialists and account managers to deliver innovation through partnerships and modernising technology footprints. Prior to this, he spent four years as Vice President and Services Executive, working closely with one of IBM’s key banking customers to collaboratively deliver operational excellence.
Over his more than 30-year career, Roy has managed large IT departments and led complex outsourced environments for some of the largest organisations in Australia and New Zealand, including American Express, Air New Zealand, National Australia Bank and Westpac Banking Corporation.
