An era for AI agents: why healthcare leaders can't afford to manage governance on spreadsheets

According to the CEO and co-founder of an integrated governance, risk and compliance AI company, health care has crossed a governance complexity threshold — with AI agents changing the benchmark for what good governance looks like.

Australian healthcare leaders are being asked to govern more, prove more and respond faster than the old operating model was ever designed to support. Compliance has become more proactive. Privacy, cyber, resilience and sustainability now sit much closer to the centre of operational decision-making. AI in health has added a new layer of governance altogether. What were once treated as separate issues now converge in the same operating environment. Yet many organisations are still managing critical governance work through spreadsheets, inboxes, static registers and manual, disconnected systems.

That is the mismatch at the heart of the problem. Health care is trying to govern a more complex, more regulated and more exposed system with tools built for static administration. For many leaders, this no longer feels like governance in the formal sense. It feels like constant reconciliation: chasing updates, assembling evidence, briefing the board with caveats and hoping nothing important is sitting in a folder or spreadsheet nobody has touched for weeks.

A spreadsheet can store information, but it cannot coordinate accountability. In the era of AI agents, that distinction matters more than ever. Spreadsheets were built to record activity. Healthcare leaders now need systems that coordinate action.

The enemy is fragmentation

Health care does not have a governance problem because leaders lack frameworks. It has a governance execution problem because the work is still fragmented. There is no shortage of obligations, committees or dashboards. What many healthcare organisations still lack is a joined-up operating layer that connects objectives, obligations, risks, actions, evidence and reporting. That is why the issue is not whether a hospital uses Excel. The issue is whether Excel is acting as the governance backbone.

This is not a story about careless teams. It is a story about capable people trying to manage overlapping obligations through systems that do not work together. The result is familiar across health care: duplicated effort, stale evidence, repeated data entry, caveated board papers and too much dependence on the few people who know where everything is. Spreadsheets are not the problem. Running mission-critical governance across spreadsheets is.

Compliance has moved beyond record-keeping

Australian health care is moving towards a more proactive, risk-based compliance model. That raises the bar. Leaders need more than a register of obligations. They need to know what is owned, what is overdue, what evidence is current, what risk has shifted and what it impacts for the organisation. Compliance is no longer a documentation exercise. It is an enabler to run a better organisation.

The human cost of fragmented systems and spreadsheets is easy to miss. Smart people end up chasing evidence and rebuilding the same picture for different audiences, rather than strengthening the system itself and building more capability into the organisation. Governance becomes a monthly or annual ‘looking back’ exercise, struggling to prove control exists, when it should be the daily system that creates confidence from the Board down.

Risk, resilience and sustainability now overlap

Healthcare risk no longer sits in neat columns. Privacy, supply, facilities, sustainability and AI risks spill quickly across reputation, continuity of care, resilience, cost and trust. The organisation experiences those issues as an overlap. Governance still too often handles them as separate files, forums and owners. The same applies to digital risk. In health care, a cyber incident rarely stays confined to systems. It can quickly become a patient access issue, a service delivery issue and a board issue. The stakes are high because healthcare data is unusually sensitive, and because fragmented governance rarely stays neatly inside one category for long.

A resilience plan in a folder is not resilience. It is only resilience when it changes behaviour. In health care, resilience is the organisation’s ability to keep care moving when conditions change. Sustainability belongs in that same operating core. It now reaches into procurement, facilities, resilience, cost, reporting and community trust. It is not a side report. It is becoming part of safe, resilient service delivery.

AI agents change the governance standard

AI agents matter because they change the benchmark for what good governance looks like. Healthcare organisations are not only beginning to govern AI as a new source of risk. They are also entering a world in which AI agents can help carry out governance work by chasing actions, surfacing overdue tasks, connecting evidence, escalating issues and helping prepare reporting. AI agents are most valuable where work is repetitive, evidence-heavy and cross-functional. Healthcare governance fits that description almost perfectly.

That is when the spreadsheet model starts to look fundamentally unfit. AI agents are only as useful as the governance system they act within. If obligations sit in one file, risks in another, controls somewhere else, evidence in inboxes and reporting in decks assembled at the last minute, agents have nothing coherent to work with. In health care, spreadsheet governance is really hindsight governance. AI agent-led governance is about foresight, coordination and proof. The question is no longer whether health care should use AI. It is what operating model will let health care use AI agents safely, traceably and at scale.

The cost of delay is rising

Healthcare leaders are not short of effort. They are short of connected execution. Every new requirement, reporting cycle, resilience review, sustainability obligation, privacy concern and AI decision adds another layer to an already crowded governance landscape. The real risk is not that teams are doing nothing. It is that they are working hard in systems that do not work together.

What health care needs is an operating layer that connects objectives, obligations, risks, actions, evidence and reporting: governance that is objective-led, always-on and designed for coordination rather than clerical maintenance.

Because this is no longer simply an efficiency problem. The cost of fragmented governance is measured in slower decisions, weaker assurance, more fragile operations and less confidence at the leadership level. It is measured in the discomfort of walking into a board or audit meeting without defensible answers, and in the frustration of watching smart people spend their time chasing evidence instead of improving care.

The best healthcare leaders are no longer asking, “How do we report this?” They are asking, “How do we run this better?” In health care, that is no longer an administrative distinction. It is a strategic one.

*Sam Riley is co-founder and CEO of Drova.

Top image credit: iStock.com/sturti