The Four Phases of AI in Enterprise Healthtech
AI-native healthtech tools are replacing legacy SaaS. The rip-and-replace narrative is right… just not at the timeline we all think
There’s a sudden and growing narrative in enterprise tech that AI-native platforms will rapidly replace legacy SaaS. And I think that’s largely correct, but with some important caveats.
In the short run, especially in healthtech and regulated / GxP environments, that timeline to rip-and-replace is going to be longer than the Twitter hysteria would suggest. At least that’s my guess. And let’s face it, with the current state of AI evolution, no one can really accurately predict more than 3 years out. So my guess may not turn out to be 100% accurate, but at this point, it’s as good as anyone else’s.
The enterprise biases toward homeostasis
One of the biggest reasons for a longer timeline is that large organizations tend to react negatively to replacement. In fact, when they make a tech change, they tend to default to augmentation. It is just politically safer to add AI to an existing system of record than to rip it out altogether. (No one gets fired for choosing IBM, and all that.)
That’s exactly why embedded AI products like Copilot feel more comfortable to enterprises than brand-new, standalone AI platforms, btw. I’ve explicitly heard this from executives at major pharma companies. “I don’t want to rip out my existing systems,” were the exact words.
But talk to them about an embedded intelligence layer that integrates within your existing tech ecosystem, and the tone of the conversation shifts entirely. That’s because it feels like an upgrade instead of a migration/displacement.
One of the problems with migrations is that it trigger all kinds of governance alarms. When you replace a long-standing SaaS platform in healthtech and GxP-regulated environments, it’s not a matter of simply swapping out software.
It disrupts all kinds of long-standing security and safety protocols: validated workflows, existing audit trails, regulatory documentation, vendor qualification records, contractual commitments, potential regulator scrutiny, etc.
And perhaps most importantly, human power dynamics and reporting structures are thrown off balance. In a general environment where people are already nervous about what AI will do to their jobs, that’s kind of a big deal.
So unless the CEO is out there mandating the evaluation and usage of new, AI-native solutions, the uptake is just going to be slower.
In regulated industries, software is as much about compliance as productivity
In healthtech, software is part of the quality system. Consider all the myriad of rules and regs that govern these types of systems:
Just off the top of my head, there is: 21 CFR Part 11, GxP validation requirements, EU Annex 11, HIPAA and HITECH for patient data, CCPA in California, GDPR in the EU, ICH E6(R2) Good Clinical Practice, SOC 2 ISO 27001 for security governance, data residency and cross-border transfer rules, and on and on. Who knows all the other requirements that I can’t even name.
The point is, when an enterprise replaces a validated system, it also has to re-run validation, document requirements traceability, certify controls, re-test audit trails, update SOPs, re-train staff (and we all know how much clinical staff love training), and update risk assessments.
If all that doesn’t happen? Well… no one wants to be the poster child that made the news for having a major breach or disruption caused by inadequate validation or controls.
The entire process is expensive, complex and comes with lots of perceived risk. Not exactly what I would call a welcoming environment towards a rapid rip-and-replace strategy.
Four phases of AI adoption in healthtech
None of this is to say that AI adoption won’t happen. In fact, I know of multiple large provider systems, pharma companies and CROs that are actively piloting brand-new AI platforms, or are actively putting them into production. But there is a general approach, that goes beyond the simplistic story we’re hearing everywhere (at least for enterprise healthtech). They tend to move sequentially, not exponentially:
Phase 1: embedded augmentation
This is where most organizations are today. They are implementing AI tools that sit inside existing SaaS systems and which enables sharp productivity improvements. Things that would have taken weeks now often take mere minutes. The effort for manual tasks shrink, and employees are generally excited over their ability to get time back from what was previously overly cumbersome work. Governance, in these cases, is relatively minimal.
Phase 2: intelligence layers
Starting to see this more often, and I think we’re now entering this phase where AI-native platforms begin to operate as intelligence layers on top of existing systems of record. They reduce dependency on legacy workflows but don’t replace them.
Phase 3: system of record commoditization
Legacy SaaS starts to become primarily structured storage and compliance infrastructure, while intelligence lives elsewhere (everywhere?). Are we there yet in healthtech? No. How long before we get there? I have no idea. Also ironic that SaaS is now being referred to as ‘legacy’.
Phase 4: replacement becomes obvious
There will be a point when intelligence, automation, and compliance mature enough where rip-and-replace becomes lower risk than staying put. Those organizations that don’t move forward will be left in the dust by nimble, AI-forward competitors.
We just have to look at legacy on-premise vs. SaaS-forward companies in the early and middle 2010s. Enterprise pharma, for example, was initially quite reluctant to adopt SaaS, opting for hybrid and intermediary options first, before embracing it more fully as they saw their competitors outpacing them. And even today, there are plenty of large healthcare systems that are still using on-premise technology. It just shows how conservative and slow to change enterprise can be.
Why the replacement curve is slower
I asked ChatGPT what additional factors slow the replacement curve, and in typical mind-numbing ChatGPT bullet point style, here’s what it gave me (verbatim):
“Procurement and Legal Friction
Replacing core enterprise SaaS triggers:
New master service agreements
Data processing agreements
Indemnification reviews
Liability cap negotiations
Subprocessor transparency requirements
Export control analysis
Cyber insurance review
When compliance frameworks like HIPAA, GDPR, and GxP validation are involved, these cycles extend 6–18 months.
Organizational Inertia
Legacy SaaS systems have:
Embedded headcount
Embedded consultants
Embedded reporting
Embedded executive dashboards
Replacing software often means redistributing influence.
That friction is rarely acknowledged publicly, but it is real.
Risk Perception
Legacy vendors feel predictable
AI-native vendors feel dynamic
Dynamic is good for innovation
Dynamic is uncomfortable for audit committees
Boards and risk officers prefer explainability, vendor longevity, and liability clarity over speed.”
Having worked inside multiple healthcare and tech enterprises, and knowing how conservative these entities can be, the above kind of feels accurate. Thanks ChatGPT.
Capital markets are already pricing this in
Not sure if you’ve seen stock prices of SaaS companies lately, but their valuations have compressed so much. Basically, investors are assuming margin compression, commoditization, and a spending shift toward AI-native infrastructure. The markets are discounting long-term expectations years in advance, and the direction seems pretty clear.
I just spent the first half of this article arguing that the enterprise adoption of AI in healthtech will be slow. And I still believe that. But I also believe it is a unidirectional change. Just take a look at Veeva’s EV/FCF (Enterprise Value divided by Free Cash Flow) multiple chart over time. Investors are seeing the long term trends pretty clearly.
I’m not an investor or stock market guru, and I don’t claim any expertise here. I’m just pointing out some pretty harsh trends that are out there.
I do believe that AI-native platforms and infrastructure are the obvious future direction. But in healthtech, governed by 21 CFR Part 11, GxP validation, GDPR, HIPAA, and all kinds of compliance requirement, change will come slower than Twitter suggests.
At least that’s what I think. Like I said, no one truly knows.
I’m Abdul, the healthcare and life sciences marketer, and CEO / Co-Founder of Sirona Marketing. We focus on GTM and marketing support for healthcare and life sciences companies. If you need help with your marketing, let us know. If we can’t help you, we know people who can.