The CISO Myth: The Anti-Trust Patterns Inside Hospitals
How compliance-first security erodes trust, care, and capacity.
The Anti-Trust Patterns Inside Hospitals
Coercion, extraction, and impunity in clinical security design
Hospitals do not usually fail because people stop caring.
They fail because systems are built that quietly make caring unsustainable.
By the time outcomes collapse, the damage has already been normalized into workflows, dashboards, and executive narratives about “efficiency,” “compliance,” and “necessary tradeoffs.” Trust does not disappear all at once. It is extracted, coerced, and exhausted over time, until what remains is a brittle shell that still looks operational from the outside.
Healthcare security is not immune to this. In many organizations, it has become one of the most efficient trust-eroding machines in the building.
The Shape of Anti-Trust
Anti-trust is not simply the absence of trust. It is an active pattern.
It emerges when systems are designed in ways that force people to choose between doing their job and obeying the system. It grows when friction is imposed downward and consequences are absorbed upward. It hardens when no one is accountable for the harm produced along the way.
In hospitals, anti-trust shows up in three recurring patterns:
Coercion: compliance demanded without regard for clinical reality
Extraction: time, attention, and emotional labor siphoned from clinicians and patients
Impunity: decision-makers insulated from the downstream harm of their choices
Together, these patterns form an envelope that looks stable from the boardroom and feels unbearable on the floor.
Coercion Disguised as Safety
Security coercion rarely announces itself as coercion.
It arrives as mandatory controls, inflexible policies, and “non-negotiable” implementations rolled out in the name of safety or regulation. Multifactor authentication without workflow analysis. Aggressive session timeouts during peak clinical hours. Alert storms calibrated for auditors instead of humans.
On paper, these controls look responsible. In practice, they corner clinicians.
When a nurse must reauthenticate repeatedly while managing multiple patients, security is no longer protective. It is coercive. It forces clinicians to internalize the system’s failures as personal stress, moral distress, and cognitive overload.
The research documents the toll with precision.
Across multiple studies, physicians frequently identify the EHR and its clerical burden as a major contributor to burnout.” The current state of the EHR is frequently pinpointed by physicians as the single most important stressor in patient care. 69% of primary care physicians feel that most EHR clerical tasks completed by them do not require a trained physician.
Authentication tools that are poorly implemented add another layer. If bad tools delay clinicians by an hour or two over the course of a day simply because of logging in and waiting for systems to boot up or getting locked out, the administrative burden compounds exponentially.
This is where trust fractures.
A system that demands obedience while demonstrating no understanding of the work teaches a brutal lesson: you are not trusted, and your reality does not matter.
Clinicians respond rationally. They route around the controls. They share access. They keep sessions open. They create shadow workflows that let care continue.
The organization interprets this as defiance.
It is not. It is survival.
When Workarounds Become Institutionalized Anti-Trust
Workarounds are often treated as temporary deviations. In healthcare, they harden into permanent infrastructure.
Entire shifts are built around known system limitations. New staff are taught unofficial procedures alongside official training. Security rules are explained with a wink and a workaround in the same breath.
The ethnographic evidence is damning. Workarounds to cyber security are the norm, not the exception. They not only go unpunished, they go unnoticed in most settings and are often taught as correct practice.
This is anti-trust maturing.
Once workarounds are normalized, trust collapses in both directions. Clinicians stop believing the system is there to support them. Security teams stop believing clinicians will comply. Each side documents the other as “the problem.”
The tragedy is that both are responding to the same underlying failure: design that ignores lived reality.
At this stage, trust erosion is no longer episodic. It is systemic.
Extraction as a Design Philosophy
Extraction is not limited to financial systems. Hospitals increasingly extract time, attention, and emotional regulation from the people inside them.
Security tooling plays a growing role in this extraction economy.
Every extra login extracts seconds. Every unnecessary alert extracts focus. Every poorly timed control extracts patience. Every opaque incident extracts emotional safety.
The evidence quantifies what clinicians feel.
Passwords and logins are one of the most annoying disruptions to care delivery, consuming up to 45 minutes of clinician time per shift. Clinicians may need as much as 2 additional hours in electronic data entry for every hour of direct patient contact. Documentation burden correlates to clinician burnout syndrome. Poor usability of EHR is associated with documentation burden and clinician burnout syndrome.
86.9% of clinicians identify excessive data entry as their most prominent concern about EHR use. Patient portal messages alone in primary care at the University of Wisconsin increased 62% from 2013 to 2016. The number of inbox messages addressed is a significant predictor of burnout.
These costs are never booked where they belong. They do not appear on security budgets or executive scorecards. They show up instead as burnout, disengagement, turnover, and patient dissatisfaction.
Patients feel this extraction too.
They wait longer. They repeat their histories. They navigate portals that fail silently. They absorb confusion when systems go dark and no one can explain why. They are asked to trust institutions that cannot maintain continuity under stress.
Extraction burns both ends of the relationship at once.
The Alert Fatigue Tax
Alert fatigue represents extraction at industrial scale.
Clinical decision support systems generate alerts to prevent medication errors and adverse drug events. The stated purpose is patient safety. The operational reality is that clinicians override 50% to over 90% of alerts, with the range varying based on the healthcare facility.
One study found that on average, prescribers accepted only one in every thousand prescribing alerts they received. A separate study showed that 331 alerts were needed to prevent 1 adverse drug event. 90% of medication alerts are overridden by prescribing physicians. More than half of overrides were due to alerts being deemed irrelevant.
At one academic medical center over a three-year period, clinicians overrode 73.3% of medication alerts. Of those overrides, 40% were inappropriately dismissed. Another study analyzing 382 alert cases found only 7.3% of the alerts were clinically appropriate.
Alert fatigue occurs when a high number of irrelevant alerts leads users to habitually override them. Clinicians average 49 minutes processing an average of 56 alerts received per day, making clinical decision support alerts a weighty component of physicians’ daily workflow.
The extraction compounds across specialties. Alert overrides reach 96% in some settings. Overriding rates ranging between 77% and 90% are common. These “cry-wolf alerts” have desensitized clinicians, opening the door to preventable medication errors.
The ECRI Institute, a nonprofit medical safety organization, listed alert fatigue as a top technology hazard. In one documented case, a child received 38 times the normal dose of an antibiotic largely because this information was overshadowed by a number of clinically inconsequential alerts.
Alert fatigue has been linked to patient death.
This is extraction masquerading as safety. Every irrelevant alert steals focus. Every poorly calibrated warning trains clinicians to ignore the system. Every override documents the failure of design to understand clinical reality.
The Financial Extraction: Turnover as Silent Risk Debt
The extraction economy eventually produces measurable financial consequences.
Healthcare organizations continue to face ongoing challenges related to clinician turnover driven in large part by burnout and dissatisfaction with electronic health records. Beyond the human toll, the financial repercussions of turnover are substantial.
The average cost of replacing a nurse is approximately $56,300. The expense for replacing a physician can vary between $500,000 and $1 million. The typical range for replacing a physician is 2-3 times their annual salary.
With an average of $1.2 million in turnover costs per physician, including recruiting and start-up costs and lost revenue, it is clear that retaining physicians saves facilities substantial resources. The average annual start-up cost for a new doctor is $211,000. When lost revenue for one full-time equivalent is $990,034, recruitment costs is $61,200, and annual start-up costs is $211,063, replacing one physician leaving and getting another on board costs the organization more than $1 million.
It takes up to two years for a new physician to be fully integrated in their job and able to take on the same workload as an established staff member. It takes 6-24 months for a new physician to match the productivity and patient load of a departing colleague.
A 2021 study from the AMA Journal of Ethics estimates that burnout costs health systems millions annually. For larger organizations, the numbers are catastrophic. If 60 physicians leave a major health care organization within two years, that costs the organization a median of $30-40 million. Across the entire US Healthcare system, that is estimated at $4-5 BILLION
75% of medical groups do not quantify the cost of turnover. This means they have no idea how much administrative burden, security friction, and system design failures impact their bottom lines.
The cost in dollars of replacing a physician’s assistant earning $120,000 a year will exceed a quarter of $1 million. A nurse earning $85,000 a year will cost over $180,000 to replace. When projected over 10 years, a small group of 100 healthcare professionals can have turnover costs of well over $80 million.
These costs accumulate silently. They never trace back to the security controls that extracted time. They never connect to the alert systems that exhausted attention. They never link to the authentication burdens that normalized workarounds.
This is how silent risk debt compounds.
The Executive Impunity Loop
Anti-trust becomes durable when impunity sets in.
At the executive layer, security decisions are often evaluated through abstract lenses: compliance status, insurance posture, vendor assurances, board optics. The human consequences remain distant, filtered through reports and summaries that smooth away friction.
When a control causes harm, it is rarely traced back to the decision that introduced it. When clinicians burn out, it is framed as a workforce issue. When patients disengage, it is framed as a satisfaction problem. When outcomes worsen, it is framed as complexity.
This is how silent risk debt accumulates.
Risk is displaced downward, absorbed by clinicians and patients, while decision-makers remain shielded from accountability. Over time, the organization becomes structurally incapable of learning from its own harm.
Impunity is not malicious intent. It is distance combined with abstraction. But its effects are lethal.
The disconnect is structural. Executives see compliance dashboards showing 100% multifactor authentication deployment. They see audit findings resolved. They see vendor promises of “frictionless security.” What they do not see is the nurse spending 45 minutes per shift on authentication overhead. They do not see the physician overriding 90% of alerts because 92.7% are clinically irrelevant. They do not see the $1.2 million cost of replacing each physician who burns out.
The feedback loops are broken. The costs are displaced. The harm is invisible until it becomes catastrophic.
The Anti-Trust Envelope in Healthcare
Viewed through the Anti-Trust Envelope, many hospitals exhibit the same failure mode:
Dignity erosion: clinicians and patients are treated as throughput variables rather than human beings
Agency erosion: systems make decisions opaque and non-negotiable
Accountability erosion: no one owns the downstream harm
Cooperation erosion: adversarial dynamics replace shared purpose
Adaptability erosion: workarounds substitute for learning
Once this envelope closes, trust cannot be restored with messaging, training, or culture campaigns. The damage is structural.
Security, when designed without regard for these dynamics, becomes a primary enforcer of the anti-trust envelope rather than a defense against it.
Why This Is a Security Problem
It is tempting to see these issues as “organizational culture” or “change management.”
That is a mistake.
Anti-trust is a security risk.
Systems that people do not trust are systems people will bypass. Systems that extract relentlessly will eventually collapse under their own weight. Systems governed with impunity will fail in ways no threat model anticipates.
The most dangerous breaches in healthcare are not always external. They are the internal erosion of coherence that leaves institutions unable to respond when stress arrives.
When 73% of healthcare professionals report using a colleague’s login credentials to access medical data, that is not a training problem. That is a systems design problem that has rendered security controls operationally untenable.
When clinicians override 90% of alerts because only 7.3% are clinically appropriate, that is not alert fatigue. That is a trust collapse that has trained clinicians to ignore the system entirely.
When burnout-related turnover costs the average U.S. health system $5 million annually and individual physician replacement costs exceed $1 million, that is not a retention problem. That is systematic extraction of human capital until the system can no longer sustain itself.
These are security failures. They are also governance failures, design failures, and leadership failures.
They accumulate as silent risk debt until the institution becomes fundamentally brittle.
Breaking the Pattern
Anti-trust patterns do not dissolve through exhortation. They dissolve through redesign.
That requires security leaders willing to ask uncomfortable questions:
Where are we forcing clinicians to choose between care and compliance?
What costs are we extracting that we do not measure?
Which decisions create harm we never see?
Who absorbs the consequences when things go wrong?
Applying the Anti-Trust Envelope diagnostically makes these questions unavoidable. It exposes where trust is being consumed rather than generated. It shows where safety claims mask coercion, and where governance failures masquerade as individual noncompliance.
The questions have answers.
Authentication overhead that consumes 45 minutes per shift is measurable. That measurement reveals where coercion operates. Alert systems with 7.3% clinical appropriateness are measurable. That measurement reveals where extraction compounds. Turnover costs of $1.2 million per physician are measurable. That measurement reveals where impunity shields decision-makers from consequences.
The first step is measuring what systems extract. The second step is assigning costs where they belong. The third step is holding decision-makers accountable for downstream harm.
Without these steps, the anti-trust patterns continue. With them, redesign becomes possible.
The Provocation
Hospitals do not need more rules. They need fewer systems that demand obedience while offering no support.
Security that relies on coercion is not secure. Security that extracts relentlessly is not sustainable. Security governed without accountability is not responsible.
Trust collapses long before outcomes do. By the time patients stop showing up and clinicians stop caring, the system has already failed.
The evidence is unambiguous.
75% of physicians with burnout symptoms identify the EHR as a source. 69% of primary care physicians feel that most EHR clerical tasks do not require a trained physician. Clinicians need 2 additional hours in electronic data entry for every hour of direct patient contact. Passwords and logins consume 45 minutes of clinician time per shift.
90% of medication alerts are overridden. Only 7.3% of alerts in one study were clinically appropriate. Clinicians average 49 minutes processing 56 alerts per day. Alert fatigue has been listed as a top technology hazard and has been linked to patient death.
The average cost of replacing a physician is $1.2 million. Burnout-related turnover costs the average U.S. health system $5 million annually. It takes up to two years for a new physician to reach full productivity. 75% of medical groups do not quantify these costs.
These are not anecdotes. These are system failures documented across hundreds of studies, thousands of clinicians, and billions of dollars in measurable harm.
The Anti-Trust Envelope makes that failure visible.
The only question is whether healthcare security leaders are willing to look inside it and see the coercion they enforce, the extraction they enable, and the impunity that shields them from consequences.
Or whether they will continue to mistake compliance for safety while trust drains quietly out of the building, carrying clinicians, patients, and institutional capacity with it.
The choice is binary.
*this article is available as a downloadable deck for paid subscribers
Next in the series:
SIGNAL in Healthcare: Instrumenting Trust Before It Becomes Harm
*this article is available as a downloadable deck for paid subscribers
