Anyone who has worked in healthcare IT for any amount of time knows this: we’re all carrying more applications than we can reasonably manage. Some of these systems are critical. Some are helpful. And some have simply hung around longer than they should because nobody has had the time, data, or political capital to shut them down.
For years, application rationalization was a manual, spreadsheet-driven exercise that demanded a lot of effort and delivered very little insight a leadership team could act on. You’d spend months collecting information, only to wind up with a static report that immediately started aging the moment it was created.
That’s beginning to change, and not a moment too soon.
Why rationalization is becoming strategic, not tactical
As health systems come up for air from large-scale initiatives, most notably EHR transitions, they’re starting to ask different questions. Instead of “What do we need to implement next?” leaders are asking, “How do we optimize, secure, and simplify what we already have?”
That’s where modern application rationalization fits. It helps organizations:
- Reduce their cyber exposure
- Strengthen compliance
- Shrink their technology footprint
- Lower operational costs
- Simplify IT responsibilities
There’s another benefit that’s increasingly important: understanding what you’re buying during mergers and acquisitions. CFOs have always known how to quantify things like real estate, staffing, or even laundry services. But historically, nobody had a clear picture of the IT liabilities they were inheriting which included unsupported systems, shadow IT, and overlapping platforms. Application rationalization changes that conversation. It gives leaders a real assessment, not a guess.
Rationalization through a cyber lens
You can’t talk about healthcare IT without talking about cybersecurity. Every week, there’s another breach, and the number of bad actors continues to grow. If you’re responsible for protecting a health system, you have to view everything through a security lens. That includes application inventory.
Rationalization is becoming a core part of modern security strategy. It gives IT leaders a risk continuum, allowing them to see which systems are high risk, which ones have unknown risk, and which ones are simply taking up space and creating unnecessary exposure.
We routinely see systems where maintenance and support have lapsed – sometimes for years. The application is barely used, but it’s still sitting inside the network without current security patches. That’s not cost savings. That’s an invitation to a breach. When leaders see that data, consolidation stops being a political problem and becomes a clear risk-reduction decision.
The hardest part: Culture, not tech
The technological side of rationalization is the easy part. The cultural side is where things get complicated.
Every organization has applications that only a handful of people still use. And those people often feel passionate about keeping them. These conversations can get emotional very quickly and understandably so.
What rationalization does is give executives objective data to shift the discussion. When you can show clearly that a duplicative or outdated application is introducing cyber risk, draining resources, or costing money unnecessarily, it becomes easier for teams to align around a shared set of priorities.
Sometimes a neutral partner helps, too. This should mean someone outside internal politics who can give an honest assessment. That third-party perspective often helps move difficult conversations forward.
At the end of the day, though, executives must lead. Cyber risk isn’t a hypothetical problem anymore. You have to reduce your attack surface, and rationalization is one of the most practical ways to do it.
A practical, not hype-driven, view of AI
We can’t ignore AI. It’s going to influence application rationalization and cybersecurity more and more. But I also think we need to take a responsible approach. AI creates enormous opportunity, but it can also introduce new forms of risk if we’re not careful.
The encouraging thing is that hospital leaders seem to understand this. They’re not rushing headfirst into AI simply because it’s the topic of the moment. They’re asking smart questions and grounding decisions in what will meaningfully improve their organizations.
Before AI can deliver value, we have to solidify the fundamentals. Rationalization is one of those fundamentals.
Why I’m optimistic
What excites me most about the coming year is that hospital systems are more open than ever to addressing these foundational pieces of IT strategy. For a long time, massive projects, especially EHRs, took up all the oxygen in the room. Now leaders are lifting their heads and saying, “How do we reduce risk? How do we optimize? How do we simplify?”
The great thing about application rationalization is that it delivers value quickly. This isn’t a three-year initiative with a vague ROI. It’s something you can begin now and feel the impact in a matter of weeks.
It reduces cyber exposure. It reduces cost. It reduces headaches.
And it frees up the IT team to focus on more strategic work instead of maintaining applications that no longer serve the organization.
That’s why I believe 2026 will be a pivotal year. Rationalization is no longer a cleanup project, it’s becoming a strategic discipline. And for health systems looking to reduce their risk and strengthen their digital infrastructure, it’s one of the most important places to start.
About Jim Jacobs
Jim Jacobs is a healthcare technology leader with more than 25 years of experience helping organizations modernize how they manage, protect, and unlock the value of clinical, financial and operational data. As President and CEO of MediQuant, he guides strategy around active data archiving, application rationalization, and long-term data accessibility to support continuity of care, regulatory compliance, operational efficiency, and better decision-making across healthcare enterprises. Jim has held senior leadership roles at Optum, Nuance, and QuadraMed, and is a published author, frequent speaker, and contributor to three software patents.
