The Proper Use of Bots in Healthcare Technology — Open Source CXO Ep. 2 | Active Logic
In the second of two episodes with Phil Merrell, CTO at PromptCare Companies, the conversation focuses on a topic that generates enormous hype and frequent disappointment: the use of bots and automation in healthcare technology. Phil brings a perspective grounded in the operational reality of deploying automation in clinical environments — where the stakes are patient care, the regulatory environment is demanding, and the tolerance for failure is effectively zero.
This isn’t a futurist’s vision of healthcare automation. It’s a practitioner’s account of what works, what doesn’t, and how technology leaders should think about automation investment in an industry where “move fast and break things” is not an acceptable operating philosophy. Phil’s experience deploying robotic process automation at PromptCare provides concrete examples that ground the conversation in operational reality.
The episode covers RPA platforms, the critical distinction between assistive and unassisted bots, the cultural challenges of introducing automation into clinical workflows, and Phil’s practical framework for identifying automation opportunities that deliver genuine value rather than technology-for-its-own-sake novelty.
Key Insight: Avoiding “Shiny Object Syndrome” With AI and Automation
The technology industry’s enthusiasm for AI and automation creates constant pressure on technology leaders to adopt the latest tools and platforms. Phil is direct about the danger this creates in healthcare environments: pursuing automation because it’s exciting rather than because it solves a defined problem is a recipe for wasted investment and organizational frustration.
Phil describes the pattern he’s observed repeatedly: a technology leader sees a compelling demo of an AI or RPA platform, gets organizational buy-in for a pilot project, deploys the technology against a problem that didn’t actually need automation, and then struggles to demonstrate the ROI that justified the investment. The technology works as advertised — the problem is that nobody needed it to work on that particular problem.
His antidote: start with the problem, not the technology. Before evaluating any automation platform, identify the specific workflow that’s a candidate for automation and quantify the current cost — in time, errors, and staff frustration — of the manual process. Only then evaluate whether automation provides sufficient improvement to justify the implementation cost, the ongoing maintenance burden, and the organizational change management required to adopt it.
This sounds obvious, but Phil emphasizes how consistently organizations skip this step. The excitement around automation — and the vendor ecosystem’s relentless marketing — makes it easy to start with a solution and search for a problem to apply it to. In healthcare, where every technology decision has downstream implications for patient care, this backwards approach is particularly dangerous.
Key Insight: Starting Small With Healthcare Automation
Phil’s practical advice for healthcare organizations beginning their automation journey: start with small, well-defined, high-volume manual processes where the error cost is manageable and the success criteria are clear.
At PromptCare, the initial automation targets weren’t glamorous AI applications — they were repetitive data entry tasks, claim status checks, and routine document processing workflows. These tasks shared important characteristics: they were performed hundreds or thousands of times per week, they followed predictable rules-based logic, they were tedious for human staff, and errors in them were detectable and correctable without patient safety implications.
Starting with these “boring” automation targets served multiple purposes. It provided quick wins that built organizational confidence in automation technology. It freed staff time for higher-value work that actually required human judgment — clinical decision-making, patient interaction, and complex problem resolution. And it generated measurable ROI data that supported the business case for expanding automation to more complex use cases.
Phil contrasts this approach with organizations that attempt to automate complex clinical workflows first — where the rules are ambiguous, the edge cases are numerous, and the failure modes have patient safety implications. These ambitious projects often fail not because the technology is inadequate, but because the problem complexity exceeds what current automation platforms can reliably handle. For software development teams building healthcare automation, starting with simpler workflows builds both technical confidence and organizational trust.
Key Insight: Assistive vs. Unassisted Bots — A Critical Distinction
Phil draws a sharp line between assistive bots (which work alongside human operators) and unassisted bots (which operate independently), and argues that understanding this distinction is essential for responsible healthcare automation.
Assistive bots handle the repetitive, predictable portions of a workflow and present results to a human operator for review and decision-making. In a claim processing workflow, an assistive bot might extract data from incoming documents, populate system fields, and flag discrepancies — but a human reviews the populated data and makes the submission decision. The human provides judgment, context awareness, and accountability; the bot provides speed, consistency, and freedom from the errors that come with human fatigue during repetitive tasks.
Unassisted bots operate end-to-end without human intervention. They’re appropriate for workflows where the rules are completely defined, the data inputs are standardized, and the consequences of errors are within acceptable bounds. Phil provides examples from PromptCare’s operations: certain claim status inquiries can be fully automated because the process is entirely rules-based and the output is informational rather than consequential.
The danger zone: deploying unassisted bots in workflows that actually require human judgment. Phil describes the pressure technology leaders face to maximize automation — reduce headcount, eliminate human touchpoints, fully automate entire processes. In healthcare, yielding to this pressure without a clear understanding of where human judgment is required creates patient safety risks. The responsible approach is to automate the judgment-free portions of workflows and preserve human oversight where clinical or operational judgment matters. Organizations building web applications and portals for healthcare settings need to design these human-in-the-loop checkpoints into the system architecture, not bolt them on as afterthoughts.
Key Insight: Cultural Integration of Automation in Clinical Environments
Deploying a bot is a technical exercise. Getting clinical staff to trust and effectively work alongside bots is a cultural transformation. Phil describes this as the challenge that most automation initiatives underestimate.
Clinical staff — nurses, claims processors, care coordinators — have legitimate concerns about automation. Will it replace my job? Will it make errors that I’m held accountable for? Will it change my workflow in ways that make my day harder rather than easier? These concerns aren’t irrational; they’re based on real experiences with technology implementations that promised improvement and delivered disruption.
Phil’s approach to cultural integration starts before the technology is deployed. He involves clinical staff in identifying automation candidates, which ensures that the processes selected for automation are genuinely painful for the people doing them. He provides transparent information about the purpose of automation — augmenting human work, not replacing human workers — and backs that communication with organizational actions that demonstrate the intent. When automation frees staff time, that time is redirected to higher-value clinical work rather than eliminated through headcount reduction.
The ongoing cultural work matters as much as the initial rollout. Staff need to see that their feedback about bot performance is heard and acted upon. When a bot makes an error, the response should focus on improving the bot rather than blaming the staff member who was supposed to catch it. And the organization needs to invest in the training that helps clinical staff understand what the bots are doing, when to trust their output, and when to override them. In healthcare, the human-automation partnership requires mutual calibration that takes time and deliberate organizational investment.
Key Insight: The UiPath Platform and Practical RPA Implementation
Phil provides practical perspective on UiPath, the RPA platform PromptCare uses, and offers insights that apply to RPA implementation more broadly.
UiPath provides a visual development environment for building automation workflows — essentially programming bots by defining the steps they should follow in interacting with applications, databases, and documents. Phil describes the advantages: relatively fast development cycles for straightforward automation, a large library of pre-built activities that accelerate common integration tasks, and an architecture that supports both assistive and unassisted bot deployment.
The challenges are equally real. RPA bots are inherently fragile — they interact with applications through user interfaces, which means that UI changes in the target applications can break automations. A vendor updating their web portal’s layout can disable a bot that worked perfectly yesterday. This fragility requires ongoing maintenance and monitoring that organizations often underestimate during the initial excitement of deployment.
Phil’s recommendation: budget for maintenance from the beginning. Treat RPA bots like production software that requires monitoring, incident response, and regular updates. Organizations that build automation and then expect it to run indefinitely without maintenance are setting themselves up for sudden, disruptive failures. For technology leaders managing cloud infrastructure and production systems, applying the same operational rigor to RPA deployments as they apply to traditional software is essential for sustainable automation.
Key Insight: Data Security in Automated Healthcare Workflows
Automation in healthcare introduces specific data security considerations that Phil addresses directly. Bots that interact with electronic health records, claims systems, and patient data must operate within the same security and compliance frameworks that govern human access to those systems.
This means bot credentials require the same access management discipline as human credentials: role-based access, regular credential rotation, audit logging, and prompt deactivation when a bot is retired. In practice, Phil has observed that organizations often treat bot access more casually than human access — a bot might retain broad system access long after its original purpose has been fulfilled, creating an unnecessary security surface.
The audit trail requirements are particularly important. When a bot modifies patient data or submits a claim, the action must be traceable — who authorized the automation, what logic governed the decision, and what data was accessed and modified. These audit requirements aren’t just compliance exercises; they’re essential for incident investigation and quality assurance in an environment where errors can affect patient care and organizational liability.
Takeaways
- Start with the problem, not the technology. Quantify the cost of manual processes before evaluating automation solutions.
- Begin with small, rules-based, high-volume tasks. Quick wins build organizational confidence and generate ROI data for expansion.
- Understand the assistive vs. unassisted distinction. Preserve human judgment in workflows where clinical or operational decision-making is required.
- Invest in cultural integration before and during deployment. Staff trust determines whether automation succeeds or creates organizational resistance.
- Budget for ongoing RPA maintenance. Bots are production software that requires monitoring, updates, and incident response.
- Apply human-equivalent security controls to bot access. Audit trails, access management, and credential discipline apply equally to automated processes.
