If there’s one industry that understands the stakes of getting data governance right, it’s healthcare. But as this panel at Data Leaders Forum made clear, understanding isn’t the same as readiness. With more patient data flowing through distributed systems and AI models entering the workflow, healthcare organizations are finding that yesterday’s governance tactics no longer apply.

Across the conversation with Jess Carney (Director of Data Engineering at Brooklyn Data Co.) and Tyler Fischella (Director of Data and AI Governance Delivery at ONIX), one theme emerged again and again: governance isn’t about locking things down. It’s about scaling safely. Whether through dynamic access controls, centralized metadata, or better policy orchestration, today’s leaders aren’t asking if governance matters. They’re asking how to operationalize it faster.

Here’s how leading teams are putting modern governance into practice.

Governance is gaining visibility, but not always traction

The good news? More organizations are recognizing the need for governance. They’re investing in tools, setting policies, and classifying data. However, many of those initiatives stall before they create real impact.

Jess noted that governance is still too often treated as a static layer. Teams build catalogs and tag assets, but those systems don’t get used. They sit adjacent to the workflow instead of embedded within it.

What’s missing? Integration. As Jess put it, “If your metadata just lives in the catalog and you’re not actioning on it, you’re going to miss the mark.”

The challenge isn’t awareness. It’s execution. And that’s where automation, context, and smarter workflows start to make a difference.

Automation and adoption go hand in hand

Automation can help governance scale, but only if people actually use the systems in place. Both panelists emphasized the need for more contextual, dynamic frameworks that reduce manual effort and meet users where they are.

Jess shared how her team uses orchestration tools to apply dynamic masking and attribute-based access based on data sensitivity and user roles. Instead of masking thousands of columns manually, policies can be driven by metadata tags and enforced automatically within the pipeline.

Tyler reinforced that tagging is the foundation. “If you can enrich your metadata and apply policies based on those tags, that’s how you scale governance.” But tagging itself is only useful when it’s adopted consistently. And adoption only happens when people understand the value.

That means embedding metadata and governance controls directly into tools people already use, like Slack, GitHub, and Chrome, and making those systems feel helpful rather than restrictive.

Centralization is hard, but essential

Healthcare teams often face a unique challenge. Disparate legacy systems are scattered across regions and business units. Many still rely on legacy EHR platforms or regional data hubs. That makes centralizing metadata, not just the data itself, both essential and difficult.

Jess shared that the biggest stumbling blocks are usually standardization and adoption. Even the best catalogs fail when metadata isn’t trusted or used. And while there’s no one-size-fits-all approach, Tyler underscored the role of change management, especially with engineers.

“Most data engineers didn’t learn about catalogs in school,” he said. “It’s a new paradigm. You have to train people to think differently.”

Progress often comes down to adoption patterns. Tracking which assets are queried or clicked can reveal which data matters most and where centralized governance can have the biggest impact.

AI readiness starts with trust in your data

Both speakers were clear. AI readiness starts with data quality. If the data feeding your models isn’t clean, governed, and understood, your models won’t be reliable.

Governance is the prerequisite. Not just at the access level, but in lineage, documentation, and curated analytics layers that shape your data before it ever reaches an LLM.

Jess pointed out that many teams want to get AI ready but can’t even give their data scientists the right access, let alone clear data definitions. Tyler underscored that lineage is just as important. Being able to trace the path of a dataset, or understand how it was transformed before model training, creates accountability and makes debugging easier when things go wrong.

The advice from both panelists: start small. Choose a data product or domain, prove value, and then scale.

Compliance frameworks are a signal, not a checkbox

Frameworks like DCAM and CDMC are becoming more popular in regulated industries, even if they’re not yet required by law. Why? Because the risks are growing, and organizations don’t want to be caught off guard.

Jess and Tyler both pointed to GDPR as a turning point. Many companies underestimated the rollout and paid the price. Now, there’s a collective push to get ahead of future regulations by investing in governance today.

These frameworks aren’t just about checking boxes. They’re a signal that compliance, security, and operational excellence are increasingly intertwined, and that governance is central to all three.

Treat governance as code, especially when AI is on the roadmap

As governance matures, more teams are managing it as code. That includes orchestration logic, tagging pipelines, automated tests, and data contracts.

Jess highlighted how governance as code helps build enforceable standards directly into the workflow, not bolted on after the fact. Tyler noted that data contracts, especially when enforced through CI/CD workflows, help teams avoid accidental schema changes and preserve trust in their outputs. These tools create the guardrails that allow teams to move quickly without introducing risk.

If governance isn’t baked in, it won’t be able to scale.

Governance that enables instead of blocks

The examples Jess and Tyler shared reflect how healthcare teams are gradually shifting their approach. Governance isn’t being treated as a separate initiative. It’s being integrated into the tools and processes teams already rely on.

Whether the goal is to respond faster to audits, ensure AI outputs are reliable, or create clearer ownership across systems, the teams seeing the most progress are the ones building governance into their day-to-day work.

At Secoda, we help teams embed governance into their existing workflows with tools for automated access control, quality monitoring, policy enforcement, and centralized documentation that stays current.

If you’re ready to make governance a catalyst for clarity, let’s talk.