[Note: I’m in the middle of a run of clinical shifts, so the next few days will run quick]

Philips’ Future Health Index says clinicians are adopting AI faster than their orgs can support (Philips). Reported time savings of 100+ hours a year — and seven in ten clinicians say AI training is limited or nonexistent. That gap between adoption and enablement is a product surface, and clinicians who build are standing on it.

Rad AI is replacing legacy radiology infrastructure at Yale New Haven (PR Newswire). Note the framing: not a point tool, an infrastructure modernization. AI vendors are starting to sell as the rails, not the widget.

Blue Cross of Massachusetts signed its first oncology value-based deal with Thyme Care (BCBSMA / PR Newswire). Reimbursement tied to outcomes, 24/7 navigation, virtual coordination. Payers paying for navigation — the unglamorous human-plus-software layer — is a quiet signal about where oncology margin is moving.

Dr. Allen Li split “clinical judgment” into the two jobs AI keeps conflating (his response essay). Synthesis (naming the answer) is where models are confidently wrong — fabricated citations in fluent prose — while verification (does this fit this patient?) is where judgment actually lives. If you’re building clinical AI, that’s your spec: optimize for the verifier, not the oracle.

Dr. Doug Fullington shipped a Claude skill that refuses to write until it interviews you (Five Questions Before the First Word). 140 lines of markdown, no code: triage, context scan, then the 3–7 questions whose answers most change the output — mapped to interrogating the chief complaint (Hampton, BMJ 1975: history alone made the diagnosis in 66 of 80 patients). The best prompt pattern of the month is a history-taking pattern.

Before you install someone else’s skill, know the supply chain is unsigned (Trail of Bits, June 3). Flagging a week-old post because of the item above: agent skills are being shared like packages with none of the signing, provenance, or sandboxing mature ecosystems learned the hard way. A skill is a prompt-injection vector with a README.

🎙️ From the Pods

🎙️ 2 Minute Drill — “Fox Tempest: The Dark Web Storefront That Sold Microsoft’s Trust to Ransomware Gangs”

Drex DeFord walks through Fox Tempest, a dark-web service that sold real Microsoft-issued code-signing certificates to ransomware gangs — $5,000 to $9,000 per signing — and that Microsoft disrupted by revoking 1,000+ fraudulent certificates. Customers included Qilin, the gang behind the Covenant Health breach (~480,000 patient records). The signature your security stack waves through was real; the system “worked exactly as designed.”

💡 Builder take: Signed ≠ safe.

🔇 Speaker Blindspot: Locus-of-control shift — the closing call-to-action asks every health system to audit its reliance on code signing, but the failure happened upstream in the issuer’s account provisioning. A thousand vigilant CISOs can’t patch a certificate authority; the fix is pressure on the trust-infrastructure vendor, and the episode never asks for it.

🎙️ NVIDIA GTC 2026 — “Healthcare Special Address”

NVIDIA’s healthcare keynote sketches healthcare software becoming “a mosaic of applications”: specialized agents built by domain-customizing open models (NVIDIA counts ~650–700 open models, plus BioNeMo and Nemotron) rather than anyone training their own foundation model.

What are you building this week? Email and tell me (kevin@clinicians.build) — I read every one (but slower for the next week).

— Kevin