Episode 44 · With Bharat Reddy · 6 Jul 2026 · 49 min

    Bank-Grade Security Thinking for Patient Data

    Before trusting any AI vendor with patient data, ask where it lives, who can compel it, and exactly what leaves your system.

    Featured guest

    Bharat Reddy

    CTO, Coherent Healthcare
    Bharat Reddy is Coherent Healthcare's CTO. He studied artificial intelligence in the UK, spent close to a decade at Morgan Stanley, latterly as a VP of security architecture, and later worked at a health-tech startup serving most UK GP practices.

    Show notes

    Bharat, Coherent's CTO, spent much of his career in cybersecurity at an investment bank before moving into healthcare. He explains why the two worlds rhyme: decades-old legacy systems, siloed data, and high stakes when something goes wrong.

    The conversation turns to AI, data sovereignty, and the risk of handing sensitive health data to a single commercial platform. Bharat walks through how separate, supposedly anonymized datasets can be recombined to identify a person, and why he favours a federated model where patients control who can use their data.

    For clinic owners, he offers a practical way to vet a vendor: ask where data is hosted, which regulations apply, whether independent security reviews exist, and precisely what data is sent to foundational AI models. He also describes how Coherent minimises data and layers its defences.

    Key takeaways

    • Finance and healthcare share the same core problems: decades-old legacy systems and siloed data that resists sharing.
    • Data stops being anonymous once enough separate datasets are combined, which is the real risk in large data-sharing deals.
    • A federated access model, similar to signing in with Google, would let patients control what data a vendor or agent can use.
    • When assessing an AI vendor, ask where data is hosted, which regulations apply, whether a data processing agreement exists, and what data reaches model providers.
    • Basic security hygiene matters most: multi-factor authentication, independent security reviews, and sending only the data a task actually needs.
    • Coherent uses defence in depth and data minimisation, so automating a booking never needs a patient's name or clinical details.
    Once you have a large enough data set, it's no longer anonymous.
    Bharat Reddy
    Stop the leak

    See how much revenue your clinic is leaking.

    Coherent gives private clinics one patient relationship engine, recovering revenue lost at enquiry, recall and billing.