After a week of conversations with hospital leaders, operators, and clinicians across Malaysia, a simple framework emerged. It applies everywhere we've worked — India, UAE, Southeast Asia, and now the US.
Every healthcare AI company believes their product works. Most of them are probably right — at least in a controlled demo environment. The real question isn't whether the AI can perform. It's whether the AI pilot will survive long enough to prove it.
Most don't. Industry data suggests that over 70% of AI pilots in healthcare never make it to full deployment. They run for 60-90 days, produce some interesting data, and then quietly disappear as priorities shift and budgets tighten.
During a recent trip to Malaysia — meeting with hospital CEOs, CMOs, CFOs, and clinical directors — I found myself asking a different question: not "what makes AI work?" but "what makes AI survive?"
After multiple deep conversations, a simple four-criteria framework emerged. I've since tested it against every market we operate in. It holds.
The Four Criteria
Money
AI must move the needle. Either revenue growth or real cost reduction — it cannot be a cost center. This point was made clearly by hospital leaders I met: if you can't show me where this lifted revenue or stopped leakage, the conversation ends there.
This sounds obvious, but many healthcare AI companies build products that optimize processes without quantifying the dollar impact. "Efficiency gains" and "time saved" don't survive budget season. Recovered revenue and reduced denial rates do.
Safety
If a product touches patients, patient safety is non-negotiable. Accuracy, guardrails, and clinical responsibility come first.
This is the criterion that separates AI built by technologists from AI built by people who understand healthcare. Every agent in Tulu Health's platform has a defined scope — it does not make clinical decisions, it surfaces information and automates administrative workflows. The clinical judgment remains with the clinician. This isn't a limitation; it's a design principle that earns trust from medical directors.
A hospital CMO once told me: "I'm not afraid of AI being wrong once. I'm afraid of AI being confidently wrong, consistently." Our job is to build systems where errors are visible, auditable, and correctable — not hidden behind automation.
Security
Trust is the currency of healthcare. Solutions must ensure compliance, data protection, and clear risk mitigation from day one — not as an afterthought.
In Malaysia, hospitals must comply with PDPA. In the UAE, there are HAAD and DHA data governance requirements. In the US, HIPAA is table stakes — but the specific requirements vary by state and payer. In India, DPDP legislation is evolving rapidly.
Healthcare CIOs don't just want to know that your product is secure. They want to know exactly where patient data goes, who can access it, for how long, and what happens when they end the contract. If you can't answer those questions on day one of the pilot, you won't make it to day 30.
Simplicity
If a solution disrupts existing workflows, it creates resistance that no amount of ROI can overcome. The best AI becomes invisible — it does its job without making anyone's day harder.
One hospital director put it bluntly: "If your AI requires my team to change how they work, it will fail. If it makes what they already do faster and better, it will spread on its own."
This is why Tulu Health integrates via FHIR/HL7 with existing EHRs rather than replacing them. Our agents surface in the interfaces staff already use. They don't require new logins, new training modules, or new workflows. They quietly handle the tasks nobody wanted to do anyway.
"The pilots that die are technically fine. They fail because they can't answer Money, Safety, Security, and Simplicity at the same time.
The Framework in Practice
When we evaluate a new hospital engagement, we now explicitly map our deployment plan against all four criteria before we start. Which workflows will we touch? What's the measurable dollar impact? Who owns patient safety governance? What data leaves the hospital network, if any? What does the staff change management look like?
If we can't answer all four clearly, we redesign the approach until we can. It slows down the sales cycle. It means we sometimes say no to engagements that don't meet the criteria. But it also means our pilots survive.
The enthusiasm among hospitals in Malaysia for what we're building is strong and motivating. But enthusiasm alone doesn't keep pilots alive. Demonstrable ROI, clinical safety, bulletproof data security, and zero-friction adoption do.
If you're evaluating any healthcare AI vendor — including us — hold them to this framework. The ones who can answer all four questions clearly are the ones worth betting on.
Dr. Adil Khan
Founder & CEO, Tulu Health — Building AI colleagues for hospital operations across India, UAE, Southeast Asia, and the US.
Follow on LinkedIn →Ready to run a pilot that actually survives?
We'll walk you through how Tulu Health maps to all four criteria — and show you projected ROI before you sign anything.
Book a 30-Minute Demo