Being a healthcare CIO involves a tricky balancing act. On the one hand, you’re addressing the fundamentals of any business technology infrastructure and meeting the business needs of your organization, even as it undergoes change. On the other are the regulatory issues specific to operating in the healthcare environment—most prominently data security and ensuring that HIPAA compliance is maintained—while innovating in healthcare- and patient-specific technologies.
“Our biggest challenge is balancing new opportunities and regulatory requirements while supporting the whole system on a daily basis,” Roland Garcia, Baptist Health’s Senior Vice President and CIO, told Becker’s Hospital Review. “Because everything is in such a compressed timeframe, it creates challenges around priorities and resource allocation. Some of the initiatives we're managing represent a significant change to the way we do business, and there will be significant workflow impacts to physicians and other clinicians.”
Eight health systems CIOs who attended last September’s Scottsdale Institute Fall CIO Summit told attendees that the five challenges that are consuming a majority of their time and creating the most angst are new payment models, optimization, mergers and acquisitions, security, and competing for and retaining patients and consumers.
In researching what healthcare CIOs are talking about we found the issues and challenges tended to line up around security/privacy, telehealth, EMR adoption, patient portals, and meaningful use.
Security and Privacy
For Marc Probst, VP and CIO of Intermountain Healthcare, security and privacy are his greatest challenges. He told Becker Hospital Review, “The reinterpretation of HIPAA bleeds over into everything — EMRs, ICD-10. In 2012, we did an internal assessment following [HHS’ Office of Civil Rights’] reinterpretation of HIPAA requirements. We’d always done these assessments and had consistently found ourselves in the top 5 percent in the country in terms of privacy and security. When we received the results of this assessment, however, we found we had a number of areas that needed improvement.” They’ve since launched 72 projects around privacy and security and are working on them aggressively.
In early 2014, Probst said his job had become incredibly more complex over the past decade. "From the changing regulatory requirements to the advances in technology to the greater sophistication of IT users, it’s all creating a more complex environment. Not to mention information security—what we see happening with Target [data security breach] and the retail world is something healthcare is now dealing with in spades.”
Jeffrey Pelot, CIO at Denver Health Hospital and Medical Center, told Direct Consulting Associates that his biggest challenges in the next few years revolve around regulatory aspects for healthcare reform, that have been costly and difficult to keep up with, and security. “Security concerns will intensify month over month with the Internet becoming more and more dangerous. To counter this we will see cloud offerings become more robust and certainly more affordable. We need to be ready to take advantage of cloud offerings in as they develop a “sweet spot” for healthcare offerings. Technology costs will soar in the face of decreasing reimbursements. Keeping systems up-to-date and fully functioning will be a costly adventure further eroding operating margins, but conversely they will make the cloud more palatable.”
George S. Conklin, CHRISTUS Health’s Senior VP and CIO told Axis in 2015 that their strategy for preventing data breaches “entails designing the technology and the underlying network infrastructure that ensures that we’re able to meet the mission of CHRISTUS Health, which is to extend the healing ministry of Jesus Christ to everyone we serve in every one of our markets. We are concerned about the fact that people are trying to get into U.S.-based systems but are also very likely trying to get into our [Latin American] partners or our subsidiaries if they’re not equally as well protected as CHRISTUS Health.” Technology and people are equally important, he said. “What matters is how you educate your people about preventing data breaches,” Conklin said. “How you acculturate your people and your technology is critical. The reality is this: The largest number of violations occurs because people do something careless. Helping to prevent data breaches is about sensitizing people as to what they need to do.”
Conklin said that talking about his organization’s success with data security is like “waving a red flag at a bull.” He acknowledged that CHRISTUS Health is never going to have a 100 percent secure environment. “The United States is a big magnet for all of the folks who are engaging in health data theft—whether they’re doing so for criminal or political (including terrorism) reasons,” Conklin said. “We see evidence of this every day when we’re doing our own perimeter protections. There are lots of [hackers] out there trying to get into our information systems to steal information. And what we’re seeing is probably only the tip of the iceberg.”
Telehealth is a focus for Richard Daniels, EVP and CIO at Kaiser Permanente. “People want ubiquitous access to us, which translates into digitizing the experience members have with us, including telehealth,” he told Healthcare Informatics. “That leads to another point: innovation. We have been big on innovation and we need to continue to be. That includes leveraging new technologies like telehealth and making video available for clinician-to-clinician visits so that care teams can communicate. We are looking at remote patient monitoring opportunities as well...We have a few formal programs, one of which is an innovation fund. Anybody in the organization can submit an innovation fund request. A project may require seed funding to get started. We limit the amount to $200,000. In fact, it was through the innovation fund that we did some of the initial work on telehealth.”
David Chou, CIO at the University of Mississippi Medical Center, wants to take his medical center’s telehealth program global. "We have a really big telehealth program here. We have over 85 hospitals on site that are utilizing our telehealth program. Our goal is to get it to over 100 sites and capture not just the state of Mississippi, but we want to capture the southeastern region of the US and potentially go global…”
For Keck Medicine of USC, their telehealth strategy is still nascent, with 50 to 100 sessions a month. “However, these e-visits, or tele-visits, are seen as very important for ‘maintenance health,’” said Joshua Lee, Keck Medicine’s CIO, “limiting the need for patients to come into the hospital. I expect that the number of sessions we conduct will continue to increase steadily, increasing our level of engagement with patients as well as our overall quality of care.”
Patient Engagement Through Patient Portals
Some of the current themes for Duke University Health System are patient engagement and a portal where patients can get information online. “And so as we think through our strategic plans for the coming year, patient engagement becomes one of the central themes of what we’re working on,” Dr. Jeffrey Michael Ferranti, CIO and VP of Medical Informatics, said. “I saw a great statistic last year that nearly 10 times as many patients use your EHR as providers. I think that’s true, and so we need to make sure that we’re building out functionality in our electronic health record that would really benefit our patients. So we’re looking at things like e-visits or patient scheduling of appointments directly online, and patients being to fill out forms and information about themselves or their condition before they show up in clinics. I think those sorts of things really encourage partnership and care, and that’s really what we’re all about....”
Brent Snyder, Adventist Health System’s CIO, believes that patient portals are one of the best tools to increase patient engagement. However, Snyder said at a CIO event that not all portal solutions are keeping pace with the degree of connectedness patients want. He noted that, “the vendors are not being progressive about portal solutions.” Many of the CIOs agreed that health systems need to continue to push vendors to develop solutions that meet consumer needs.
EMR adoption--less a technical implementation than an overall clinical transformation--is on the mind of Kumar Chatani, EVP and CIO of Mount Sinai Health System. He explained that challenges arise in ensuring staff is aware of their changing workflows and are adequately prepared to seamlessly transition to an electronic platform. “Our most valuable lesson learned along the way has been to implement an intricate, formal change management program, assign project managers to oversee the plan and appropriately fund the project. This allows clinical champions, front-line nurses, trainers, super users and other resources to fulfill duties as members of the implementation team during the course of the project.” The long-term plan is to migrate all their sites to the Epic EMR, but they are still dealing with several legacy EMRs connected through the internal and external health information exchanges. Still, they are seeing distinct benefits already.
“The EMR workflow has resulted in close to 100 percent vaccination compliance for patients who receive care in Mount Sinai Hospital and Mount Sinai Queens,” said Chatani. “Clinicians quickly generate lists of patients meeting particular criteria. The health system used this feature to group, track and treat patients during an MTA subway derailment and a gas main explosion that left many injured. Case managers have also used this tool to identify and coordinate patients in need of nursing home placement. The platform is useful for bio-surveillance and reporting to the New York State Department of Health. Real-time data is now sent directly to the New York City immunization registry.”
Darren Dworkin, Cedars-Sinai Medical Center’s SVP of Enterprise Information Systems and CIO, has said that he wants to believe that enterprise EMRs are agile platforms on which care delivery can be transformed but they have to evolve in order to be called a platform. For now the EMRs brought to the industry by Epic, Cern, and Meditech—what he refers to as the “Gang of Three”—are applications. Among other things, he said in a LinkedIn post, EMRs need to demonstrate innovation, provide analytics, support mobility, and demonstrate reliability. The biggest area of improvement is creating choice. “The toughest and probably the most important area for our gang to distinguish themselves as a platform is to create choice by building a leveraged open ecosystem,” he said.
“Choice would be fully realized by creating open APIs to access data models and workflows. Customers and third-party vendors would look to solve problems by building solutions within the system and innovation would be an open challenge to solve for everyone. The Gang of Three gets a D-.” He said, “Gang of Three, it is time to get everyone involved to help us solve problems. Talk to your customers and third-party developers, court them, and encourage them to build their applications in such a way that they have a technology dependency on you. Risk some value you may create on your own, but balance it by figuring out how to extract value from your new workforce – your third-party developers. It is time to enable choice!”
Meaningful Use Compliance Challenges
Meaningful use is the concept of using certified electronic health record technology to do a variety of things, including improve quality, safety, efficiency, and reduce health disparities, as well as engage patients and family and improve care coordination, public health, and maintain the privacy and security of patient health information. So, it goes back to the issues discussed above.
Probst, of Intermountain Healthcare, is a member of the Office of the National Coordinator (ONC) for Health IT’s policy committee. He spoke with FierceHealthIT about some of the challenges being faced by ONC in terms of Meaningful Use compliance among providers.
“It’s a tough time for Meaningful Use. We haven’t seen what Stage 3 is going to look like; I’m worried about that because I think the industry is just getting tired. There’s only so much we can do and it feels like Washington isn’t listening to us. As a voice--whether it’s been CHIME or AHA or HIMSS or any number of organizations--the message has been consistent: too much, too fast, here are things you can do about it. When the response back from ONC and CMS is ’tough,’ that might not be exactly be what they’re saying, but that’s what it feels like. You worry about it. It’ll be interesting to see what happens in the coming year."
Susan A. Heichert, Allina Health’s SVP and CIO, is also concerned about the difficulties complying with meaningful use requirements. In a 2015 roundtable with Becker’s Health IT and CIO Review she acknowledged the difficulties experienced by so many health systems and hospitals to attest to meaningful use requirements and the subsequent Medicare reimbursement cuts. “For the organizations that began their EHR journeys as the meaningful use program began, it’s been difficult for them to focus resources exclusively on meaningful use,” she said. “There are key stages you go through with a big project like EHR implementation that include implementation, stabilization and optimization. If you try to go through those at the same time you’re trying to reach meaningful use objectives, it’s very difficult. It was a big effort to get through Stage 1, and when Stage 2 came along, the bar was raised so significantly it was like a leap up, not a step up. When you’re focused on one area and then suddenly the rules and expectations change and it is unclear what counts and what doesn’t, it makes achieving MU difficult. Also, it’s unfortunate that the program is pass-fail. Some systems have done really good work, but even if they achieve 90 percent of the objectives, they still don’t get recognition. I think we should be using incentives to create a ‘No Healthcare System Left Behind’ project that can help hospitals and systems across the board identify issues and objectives together and ways to overcome them to make sure everyone gets to Stage 2.”
John David Halamka, CIO at Beth Israel Deaconess Medical Center, wrote in a December 2015 blog post that, “Market forces will be more potent that regulation. Meaningful Use has accomplished its goals. MU is dead, long live MU. We need to move away from prescriptive regulations so complex that no one understands them. Instead, we need pay for performance based on outcomes, giving providers and industry the freedom to achieve these outcomes using whatever technology they feel appropriate.”
All these issues suggest that tomorrow’s healthcare CIO will play a far different role than in the past. “I think the role of the CIO will be far more about matching operational change to technology, than it has been about acquiring technology, as it was in the last decade,” Dr. C. Martin Harris, CIO and Chairman of Cleveland Clinic’s Information Technology Division, told Healthcare Informatics in February 2015.
The takeaway? Joel Vengco, VP and CIO at Baystate Health clearly sums up the transition in the role of the CIO at healthcare organizations: Meet the uber facilitator. “As CIOs, we’re now managing everything from the operations of the health system, to ensuring that M&As are successful with integrations; and to new realms that are strategic and that will create new viability for the health system, things like analytics. And we’ll be diving into new service lines like telemedicine, that are outside traditional means of delivery. So you have to be a strategist, a visionary, a salesperson; you have to create collaboration across multiple lines of services. It’s really more of an extroverted role than in the past, and you really have to bind the organization. It’s a challenging role and not for the faint of heart, for sure. One day, you’re the hero; the next day you end up being the enemy. So it’s challenging but exciting.”
Adds Halamka: “The role of the CIO will evolve from provisioner/tech expert to service procurer and governance runner. From 1996 to 2001 I wrote many of the foundational applications of Beth Israel Deaconess. My education at Stanford, UCSF, UC Berkeley, Harvard, and MIT enabled me to innovate rapidly as a clinician, domain expert, and engineer. Today I do not write code and my role is to empower/enable talented people around me with funding, protected time, and political will. The CIO of 2016 will increasingly be an orchestra conductor and not a technology expert.”
For more insights into how CIOs view their changing role and what's important to them, browse our profile database to find who you are looking for. Want to understand the bredth of information available in our profiles? View our free sample profiles to see why we are the resource for CXO insights.