This past September, eight CIOs from some of the nation’s leading healthcare organizations convened at the annual Scottsdale Institute Fall CIO Summit in Arizona to discuss the most important IT-related challenges their health systems are facing and the strategies to position their organizations for success over the next year.
The Summit was hosted by the Scottsdale Institute, a Minn.-based not-for-profit membership organization of health systems advanced in IT, and sponsored by Impact Advisors, a Naperville, Ill.-based provider of healthcare IT consulting services. The conversations and key findings from the Summit are outlined in the report, “The New World of the Health System CIO: Consumers, Consolidation and Crooks.”
Following the Summit, HCI Managing Editor Rajiv Leventhal spoke with one of the CIOs who was in attendance—David Bensema, M.D., Louisville-based Baptist Health Kentucky—as well as Tonya Edwards, M.D., physician executive at Impact Advisors. In Part 1 of that conversation, Leventhal got a “war room” inside look at the most pressing issues CIOs are currently grappling with specifically around changing payment models and electronic health record (EHR) optimization. In Part 2, Drs. Bensema and Edwards look at more challenges that were identified at the Summit, such as healthcare mergers and acquisitions (M&A), cybersecurity best practices, and competing for patients. Below are excerpts of that discussion.
What about mergers and acquisitions are specifically so challenging for CIOs?
Bensema: I think it's about the difficulty of having the workflows for the end user appear seamless. Certainly it would be nice for our IT teams if the integration was easier and the interfacing was simpler. That’s a big challenge, trying to have the end users not feel impeded by their products. That’s what you hear historically, that the products get in the way. There is a need to integrate the various elements of your IT environment so the end user doesn’t notice when they go from one software solution to another.
Edwards: Another big challenge is that once the decision to merge or acquire has taken place, there is a discussion about what to do about our IT systems. That decision about you will handle your IT solutions, which ones you will use, who has power to make those decisions, how you will handle using multiple systems at once, figuring out a timeframe, merging together, and consolidating—all of those things make the M&A piece very time consuming, resource-intensive, and very difficult.
Bensema: We have done two acquisitions in the last several years, and there is always a lot of talk about the governance of personnel, the nursing staff, governance of the billing department, and accounts payable, so IT becomes an afterthought. People get to love the devil they know, so even if they’re on a lesser product, they’re not ready to give it up. You need to have those discussions up front; you can’t do it in the heat of a deal. We have had trouble with that, and it’s tough to get the hospital to come over, so we have had to sustain products that we didn’t want to.
We keep hearing the saying that healthcare cybersecurity will get worse before it gets better. How much of a priority is this for CIOs and what are they doing to better protect themselves?
Bensema: This was one of the more fun parts of the meeting, and it had a lot to do with Impact [Advisors] coming up with its new model for assessing maturity in the security realm. The thing is, if your board does not have this at the top of mind, if the audit committee is not already deeply involved with monitoring your security audits and passwords, if dual authentication is not implemented or even on the radar, well, those are big things that need to be done. And after you do all those things, engaging your staff to have awareness and be looking for it. I’m a physician, and I have to be aware that something could walk in at any time, so you need that situational awareness. Getting your staff to have that awareness, such as noticing that an email doesn’t look normal, is key. There are clues and you need to think about that every time you open something so it becomes habit rather than time consuming even with more sophisticated phishing schemes. You can have the best firewalls and monitoring systems in the world, but they won’t attack a hard firewall. They will attack a vulnerable person.
Edwards: It’s the biggest fear for CIOs right now, and it’s at the top of mind for everyone. Having an objective is helpful, and then it’s about having board level executive support for security work to be done and to change the culture of the workforce. There are also tactical things like working towards all healthcare data so you have a lot more control over it, and having constant education and reminders for end users.
Tonya Edwards, M.D.
Competing for and retaining patients was another interesting dilemma that CIOs brought up. How big of an issue is this?
Edwards: You have very different consumers in healthcare than we have had in years past. That’s related to what we have seen in other industries. You look at retail or banking—they have had innovation and have been really strongly focused on convenience and user friendliness with a much more visual format. When is the last time you went inside your bank? Healthcare, conversely, has stayed pretty much the same. We are now getting innovative business plans with telehealth models and retail pharmacies, which are beginning to eat away in urgent care and primary care areas. As a family physician, to me, those areas are being eroded. Healthcare companies have tried to compete on quality, but we are missing the boat in a lot of ways. Access and availability are the differentiators, and that’s what these new disruptive innovators coming from other industries are excelling at.
Bensema: That availability and convenience are such key elements for the younger patient population, the group you want in your pipeline early in this population health world so you can reduce their disease burden later. I was one of the disruptors in the Kentucky market, among the physician practices. There were eighteen retail clinics that I helped to put together across the state. The anxiety felt by the doctors, the high alert that other health systems went on when we did that, was remarkable. Telehealth is the disruption now, and doctors are struggling on if they want to participate in that. We weren’t doing more than a phone call here and there with regular patients, and now systems are asking patients if they want to participate in telemedicine. A system has to compete for those lives, and if you will be doing accountable care and population health, you have to spread the risk and have a large base population by offering the elements they want so they sign up to your plan. Competition is healthy and it’s heating up. From an IT standpoint, it’s causing all of us to up our game, as CIOs have to be aware of that next-level technology. Even if you’re not ready to adopt it, you better be well-versed on it because someone on the board is reading something or the CEO will ask you why you’re not already in this area.
What priorities will change by the time next year’s CIO Summit rolls around?
Bensema: The one thing that will change, we will all be more aware on where we stand on the security maturity scales. We know what we will have to do more specifically—that’s part of the evolution. You will also see a lot more care management and population health-focused software tools implemented across the system, and we will all be confused since we’ll all be getting different information. The level of confusion will peak regarding population health over the next year, and then we’ll start figuring our path to that. No one has the secret sauce yet.
Edwards: These same challenges that we described this year will continue to be the major ones, but they will shift in priority. You will see a lot more shift towards optimization and the preparation for population health. The interoperability piece is such a big part of being prepared for value-based care as well.