This past September, eight CIOs from some of the nation’s leading healthcare organizations convened at the annual Scottsdale Institute Fall CIO Summit in Arizona to discuss the most important IT-related challenges their health systems are facing and the strategies to position their organizations for success over the next year.
The Summit was hosted by the Scottsdale Institute, a Minn.-based not-for-profit membership organization of health systems advanced in IT, and sponsored by Impact Advisors, a Naperville, Ill.-based provider of healthcare IT consulting services. The conversations and key findings from the Summit are outlined in the report, “The New World of the Health System CIO: Consumers, Consolidation and Crooks.”
Following the Summit, HCI Managing Editor Rajiv Leventhal spoke with one of the CIOs who was in attendance—David Bensema, M.D., Louisville-based Baptist Health Kentucky—as well as Tonya Edwards, M.D., physician executive at Impact Advisors. In Part 1 of that conversation, Leventhal got a “war room” inside look at the most pressing issues CIOs are currently grappling with specifically around changing payment models and electronic health record (EHR) optimization. In Part 2, Drs. Bensema and Edwards look at more challenges that were identified at the Summit, such as healthcare mergers and acquisitions (M&A), cybersecurity best practices, and competing for patients. Below are excerpts of that discussion.
What about mergers and acquisitions are specifically so challenging for CIOs?
Bensema: I think it's about the difficulty of having the workflows for the end user appear seamless. Certainly it would be nice for our IT teams if the integration was easier and the interfacing was simpler. That’s a big challenge, trying to have the end users not feel impeded by their products. That’s what you hear historically, that the products get in the way. There is a need to integrate the various elements of your IT environment so the end user doesn’t notice when they go from one software solution to another.
Edwards: Another big challenge is that once the decision to merge or acquire has taken place, there is a discussion about what to do about our IT systems. That decision about you will handle your IT solutions, which ones you will use, who has power to make those decisions, how you will handle using multiple systems at once, figuring out a timeframe, merging together, and consolidating—all of those things make the M&A piece very time consuming, resource-intensive, and very difficult.
Bensema: We have done two acquisitions in the last several years, and there is always a lot of talk about the governance of personnel, the nursing staff, governance of the billing department, and accounts payable, so IT becomes an afterthought. People get to love the devil they know, so even if they’re on a lesser product, they’re not ready to give it up. You need to have those discussions up front; you can’t do it in the heat of a deal. We have had trouble with that, and it’s tough to get the hospital to come over, so we have had to sustain products that we didn’t want to.
We keep hearing the saying that healthcare cybersecurity will get worse before it gets better. How much of a priority is this for CIOs and what are they doing to better protect themselves?
Bensema: This was one of the more fun parts of the meeting, and it had a lot to do with Impact [Advisors] coming up with its new model for assessing maturity in the security realm. The thing is, if your board does not have this at the top of mind, if the audit committee is not already deeply involved with monitoring your security audits and passwords, if dual authentication is not implemented or even on the radar, well, those are big things that need to be done. And after you do all those things, engaging your staff to have awareness and be looking for it. I’m a physician, and I have to be aware that something could walk in at any time, so you need that situational awareness. Getting your staff to have that awareness, such as noticing that an email doesn’t look normal, is key. There are clues and you need to think about that every time you open something so it becomes habit rather than time consuming even with more sophisticated phishing schemes. You can have the best firewalls and monitoring systems in the world, but they won’t attack a hard firewall. They will attack a vulnerable person.
Edwards: It’s the biggest fear for CIOs right now, and it’s at the top of mind for everyone. Having an objective is helpful, and then it’s about having board level executive support for security work to be done and to change the culture of the workforce. There are also tactical things like working towards all healthcare data so you have a lot more control over it, and having constant education and reminders for end users.
Tonya Edwards, M.D.
Competing for and retaining patients was another interesting dilemma that CIOs brought up. How big of an issue is this?