As Healthcare CIOs Evolve, Leadership Concerns Abound | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

As Healthcare CIOs Evolve, Leadership Concerns Abound

June 15, 2017
by Dan O’Connor, vice president of client relations, Stoltenberg Consulting
| Reprints
CIOs must constantly assess trends in value-based reimbursement, analytics, security and IT staffing

From new cybersecurity threats to government mandates and reimbursement program adjustments, healthcare IT is constantly evolving. Occupying a position that’s full of competing projects and high budget scrutiny for electronic health record (EHR) overhauls, today’s hospital CIOs work hard to keep up in the transition to value-based care.

New trends in EHRs represent some of the biggest changes—and challenges. By 2025, the global EHR market is expected to reach more than $33 billion, according to Research and Markets. Within the United States, KLAS cites that the shift in EHR system purchases heavily leaned toward small community hospitals, which accounted for 80 percent of EHR decisions for 2016. This prompted growth of community-specific EHR platforms, while standalone hospitals with fewer than 200 beds preferred web-based solutions. As vendors change system offerings and EHR version certifications become vital for programs like the Medicare Access and CHIP Reauthorization Act (MACRA), providers must consider if they need to jump ship from current systems.

Beyond the EHR landscape, several industry trends stand out as vital influencers toward the evolving hospital CIO role. Consider these four health IT issues impacting new leadership responsibilities:

1. MACRA. In the new physician-reimbursement landscape, CIOs hold the key to vital MACRA Quality Payment Program (QPP) reporting data. Hospital-affiliated physicians view the program as an added revenue opportunity with patient care promise, but 66 percent are unprepared for managing and executing MACRA initiatives without health system support.

Only through the IT department can provider organizations pull, maintain and effectively analyze data to identify reporting gaps, while working with clinical and financial departments to identify measures best fit for reporting proficiencies. It’s also up to the IT department to make sure EHR vendor certifications and capabilities are up to speed with reporting requirements down the road, since MACRA alignment requires multi-year strategic planning and pick-your-own-pace options end in 2017. If technology isn’t up to par, the CIO must lead the decision to fill in the gaps.

2. Analytics. As EHRs evolve with optimizations, vast amounts of data increase at exponential rates. Virtually every CIO I have spoken with has targeted increasing spending on data analytics for 2017, which is currently a $6 billion market expected to reach $24.55 billion by 2021.

CIOs and CMIOs will need to the focus on evaluating current products and possibly expand tool sets with new offerings. Considering the importance of better decision making in the future, predictive analytics stands out as the top wish-list item, followed closely by clinical analytics or clinical operational analytics. These tools tie into demand to align with programs like MACRA and electronic Clinical quality measures (eCQM) in the transition away from fee-for-service care.

3. Information security. With the infusion of new technology into the marketplace, security continues to be high on the list of CIO priorities in 2017. The traditional areas of focus have been on network security, data encryption and mobile device security, but as interoperability expands, many devices are being integrated into networks. This creates complex structures with increasing vulnerabilities. More than half of healthcare providers do not test medical devices for security, while 60 percent of device makers don’t disclose information and security risks with clinicians and patients.

Moving forward, traditional measures such as two-factor authentication, which is one of the foundations for e-prescribing and password safety, will continue to be important. However, we’re seeing an increased need for employee training, throughout all levels of an organization, that’s centered on how to keep both data and networks safe. As threats from ransomware attacks continue to hit healthcare hard, a robust, holistic security program is essential. Ransomware now tops the list of threats to data security for healthcare, followed by advanced persistent threat (APT) attacks and phishing attacks, making security a major stress inducer for CIOs in 2017.

Know that once one ransomware method makes headlines, new malignant techniques will evolve. Consider the recent WannaCry attacks on Windows-based operating systems. Conduct a full network assessment to identify any devices or servers operating from outdated Windows OS or missing the MS17-010 security patch. Work with vendors to implement validated security patches with full process documentation aligning with set risk mitigation processes.


Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More