It seems that few roles have evolved over the years as much
as the role of the Chief Information Officer (CIO) in healthcare. Gone are the
days when the CIO was just the person who was responsible for the computer
systems and nothing else. . I remember back in the early 2000s when I worked at
University Medical Center in Tucson, AZ that the IT team, including the CIO,
were stashed in a 40+ year old portable building behind the hospital next to
what we called the clinical equipment graveyard where old hospital beds and
miscellaneous furniture went to die. In those days, IT was out of sight and out
of mind. Flash forward to today and the healthcare CIO is now a trusted advisor,
business consultant and valued member of the organization’s executive team. A
lot has changed in the last 20+ years!
So, what is the role of the modern healthcare CIO? Let’s
break this down a little bit:
Business Process Expert
A healthcare CIO should have a good understanding of how to
develop, document and analyze business processes. You can’t add technology to a
business process that doesn’t exist, isn’t standardized or even well understood.
Well, actually you can, I guess, but what you get is a bigger, more complicated
mess.
The CIO needs to be able to facilitate sessions to
understand and map current business processes and help the functional area
determine what is working and what isn’t and then formulate problem statements
for the areas that aren’t working so that requirements for a solution can then start
to be collected. The thing to keep in mind here is that the solution may not
always be one that involves technology even though the CIO or their delegate is
leading the process to identify and help implement a solution. Many times,
without going through this process, you don’t know what the right solution is.
Organizations that don’t take this approach can throw money and technology at a
problem hoping to solve it, but if you haven’t accurately defined the problem
and what it would take to functionally solve it, you are really just shooting
in the dark.
This function of the CIO relies on the CIO’s business skills
and acumen which in today’s healthcare environment are just as important for
the CIO to have as knowledge of technology and technical trends.
Security Expert
Healthcare is one of the most highly regulated industries
and also one of the most targeted industries by threat actors. Because of this,
today’s healthcare CIO needs to be well-versed in threat landscape and how to
mitigate potential threats to protect the privacy and safety of patient data
and the organization’s systems. The threat landscape is ever evolving and shifting,
requiring the CIO to always be researching and understanding these changes in a
way that can be easily communicated back to the rest of the executive team and
the board. The CIO needs to be able to accurately assess and communicate the
risks to the organization and provide a strategy that is tailored to the
organization and makes sense. This is a very time-consuming aspect of the CIO’s
job and one that shouldn’t be taken lightly by the organization’s leadership.
Change Agent
There are probably few areas that introduce as much change
through the organization as the IT department. While these changes are rarely
true IT initiatives, most are led by IT on behalf of a functional area, IT is
the one who generally leads and manages these changes. As a result, it
typically falls on the CIO to come up with a change management strategy to help
the organization’s workforce adapt to these changes with as little disruption
and displeasure as possible. This role calls on the CIO to be an excellent
planner, leader and psychologist. That last attribute is not one that you will
find in any CIO job description, but an understanding of the psychology of
change and how change is viewed and ultimately accepted is critical to ensure
the success of any large project. This requires the CIO to have a strong
understanding of the organization’s culture and be highly visible during the
change process, actively listening and evolving the change strategy to help the
workforce successfully adapt to the change.
Governance
A successful CIO needs to be able to organize and lead the
governance process as it relates to technology. This process can take several
forms and while not all organizations have all forms of governance, it should
be the direction that the CIO is pushing for. The types of governance, as I
would recommend them, are outlined below:
IT Governance
It is important that there is some sort of governance
structure that loops together leaders of the organization and the board to vet
long-term IT strategy and prioritize IT initiatives. Part of the chart of this
governance structure should be to always make sure that the work and projects
that IT takes on always align with the broader goals and objectives of the
organization. This is usually chaired (or facilitated) by the CIO and includes
leaders from the key areas of the organization to help provide visibility and
context into the needs of the organization.
Project Governance
This could be done through a Project Management Office (PMO)
and/or a Project Steering Committee. The purpose of this governance structure
is to oversee the intake process for prospective projects, lead the analysis
and vetting of those projects and formulate recommendations on projects that
should be undertaken. Once projects are approved, the reporting and management of
those projects and the organization’s overall project portfolio should go
through this governance structure. This usually falls under the supervision of
the CIO.
Data Governance
While most electronic data is managed by the IT department,
it is important to remember that the IT department doesn’t really own this data
or even completely understands how data is used in its entirety across the organization.
This is where data governance comes into play. Data governance entails
identifying all the various types of data as it is used throughout the
organization as well as identifying data stewards for each type of data.
Data stewards are individuals who are subject matter experts with regard to the
data under their stewardship and can be looked to for decisions regarding who
needs access to the data, retention requirements for the data and would be part
of any integration discussions where the data may be transferred or exchanged.
This function is important as it takes decisions around data out of the hands
of the IT department and assigns ownership of it to those who actually use and
understand it, with the advice and consultation of the CIO and the IT
department.
EHR or Health IT Systems Governance
This governance model usually involves the leadership of the
Chief Medical Information Officer (CMIO) along with the CIO to take changes and
optimizations requested by the users of the various health IT systems and
evaluates them for need, scope, difficulty or feasibility, and impact. This usually
involves a committee structure made up of representatives of the systems’
stakeholders who, under the leadership of the CMIO with the support of the CIO,
meet and discuss system change requests and then either approve or deny them
and subsequently prioritize them for scheduling. This committee also receives
reports back on the status and progress of requested changes.
Finance Manager
The assets, capital and operating budgets under the
management of the CIO are typically some of the largest in the organization.
This requires the CIO to be a keen financial manager who can project and budget
for the organization’s needs and then effectively manage within that budget. To
do this, the CIO must be a strong negotiator, both with internal stakeholders
and vendors, and must be adept at vendor management to ensure that the organization
always receives the highest value for the dollars spent. In some organizations,
this also means vetting vendors to make sure that their values align with the
organization's.
This role may require the creation or input into the
creation of RFPs and evaluating responses as well as the subsequent negotiation
of a contract for services.
Communicator
Last, but not least, is the role of communicator. The CIO
needs to be constantly communicating to a large number of constituents. They are
expected to communicate recommendations, risk assessments and progress reports
to the executive team and the board; they communicate upcoming changes, either
in person, by email or virtually, to the workforce and are available to take
questions and concerns; they should be constantly communicating with the entire
organization about potential security risks, educating them on how to avoid
them and protect themselves and the organization; they communicate with
external partners, establishing and maintaining relationships that benefit
their organization; they may be responsible for communication with auditor or
regulatory bodies regarding compliance with regulations and internal controls.
Additionally, a good CIO is always in touch with the staff, understanding what
they see and hear, their concerns and needs and is available to advocate for
them to enable them to do their jobs to the best of their ability.
Conclusion
As you can see, today’s healthcare CIO has evolved way
beyond the traditional technology role and is a key player in the operations
and decisions across the entire organization. The role of the CIO today is a
respected member and advisor to the executive team and C-suite and is required
to wear many hats and have expertise far beyond that of the technology stack.
