It’s vital for new CIOs, or CIOs starting at a new organization, to quickly identify their top priorities within their department to ensure they make the most significant impacts. Equally critical is to prioritize building relationships with their peers and quickly integrate themselves into strategic leadership. Due to the complexities of healthcare IT departments, it can be difficult for a CIO to rapidly integrate themselves into executive leadership while also strategizing a successful roadmap. It takes time and effort to learn departmental functions, such as technical infrastructure, application and desktop services, and telecommunications. And further still, CIOs need to understand organizational processes, policies, and overall culture.
So how does a CIO do this and create an impactful plan for their tenure? To begin, CIOs should focus on our top recommended departmental priorities, along with additional points to consider.
Top Priorities for CIOs to Consider
1. Technology Services
Beyond the physical brick and mortar, Information Technology (IT) and its surrounding support or services acts as the foundation upon which everything else is built. Having a deep, encompassing understanding of the technology landscape and portfolio is critical for a CIO that’s stepping into the role for the first time, or again at a new organization. Having a firm foundation on which to grow is of paramount importance.
Consider this:
– What is the targeted future state for each functional area?
– Where is the current state in relation to that goal?
– What ongoing efforts or future projects are needed to get to that target?
– Are there purchasing standards in place? Why are they in place? (e.g., GPO contracts, application requirements, and technology integration standards)
– What are the division’s major ongoing issues or risks?
– How are the risks being mitigated?
– What is on the wish list and why?
2. Application Services
Application portfolios are often complex with today’s technology landscape for healthcare providers and affiliates – from major EHRs to one-off applications that another department purchased – and the number of applications often grows over time. This is especially true if your new organization has undergone any merger or acquisition activity in the past.
Consider this:
– What are the top 5-10 application contracts?
– Are the versions installed up to date with current vendor releases?
– What major features in those applications are licensed but not implemented?
– What features could be implemented but are met with a separate 3rd party application?
– Do they all have test environments?
– Are there standard upgrade processes and schedules?
– How many full-time people are needed to support the applications?
– What are the division’s major ongoing issues or risks?
– How are the risks being mitigated?
– What is on their wish list and why?
3. Process Controls
An IT department without controls in place can seem like the wild west. In fact, we even call those that shirk the controls in place “cowboys”. When patient lives and business viability are at stake, we cannot operate in a lawless and dangerous manner. An IT department needs to be run with order and processes to protect patients as well as the business.
Consider this:
– Are the following processes in place and being followed?
– IT Governance
– Change Control
– Objective Project Intake and Approval Process
– System Build and Change Documentation
– Testing Policies and Processes
– New Hire Provisioning
– Support Desk Service Level Agreements
4. Digital Health – Capacity and Maturity
Whether you call it digital transformation, digital health, digital front door, digital patient journey, or something else, the big topic in healthcare today is engaging both patients and staff through technology. The strategies can often be a first-in/first-out or even a short-attention driven grasp at the next shiny technology. It’s important in today’s climate of limited budgets and burnt-out staff that your strategy avoids this method, and instead focuses on value.
Consider this:
– Assess a HIMSS Analytics Digital Health Indicator (DHI) Assessment to measure Digital Capacity
– Ensure a digital health strategy is in place that includes a timeline and sequencing to focus on business value
– Consider the HIMSS EMRAM for hospitals or O-EMRAM for clinics (gives you both a current state and a target for value-based maturity milestones in achieving HIMSS Analytics Level 6 or 7)
5. Cloud Readiness
With cloud architecture becoming embraced in the healthcare industry, security, resiliency, performance, service metrics, and cost are all important considerations. Organizations should have a strategy that leverages more than one single vendor. The strategy would also require a shift in responsibilities of your internal talent, where they will become more managers and idea people. The finance department and operations will also need to be onboarded with your strategy.
Consider this:
– Is there a documented strategy for migrating applications to the cloud?
– What are the internal team’s capabilities?
– Do you have the necessary security elements in place to embark on a cloud strategy?
– Does finance understand the capital and operating budget shifts that come with cloud hosting?
6. Ransomware Avoidance
The last thing a new CIO needs is to be hit with a ransomware attack in their first weeks or months on the job. While there are many areas of cybersecurity health that can be assessed, a quick focus on the elements to prevent the most prevalent and publicly damaging attack is prudent. Strengthening your cybersecurity posture and leveraging elements of the National Institute of Standards and Technology (NIST) framework for cybersecurity can help you avoid ransomware attacks.
Consider this:
– Do you have confidence in your abilities to deter a ransomware attack?
7. Remote Tools
During the pandemic, many organizations scrambled to get telemeeting and televisit functionality in place. This often led to departments implementing their own solutions and additional applications to the application inventory that were not evaluated for enterprise use. Where possible, it’s prudent to define a strategy for a single enterprise platform for internal use for remote workers, virtual instructor led training (VILT), and for patient tele health visits.
Another security risk to an organization is the number of outside entry points into the internal networks. Virtual Private Networks (VPNs) are a direct access point to the internal systems. Often, as part of tier 4 support (vendor support) needs, application or technology vendors want to have a VPN and access to their systems on your network. These added VPNs can be hard to document and maintain to ensure security. Consider scanning your network for VPNs to ensure you know all of the access points and document their legitimacy and security.
Consider this:
– How many remote technology platforms do you have in your new organization?
– Do you feel confident in the number of VPNs available to access your environment?
8. Culture
The internal expectations and culture for healthcare IT have made significant shifts in the last 15 to 18 years. In the early 2000’s, IT had no responsibility for applications other than to ensure the servers were up and running. By the late 2000’s, the shift to Meaningful Use put a focus on application analysts understanding and even advising on workflows for end users. These cultures went from one of no responsibility to one of risk aversion. Currently, as organizations pursue digital engagement programs and innovation centers, there is a need to be more agile and risk tolerant.
A learning culture that can fail fast and use those failures to learn and grow is necessary. Coupled with the need to move at the accelerated pace of digital technologies and emerging capabilities also allows a focus on agility and efficiency. Bureaucratic and consensus-based project approval processes need to give way to trust in those empowered to make decisions to gain speed to match the industry. Knowing where your organization’s IT culture is currently will allow you to set a target culture and shape it accordingly. There are no simple questions to evaluate a culture, but observations, surveys and interviews are good tools to use for understanding a culture.
The priorities listed above are not difficult to gather, but they can take precious time and effort to accomplish – time that a CIO can better use to build strategic relationships needed to be successful within the organizational leadership and politics. It’s important to keep in mind the value that the right outside perspective can have on placing objectivity in place for the current state.
For CIOs Needing a Little Spark!
Divurgent’s Service Spark! is built to gather the most important IT information and deliver a proactive assessment of your most needed initiatives.
About the Authors
Adam Tallinger | Executive Vice President, Client Service
Adam is a highly experienced licensed pharmacist with over 30 years of experience in advisory services, EHR implementation, IT management, program and operational leadership, informatics, and healthcare operations. He has successfully led large IDN EHR implementations in the private, not-for-profit, international, and academic spaces, and is an innovator of new technologies and tools that enhance end-user experience, increase adoption, and deliver quality to clients. He received his BS degree in Pharmacy and MHA degree in Informatics. To learn more about Adam, visit him on LinkedIn or schedule a Calendly meeting.
