Throughout his career – which has included stints in the military, law enforcement, and logistics – Dennis Leber has amassed a wide breadth of experience. But the skill that has proven the most valuable, particularly in today’s healthcare landscape, isn’t technical acumen or adaptability – both of which are critical.
“It’s communication and teaching, and it’s not making assumptions,” said Leber, who has “always had some type of instructor role,” whether it was teaching firearms during his early Marine Corps days, his numerous adjunct professor roles, or even his current consulting work.
That background has served him well, and could do the same for other cybersecurity leaders as risk management becomes a bigger priority throughout healthcare.
During a recent Unhack the Podcast, Leber – who is currently providing virtual consultant services, having most recently been CISO at Honest Health – talked about the evolving skillsets for C-suite leaders, the importance of basic cyberhygiene, and his unique career path.
Dennis Leber
The good news for cybersecurity leaders is that awareness seems to be increasing, as a result of the alarmingly high number of incidents healthcare has experienced. The not-so-good news? It doesn’t necessarily reflect in how the CISO role is perceived.
Part of that, according to Leber, falls on leaders themselves. “If you listen to some of the things CISOs say at events, you’re like, that’s the way we did it 20 years ago,” he said, adding that many aspiring leaders fail to leverage the resources available and, consequently, aren’t building the necessary skills. “They’re being pigeon-holed into positions because they don’t report at a level that would enable them to have impact and authority.”
One possible solution is to schedule regular meetings with the board and CEO, which can lead to improved decision-making. “CISOs shouldn’t operate in a silo. Regular collaboration with CFOs, COOs, and legal teams ensures cybersecurity strategies align with broader business objectives,” he wrote in a recent installment of his LinkedIn Newsletter (The Cybersecurity Doctor Is In). Board engagement is also critical, said Leber, adding that “CISOs who present regular briefings to leadership foster transparency and accountability.”
Addressing the board, however, is a strength not many cybersecurity leaders have fully developed. “That’s another problem we need to solve,” he said. Leber’s advice? Rather than focus on metrics – no matter how powerful they may seem, CISOs should anchor the conversation around organizational goals, and how they might be affected by a cyber incident.
“That’s where I started changing my thoughts to, ‘what are the goals of this company?’ and pulling up examples of where we increased or decreased by a certain percentage,” he said. Contrary to popular belief, “it has nothing to do with technology or cybersecurity. It’s, ‘here’s how implementing Control X or Tool Y impacts that objective that the business stated,’” and then talking about vulnerabilities and risk.
The ultimate objective is to be able to definitively say, “if we do or don’t do this, we won’t make a million dollars next year,” Leber said. For leaders, the key is in recognizing that people tend to learn differently and adjusting to fit their needs.
Another critical component is ensuring teams are trained on basic cyberhygiene – which should be a given, but is not in many cases. “Somehow or another, we’re still failing,” he said. “I’ve been in this industry for 20 years and we still fall victim to the same things over and over.”
The answer is education – and not just to those in IT or security, but throughout the organization, he said, urging colleagues to take a page out of the military playbook.
In the Marines, for example, “every soldier who goes into combat is taught basic life-saving skills,” which has helped dramatically improve survival of those suffering injuries. Healthcare, he believes, can achieve similar results by investing not just in solutions, but phishing education and testing exercises. Doing so regularly, he noted, can reduce social engineering risks by 80 percent.
And in fact, that potential to make a difference by leveraging technology is what drew him to cybersecurity – and eventually – healthcare. “I always liked technology. I was probably one of the first police officers in Louisville to have a computer in my car,” recalled Leber, whose decision to zero in on technology proved fortuitous. “That’s the future; that’s where we need to be.”
It’s amazing. A CIO can lead a hundred successful initiatives and have one that doesn’t go smoothly, and that’s the one they’ll remember.
But it’s the mistakes that end up having the biggest impact – and can even help create a better path forward. For Bridgett Ojeda’s team, it was an ill-fated decision to roll out smartphones to nurses, replacing the hands-free communication badges they had been using.
“These smartphones were giving them five additional features,” which they thought would rate highly in terms of user experience. However, “we quickly found out that hands free was the holy grail that we didn’t take into account. And so, the nurses were not appreciative of having a smartphone that could do a lot more.”
The lesson was pretty clear: input from customers should be considered, and frontline staff should be included in the evaluation phases of any new technology initiatives, say Ojeda, who has been CIO at Nebraska-based Bryan Health since 2021. “Making assumptions is dangerous; we learned quickly from that moment.”
Bridgett Ojeda
And importantly, they applied those learnings to subsequent rollouts, particularly those involving advanced AI. During a recent Keynote interview with Sarah Richardson, Ojeda talked about her team’s AI strategy, what she believes are the biggest stressors facing CIOs, and the importance of having regular chats.
Like most organizations, Bryan Health isn’t immune to the excitement around AI tools like voice recognition and natural language processing. But before leadership even considered making the leap, they ensured a solid business case was in place. “We’re very diligent about ensuring that the AI tools we’re implementing are solving a problem we have. Otherwise, we’re just creating a disruption with no return,” she said.
And of course, there’s the infrastructure piece. “It’s also critical not to lose sight of the digital transformation triangle or the people/process aspect when implementing AI,” Ojeda added, and to ensure they’re designed for optimal workflows and usability. “We need to think through our strategic plans and how we align AI tools that meet our organizational goals.”
The answer was ambient listening, which has helped minimize the administrative burden on clinicians, and consequently, improve staff retention. Not only that; it has brought joy back to the practice medicine, which has been the difference maker. “Now technology is working for us, not against us,” she said. “That’s where I want to see AI tools continue to advance.”
Enabling that, however, means contending with some significant challenges. The first, not surprisingly, is tight operating margins, which make it difficult to drive innovation. Bryan is working to solve it by building a roadmap to help identify lifecycle demands and anticipate needs for enhancements or upgrades.
The second? Enterprise cybersecurity risk management and the critical balance leaders must strike between user experience and security. It starts with implementing action plans around SIS controls to strengthen their cyber posture, Ojeda noted. As such, Bryan not only has a solid IT governance structure led by operationss, but also “built-in oversight of our cybersecurity and legal teams. This ensures that our innovation and initiatives align with security and compliance requirements.”
Part of that dedication to security means willing to take a hard stance, she said. “We work very closely in concert with our tech vendors and partners to ensure their solutions meet our security standards. We have clear expectations regarding data protection and how that data can be used.” And if the two sides can’t agree on data standards, leaders must be prepared to walk away, which her team is. “We won’t compromise our integrity, or do anything that threatens our mission of putting patients first.”
The third challenge is building and maintaining an engaged workforce. To that end, her team is developing IT career pathways that highlight opportunities available to staff, while also devoping programs focused on mentoring and job shadowing.
What’s just as important as the structure of a program, however, is the culture driving it. “First and foremost, it’s hiring incredible managers who are invested in their team’s success. It's ensuring we actively listen to our staff and build in multi-channel feedback loops,” Ojeda noted. Doing so helps to create a culture where gratitude is a priority and staff feel a sense of belonging. “We want to ensure we know what’s important to our staff.
There are number of ways to do that, including rounding, regular check-ins, and sitting down to lunch with each new staff member. “It’s important that I get to know every player on our team.”
Another method is through what she calls “coffee talks” in which small randomized groups meet to discuss concerns and get to know each other.
It’s all part of the collaborative culture her team has established. “We try to promote ongoing education and investment in our team members. We encourage our team to spend time with their customers so they can see how their work impacts the day-to-day lives of the people we serve,” she said. “It also keeps our team members tied to our purpose.”
What ties all of that together, according to Ojeda, is Bryan’s mission statement: ‘One patient, one story, and one health system, forward together.’ At its core, it’s about ensuring stakeholders are involved and invested every step of the way. “We are very methodical in our implementation strategies to ensure our operations are in lock step with us,” she said. “From the kickoff date to go-live, all the way to the closure and post implementation reviews, forward together is where we really need to lean into our governance structure to ensure that we have buy-in and initiatives are operationally led and IT supported. Our stakeholders prioritize the projects and the work we do.”
By adhering to those standards and fostering a culture of collaboration and innovation, Bryan’s aim is to create “a robust healthcare IT infrastructure that ultimately creates efficiencies for our staff and physicians, and creates great outcomes for patients.”
There are several myths floating around in healthcare. One of the most troubling, according to Reid Stephan (VP and CIO at St. Luke’s Health System), is the idea that clinicians are change resistant.
In fact, he believes it’s “lazy” to suggest that’s the case. “They’re overwhelmed. They’re drowning. And so, any added task, even one extra mouse click, can be the extra water that breaks the damn.”
Since EHRs first became part of the vernacular some two decades ago, clinicians have been dealt massive amounts of change, and have handled it quite well.
That’s the good news. The not-so-good news is that change isn’t going to slow down anytime soon, particularly as AI technologies become increasingly pervasive.
As a result, CIOs and other leaders face added pressure to prioritize the needs of frontline workers and make sure technology fits into their workflow. “The AI of the future has to be out of the way and require virtually no training,” he noted.
Reid Stephan
During a recent Keynote Interview, Stephan spoke about the ever-evolving relationship between CIOs and vendor partners, and how it can affect users. He also provided insights on the quest for the “middle truth” when it comes to AI initiatives; the role of EHRs as gatekeepers; and why, now more than ever, no one should settle for “good enough.”
One of the most critical aspects of a successful partnership between IT leaders and vendors is trust, according to Stephan, who commended St. Luke’s relationship with Epic as well as the EMR provider’s “genuine desire to improve healthcare.”
The challenge in working with Epic is that “sometimes we settle for a good enough mindset when excellence is within reach.” For example, if a CIO asks their internal Epic team analyst to see the roadmap, and they’re given a blueprint for Epic itself rather than the organization. “That’s a problem,” he added. “That’s not strategy; it’s vendor alignment dressed up as vision.”
And although his team operates with an Epic-first strategy, both due to the quality of its products and the high cost and complexity of using third-party solutions, Stephen believes leaders owe it to their clinicians to adhere to the highest possible standards.
“What if 80 percent isn’t good enough? Or what if the Epic solution technically checks all the boxes, but the user experience is frustrating, because it doesn’t solve the problem that needs to be solved? We can’t allow functionality to be a substitute for usability.”
What leaders should do, he added, is to raise the bar by asking for a “more modern, intuitive design” from EHR providers. “We need to expect and demand deeper, cleaner, more open integrations when we have to go beyond what Epic can offer,” he said. “We need to expect that our needs – and not just Epic’s roadmap – are guiding what we build, what we buy, and what we adopt.”
Part of the more modern Stephan seeks with EHRs is the ability to incorporate AI capabilities – something he believes is lacking. “Our EHRs are the gatekeepers, and that gate is effectively locked,” he noted, adding that “integration friction” can prove fatal to transformation initiatives. In some cases, EHRs aren’t just “hard to integrate with; they’re actively hostile.”
For that reason, he strongly urged CIOs and other leaders to educate themselves about AI, surround themselves with experts, and don’t hesitate to raise questions – especially when predictions vary so widely. “We’ve gone very quickly from ‘AI hasn’t delivered much’ to ‘it’s going to replace most doctors and teachers,’” he said. “What’s the middle truth? What has to happen over the next decade to certify or add credence to either of those statements?’”
That’s where the questioning comes in, Stephan noted, adding that AI is being marketed as transformative when in reality, it’s basic rule-based logic wrapped in a package, and people are starting to call that out.”
They’re also demanding solutions that require minimal training while offering the benefits that have been promised with AI. “People don’t want tools that look smart. They want tools that are simple,” he said. And “they don’t want AI to take over. They want it to work.”
The same can be said for C-suite executives who are part of the decision-making process around AI initiatives. Rather than focusing on the shiny new toys, his main concern is that the 550 members of the IT department have the tools and training needed to do their jobs effectively. “Do they feel supported and celebrated in the work they do? Do they feel safe? Do they feel like they can take reasonable risks in the work they do and learn from that?”
That’s the main objective, he remarked, adding that the CIO has become, in many ways, “more like a generalized administrator.
“If you’re worrying about cybersecurity or the network or applications at a micro level, you’re not adding value. Quite honestly, you’re probably stepping on team members who are doing good work.”
And, as we’re learning, the last thing anyone needs, whether it’s clinical, IT, or other areas, are barriers.
When Susan Ibanez took on the role of CIO at Southeast Georgia Health System, there wasn’t a predecessor to hand over the playbook – because there wasn’t a predecessor. There wasn’t exactly a playbook either – at least, not the type Ibanez had become accustomed to during her healthcare leadership career.
What she did have, however, was a strong team that was poised to move forward and willing to learn.
During a recent Keynote interview, Ibanez shared insights on how she is navigating the new position and guiding the development of a new strategic roadmap. She also talked about the challenges of ownership when it comes to disaster recovery planning, and how she’s giving back.
Susan Ibanez
Perhaps the most important skill an inaugural CIO needs is patience, and along with that, a realization that your plans may need to be shelved. “I had built out governance and processes, but I had to take a step back from that and start at the grassroots level,” she said. “Why do they need a CIO? What was the difference was it gonna make? Before we could start talking about that, we had to go back a bit further.
And so, not only did she conduct her own 100-day assessments and SWOT analyses, but she asked leaders from different departments such as network infrastructure, applications, and data security, to do the same. Then, “we put them all together and developed a roadmap” to identify the most pressing priorities. “We’re trying to balance the clinician-patient experience and ensure we have a highly reliable organization.”
The low-hanging fruit, they determined, were tasks like WiFi remediation, replacing the core switch and firewalls, and putting in a new virtual infrastructure. “While a lot of organizations have the good fortune to be able to focus strictly on digital transformation, we’ve had to run parallel tracks of eliminating technical debt and getting a lot of that foundational piece place,” Ibanez noted. “And at the same time, keep up with what we need to do from a digital perspective. It’s really challenging.”
What made it even more daunting for Southeast Georgia was the absence of a C-suite representative. “There was an organizational strategic plan before I got there, but the IT department wasn’t connected to it,” she noted, which meant they often received secondhand information about IT decisions.
As a CIO, “you have that seat at the table. You can have input into the strategic plan, share that communication and build an IT strategic plan that aligns,” Ibanez added. “Because if it doesn't align with the strategic initiatives and plan of the organization, you shouldn't be doing it.”
Another consequence of not having IT leadership? A lack of direction when it comes to disaster planning and business continuity, which weren’t priorities before her arrival. “Those are new concepts to this organization, but by no fault of their own,” she added. “They didn’t have the rigor or structure in place.”
Consequently, one of her team’s key objectives has been building that out by going through cybersecurity tabletop exercises, doing application inventory, and looking at application rationalization.
The other part of that involves getting together with operational owners and asking some very simple questions: in the event of a downtime, what needs to come back up first? What’s your order of operation? And at a more basic level, does your team have downtime processes and procedures?”
The answer isn’t always yes. In fact, “in many organizations there’s an assumption that if it runs on a computer, it's an IT issue,” she noted. And although that’s true in some respects, she encourages leaders to flip the script. “Operations belongs to operations, and so they need to make sure their teams are clear on what to do in a downtime and who’s responsible for what.”
The more information individual departments can provide about downtime procedures, the more effectively IT can do its job to restore services.
Those discussions can be transformative, noted Ibanez. In her experience, they were “eye-opening,” particularly since the default response in many cases seemed to be ‘refer to IT policy,’ Ibanez recalled. “I said, ‘no, you need to stop and think about what your process is. I can tell you what IT is going to do.’ And they were like, ‘okay, that makes sense,’ and they’ve been very thoughtful in putting those together. It’s just a completely new conversation.”
And although that aspect of the role has been extremely fulfilling for Ibanez, her true passion is in helping to educate and advance the next generation of healthcare IT leaders. “It’s really exciting,” she said of her side-gig teaching informatics at Abilene Christian. “I get so energized working with students. I believe we as leaders have an obligation to give back, and this is a way to do that.”
What many students seek is guidance – either on how to achieve their career aspirations, or what field they should pursue. “Some of them don’t know what they want to do. The opportunity I have is to tell them what healthcare and healthcare leadership look like now, and to make sure they know they have options,” she noted. “I ask them, ‘what’s your passion?’ Do you want to work in a health system? In a clinician’s practice?’ I start to lay out the options because sometimes they think, ‘I can only do IT.’” But, as she often reminds people, “if you’re doing IT in healthcare, you’re doing healthcare, and you’re fortunate enough to do it with a technology foundation.”
In her mentoring role, Ibanez encourages students – and anyone in IT, for that matter – to figure out what motivates them and take steps in that direction.
“I wanted to be a clinician, but that’s not my gift,” she noted. “So I got into healthcare the only way I could, which was through technology.”
The technical aspect, she has found, is only part of the equation.
“It’s not just a techie job anymore. A CIO, in my opinion, is a business owner, an operational leader, and a strategy person,” she noted. “You have to understand finance. You have to understand vendor management and contract negotiation, all of it.”
In an organization like Seattle Children’s Hospital, there are no “bad days.” Not because the work isn’t challenging; it most definitely is. But when you’re in the presence of “sick children with multiple tubes in their body who can smile even if they’re in extreme pain,” there simply isn’t room for negativity, according to Zafar Chaudry, MD, SVP and Chief Digital, AI, and Information Officer.
There is, however, room for improvement, especially when it comes to caring for the most vulnerable patients.
Zafar Chaudry, MD
During a recent Keynote interview, he talked about how his team is leveraging a strategic partnership with Google to harness the power of AI to enable clinicians to access critical data at the point of care, and shared insights on the “battle” between AI and providers.
Leading questions
One thing Seattle Children’s has never lacked is data. On the contrary, the organization has amassed volumes of information on how to approach the myriad conditions faced by its pediatric population. The problem? Sifting through all of that evidence-based data and validating it.
To that end, Seattle Children’s has joined forces with Google on a Pathway Assistant that leverages its Gemini models to build a tool that “can interactively help our clinicians answer questions on how to care for a patient based on the symptoms they’re presented with,” he said. Interestingly, “it doesn’t generate anything itself. What it does is understand the data we’ve put into it, and it queries your thought mechanism to get you to a point where the treatment plan is correct for your patient.”
CSW Pathways, he added, asks “leading questions” based on symptoms and other information to help move closer to a diagnosis and treatment program. “Through that back and forth interaction between clinician and AI, it gets you to a point where you very quickly learn what treatment protocols you need to follow and how to take care of that patient.”
It’s an enormous step forward from the past, when a provider had to review the entire asthma pathway before reaching a conclusion – time that would be better spent by interacting with the patient and family.
Phone-a-friend function
What makes the tool successful, according to Chaudry, is the fact that it was developed by both clinicians and technologists. “We had about 40 clinicians work on this to build queries and test the engine, while engineers from Google ingested the data and made sure it was clean.”
And not just clean, but more than 99 percent accurate. “When we first threw the information in, it showed where we had typographical errors in data that we probably wouldn’t have found, because who trolls through thousands of pages of information?”
Not physicians, who already have enough on their plate. What CSW Pathways offers is a “phone-a-friend” function in which AI challenges them to make sure they’re reaching the proper diagnosis.
It’s a prime example of a problem that can be solved through technology, noted Chaudry, who believes it will have “huge benefits” in training the next generation of clinicians. “Hopefully, they’ll start learning the art of prompting so that not only can clinicians speak to the patient in a compassionate human way, but they can also use the tool to get answers,” he said. “There’s a lot of potential for this. It lets people see the true benefit of what you can do with technology.”
Complimentary strengths
It also lends credence to a concept that’s becoming increasingly important: the synergistic partnership between AI and humans. Contrary to popular belief, “there isn’t a battle to be won. They bring complimentary strengths to the table,” Chaudry emphasized.
While human clinicians offer empathy and critical thinking in complex situations, as well as “a nuanced understanding of the patient experience,” AI excels in “data analysis, pattern recognition, automation of repetitive tasks, and the ability to provide object insights.” When added together, the two components have enormous potential, particularly when it comes to complex cases.
“I think the future of healthcare lies in the effective collaboration between humans and AI,” he concluded. “You can augment human capability and free up clinicians to focus on the uniquely human aspects of care.” And although concerns about job displacement shouldn’t be dismissed, the focus should be on identifying proactive solutions that can help retrain and adapt roles to leverage the strength of both of these things.”
When C-suite executives at Tampa General Hospital first expressed interest in implementing Copilot, the last thing James Bowie wanted to do was to extinguish that spirit of innovation.
“They want to be at the forefront of AI, which is a great position to be in,” he said during an Unhack the Podcast interview. But for a CISO, “it’s scary.”
And so Bowie, who has been in the role for 2 years, responded by asking for two weeks to “lock everything down.”
James Bowie
Why? Because when Copilot goes live in an environment, it acts on permissions set by the user, which means if a document has been improperly shared, such as a patient census spreadsheet or a disciplinary report, “everybody has access to it,” he said. “You may not know you have access to it, but Copilot is going to know as soon as you turn it on. And that allows you to make mistakes on an exponential scale.”
That, of course, is something no one wants. Fortunately, Tampa General’s leaders listened – and quickly learned. While demonstrating Copilot, Bowie asked it to find documents with nine consecutive numbers; it immediately revealed that an employee file with social security numbers had been inappropriately shared.
And so, the cybersecurity team got to work, engaging with Varonis to resolve around 3 million incorrectly shared file permissions, and established an automated process to set up triggers and remediate attempts to break into the system. “It’s been a win,” he noted.
It has also marked a dramatic departure from the past, when cybersecurity was “an offshoot of IT,” staffed by individuals who were technically skilled but lacking in communication skills. Despite their efforts, cyber folks were often viewed as ‘no-bots’ who constantly rejected requests, or would “come in and shut everything off,” Bowie said. “It was a bunch of nerds in closets trying to keep things safe.”
As a result, he sought to rebuild that image by developing a stronger sense of empathy among his team. “The idea was, ‘we’re here for you. We’re not just here to tell you what you can’t do. We’re here to help you to be safer all around,’” he noted. And that meant “being nice until it’s time to not be nice.”
With that foundation of trust in place, the next step was to build buy-in. His team chose to focus on the active directory, which has become a common target. “If they’re in, it’s over. They’re going to get your domain,” Bowie said. “They didn’t understand how important that is.”
His team took action, investing $20,000 to have a vendor demonstrate how easy it is to hack the active directory by using LLMNR poisoning attacks.
The plan worked perfectly.
“As that class was going on, requests for changes were coming through to disable this and that,” he recalled. “It was a huge win. For $20,000, we probably reduced $5 million of risk in one weekend.”
The exercise also helped prepare them for events, such as the ransomware attack that threatened the blood supply. “That’s an issue on its own because you already have the PHI components and issues with logistics, but they literally couldn’t deliver blood. That will shut down a hospital [especially a level 1 trauma center] very quickly.”
Fortunately, the incident command center was immediately activated. But with that comes difficult decisions about which systems to bring up. “You constantly have to weigh options,” Bowie said. “I can sit here as a cybersecurity expert and say, ‘No, ‘we’re not turning this back on,’ but there is a chance that someone could die” if the wrong decision is made.
Although it’s not an easy conversation to have, it’s an extremely important one. “It woke my team up quickly,” he continued. “It helped drive the impact home that yes, we’re dealing with bits and bytes, but at the end of the day, those bits and bytes have people attached to them with real consequences.”
The healthcare industry is, according to Ryan Smith, “in a really challenging place.” On top of mounting cost pressures, providers are leaving the profession in droves as the silver tsunami looms.
On the surface, it may seem like innovation should take a backseat. But in fact, that couldn’t be further from the truth.
“It’s not enough just to be working on cost cutting measures,” said Smith, who serves as Chief Digital and Information Officer at Intermountain Health. “Yes, that’s important. We need to be sustainable organizations as we work into the future, but if that’s our whole focus, that’s a death spiral.”
Ryan Smith
Prioritizing innovation, he believes, is what’s going to drive the industry forward. “We’re at such an interesting crossroads” where the nexus of cloud computing, generative AI, and progress around data interoperability are “poised to let us make these leapfrog advances toward rapid digital transformation.”
The tricky part comes in finding the right balance between sustainability and innovation. During a recent Keynote interview, Smith opened up about how Intermountain is building a culture around innovation, the enormous steps they’re taking to move toward simplification – while enabling digital transformation, and the truth about pilots.
One of those enormous steps? Migrating eight disparate EMRs to a single instance of Epic across the enterprise, which includes 33 hospitals and more than 400 clinics across several states. Scheduled to go live in September through a big-bang approach, it’s one of the Epic’s largest cutovers.
But what’s just as critical as the rollout strategy is the decisive governance approach that’s guiding it. From the beginning, Intermountain Chief Clinical Officer JP Valin, MD, has been adamant that the project isn’t owned by Digital Technology Services (DTS). “It’s not just my team,” Smith said. “We have to get 55,000 caregivers comfortable using the system. It’s going to take all of us to be successful.”
What will make that possible, Smith added, is the “operational stakeholder and executive engagement” that has been weaved into the fabric of the organization, and will continue to factor heavily as his team works to advance digital transformation. “I’ve been so impressed to see the level of senior leader engagement” in ensuring that both caregivers and leaders can stay focused on what’s important.
“We have a great level of transparency and expectation within the organization that if a problem starts to surface, instead of trying to stifle it, it is immediately escalated to the appropriate level so that we can help prioritize.”
That top-down support is an instrumental component in any successful governance strategy, he noted. “We’re focused a lot on operational change management because at the end of the day, it's a big part about how we think about innovation.”
That philosophy factors into how Intermountain is approaching one of its core objectives: simplifying the experience for consumers and caregivers by offering a “homogenous, consistent” digital experience.
His team has created a series of digital touch points, each of which focus on different parts of the care journey. The goal is to help patients and caregivers navigate the system, from scheduling and preparing for visits to managing billing. “We put a lot of effort, time and energy into thinking about these moments that matter for our patients and making sure that we have a really consistent process for meeting them where they need us to be from a digital interaction perspective,” Smith said.
Another key priority is robotic process automation, which Intermountain had been actively pursuing long before his arrival. To date, the organization has more than 4,000 RPA-based bots that are helping to automate “hundreds of processes,” either partially or completely, and it shows no signs of slowing down. “We’re going to see automation touch virtually every aspect of the business,” he added. “I’d be surprised if that isn’t ultimately the answer for all of us as healthcare organizations, because we need to get that level of support to be able to remove a lot of the mundane tasks that our caregivers have to do.”
Embracing automation and fostering innovation, however, must be approached carefully, especially with some already feeling the effects of pilot fatigue. One strategy? Limit pilots to a period of 60-90 days, after which they either graduate to the next phase or are placed on the back burner.
“We increasingly look at innovation from a ‘learn early, fail fast’ perspective,” Smith said. “If it fails, that’s okay. And if it’s working, how can we get it to scale and get to full implementation across the organization?”
Along with taking some of the burden off of IT, that strategy also helps keep the focus firmly on innovation, which is “our lifeblood for growth and digital transformation,” he noted. “Ultimately, isn’t that why we’re here? It’s not just keeping the lights on. It’s not just getting our 200 annual projects done. We have to bring in new ways of doing things. It’s our job to enable the rest of the organization to be more nimble, to be more agile, to test things, and to move forward.”
Health system leaders face quite the paradox. The ultimate objective is to transition out of firefighting mode and focus on innovating for the future. The problem is that the fires – or in some cases, water main breaks – keep happening.
It happened a few months ago when Skokie Hospital, a specialty hospital dedicated to orthopedic and spine care, when frozen water damaged the storm sewer, causing the facility to close for three days.
“How do you innovate when you’d just had to cancel all of your surgeries and move patients out of the building?” noted Justin Brueck, System VP of Innovation and Research at Endeavor Health.
Justin Brueck
The short answer involves “leaning into” virtual nursing and ambient listening and embracing cutting-edge concepts like genomics. Doing so, however, requires a different approach than organizations have taken in the past.
During a recent Keynote Interview, Brueck talked about the strategic vision at Endeavor, a community-based system formed from the merger of four Chicago health systems; the areas that are most ripe for innovation; and what it takes to drive transformation without losing your footing.
One of the key questions facing leaders is how to establish a consistent revenue stream that will allow the organization to make investments. “Our mission is to take care of patients. How do we supplement that to make it sustainable,” he said.
That’s where innovation comes into play – or more specifically, his unique title. “I’m constantly sourcing what’s the latest and greatest out there,” Brueck added. “It gives me the opportunity to test out ideas and see which ones are ready for primetime and which need to go through more research.”
Of course, the first step isn’t about finding a solution, but rather, identifying the problem. One of those is the silver tsunami that’s quickly approaching – not just in terms of the aging baby boomers who need medical care, but the large percentage of providers who are nearing retirement. “We’re not going to have enough workers to take care of patients,” Brueck said. “We have to lean into technology. There’s no way around it. We have to become smarter with the resources that we have,” specifically tools like ambient dictation, virtual nursing, and even robotics.
The other part of that involves automating manual and “tedious” tasks, which can free up physicians, nurses, and other caregivers to focus on patient care. “We’re going to have to upskill and get people working at a higher level,” he added.
It may seem obvious, but that’s what innovation should be, according to Brueck. “Innovation has different flavors, but it’s solving for the expected; things that people didn’t have the time or bandwidth to be able to focus on because they’re putting out fires. But we also have to be thinking about how we’re going to radically disrupt ourselves.”
Although it may not seem ‘radical,’ an area that most certainly can be disruptive is genomics. “We’ve got to move out of one-size-fits-all medicine,” and that means identifying tools that can risk-stratify patients to ensure they’re receiving the right level of care. “It all comes down to making sure we’re matching care appropriately,” he said. “It’s not one size fits all. We need to look at personalizing care.”
With research showing that a sizable percentage of risk factors are based on genetics, he believes it’s imperative to focus on utilizing this data to diagnose and treat conditions.
To that end, Endeavor is establishing a Center for Preventative Genomics, with the goal of testing 100,000 patients per year in the Chicago area. The challenge, he noted, isn’t necessarily around the costs, which are far more manageable than in the past. Instead, it’s driving adoption and incorporating genetics into the workflow, which is difficult when physicians report having such a small window to discuss testing with patients.
“I’m really excited to see that a lot of health systems are beginning to look at genetics and how it can be incorporated,” Brueck said, noting that it’s a major step toward achieving true healthcare rather than ‘sick care’. “But until you change the foundation around that and the expectation around clinicians to be aware of all these things, it’s going to continue to be a challenge.”
This is where leaders can apply some of the same principles that are in place for fostering innovation, according to Brueck. During the discussion, he provided valuable insights based on his strategy at Endeavor.
Finally, with any innovation, leaders need to be laser focused on not just the solution itself, but what factors will enable it to scale and what will position it for success. “And it’s not just ideas,” he noted. “We’re going to have to accept the fact that short-term thinking is going to get short term results. We have to start taking bigger swings.”
And while health systems might never be fully ready for radical disruption, they do need to take bold steps that can position themselves for the future.
When it comes to budgeting and prioritization, there’s a tendency in healthcare to make decisions based on available funds.
Deborah Proctor was never a fan of that method.
Because while it might make sense from a fiscal standpoint, it’s not the best approach for ensuring patient needs are met. “To me, it’s backwards,” she said in a Keynote Interview with Bill Russell.
Deborah Proctor
Proctor, who spent more than a decade as CEO of St. Joseph Health (now Providence), believes that it starts with establishing a mission and identifying desired outcomes. “What are the things we need to do next year? What do we invest in to achieve those goals? And then, we’d go out and find the money.”
Of course, doing so required a solid foundation and strong culture, which she worked hard to cultivate at St. Joseph. During the interview, Proctor opened up about the keys to creating a mission-driven culture, and the hard stance leaders must be prepared to take.
Despite where she ended up, Proctor had no aspirations in her early career of becoming a CEO. In fact, it was a conversation with one of the Catholic sisters that convinced her to put a hat in the ring when the position opened at St. Joseph’s. “I didn’t know that I could do the job,” she said. Fortunately, she had support from colleagues, along with a keen interest in “how organizations work, what makes them tick, and how to accomplish things through the culture of an organization.”
When Proctor stepped into the role, however, she quickly learned that culture was lacking at St. Joseph, which operated more like several individual entities than a system. Her strategy, therefore, was to “operate with a local focus while trying to collaboration on certain efforts.”
In the meantime, the culture – or lack thereof – needed to be addressed. Part of that was recognizing that “culture isn’t an add-on,” but rather, the base on which other components sit. “It’s everything,” and therefore, understanding it is vital.
But that’s just the beginning. “I believe strongly that you have to have a clear mission. You have to have an energizing vision statement. You have to have underlying values,” Proctor said. “Culture allows you to achieve all that. It's the way we get things done.”
When Proctor arrived at St. Joseph, the value statement was “foggy.” And so, she gathered a group including management, physicians, board members, and sponsors to gain clarity on how the organization would define and measure value.
That meeting – a three-day, intensive retreat – produced three core pillars: perfect patient care, which meant “making sure that patients received perfect care 100 percent of the time”; community health (ranking in the top percentage of healthy communities in the country); and sacred encounters, which takes customer service a step further.
The idea was to cultivate a true set of values – not some words that merely hang on the wall. “Those don’t mean anything,” she said. “Culture is taking that mission and those values and putting it to work and figuring out how do we successfully get the results that we intended.”
The situation in which Proctor found herself at the beginning of her tenure (leading 16 seemingly separate organizations) isn’t unusual, particularly as mergers and acquisitions continue to climb. Still, it’s not an easy situation to navigate.
“In the past, the hospital had put their individual budgets together and said, ‘this is what we need,’ and we would roll that up and see what it added up to,” she recalled. “I was trying to create an organization that moved collectively toward a set of outcomes.”
One of her first moves was to involve all of her direct report CEOs in the prioritization process. That way, “CEOs couldn’t just argue for their organizations,” she said. “We had a system by which we put everything on the table that everything that had been asked for, and prioritized those according to what we had to achieve through our outcomes.”
It came down to a simple premise: Is this the right thing for us to do? “There’s a limit to what we can spend,” Proctor said. By leveraging the pillars of mission, vision, value, and outcomes, leaders can make more informed choices that cater to the most pressing needs. “Without having those in place, you’re making random decisions. There just has to be real clarity about what drivers lead to a set of outcomes.”
Creating this type of culture, of course, doesn’t come easily. For leaders, it means being willing to take a hard stance – and take accountability. “The leader has to be the final word,” she noted. “You can prioritize collectively, but at some point, there are tough decisions to make. It’s my decision, and I’ll take the accolades or the punishment at the end of the day.”
That “courageous leadership,” Proctor believes, is what separates good from great, and is what the industry needs to tackle the challenges of today and tomorrow.
As the cybersecurity environment changes and our understanding of how to safeguard data improves, it’s becoming increasingly evident that new philosophies and approaches are needed.
And it starts with something as simple as changing the terminology, according to Heather Costa, whose own title – Director of Technology Resilience at Mayo Clinic – reflects that transformation.
“Disaster recovery has historically been about physical disruption. It’s been an all-or-nothing approach of being able to failover if a meteor hits the data center,” she noted. “We all know that’s not what the threat landscape looks like.”
Heather Costa
Instead, healthcare organizations are dealing with phishing attacks and malware that are forcing leaders to dig deeper when examining data and backups and ask if they’re clean and available. “Those aren’t questions that we had to answer in a traditional disaster recovery setting, and that changes everything.”
It’s a change, however, that Costa welcomes with open arms. During a recent Unhack the Podcast with Drex DeFord (Ppresident of This Week Health's 229 Cyber and Risk Community), she opened up about why the focus should be on resilience, how her own team’s strategy has evolved, and the importance of strong governance in making any plan work.
Costa may have a somewhat of a reputation as a “disruptor,” yet still, she undoubtedly raised some eyebrows when she made a move to rebrand her team just weeks after joining Mayo Clinic. But based on her experiences with Cleveland Clinic and PNC, shifting from disaster recovery to resilience was the right move.
One reason? The recovery process for a cybersecurity incident takes five times as long as other processes, which makes it critical to prioritize resilience. Another key factor is scalability, she added. “We’re looking at how we can get the most benefits from the work that we're doing; that it can serve us for a small disruption, a physical disruption, or simply a technology issue.”
With the different philosophy Costa brings to the table comes a different approach; one that involves more asking and less telling. “The key is to meet people where they are. We don't talk about our work; we talk about their work. I want to understand what they do and what they need,” she explained. And not just in terms of the technology, but people and processes as well. “Those things are foundational, and then you layer technology on top of it to support them.”
And by getting staff to open up, her team is able to identify the problem and develop a set of solutions. On the other hand, if leaders try to implement a tool without understanding the actual problem, “you’ll spin around trying to find a solution,” she said.
Another core component of resilience is the strategy used to determine which areas need attention first in the event of an incident. “The order in which we’re recovering matters to the patient, to clinical operations, and to business operations,” Costa said. “You have to map that out very closely and you have to be able to granularly say, ‘this is priority one, this is two, this is three,’ instead of having big buckets that are tier one and tier two.”
In doing so, organizations create what she termed a “minimum viable” to determine the processes that are most critical to patient care and safety – most of which sit inside the ED and ICU – and prioritize them.
Of course, no systems will be at 100 percent, Costa cautioned. “They won’t be the most efficient. They won’t have all of the enhancements and bells and whistles that they normally have. It’s going to be clunky. And it's going to require manual processes in some of those areas, which is going to slow them down. But at minimum, this is what keeps people alive.”
Preventing that catastrophic impact is what’s most important, she said. And so, when her team conducts recovery tests, they look at more than just whether data were recovered and in what time frame. “We’re looking at what we recovered and how it’s different from previous tests,” she noted. “Did we improve some areas? Did we shorten the recovery time? There needs to be a marker of improvement.”
That improvement, whether it’s in testing or any aspect of resilience, is going to be gradual, which requires a patience not often found in healthcare initiatives. “We tend to want perfection and if there’s anything I've learned, there’s no perfection in this work,” she said. “It’s a program, not a project. We’ll never put a pin in it and call it done. We have to be on that path of continuous improvement, and we have to be okay with that.”
© Copyright 2024 Health Lyrics All rights reserved
