There are several myths floating around in healthcare. One of the most troubling, according to Reid Stephan (VP and CIO at St. Luke’s Health System), is the idea that clinicians are change resistant.
In fact, he believes it’s “lazy” to suggest that’s the case. “They’re overwhelmed. They’re drowning. And so, any added task, even one extra mouse click, can be the extra water that breaks the damn.”
Since EHRs first became part of the vernacular some two decades ago, clinicians have been dealt massive amounts of change, and have handled it quite well.
That’s the good news. The not-so-good news is that change isn’t going to slow down anytime soon, particularly as AI technologies become increasingly pervasive.
As a result, CIOs and other leaders face added pressure to prioritize the needs of frontline workers and make sure technology fits into their workflow. “The AI of the future has to be out of the way and require virtually no training,” he noted.
Reid Stephan
During a recent Keynote Interview, Stephan spoke about the ever-evolving relationship between CIOs and vendor partners, and how it can affect users. He also provided insights on the quest for the “middle truth” when it comes to AI initiatives; the role of EHRs as gatekeepers; and why, now more than ever, no one should settle for “good enough.”
One of the most critical aspects of a successful partnership between IT leaders and vendors is trust, according to Stephan, who commended St. Luke’s relationship with Epic as well as the EMR provider’s “genuine desire to improve healthcare.”
The challenge in working with Epic is that “sometimes we settle for a good enough mindset when excellence is within reach.” For example, if a CIO asks their internal Epic team analyst to see the roadmap, and they’re given a blueprint for Epic itself rather than the organization. “That’s a problem,” he added. “That’s not strategy; it’s vendor alignment dressed up as vision.”
And although his team operates with an Epic-first strategy, both due to the quality of its products and the high cost and complexity of using third-party solutions, Stephen believes leaders owe it to their clinicians to adhere to the highest possible standards.
“What if 80 percent isn’t good enough? Or what if the Epic solution technically checks all the boxes, but the user experience is frustrating, because it doesn’t solve the problem that needs to be solved? We can’t allow functionality to be a substitute for usability.”
What leaders should do, he added, is to raise the bar by asking for a “more modern, intuitive design” from EHR providers. “We need to expect and demand deeper, cleaner, more open integrations when we have to go beyond what Epic can offer,” he said. “We need to expect that our needs – and not just Epic’s roadmap – are guiding what we build, what we buy, and what we adopt.”
Part of the more modern Stephan seeks with EHRs is the ability to incorporate AI capabilities – something he believes is lacking. “Our EHRs are the gatekeepers, and that gate is effectively locked,” he noted, adding that “integration friction” can prove fatal to transformation initiatives. In some cases, EHRs aren’t just “hard to integrate with; they’re actively hostile.”
For that reason, he strongly urged CIOs and other leaders to educate themselves about AI, surround themselves with experts, and don’t hesitate to raise questions – especially when predictions vary so widely. “We’ve gone very quickly from ‘AI hasn’t delivered much’ to ‘it’s going to replace most doctors and teachers,’” he said. “What’s the middle truth? What has to happen over the next decade to certify or add credence to either of those statements?’”
That’s where the questioning comes in, Stephan noted, adding that AI is being marketed as transformative when in reality, it’s basic rule-based logic wrapped in a package, and people are starting to call that out.”
They’re also demanding solutions that require minimal training while offering the benefits that have been promised with AI. “People don’t want tools that look smart. They want tools that are simple,” he said. And “they don’t want AI to take over. They want it to work.”
The same can be said for C-suite executives who are part of the decision-making process around AI initiatives. Rather than focusing on the shiny new toys, his main concern is that the 550 members of the IT department have the tools and training needed to do their jobs effectively. “Do they feel supported and celebrated in the work they do? Do they feel safe? Do they feel like they can take reasonable risks in the work they do and learn from that?”
That’s the main objective, he remarked, adding that the CIO has become, in many ways, “more like a generalized administrator.
“If you’re worrying about cybersecurity or the network or applications at a micro level, you’re not adding value. Quite honestly, you’re probably stepping on team members who are doing good work.”
And, as we’re learning, the last thing anyone needs, whether it’s clinical, IT, or other areas, are barriers.
When Susan Ibanez took on the role of CIO at Southeast Georgia Health System, there wasn’t a predecessor to hand over the playbook – because there wasn’t a predecessor. There wasn’t exactly a playbook either – at least, not the type Ibanez had become accustomed to during her healthcare leadership career.
What she did have, however, was a strong team that was poised to move forward and willing to learn.
During a recent Keynote interview, Ibanez shared insights on how she is navigating the new position and guiding the development of a new strategic roadmap. She also talked about the challenges of ownership when it comes to disaster recovery planning, and how she’s giving back.
Susan Ibanez
Perhaps the most important skill an inaugural CIO needs is patience, and along with that, a realization that your plans may need to be shelved. “I had built out governance and processes, but I had to take a step back from that and start at the grassroots level,” she said. “Why do they need a CIO? What was the difference was it gonna make? Before we could start talking about that, we had to go back a bit further.
And so, not only did she conduct her own 100-day assessments and SWOT analyses, but she asked leaders from different departments such as network infrastructure, applications, and data security, to do the same. Then, “we put them all together and developed a roadmap” to identify the most pressing priorities. “We’re trying to balance the clinician-patient experience and ensure we have a highly reliable organization.”
The low-hanging fruit, they determined, were tasks like WiFi remediation, replacing the core switch and firewalls, and putting in a new virtual infrastructure. “While a lot of organizations have the good fortune to be able to focus strictly on digital transformation, we’ve had to run parallel tracks of eliminating technical debt and getting a lot of that foundational piece place,” Ibanez noted. “And at the same time, keep up with what we need to do from a digital perspective. It’s really challenging.”
What made it even more daunting for Southeast Georgia was the absence of a C-suite representative. “There was an organizational strategic plan before I got there, but the IT department wasn’t connected to it,” she noted, which meant they often received secondhand information about IT decisions.
As a CIO, “you have that seat at the table. You can have input into the strategic plan, share that communication and build an IT strategic plan that aligns,” Ibanez added. “Because if it doesn't align with the strategic initiatives and plan of the organization, you shouldn't be doing it.”
Another consequence of not having IT leadership? A lack of direction when it comes to disaster planning and business continuity, which weren’t priorities before her arrival. “Those are new concepts to this organization, but by no fault of their own,” she added. “They didn’t have the rigor or structure in place.”
Consequently, one of her team’s key objectives has been building that out by going through cybersecurity tabletop exercises, doing application inventory, and looking at application rationalization.
The other part of that involves getting together with operational owners and asking some very simple questions: in the event of a downtime, what needs to come back up first? What’s your order of operation? And at a more basic level, does your team have downtime processes and procedures?”
The answer isn’t always yes. In fact, “in many organizations there’s an assumption that if it runs on a computer, it's an IT issue,” she noted. And although that’s true in some respects, she encourages leaders to flip the script. “Operations belongs to operations, and so they need to make sure their teams are clear on what to do in a downtime and who’s responsible for what.”
The more information individual departments can provide about downtime procedures, the more effectively IT can do its job to restore services.
Those discussions can be transformative, noted Ibanez. In her experience, they were “eye-opening,” particularly since the default response in many cases seemed to be ‘refer to IT policy,’ Ibanez recalled. “I said, ‘no, you need to stop and think about what your process is. I can tell you what IT is going to do.’ And they were like, ‘okay, that makes sense,’ and they’ve been very thoughtful in putting those together. It’s just a completely new conversation.”
And although that aspect of the role has been extremely fulfilling for Ibanez, her true passion is in helping to educate and advance the next generation of healthcare IT leaders. “It’s really exciting,” she said of her side-gig teaching informatics at Abilene Christian. “I get so energized working with students. I believe we as leaders have an obligation to give back, and this is a way to do that.”
What many students seek is guidance – either on how to achieve their career aspirations, or what field they should pursue. “Some of them don’t know what they want to do. The opportunity I have is to tell them what healthcare and healthcare leadership look like now, and to make sure they know they have options,” she noted. “I ask them, ‘what’s your passion?’ Do you want to work in a health system? In a clinician’s practice?’ I start to lay out the options because sometimes they think, ‘I can only do IT.’” But, as she often reminds people, “if you’re doing IT in healthcare, you’re doing healthcare, and you’re fortunate enough to do it with a technology foundation.”
In her mentoring role, Ibanez encourages students – and anyone in IT, for that matter – to figure out what motivates them and take steps in that direction.
“I wanted to be a clinician, but that’s not my gift,” she noted. “So I got into healthcare the only way I could, which was through technology.”
The technical aspect, she has found, is only part of the equation.
“It’s not just a techie job anymore. A CIO, in my opinion, is a business owner, an operational leader, and a strategy person,” she noted. “You have to understand finance. You have to understand vendor management and contract negotiation, all of it.”
In an organization like Seattle Children’s Hospital, there are no “bad days.” Not because the work isn’t challenging; it most definitely is. But when you’re in the presence of “sick children with multiple tubes in their body who can smile even if they’re in extreme pain,” there simply isn’t room for negativity, according to Zafar Chaudry, MD, SVP and Chief Digital, AI, and Information Officer.
There is, however, room for improvement, especially when it comes to caring for the most vulnerable patients.
Zafar Chaudry, MD
During a recent Keynote interview, he talked about how his team is leveraging a strategic partnership with Google to harness the power of AI to enable clinicians to access critical data at the point of care, and shared insights on the “battle” between AI and providers.
Leading questions
One thing Seattle Children’s has never lacked is data. On the contrary, the organization has amassed volumes of information on how to approach the myriad conditions faced by its pediatric population. The problem? Sifting through all of that evidence-based data and validating it.
To that end, Seattle Children’s has joined forces with Google on a Pathway Assistant that leverages its Gemini models to build a tool that “can interactively help our clinicians answer questions on how to care for a patient based on the symptoms they’re presented with,” he said. Interestingly, “it doesn’t generate anything itself. What it does is understand the data we’ve put into it, and it queries your thought mechanism to get you to a point where the treatment plan is correct for your patient.”
CSW Pathways, he added, asks “leading questions” based on symptoms and other information to help move closer to a diagnosis and treatment program. “Through that back and forth interaction between clinician and AI, it gets you to a point where you very quickly learn what treatment protocols you need to follow and how to take care of that patient.”
It’s an enormous step forward from the past, when a provider had to review the entire asthma pathway before reaching a conclusion – time that would be better spent by interacting with the patient and family.
Phone-a-friend function
What makes the tool successful, according to Chaudry, is the fact that it was developed by both clinicians and technologists. “We had about 40 clinicians work on this to build queries and test the engine, while engineers from Google ingested the data and made sure it was clean.”
And not just clean, but more than 99 percent accurate. “When we first threw the information in, it showed where we had typographical errors in data that we probably wouldn’t have found, because who trolls through thousands of pages of information?”
Not physicians, who already have enough on their plate. What CSW Pathways offers is a “phone-a-friend” function in which AI challenges them to make sure they’re reaching the proper diagnosis.
It’s a prime example of a problem that can be solved through technology, noted Chaudry, who believes it will have “huge benefits” in training the next generation of clinicians. “Hopefully, they’ll start learning the art of prompting so that not only can clinicians speak to the patient in a compassionate human way, but they can also use the tool to get answers,” he said. “There’s a lot of potential for this. It lets people see the true benefit of what you can do with technology.”
Complimentary strengths
It also lends credence to a concept that’s becoming increasingly important: the synergistic partnership between AI and humans. Contrary to popular belief, “there isn’t a battle to be won. They bring complimentary strengths to the table,” Chaudry emphasized.
While human clinicians offer empathy and critical thinking in complex situations, as well as “a nuanced understanding of the patient experience,” AI excels in “data analysis, pattern recognition, automation of repetitive tasks, and the ability to provide object insights.” When added together, the two components have enormous potential, particularly when it comes to complex cases.
“I think the future of healthcare lies in the effective collaboration between humans and AI,” he concluded. “You can augment human capability and free up clinicians to focus on the uniquely human aspects of care.” And although concerns about job displacement shouldn’t be dismissed, the focus should be on identifying proactive solutions that can help retrain and adapt roles to leverage the strength of both of these things.”
When C-suite executives at Tampa General Hospital first expressed interest in implementing Copilot, the last thing James Bowie wanted to do was to extinguish that spirit of innovation.
“They want to be at the forefront of AI, which is a great position to be in,” he said during an Unhack the Podcast interview. But for a CISO, “it’s scary.”
And so Bowie, who has been in the role for 2 years, responded by asking for two weeks to “lock everything down.”
James Bowie
Why? Because when Copilot goes live in an environment, it acts on permissions set by the user, which means if a document has been improperly shared, such as a patient census spreadsheet or a disciplinary report, “everybody has access to it,” he said. “You may not know you have access to it, but Copilot is going to know as soon as you turn it on. And that allows you to make mistakes on an exponential scale.”
That, of course, is something no one wants. Fortunately, Tampa General’s leaders listened – and quickly learned. While demonstrating Copilot, Bowie asked it to find documents with nine consecutive numbers; it immediately revealed that an employee file with social security numbers had been inappropriately shared.
And so, the cybersecurity team got to work, engaging with Varonis to resolve around 3 million incorrectly shared file permissions, and established an automated process to set up triggers and remediate attempts to break into the system. “It’s been a win,” he noted.
It has also marked a dramatic departure from the past, when cybersecurity was “an offshoot of IT,” staffed by individuals who were technically skilled but lacking in communication skills. Despite their efforts, cyber folks were often viewed as ‘no-bots’ who constantly rejected requests, or would “come in and shut everything off,” Bowie said. “It was a bunch of nerds in closets trying to keep things safe.”
As a result, he sought to rebuild that image by developing a stronger sense of empathy among his team. “The idea was, ‘we’re here for you. We’re not just here to tell you what you can’t do. We’re here to help you to be safer all around,’” he noted. And that meant “being nice until it’s time to not be nice.”
With that foundation of trust in place, the next step was to build buy-in. His team chose to focus on the active directory, which has become a common target. “If they’re in, it’s over. They’re going to get your domain,” Bowie said. “They didn’t understand how important that is.”
His team took action, investing $20,000 to have a vendor demonstrate how easy it is to hack the active directory by using LLMNR poisoning attacks.
The plan worked perfectly.
“As that class was going on, requests for changes were coming through to disable this and that,” he recalled. “It was a huge win. For $20,000, we probably reduced $5 million of risk in one weekend.”
The exercise also helped prepare them for events, such as the ransomware attack that threatened the blood supply. “That’s an issue on its own because you already have the PHI components and issues with logistics, but they literally couldn’t deliver blood. That will shut down a hospital [especially a level 1 trauma center] very quickly.”
Fortunately, the incident command center was immediately activated. But with that comes difficult decisions about which systems to bring up. “You constantly have to weigh options,” Bowie said. “I can sit here as a cybersecurity expert and say, ‘No, ‘we’re not turning this back on,’ but there is a chance that someone could die” if the wrong decision is made.
Although it’s not an easy conversation to have, it’s an extremely important one. “It woke my team up quickly,” he continued. “It helped drive the impact home that yes, we’re dealing with bits and bytes, but at the end of the day, those bits and bytes have people attached to them with real consequences.”
The healthcare industry is, according to Ryan Smith, “in a really challenging place.” On top of mounting cost pressures, providers are leaving the profession in droves as the silver tsunami looms.
On the surface, it may seem like innovation should take a backseat. But in fact, that couldn’t be further from the truth.
“It’s not enough just to be working on cost cutting measures,” said Smith, who serves as Chief Digital and Information Officer at Intermountain Health. “Yes, that’s important. We need to be sustainable organizations as we work into the future, but if that’s our whole focus, that’s a death spiral.”
Ryan Smith
Prioritizing innovation, he believes, is what’s going to drive the industry forward. “We’re at such an interesting crossroads” where the nexus of cloud computing, generative AI, and progress around data interoperability are “poised to let us make these leapfrog advances toward rapid digital transformation.”
The tricky part comes in finding the right balance between sustainability and innovation. During a recent Keynote interview, Smith opened up about how Intermountain is building a culture around innovation, the enormous steps they’re taking to move toward simplification – while enabling digital transformation, and the truth about pilots.
One of those enormous steps? Migrating eight disparate EMRs to a single instance of Epic across the enterprise, which includes 33 hospitals and more than 400 clinics across several states. Scheduled to go live in September through a big-bang approach, it’s one of the Epic’s largest cutovers.
But what’s just as critical as the rollout strategy is the decisive governance approach that’s guiding it. From the beginning, Intermountain Chief Clinical Officer JP Valin, MD, has been adamant that the project isn’t owned by Digital Technology Services (DTS). “It’s not just my team,” Smith said. “We have to get 55,000 caregivers comfortable using the system. It’s going to take all of us to be successful.”
What will make that possible, Smith added, is the “operational stakeholder and executive engagement” that has been weaved into the fabric of the organization, and will continue to factor heavily as his team works to advance digital transformation. “I’ve been so impressed to see the level of senior leader engagement” in ensuring that both caregivers and leaders can stay focused on what’s important.
“We have a great level of transparency and expectation within the organization that if a problem starts to surface, instead of trying to stifle it, it is immediately escalated to the appropriate level so that we can help prioritize.”
That top-down support is an instrumental component in any successful governance strategy, he noted. “We’re focused a lot on operational change management because at the end of the day, it's a big part about how we think about innovation.”
That philosophy factors into how Intermountain is approaching one of its core objectives: simplifying the experience for consumers and caregivers by offering a “homogenous, consistent” digital experience.
His team has created a series of digital touch points, each of which focus on different parts of the care journey. The goal is to help patients and caregivers navigate the system, from scheduling and preparing for visits to managing billing. “We put a lot of effort, time and energy into thinking about these moments that matter for our patients and making sure that we have a really consistent process for meeting them where they need us to be from a digital interaction perspective,” Smith said.
Another key priority is robotic process automation, which Intermountain had been actively pursuing long before his arrival. To date, the organization has more than 4,000 RPA-based bots that are helping to automate “hundreds of processes,” either partially or completely, and it shows no signs of slowing down. “We’re going to see automation touch virtually every aspect of the business,” he added. “I’d be surprised if that isn’t ultimately the answer for all of us as healthcare organizations, because we need to get that level of support to be able to remove a lot of the mundane tasks that our caregivers have to do.”
Embracing automation and fostering innovation, however, must be approached carefully, especially with some already feeling the effects of pilot fatigue. One strategy? Limit pilots to a period of 60-90 days, after which they either graduate to the next phase or are placed on the back burner.
“We increasingly look at innovation from a ‘learn early, fail fast’ perspective,” Smith said. “If it fails, that’s okay. And if it’s working, how can we get it to scale and get to full implementation across the organization?”
Along with taking some of the burden off of IT, that strategy also helps keep the focus firmly on innovation, which is “our lifeblood for growth and digital transformation,” he noted. “Ultimately, isn’t that why we’re here? It’s not just keeping the lights on. It’s not just getting our 200 annual projects done. We have to bring in new ways of doing things. It’s our job to enable the rest of the organization to be more nimble, to be more agile, to test things, and to move forward.”
Health system leaders face quite the paradox. The ultimate objective is to transition out of firefighting mode and focus on innovating for the future. The problem is that the fires – or in some cases, water main breaks – keep happening.
It happened a few months ago when Skokie Hospital, a specialty hospital dedicated to orthopedic and spine care, when frozen water damaged the storm sewer, causing the facility to close for three days.
“How do you innovate when you’d just had to cancel all of your surgeries and move patients out of the building?” noted Justin Brueck, System VP of Innovation and Research at Endeavor Health.
Justin Brueck
The short answer involves “leaning into” virtual nursing and ambient listening and embracing cutting-edge concepts like genomics. Doing so, however, requires a different approach than organizations have taken in the past.
During a recent Keynote Interview, Brueck talked about the strategic vision at Endeavor, a community-based system formed from the merger of four Chicago health systems; the areas that are most ripe for innovation; and what it takes to drive transformation without losing your footing.
One of the key questions facing leaders is how to establish a consistent revenue stream that will allow the organization to make investments. “Our mission is to take care of patients. How do we supplement that to make it sustainable,” he said.
That’s where innovation comes into play – or more specifically, his unique title. “I’m constantly sourcing what’s the latest and greatest out there,” Brueck added. “It gives me the opportunity to test out ideas and see which ones are ready for primetime and which need to go through more research.”
Of course, the first step isn’t about finding a solution, but rather, identifying the problem. One of those is the silver tsunami that’s quickly approaching – not just in terms of the aging baby boomers who need medical care, but the large percentage of providers who are nearing retirement. “We’re not going to have enough workers to take care of patients,” Brueck said. “We have to lean into technology. There’s no way around it. We have to become smarter with the resources that we have,” specifically tools like ambient dictation, virtual nursing, and even robotics.
The other part of that involves automating manual and “tedious” tasks, which can free up physicians, nurses, and other caregivers to focus on patient care. “We’re going to have to upskill and get people working at a higher level,” he added.
It may seem obvious, but that’s what innovation should be, according to Brueck. “Innovation has different flavors, but it’s solving for the expected; things that people didn’t have the time or bandwidth to be able to focus on because they’re putting out fires. But we also have to be thinking about how we’re going to radically disrupt ourselves.”
Although it may not seem ‘radical,’ an area that most certainly can be disruptive is genomics. “We’ve got to move out of one-size-fits-all medicine,” and that means identifying tools that can risk-stratify patients to ensure they’re receiving the right level of care. “It all comes down to making sure we’re matching care appropriately,” he said. “It’s not one size fits all. We need to look at personalizing care.”
With research showing that a sizable percentage of risk factors are based on genetics, he believes it’s imperative to focus on utilizing this data to diagnose and treat conditions.
To that end, Endeavor is establishing a Center for Preventative Genomics, with the goal of testing 100,000 patients per year in the Chicago area. The challenge, he noted, isn’t necessarily around the costs, which are far more manageable than in the past. Instead, it’s driving adoption and incorporating genetics into the workflow, which is difficult when physicians report having such a small window to discuss testing with patients.
“I’m really excited to see that a lot of health systems are beginning to look at genetics and how it can be incorporated,” Brueck said, noting that it’s a major step toward achieving true healthcare rather than ‘sick care’. “But until you change the foundation around that and the expectation around clinicians to be aware of all these things, it’s going to continue to be a challenge.”
This is where leaders can apply some of the same principles that are in place for fostering innovation, according to Brueck. During the discussion, he provided valuable insights based on his strategy at Endeavor.
Finally, with any innovation, leaders need to be laser focused on not just the solution itself, but what factors will enable it to scale and what will position it for success. “And it’s not just ideas,” he noted. “We’re going to have to accept the fact that short-term thinking is going to get short term results. We have to start taking bigger swings.”
And while health systems might never be fully ready for radical disruption, they do need to take bold steps that can position themselves for the future.
When it comes to budgeting and prioritization, there’s a tendency in healthcare to make decisions based on available funds.
Deborah Proctor was never a fan of that method.
Because while it might make sense from a fiscal standpoint, it’s not the best approach for ensuring patient needs are met. “To me, it’s backwards,” she said in a Keynote Interview with Bill Russell.
Deborah Proctor
Proctor, who spent more than a decade as CEO of St. Joseph Health (now Providence), believes that it starts with establishing a mission and identifying desired outcomes. “What are the things we need to do next year? What do we invest in to achieve those goals? And then, we’d go out and find the money.”
Of course, doing so required a solid foundation and strong culture, which she worked hard to cultivate at St. Joseph. During the interview, Proctor opened up about the keys to creating a mission-driven culture, and the hard stance leaders must be prepared to take.
Despite where she ended up, Proctor had no aspirations in her early career of becoming a CEO. In fact, it was a conversation with one of the Catholic sisters that convinced her to put a hat in the ring when the position opened at St. Joseph’s. “I didn’t know that I could do the job,” she said. Fortunately, she had support from colleagues, along with a keen interest in “how organizations work, what makes them tick, and how to accomplish things through the culture of an organization.”
When Proctor stepped into the role, however, she quickly learned that culture was lacking at St. Joseph, which operated more like several individual entities than a system. Her strategy, therefore, was to “operate with a local focus while trying to collaboration on certain efforts.”
In the meantime, the culture – or lack thereof – needed to be addressed. Part of that was recognizing that “culture isn’t an add-on,” but rather, the base on which other components sit. “It’s everything,” and therefore, understanding it is vital.
But that’s just the beginning. “I believe strongly that you have to have a clear mission. You have to have an energizing vision statement. You have to have underlying values,” Proctor said. “Culture allows you to achieve all that. It's the way we get things done.”
When Proctor arrived at St. Joseph, the value statement was “foggy.” And so, she gathered a group including management, physicians, board members, and sponsors to gain clarity on how the organization would define and measure value.
That meeting – a three-day, intensive retreat – produced three core pillars: perfect patient care, which meant “making sure that patients received perfect care 100 percent of the time”; community health (ranking in the top percentage of healthy communities in the country); and sacred encounters, which takes customer service a step further.
The idea was to cultivate a true set of values – not some words that merely hang on the wall. “Those don’t mean anything,” she said. “Culture is taking that mission and those values and putting it to work and figuring out how do we successfully get the results that we intended.”
The situation in which Proctor found herself at the beginning of her tenure (leading 16 seemingly separate organizations) isn’t unusual, particularly as mergers and acquisitions continue to climb. Still, it’s not an easy situation to navigate.
“In the past, the hospital had put their individual budgets together and said, ‘this is what we need,’ and we would roll that up and see what it added up to,” she recalled. “I was trying to create an organization that moved collectively toward a set of outcomes.”
One of her first moves was to involve all of her direct report CEOs in the prioritization process. That way, “CEOs couldn’t just argue for their organizations,” she said. “We had a system by which we put everything on the table that everything that had been asked for, and prioritized those according to what we had to achieve through our outcomes.”
It came down to a simple premise: Is this the right thing for us to do? “There’s a limit to what we can spend,” Proctor said. By leveraging the pillars of mission, vision, value, and outcomes, leaders can make more informed choices that cater to the most pressing needs. “Without having those in place, you’re making random decisions. There just has to be real clarity about what drivers lead to a set of outcomes.”
Creating this type of culture, of course, doesn’t come easily. For leaders, it means being willing to take a hard stance – and take accountability. “The leader has to be the final word,” she noted. “You can prioritize collectively, but at some point, there are tough decisions to make. It’s my decision, and I’ll take the accolades or the punishment at the end of the day.”
That “courageous leadership,” Proctor believes, is what separates good from great, and is what the industry needs to tackle the challenges of today and tomorrow.
As the cybersecurity environment changes and our understanding of how to safeguard data improves, it’s becoming increasingly evident that new philosophies and approaches are needed.
And it starts with something as simple as changing the terminology, according to Heather Costa, whose own title – Director of Technology Resilience at Mayo Clinic – reflects that transformation.
“Disaster recovery has historically been about physical disruption. It’s been an all-or-nothing approach of being able to failover if a meteor hits the data center,” she noted. “We all know that’s not what the threat landscape looks like.”
Heather Costa
Instead, healthcare organizations are dealing with phishing attacks and malware that are forcing leaders to dig deeper when examining data and backups and ask if they’re clean and available. “Those aren’t questions that we had to answer in a traditional disaster recovery setting, and that changes everything.”
It’s a change, however, that Costa welcomes with open arms. During a recent Unhack the Podcast with Drex DeFord (Ppresident of This Week Health's 229 Cyber and Risk Community), she opened up about why the focus should be on resilience, how her own team’s strategy has evolved, and the importance of strong governance in making any plan work.
Costa may have a somewhat of a reputation as a “disruptor,” yet still, she undoubtedly raised some eyebrows when she made a move to rebrand her team just weeks after joining Mayo Clinic. But based on her experiences with Cleveland Clinic and PNC, shifting from disaster recovery to resilience was the right move.
One reason? The recovery process for a cybersecurity incident takes five times as long as other processes, which makes it critical to prioritize resilience. Another key factor is scalability, she added. “We’re looking at how we can get the most benefits from the work that we're doing; that it can serve us for a small disruption, a physical disruption, or simply a technology issue.”
With the different philosophy Costa brings to the table comes a different approach; one that involves more asking and less telling. “The key is to meet people where they are. We don't talk about our work; we talk about their work. I want to understand what they do and what they need,” she explained. And not just in terms of the technology, but people and processes as well. “Those things are foundational, and then you layer technology on top of it to support them.”
And by getting staff to open up, her team is able to identify the problem and develop a set of solutions. On the other hand, if leaders try to implement a tool without understanding the actual problem, “you’ll spin around trying to find a solution,” she said.
Another core component of resilience is the strategy used to determine which areas need attention first in the event of an incident. “The order in which we’re recovering matters to the patient, to clinical operations, and to business operations,” Costa said. “You have to map that out very closely and you have to be able to granularly say, ‘this is priority one, this is two, this is three,’ instead of having big buckets that are tier one and tier two.”
In doing so, organizations create what she termed a “minimum viable” to determine the processes that are most critical to patient care and safety – most of which sit inside the ED and ICU – and prioritize them.
Of course, no systems will be at 100 percent, Costa cautioned. “They won’t be the most efficient. They won’t have all of the enhancements and bells and whistles that they normally have. It’s going to be clunky. And it's going to require manual processes in some of those areas, which is going to slow them down. But at minimum, this is what keeps people alive.”
Preventing that catastrophic impact is what’s most important, she said. And so, when her team conducts recovery tests, they look at more than just whether data were recovered and in what time frame. “We’re looking at what we recovered and how it’s different from previous tests,” she noted. “Did we improve some areas? Did we shorten the recovery time? There needs to be a marker of improvement.”
That improvement, whether it’s in testing or any aspect of resilience, is going to be gradual, which requires a patience not often found in healthcare initiatives. “We tend to want perfection and if there’s anything I've learned, there’s no perfection in this work,” she said. “It’s a program, not a project. We’ll never put a pin in it and call it done. We have to be on that path of continuous improvement, and we have to be okay with that.”
Much has been stated and written in recent years about the myriad challenges facing rural healthcare organizations, particularly since the onset of Covid 5 years ago, and for good reason. But are the problems that plague a critical access hospital so divergent from those that affect large IDNs?
Terri Couts doesn’t think so. In fact, she believes the hurdles are “pretty similar” at their core. The difference? “It’s more pronounced in the areas we serve,” she said, whether it involves workforce availability, access to care, or having the right payer mix. For leaders, that means “you have to be a bit more creative in how you serve your patients.”
It also means being willing to push the boundaries and accept risk, according to Couts, who serves as CDO at Guthrie Clinic. Recently, she and fellow rural leader Michael Archuleta (CIO, Mt. San Rafael Hospital) shared perspectives on how their teams are leveraging technology to provide a better experience for patients and staff and elevate the standard of rural healthcare.
Terri Couts
For Guthrie, a six-hospital system serving a 10,000 square mile area in Pennsylvania and New York, improving access for its heavily Medicare-dependent population has been a key priority. And in fact, it was the impetus for establishing a virtual care center to “centralize operational and patient care functions and improve access to clinical expertise, regardless of where the patient is being treated,” according to a news release.
That extended reach has become critical in rural areas, where the ratio of physicians to patients (525 to 1) is vastly different than in urban settings (222 to 1), and nursing vacancy rates are as high as 26 percent. “That translates to how many beds we can staff and how many patients we can take, which can really limit our ability to serve the community,” noted Couts.
That’s where the Guthrie Pulse Center can make an impact by leveraging state-of-the-art monitoring capabilities to detect changes in a patient’s condition and facilitate quick action. “We tried to think about things a little bit differently,” which meant redesigning the delivery of care and enabling that through technology, she said. By centralizing components, they were able to maximize resources and function at a higher level. “When you have access, quality and experience as your primary drivers, that cascades down into what you can influence and where you can build on that,” Couts said.
Another core area of focus is the documentation burden on nurses, which has increased due to the changing regulatory environment, and likely won’t change anytime soon, noted Couts. “And so we need to think about how to mitigate that so that we can still get documentation without compromising patient care.”
One area that was ripe for innovation? The admissions process, which can account for up to 50 minutes of a nurse’s precious time. Her team found that assessments could easily be conducted through video, enabling nurses to focus on “more meaningful work at the bedside,” Couts noted. Although it required some configuration in the Epic EHR from a flow standpoint, it has been a relatively small lift that has helped save “thousands of hours.”
“When we turned on virtual nursing, we saved around 30 minutes per nurse for each 12-hour shift,” she added, which has led to enhancements in patient and staff satisfaction. “All of those things start to improve because we’re giving time for nurses to provide care and not focus on the EHR itself.”
That improvement hasn’t gone unnoticed, as Guthrie has hosted a number of organizations – even large systems – eager to learn about their processes. Her team is happy to share insights on how they’ve been able to operationalize components to achieve success.
What it doesn’t require, she noted, is a big budget. In fact, Couts believes that having resource constraints has afforded Guthrie a competitive edge. “We have to have a creative problem solving process or we won’t survive,” she noted. “ We need to be nimble and be willing to pivot quickly.”
Michael Archuleta
For Mt. San Rafael Hospital, the secret sauce has been a refusal to think small, despite being a 25-bed critical access facility. “We’ve never looked at ourselves as small,” said Archuleta. “We’ve always looked at ourselves as an innovative group and looked for creative ways to do more with less.”
The organization was recognized for those efforts in 2017 when it first achieved HIMSS Analytics Stage 6 status. “That showed we can compete with the bigger facilities,” he noted.
The best way to continue to keep pace, Archuleta believes, is by embracing AI and leverage it to solve specific problems.
Case in point? Integrating AI into the radiology setting. Through partnerships with Radiology Partners and Aidoc, Mt. San Rafael has been able to “dramatically reduce turnout times for critical diagnoses” and help providers detect life-threatening conditions much more quickly, which has resulted in improved outcomes. “It’s a revolution in patient care,” he said.
To date, more than three-quarters of radiologists have opted in to the program, which is a credit to the culture that has been established. “We’re one of very few rural facilities that are fully utilizing this,” he said. “It shows the effort that we’ve put in.”
It also helps strengthen the case for future investments – and change the narrative of IT being a cost center. “When IT is seen as a strategic revenue contributor, it’s a whole new dynamic,” he added. “You have to be able to show value.”
And to do that, CIOs need to have a seat at the executive table, which isn’t always the case in rural health.
“I think that’s a big mistake,” he said, as CIOs tend to have their hands in many pots, including business and operations, and can offer valuable input. “What are we doing on cybersecurity? What are we doing on digital transformation? How are we continuing to progress? How are we incorporating clinical quality measures into the EMR,” Archuleta noted. Having the CIO at the table can help educate other leaders on the initiatives being planned – and how they will help individuals do their jobs more effectively.
“That’s what drives true change,” he said.
Of course, it’s not an easy road, especially when organizations are fighting for resources. Fortunately, there are grants and other programs that can help cover costs of purchasing and implementing technologies. And although it does involve “a lot of legwork and a lot of research” to identify and apply for financial assistance, the effort is well worth it, said Archuleta.
“We all need to get involved.”
“People make decisions based on emotions; not based on reason.”
It’s one of the most important lessons Gary Chan has learned during his career, which includes experience not just leading security teams, but evaluating startups, architecting anti-fraud systems for state agencies, and a “side hustle” as a security mentalist.
The key to a solid cybersecurity strategy, he has learned, isn’t in offering the shiniest, most cutting-edge solutions, but rather, understanding why certain tools are used over others, and what steps leaders can take to drive adoption, and consequently, boost data security.
Gary Chan
During a recent Keynote with Sarah Richardson, Chan – who serves as System VP and CISO at SSM Healthcare – outlined some of the nontraditional methodologies his team is leveraging, and shared best practices for establishing trust.
One thing is for certain: “It’s about the people – they’re the weakest link, but they can also be your strongest, he said.” So how can leaders gain their support?
It starts with building trust, which isn’t easy in a multi-state system like SSM Health where people don’t see each other on a regular basis – or at all, in some cases. “The biggest challenge is making sure people know you and trust you, because security is about trust,” he said.
The best way to do that? By hitting the road and meeting users in person. “Getting out in front of folks makes a difference,” noted Chan, who urged leaders to attend group meetings and sit with staff at lunch.
Another recommendation is to be as responsive as possible, making sure to return phone calls and emails from folks seeking guidance. “Building that level of trust is really important,” he said.
It starts, as is often the case, with communication, particularly when it comes to new security policies. “We try to message it in a way that the end user might want, and make it sort of fun,” Chan noted. For example, when SSM Health changed the password requirement from eight characters to 12, they didn’t just rely on emails. Instead, they designed mugs that conveyed the message in a lighthearted manner, and distributed them to team leads.
“People get so many emails – they probably just delete them,” he said. However, if they receive a mug with an insert telling them what’s happening and when, they’re far more likely to communicate the message to their teams. And those individuals, even more importantly, are more likely to take action.
“We didn’t have any complaints,” Chan noted of the password request, one that’s often met with resistance. In fact, his team has received cards thanking them for the security awareness training. To him, it’s the ultimate validation that they’re hitting the right marks. “If you purchase technology for your team and every day that's the first thing they open, that was probably a really good investment,” he stated. “The technology is here to support people. People are not here to support technology.”
Of course, what works with IT employees doesn’t always work with those on the provider side, Chan said. To that end, his team utilizes a different approach with physicians. Instead of harping on the patient safety angle – which can become white noise over time – they’ll frame out a scenario in which a bad actor uses a stolen password to prescribe drugs inappropriately (or even illegally).
“We ask, ‘what if someone accidentally uses your login in order to write notes that are inappropriate and that you would not have wanted?’ That’s personal,” he said. “Now you're ruining their brand. We try to make it personal and take advantage of what’s most important to people.”
And then there’s another option – one that speaks to audiences of different ages and occupations and has made Chan a sought-after speaker at conferences and corporate events: gamification.
“I try to gamify a lot of the things that I do, because when people engage rather than just sit and watch or read something, they're much more likely to remember it,” he said. In this case, however, the games are psychological in nature, leveraging verbal suggestion, behavioral patterns, and visual cues to influence perceptions and reactions.
And while it’s certainly entertaining to watch a mentalist “win over” the crowd by guessing correct answers, it also has a more practical purpose: establishing trust. “It’s about the impact it can have,” he said. “That’s what I’m trying to do.”
At SSM Health’s annual conference, when he presented at the request of his CEO, that’s precisely what happened. “Not only did people come up to me during the event, but they would email me a year and a half later to tell me about security issues because they knew who I was,” Chan said. “I’m 100 percent certain that if I wasn't up on the stage, they wouldn't have known who I was and told me – they probably wouldn't have told anybody.”
It’s a frightening concept, particularly given the increasing prevalence of cybersecurity threats. And “it’s going to get a lot scarier because now we have Generative AI,” he noted. Not only can AI help people speak better English, but “it gives you really good ideas on how you can trick people.”
A prime example is Netflix, which employs an algorithm to recommend shows based on preferences and past history. “Your best friend may know you really well, but the computer knows you even better,” he said. “They’ve got a bigger catalog. They’ve got more data. They also have millions of people using it, and so Netflix is going to be much better at predicting what you like.”
And while that type of power is useful when it comes to setting preferences, it can do a great deal of damage if it falls into the wrong hands. “People can use that and weaponize it, which is scary,” Chan noted. “I think it’s going to get much easier for hackers because they’re going to use these tools and it's going to get harder for us on the receiving end.”
© Copyright 2024 Health Lyrics All rights reserved
