Dave Kempson took over as CIO at Maricopa Integrated Health System in Phoenix, Ariz., at a very interesting time — not only was Maricopa transitioning away from being a county-owned facility, but the IS department was in need of a major overhaul. Kempson and his team were tasked with creating a truly integrated system, and because Maricopa had experienced IT failures in the past, the pressure was on to deliver the goods. What Kempson learned is the vendor many peg as the most expensive might be the best bet in the long term, that Rome was not built in a day — or even in one phase — and that for government organizations, the vendor selection process can be more complicated.
- The art of vendor disengagement
- The pre-nup: get your back-end leverage on the front-end
- CHIME Member-to-Member Survey: File sharing
- HIE work: “There’s a lot of politics and a lot of angst around what vendor we go with”
- The dollars and cents of cross-organizational HIEs
- The danger of getting out in front on ACOs
When you’re negotiating a contract with a vendor on the front end, when you have leverage, that’s the time to think about how I can ensure my needs will be met during a transition on the back end if we ever move away from this vendor.
Physicians have these devices and they want to be able to utilize—not only for their personal life, but to improve their connectivity to work; to improve maybe their efficiency and the productivity in their jobs as well. It poses an interesting dilemma to CIOs and security officers, because obviously there is value to the business end, but there’s also a risk from the security standpoint.
It’s better to be engaged and help shape the policy than have the policy shaped on your behalf. Clearly if you’re engaged, you’re going to make sure that your needs and your organization’s needs are met. But also, without subject matter expertise from CIOs on legislative issues or on Regional Extension Center issues, it’s likely that the mark will be missed, because there’s subject matter expertise that you can bring to the table to help it get done right.
We need to have that infrastructure there so that as these requests are coming in, we have a single strategy for connecting, rather than a custom solution for each one of these things as it comes along. That can create just a maintenance nightmare.
Guerra: You mentioned you’re switching off of McKesson. One of the things I like to speak with CIOs about is how to handle that in the best way possible. Do you have any lessons learned from disengaging with a vendor that you can share?
Kempson: Well, yes. I think having a good relationship with that vendor is important. We’re kind of fortunate in that although we’re moving away from McKesson on the HIS side, McKesson still has a great deal of interest in keeping us as a client as we move forward on the ERP side, the HR, payroll, and finance side, and business intelligence side, which includes data warehousing and BI analysis tools. So they still have a motivation to keep us in their good graces; therefore, the relationship between McKesson and us has been very positive through this transition.
I could imagine though, if the vendor relationship were different and they didn’t really have a stake in future business with us, that it could get very controversial and very poor in that transition. We have brought them to the table; in fact, we’re using them to help us with the ongoing maintenance of the system until we sunset it. We engage them; we bring their project teams in to help us with the necessary upgrades that we have to make to keep the system running until we sunset it. Also, since we’re a Star customer, we’re not only on ClinStar but we’re on the Financial Star piece as well. Now we’re not going to be using Finstar for billing anymore once we go live on the inpatient side, but we still will use it for the general ledger, we still will use it for the cost accounting, and we’ll still use it for the business intelligence stuff until we make a selection for a new product, which may also be a McKesson product or we may go in a different direction.
Guerra: So you would say that when you’re doing a transition, you definitely need the good will of the incumbent vendor in order to do that properly.
Kempson: It certainly makes it a lot harder if they’re fighting you. The interesting thing on that—and this is kind of the thing to give CIO’s pause—is that when you’re negotiating a contract with a vendor on the front end, when you have leverage, that’s the time to think about how I can ensure my needs will be met during a transition on the back end if we ever move away from this vendor. Just assuming that the vendor wouldn’t be cooperative, what kind of things do I absolutely need to get in this contract up front to make sure I’m covered?
Guerra: It sounds just like a prenuptial agreement.
Kempson: I never thought of it that way but it’s exactly right—the Doomsday scenario.
Guerra: It makes sense; you always go in with the best of intentions, but in a way, you also have to assume that this thing might go bad. It’s very interesting. Let’s talk briefly about the CHIME member-to-member survey you did which basically revolved around utilizing file sharing services. I believe the core of your questions dealt with privacy and security concerns. Tell me a little bit about that.
Kempson: This is kind of an interesting time we’re in, as the integration of personal devices into the corporate world is becoming a strong business need. In the old days, basically you would issue somebody a laptop or maybe you’d issue them a BlackBerry, and you need to connect the BlackBerry, but that was pretty much the extent of it. Now, with the advent of smartphones and with the advent of iPads and Motorola Xoom tablets and God knows what else is coming, physicians have these devices and they want to be able to utilize—not only for their personal life, but to improve their connectivity to work; to improve maybe their efficiency and the productivity in their jobs as well. It poses an interesting dilemma to CIOs and security officers, because obviously there is value to the business end, but there’s also a risk from the security standpoint.
My CHIME member-to-member survey was driven from the fact that we now have these individuals out there that want to be able to share files from their corporate world, from their desktop with these types of portable devices. There are solutions out there like Dropbox and Box.net that they use on their personal side, and they’ll say, ‘Why are you blocking this? Why won’t you let us use that as a tool here?’ The challenge that we have from a security standpoint is that the file transfer using Box.net and Dropbox type solutions aren’t secure. They’re not really designed around HIPAA requirements or really any kind of security forms. They’re tools for end users who maybe aren’t concerned or aren’t regulated by those types of rules.
The other thing that falls into that is, as I’m transitioning a file or loading a file into that system, it’s going to be stored somewhere, and I don’t have positive control over it. So how do I know that the server that it’s sitting on is in an environment where somebody isn’t going to come in and walk away with my data, and thus, I have a reportable breech. Or how do I know that it’s not being stored in a foreign country where it could be accessed and used inappropriately against our patient population? All of these concerns to me raised the issue of, ‘Well I can’t really use Box.net or Dropbox, but is there a solution out there that anybody is using that is designed more for that secure corporate world?’ One perhaps a solution where either I can have positive control over it and install in my data center, or one where I can have contractual agreements in place with that vendor and a business associate agreement to ensure that the HIPAA requirements are met. And then probably even more importantly, is there a solution out there that would allow me, in the event that an employee left, to be able to recover those files and no longer allow them to have access to those files that are really corporate property. That was kind of the purpose for the survey, and unfortunately, I didn’t get back a whole lot of good suggestions, and so I think there’s still a hole in the market there.
Guerra: So those responses helped you move forward; the lack of concrete information gave you some information.
Guerra: So would you recommend that type of thing for your fellow CIOs? Did you find it helpful?
Kempson: The survey itself is very helpful. I enjoy answering those and putting those out, because even when you’re just answering one, you get access to the results and can learn a lot from them.
Guerra: Right. Okay, let’s switch gears a little bit. I see that you’re on the board of directors at the Arizona Health-e Connection—I assume that’s HIE type-work. Tell me what that is, and any advice you can give your fellow CIOs on becoming active in an HIE that goes beyond their own health system and integrates the ambulatory environment. Talk about some of the cross-organizational HIE work you’re doing.
Kempson: Okay. First of all, Health-e Connection is a non-profit organization and it is not, nor I don’t think will it ever be, an operational HIE. They’re more of a community policy group. For example, they are the group that really brings people together to put together legislation together around health information exchange. They are the group who applied for and got the Regional Extension Center grant to promote health information exchange and EHR adoption within the state of Arizona. Now the organization may grow and change, and ultimately may either contract with or become an operational HIE itself, but I don’t think that’s in their vision at this point.
As far as having an organization like that and as far as why it’s important for CIOs to get engaged in those types of initiatives, it almost goes without saying, but it’s better to be engaged and help shape the policy than have the policy shaped on your behalf. Clearly if you’re engaged, you’re going to make sure that your needs and your organization’s needs are met. But also, without subject matter expertise from CIOs on legislative issues or on Regional Extension Center issues, it’s likely that the mark will be missed, because there’s subject matter expertise that you can bring to the table to help it get done right.
When we looked at HIE in Arizona, we struggled. There was Medicaid Transformation Grant that formed an organization called AMIE (Arizona Medical Information Exchange). There’s Maricopa County—six of us joined together and we had an active exchange. We were exchanging information between the six of us in a pilot model. But money dried up, and although there was interest in maybe sustaining something, we felt that in order for us to really move forward we were going to have to combine efforts with the southern Arizona market. Between Phoenix and Tucson that’s pretty much 80 percent of the patients in the whole state. We felt that we would be much more successful collaborating with southern Arizona on a single solution. So in the end, those two organizations were merged into what now is HINAz, or HINAZ or Health Information Network of Arizona. We are working together—my COO sits on the board of that, and I advise him there—with them to select a vendor and get an operational HIE established.
The interesting part about that is there is a lot of politics and a lot of angst around what vendor we go with, and we haven’t even been able to navigate through that yet. I’m hopeful; I’m optimistic that we can get through there, and then the real work will start. At that point, my team and the other CIOs in town and their teams will really have to sit down and figure out how to get it done. But when you look at the changing model of healthcare, we’re moving from this pure historical fee-for-service model into this outcome-based, accountable care organization model where the need to share information that historically we’ve siloed is necessary. I see it now; we’re working with the Regional Behavioral Health authority in town, which is the funding arm for behavioral health. We’re working with their extended healthcare organizations, and we’re working with other private practices that we affiliate with on the primary care and specialty side. All of these initiatives we’re working on are pushing demand for us to be able to exchange this information, and we don’t have the infrastructure at this point to do that. I’m pushing my team to say we need to get ahead of this. We need to have that infrastructure there so that as these requests are coming in, we have a single strategy for connecting, rather than a custom solution for each one of these things as it comes along. That can create just a maintenance nightmare.
Guerra: It still seems like from an individual health system’s point of view, certainly there’s a financial incentive—and you even eluded to it before—to connect with the ambulatory sites and the doctors, because they’re your feeder systems; they’re bringing in the patients. But it still seems like it’s really tough to find a financial incentive to create an HIE or integrate with another health system. It’s just not there beyond the government grant.
Kempson: With the HIE effort in our state, basically an agreement was made between the participants in HINAz that 50 percent of the costs would be paid by those healthcare organizations, hospitals that are participants. The other 50 percent would be covered by the health plans that are participants.
I think that’s a good start. Ultimately, I think that the health plans are going to benefit financially more than the healthcare organizations, and when you think about that logically, more efficient care basically means less fees for service reimbursement, right? But the reality is, if you sit down and think about it pragmatically, those organizations that hold on to that old fee-for-service model are just going to start losing contracts and they’re just going to start losing business. And although they may win in the short run, ultimately they’re going to fade away. I think we need to have more vision and say, ‘This may cost us in the short run, but in the long run it’s the right thing to do, and it’s the right way to run a business.’ We need to figure out a way to make it work so that we’re sustainable in the long run.
Guerra: It’s very interesting. I don’t know if you try and time it or keep your eye on things, because if you become more efficient before the payment model changes, you’re just making less money.
Kempson: Exactly. So it becomes incumbent upon us as we’re doing that and we’re showing that basically to negotiate contracts with the payers to say, ‘Listen, we’re making you money. This model is a win-win; you need to share some of that through a shared gain approach or something like that.’ That’s ultimately where we need to get to, because I think the health plans understand too that although there is a win in this for them, it’s also not sustainable for them to take that entire win. Of course their business drivers are going to kind of force them in that direction, but again, I think that if we’re engaged with them and we’re all looking at what’s a sustainable model that’s going to work for all of us in the future, they’re going to see that and they’re going to work with us to set up this shared gain environment. It’ll be interesting. Maybe I’m a little bit Pollyanna on that, but it’ll be really interesting to see how that all shakes out in the end. What’s interesting about it is in order for it to work, they need our data. But in order for it to work we also need their reimbursement. So we each have something the other wants. We each have leverage in this whole negotiation.