When Jim Noga was named CIO at Partners HealthCare, taking over for John Glaser, he was no stranger to the system, having spent 17 as CIO at Massachusetts General. A year later, he’s focused on moving the organization from a federated model to a true enterprise clinical system approach that will better facilitate initiatives like accountable care. In this interview, Noga talks about fostering clinical collaboration within the organization, the importance of having an effective mobile device management strategy, and how he has benefited from his experience in software development. He also talks about the challenges organizations face in managing security, why confrontation and conflict can sometimes be good, and what it has been like to fill Glaser’s shoes.
- Reevaluating the overall clinicals situation
- “We really see the need to take more of an enterprise approach”
- Where to buy, where to build?
- “We see a real gap in the marketplace of clinical collaboration tools”
- Running a software development shop
- Staying strategic when there’s so much to do
- Security and BYOD strategies
LISTEN NOW USING THE PLAYER BELOW OR CLICK HERE TO DOWNLOAD THIS PODCAST AND SUBSCRIBE TO OUR FEED AT iTUNES
It’s our belief that you can create virtual specialty hospitals through collaboration tools. So that’s really what it is; it’s not a ‘build versus buy’ decision, it’s really where do we focus our innovative resources on building what isn’t in the marketplace today.
I think there will be more requirements in terms of incident reporting around safety concerns. There are some ISO standards that may emerge, and I think we just need to see what evolves, but I do think it will be a more regulated environment than it has been historically.
At Partners, I would say our business and clinical community are fully engaged in IT as an enabler, and they get it. I’ve always made the statement that, ‘there is no such thing as an IT strategy; IT is the enabler to a business and clinical strategy.’
That’s our real focus. It isn’t to say no to ‘bring your own’ technology. It’s to put some management principles in place that are acceptable to us in terms of mitigating risk, and are not overly invasive to the end-user.
When we measure ourselves on security, we don’t try to measure ourselves in terms how we’re doing compared to other hospitals, but how we’re doing compared to the military and the finance industry. And I think it’s a challenge every day.
Guerra: Good morning, Jim. Thanks for joining me to talk about your work at Partners Healthcare.
Noga: Good morning.
Guerra: I am very interested in talking to you. I see this is going in two parts: first, we’ll talk about some of your work at Partners and the things that are going on now, and then I’d like to talk a little bit about you taking over the role from John Glaser and how the search process went. I think that might be kind of interesting. But let’s start out by talking about what’s going on at Partners. You’ve got some work with Siemens, which is interesting because John’s over there now, and you’ve also got your homegrown LMR (longitudinal medical record). Take me through your clinical application environment and sort of the thinking these days on what direction you’re going to go.
Noga: In terms of the clinical environment, you hit it on target with Siemens Soarian. We’re obviously implementing the revenue cycle management system across the enterprise and the LMR — the ambulatory record — is fully deployed to all of our physicians. When it comes to enterprise clinical enterprise systems, we’ve really been a federated model with Mass General and Brigham & Womens having their homegrown systems, and then our non-acute and community hospitals, for the most part, having vendor-supplied systems from Meditech to Siemens Invision to CPSI to Cerner in the Partners homecare setting.
So as we look at moving toward more of an enterprise focus and accountable care organization and population management, we really see the need to take more of an enterprise approach to clinical systems. This year, we’ve undertaken really trying to figure out a provider for an enterprise solution, whether that be internally developed or whether that be through acquisition of a vendor-based product. We’re in the midst of that analysis and effort right now, and hopefully in the late spring or early summer we’ll have come to a conclusion as to exactly what direction we’re going to take. And that’s really around the core systems — what you typically think of in terms of clinical data repository, med administration, provider auto entry, acute care documentation, and the ambulatory record, but also looking at the non-acute settings in terms of homecare, rehab and how do those fit into an overall enterprise strategy. So it’s moving from what we have had typically, which is that federated model, to a true enterprise clinical system approach.
Guerra: You said you’re looking at this now and evaluating it, given that you want to go to a more of an enterprise model, is it even feasible to do that in-house? I mean, don’t you have to develop every application for every care setting?
Noga: That’s an interesting question, because I don’t think the question is ‘build versus buy’ — it’s what do you build and what do you buy. And that’s really the analysis where the marketplace has matured substantially over the past 15 years, and likely a lot of those core clinical systems are available with adequate functionality so that we wouldn’t consider a build. What we really want to do is take our talent and resources and continue to innovate. We see a real gap in the marketplace of clinical collaboration tools, and we think those are going to be essential in an accountable care organization as well as in effectively managing populations, and that our systems as well as the vendor-based systems have been very functionally oriented, and not really focused on collaboration as a process in terms of what you might do.
I think of Clay Christiansen and a lot of his comments on healthcare in terms of the need for specialty hospitals in terms of the ability of multiple specialists to quickly collaborate on a patient. And it’s our belief that you can create virtual specialty hospitals through collaboration tools. So that’s really what it is; it’s not a ‘build versus buy’ decision, it’s really where do we focus our innovative resources on building what isn’t in the marketplace today.
Guerra: Right, I got it. So you’re saying, ‘why are we building stuff that’s out there? Let’s buy that and let’s refocus these resources on building what’s not out there.’
Noga: Exactly, because I think that has been the hallmark of Partners as an academic medical center; being ahead of the curve in terms of not what is in the marketplace in terms of commodity, but really what is the next innovation in terms of software development. You look at Mass General and Brigham, and there was a time that they built blood bank systems, and that just doesn’t make sense anymore. So I think you always have this evolution in terms of being at the leading edge in terms of innovation. And if you go through the Gartner Hype Cycle, eventually innovation turns into what I would call general availability and commodity. I don’t like the word ‘commodity,’ because it sometimes connotes a least common denominator, and that isn’t the case at all. It’s just where vendors really do have robust products generally available in the marketplace.
Guerra: I know you’ve been at Partners for a long, long time and came up through the ranks, so to speak. You’d still be running an organization that did a lot of software development, even if there’s this transformation or the shift with what you’re developing. Is that a different skill from what most people think of as a hospital CIO skill? I mean, you could be a CIO of a large organization that does very little internal development or you could almost be running a vendor shop. Are there specific skills that come into play there?
Noga: Well there are skills in terms of really understanding the software development life cycle. I don’t know that it’s unique at Partners. I would say that at most academic medical centers, if you have a focus on research in addition to clinical care, which you likely do, you’re likely doing development work. I think many organizations, even when they have the core — whether it’s registries or outcome management or business intelligence (BI) analytics — are doing some development.
But you’re right. We do more development than typically you’re going to find in a facility, and I think you really need to have the skill set of what it takes to do software development. In my early career I was a software developer, so that’s served me well in terms of having a good understanding of what it means in terms of documentation and testing the life cycle of the system.
And when you step into the vendor world, that even gets more complex in terms of the regulatory requirements. That’s another thing we think about as we make that differentiation between innovation and what’s available in the marketplace: the increasing regulatory pressures around healthcare software development. Going back to the example in blood bank, I think that what pushed most organizations that developed their own blood bank — properly called a transfusion services system — out of self-development was the FDA requirements, and we’re starting to see that type of pressure in the marketplace in the core healthcare IT systems.
Guerra: Right, and certification is probably the least of that. Or is it a major part of it?
Noga: Yeah, I think certification is the least. I don’t underestimate certification, but I do think, and probably appropriately so, that there will be more requirements in terms of incident reporting around safety concerns. There are some ISO standards that may emerge and I think we just need to see what evolves, but I do think it will be a more regulated environment than it has been historically.
Guerra: It almost seems inevitable that eventually the FDA is going to have EMRs and biomedical devices all under its purview.
Noga: Well I think there’s some debate at the federal level as to where that should land. There’s been some discussion: is it a new agency? Does it fall under the FDA? I think the FDA will always have the purview of the biomedical devices, but in terms of healthcare IT software, I think that’s yet to be determined.
Guerra: So you’re doing some major strategic thinking and working; this is big stuff that probably takes a lot your time, but the trains still have to run on time. I don’t picture you as having a dearth of support. Partners is pretty robust; I think you have a pretty big shop. How are you able to make sure the tactical things happen and the trains are running on time? And we’ll go into those projects a little bit more — I’m thinking of ICD-10 conversion, making sure you’re qualifying for Meaningful Use, and these kinds of things. So, how have you been able to sort of split up your time and stay strategic?
Noga: I have a very strong management team, and I’m able to not necessarily fully delegate but assign accountability and responsibility to things such as Meaningful Use and ICD-10, which obviously are large initiatives. This month, finishing off what we need to do for 5010 is obviously our focus right now, and constant vigilance in terms of security is a real focus of ours in terms of assuring that we protect patient information — the integrity of that information and the availability.
So we have a strong infrastructure group. I put some people in place that I have a high degree of confidence in, and I think are some of the best people in their particular area of expertise. Plus at Partners, I would say our business and clinical community are fully engaged in IT as an enabler, and they get it. I’ve always made the statement that, ‘there is no such thing as an IT strategy; IT is the enabler to a business and clinical strategy.’ With the exception being in the infrastructure, where that really is the CIO’s domain to really outline the future direction of the infrastructure application delivery, security, things like ‘do I build a new data center or don’t I?’ So having good people makes it easy for me to focus on strategy, and they have a really good sense as to when to escalate and went to inform. That just makes things a lot easier.
Guerra: You mentioned security. I’ve heard John Halamka speak a number of times recently in different venues and on his blog, and he’s really hammering away at the security issue in terms of trying to bring that to light and talk about how serious that’s getting. That kind of wraps around the ‘bring your own device’ phenomenon, with physicians wanting to use their own iPads and iPhones and smartphones to see hospital data and get into the hospital systems. They want to use their device. They don’t want to carry multiple devices; that’s a huge physician satisfier. And he mentioned the security issues that come along with that and how it is just a growing problem. What are your thoughts around that?
Noga: Right, so the whole area of ‘bring your own device to work’ and mobile device management are front and center and are a real focus of ours, and the key is mobile device management. And obviously, it’s an emerging discipline. There are niche vendors like MobileIron, but then you have IBM, HP and Dell SecureWorks actively getting into the space. And our view is if you’re going to bring your own device to work, we need to be able to interrogate that device making pushed policies to that device in order for it to connect to the network, whether that’s ensuring encryption or password management.
So that’s our real focus. It isn’t to say no to ‘bring your own’ technology. It’s to put some management principles in place that are acceptable to us in terms of mitigating risk, and are not overly invasive to the end-user. Do they like the fact that we enforce password policies on their device? Not necessarily. Do they like the fact that we haven’t deemed the Android operating system yet capable of adequate encryption? There are some exceptions, but not yet. But really pushing towards mobile device management is extremely important; as we develop our applications that reach out to the mobile devices, we think more and more about what we term encapsulation, and that means we’re agnostic to the device, but the encryption and the security really is embedded in the application itself. You have companies like Good that are starting to strategize around the delivery of applications in what I would call an encapsulated, secure environment, so it is of great concern.
I think with security, every year the threats become new. We’ve actually joined a cyber- security initiative in Massachusetts — I think we’re the only healthcare provider, and there are some payers — that has government, private sector, and non-private sector members. MITRE Corporation happens to be the sponsor. It’s really looking at the cyber threats and starting to share information so that we were able to adequately respond.
I also believe that in this space, it’s becoming evident that no single institution can have the necessary expertise to adequately manage security, and that the concept of a managed security provider that really can follow the sun in terms of the emerging threats is going to become a necessity. When we measure ourselves on security, we don’t try to measure ourselves in terms how we’re doing compared to other hospitals, but how we’re doing compared to the military and the finance industry. And I think it’s a challenge every day, because there are new threats every day. And even on mobile devices, there has been Malware that’s has been deployed to mobile devices. So that was a long winded answer, but it is something we think about seriously everyday and is a focus all the way up to our board level.