It’s funny; sometimes the most pivotal moments in one’s career occur when least expected. For Laishy Williams-Carlson, the moment came when news of the Anthem data breach hit shortly after she was promoted to corporate CIO at Bon Secours Health, and she was asked to provide an update of her organization’s cybersecurity strategy. What she had realized, however, was that she wasn’t as equipped as she would’ve liked to address the issue. But instead of covering this up, Williams-Carlson chose to be honest with the board, and found that it helped build a level of credibility she may not have otherwise achieved.
In this interview, she spoke with healthsystemCIO.com about the major projects on her team’s plate, from the “never-ending” journey to implement and optimize Epic, to the “huge shift in thinking” required to move toward population health, and what she believes is a critical element when merging cultures. Williams-Carlson also talks about why she believes her finance background serves her well, what changed her feelings about the role female executives play in advancing other women, and why she believes diversity in leadership is so critical.
- Population health — “It correlates nicely with our mission.”
- Challenges with access to care
- Becoming corporate CIO: “It’s been the most challenging, fulfilling work of my career.”
- From finance to IT
- Addressing gaps in cybersecurity – “We weren’t as secure as wanted to be.”
- Her “defining moment” with the board
- “You gain credibility by doing what you say you’re going to do.”
LISTEN NOW USING THE PLAYER BELOW OR CLICK HERE TO SUBSCRIBE TO OUR iTUNES PODCAST FEED
The really nice thing about population health is it correlates so nicely with Bon Secours’ mission, which is bringing wholeness to the people we serve. Population health looks at social determinants and other societal needs in addition to strictly what has been traditionally defined as healthcare needs as a way to serve the communities that we’re in.
It’s been most challenging, but also the most fulfilling work of my career because IT moved away from just providing transactional systems that run the finances of the organization and drop bills, to truly supporting the heartbeat of the company.
Having that perspective of being in the field helped me have better empathy and compassion for my colleagues in the field when we’re rolling up something and it feels like a ‘thou shalt’ edict, or maybe something that’s not working at cross-purposes with what they’re trying to accomplish.
It was one of those moments where you realize, how I respond to this and how I conduct my interactions with the board is becoming a defining moment, whether I want it to be or not.
When you have a board chair who says in front of your CEO, ‘if you’re not getting the funds you need to do what you told us you need to do, please let me know,’ that’s a nice feeling.
Gamble: Are you involved in any population health initiatives at this point?
Williams-Carlson: Very much so. I think the really nice thing about population health is it correlates so nicely with Bon Secours’ mission, which is bringing wholeness to the people we serve. Population health looks at social determinants and other societal needs in addition to strictly what has been traditionally defined as healthcare needs as a way to serve the communities that we’re in. So we’re very excited about population health, and we’re doing a lot in that area. We still have a long way to go, but it’s really important work for us.
Gamble: The trend we’re starting to see, although not on a huge scale yet, with incorporating social determinants is something that’s really encouraging to see as a consumer, because it’s a direction I think a lot of people have been wanting to go toward for a while, but it’s been a matter of getting the proper blocks in place.
Williams-Carlson: Exactly. I always remember a story that was told by one of our nurse navigators who was caring for a patient with several chronic conditions. This patient would often arrive in the ED with issue that had spun out of a controlled state to an uncontrolled state. As they began to really talk with the patient and understand his needs better, we realized we needed to give him a cellphone. Because when we would say, ‘you need to call us if XYX happens,’ we discovered that he didn’t have the means to do that. I always love that story, because maybe a traditional healthcare provider wouldn’t say, ‘the best thing we can do for the patient is give him a way to communicate,’ but when it became clear, that’s what we did.
Gamble: Right. It’s getting to the root of what some of the biggest challenges are, even things like transportation.
Williams-Carlson: Yes. And actually, transportation is not only an issue for our patients. In some areas, when we’ve looked at why we have turnover in our long-term care facilities, we look at the community we’re in and the public transportation that’s available, and we realize that our coworkers have quite a challenge sometimes getting to work. If we can help solve that problem, it will be much easier for them to show up at work on time every day. So it doesn’t just apply to the patients we serve, but also to our colleagues.
Gamble: Absolutely. Now, looking at your background, you’ve been with the organization for a while in different roles, but then you became the system CIO about four years ago, correct?
Gamble: Okay, so I wanted to talk about what it was like to take that step to corporate CIO, which was a position that hadn’t existed before. What that was like from your shoes in terms of how you approached it and how different it was from your previous roles?
Williams-Carlson: First I want to say that it actually did exist before I took on that role. My predecessor, Skip Hubbard, who was a wonderful mentor and example of how to do the job, had reached a point in his career where he was retiring. My background is somewhat varied, and I think it serves me well in this role. I started in our Hampton Roads market in finance, working for one of our hospitals. There’s a saying that God punishes you for your prayers — I certainly wasn’t praying for IT, but I was a vocal and needy customer of IT who kept saying, ‘why can’t we do this,’ or, ‘I need solutions that do this.’ Then one day, the CEO walked in and asked me to take on IT. And so I was doing both the controller/finance functions and IT functions, and as that market grew through acquisitions, I reached a critical point in my career where I had to decide if I was doing finance or doing IT, because it was too taxing to try to do both. I stayed with IT, and for the most part have never regretted that decision.
At this time my role had expanded beyond our Hampton Roads market, so I was working with other markets. Then when we started implementing our Epic solution, Connect Care, across the organization, I raised my hand and asked if I could be the IS co-lead along with the operational project director for that.
It’s been most challenging, but also the most fulfilling work of my career because IT moved away from just providing transactional systems that run the finances of the organization and drop bills, to truly supporting the heartbeat of the company. We are the operating system of the clinicians who provide care across our company, and I learned so much more about healthcare operations through that experience. That made the connection for me — working in healthcare and feeling like the work I was doing was making a difference directly to our patients and caregivers. So that was a really neat experience.
Of course, when you’re implementing an EMR across your whole health system, you go to every market and spend a lot of time in each of those markets. You get to know the providers, staff, and leadership teams in each of those respective markets. It’s a great way to further understand the perspective of this market. Then when I took on the role at our health systems office, I think having that perspective of being in the field helped me have better empathy and compassion for my colleagues in the field when we’re rolling up something and it feels like a ‘thou shalt’ edict, or maybe something that’s not working at cross-purposes with what they’re trying to accomplish. So a lot of times, how you get work done is by having strong relationships with colleagues where you can talk something out. Happily, I have a lot of friends across the health system that I’ve had the blessing to work with.
Gamble: Right. I’m sure it works in your favor having held these different roles and really gotten to know the organization. I’m sure that’s something you’re able to draw upon.
Williams-Carlson: I think so.
Gamble: One of the things we had talked about when you and I had a brief conversation a couple of weeks ago was the idea of building credibility with the board. That’s something that’s come up a lot in conversations, and maybe there’s not one way to do it, but I think a lot of people are looking for best practices when it comes to building that credibility with the board.
Williams-Carlson: I think it’s essential for anyone in the C-suite to have a good relationship with the board, but certainly a requirement for the CIO. I’m accountable for no small portion of our total budget across the organization — especially from a capital perspective — but it’s the operating expenses as well.
A few years ago when Anthem hit the headlines across the world because of their security issue, coincidentally it was right around the same time we’d done some internal analysis and discovered that we weren’t as secure as we wanted to be. We hadn’t matured to the level we thought we had on our cybersecurity journey, and had become maybe a little complacent and relied on our anecdotal observations in the sense of how we were performing compared to other health systems.
And so right around the same time the Anthem breach became very public and highlighted to boards across the country that cybersecurity was a huge enterprise risk issue that they needed to be familiar with and assure in their fiduciary role that it was being attended to, we were saying internally in our organization, ‘wow, we have some problems where we’re not performing quite as well as we want to.’ That certainly got the board’s attention.
Gamble: I’m sure.
Williams-Carlson: It was very early on in my role when this happened. It was one of those moments where you realize, how I respond to this and how I conduct my interactions with the board is becoming a defining moment, whether I want it to be or not. It is what it is, right?
And so I realized that I really didn’t have a good handle as I was taking on this new role — nor do I think really anyone in the organization did of an impartial, third party, independent perspective of how we were performing in security. I needed, first of all, to understand where our gaps were, and then be honest to both ourselves, our team, my CEO, and the board about that. I found honesty was a really important part of building credibility.
I’m a big fan of the book, The Speed of Trust. One of the things they talk about in establishing trust is that it’s not just honesty, but reliability. You gain credibility by doing what you say you’re going to do and being competent. So we outlined the plan for how we’re going to improve our cybersecurity posture and provide updates to the board, which we still do to this day — as I think most CIOs have to — on how we’re doing with our various cybersecurity projects.
It also takes time. You can’t just show up once for an annual report and feel like you’ve built a relationship. So I think time with the board, honesty, credibility, doing what you say you’re going to do is the best way to establish that relationship with them.
Gamble: Right. That doesn’t seem like the easiest way to get a start, but sometimes you have to play the hand you’re dealt, and I’m sure that it helped to get the respect of at least some of the board members that you were willing to be honest about how things were even though it’s something that could have worked against you.
Williams-Carlson: Yeah. At that time, I definitely thought it was a glass half-empty kind of thing. This early interaction with the board is not what I would have teed up for how to begin, but it was really more of a glass half-full type of event in that it captured the board’s attention. And when I compare notes with other CIO colleagues and I tell them that we provide quarterly updates to the board and the chair is personally interested in our progress; that we see it as a part of the way we manage enterprise risk — and not really an IT thing, but a component of overall organizational risk — they’re envious that we have so much of the board’s attention, and more importantly, support. I mean, when you have a board chair who says in front of your CEO, ‘if you’re not getting the funds you need to do what you told us you need to do, please let me know,’ that’s a nice feeling to know that you have the support of the board.