Most CIOs can identify what they believe to be their defining moment; for Dan Nash, that moment came before he was actually named CIO. Rob Curry, President and CEO of Citrus Valley Health Partners, had called him in for a one-on-one meeting to ask for feedback on whether the organization should move forward with its current EHR platform – Meditech Magic, which had been in place since 1987 – or go in another direction. Nash, who was corporate director of EHR optimization at the time, saw it as an opportunity to make a case for starting fresh, telling Curry, “I’m a change agent. I want to affect change and make a positive impact.”
Fortunately, the CEO and board were on the same page, and Nash was eventually named CIO and tasked with leading the selection process for a new EHR system. But the road hasn’t been without its share of bumps, according to Nash, who recently spoke with healthsystemCIO.com about what it has taken to help set the stage for a new EHR system at Citrus Valley, the importance of setting (and managing) realistic expectations, and the mantra he always tells his team. He also discusses CVHP’s dramatic financial turnaround, and breaks down how they eventually selected Meditech 6.1.6.
- EHR assessment: optimizing vs. starting fresh
- “If we’re not going to do this right, I’m not the right person.”
- Having the CEO’s support
- Key pieces of a successful go-live
- Setting realistic expectations: “It’s not all going to work the first day.”
- Establishing governance councils
- Selling cybersecurity to the board – “It’s a sprint, not a marathon”
It’s hard for people to change the way they’ve been doing things for 40 years, and so you need to position it the right way. You need to step back and say, ‘let’s look at how we do things and change it to a method that uses best practices and standards.’
I told him, if we’re not going to do this right, then I’m not the right person for this job. I want to focus on either optimizing the system or replacing it. I said, ‘I’m a change agent. I want to affect change, and I see an opportunity here to change the way this organization operates with the technology.
What’s really critical is understanding that on the first day, it’s not all going to work, and so you have to set that expectation with the organization — that we’re going to do our best for the most successful install possible, but things are going to go wrong, and you have to be aware of that possibility and prepare for it.
I explained to the board, ‘this is a marathon, not a sprint, and it’s going to take time to get this organization fully protected to the point where we want it to be.’ And honestly, even then, we need to have a recovery plan in place.
Gamble: When you arrived, one of your key objectives was to assess the current EHR and make a decision on how to proceed going forward. Walk us through that process a bit.
Nash: It came down to the fact that we wanted to take the organization to the next level, and although Meditech Magic is a workhorse, it’s also a platform that had been in place since 1987. One of the things I discovered during the optimization review was the number of workarounds that were built into the system; they grew over time, and people just accepted that. And so we figured, okay, we can spend the next four years optimizing and redesigning workflows, or we can use it as an opportunity to change the way we do business and start fresh. We can look at it from a best practice, evidence-based style of work and create the workflows that would improve the way care is practiced. That’s what I told Rob Curry, our President and CEO.
I had the fortune of doing installs in both Meditech and Epic in my career. I was on the Epic team at Providence Health and Services, where we implemented it across many different hospitals. It was easy to see the value in the way Epic comes to the table and drives their best-practice standards. Rather than building it out your own way, you have to use Epic’s model system to start, and that can be difficult. It’s hard for people to change the way they’ve been doing things for 40 years, and so you need to position it the right way. You need to step back and say, ‘let’s look at how we do things and change it to a method that uses best practices and standards. I will say that this organization has put a tremendous amount of effort into change management during the past nine years under Rob Curry.
Gamble: Can you talk more about how your relationship with him developed, and how critical it is that leaders are in lockstep?
Nash: Sure. I had a really interesting sit-down with him after my first six months with the organization — he requested a one-on-one, and I used that time to make the case for going with a new system. At that point, I was frustrated because there was too much emphasis on cutting costs. I told him, if we’re not going to do this right, then I’m not the right person for this job. I want to focus on either optimizing the system or replacing it. I said, ‘I’m a change agent. I want to affect change, and I see an opportunity here to change the way this organization operates with the technology. But it’s going to cost money if we want to do this right.’
I didn’t know what to expect — this was our first real conversation. But he looked at me and said, ‘I’m a change agent too. If we’re going to do this, we’re going to do it right. And we’re going to spend whatever we need to spend to make it successful.’ That let me know that he had my back. Without proper executive support and backing, I cannot do my job.
Gamble: So that was a really critical moment. Having that established, you were then able to start crafting a strategy?
Nash: Exactly. Once I had his support, it was time to get the organization ready. There were a lot of pieces that had to be put in place — and keep in mind, I wasn’t the CIO at this point. We had to put project management in place. We had to put change management in place. We had to put a helpdesk system and customer service in place. It was a lot of documentation and changing the way our day-to-day business was managed; we had to make sure the teams were ready. As the chief of population health told me, ‘It’s like pulling the nervous system out of a body and putting in a new one.’
But what’s really critical is understanding that on the first day, it’s not all going to work, and so you have to set that expectation with the organization — that we’re going to do our best for the most successful install possible, but things are going to go wrong, and you have to be aware of that possibility and prepare for it. Your team has to be ready to mitigate those issues and have a plan in place for how to do that.
Governance is also critical to operational ownership and accountability. In our case, many silos existed within departments. Governance councils were established for clinical, business, and physicians, and then we had an overall steering committee with all the stakeholders in the room. It made a big difference having business leaders aware of what was being requested, purchased, and installed in other departments. There was a tremendous opportunity to put things in place that weren’t there — for example, the whole ITIL structure for service management. It was taking an organization that’s been around for a long time and reinventing it.
Gamble: Walking into situation like that, you have to be someone who’s up for a challenge.
Nash: Absolutely. When I hired a new director of technology earlier this year, I told him, ‘You will never be bored, and there will always be a challenge.’
Gamble: Right. Now, what are some of the other pressing priorities on your plate?
Nash: Like everyone else, we’re dealing with the cybersecurity threat that’s happening in the industry. There are so many things we need to stay on top of: what’s the maintenance program on the server farm? What’s our disaster recovery solution? All of these things fall under cybersecurity.
I remember being at an audit and compliance meeting where we were reviewing cybersecurity with the board. This was right after Hollywood Presbyterian Medical Center went through the ransomware ordeal, and the CEO looked at me and said, ‘Dan, what if this happened at Citrus Valley? What would we do?’ And I told him, ‘We’d be in trouble. We have nothing in place.’ He knew that’s what I was going to say, but he wanted the board to hear it.
There is a tremendous amount of risk in the area of cybersecurity, and so we’ve done a huge amount of work in this area.
Gamble: I can imagine that what Hollywood went through served as a wakeup call for a lot of organizations.
Nash: It did. And so we had to make the case to the board and put together a plan to mitigate. I explained to the board, ‘this is a marathon, not a sprint, and it’s going to take time to get this organization fully protected to the point where we want it to be.’ And honestly, even then, we need to have a recovery plan in place in case a nation state wants to hack us. How do you fix it quickly? How do you turn it around? How do you train your teams to be able to quickly bring the organization back up? And during that time, how do you protect the patients? How do you make sure that the clinicians have the information they need?
And so over the past year we’ve been focused on putting all of that in place. I want to make sure we can recover if anything happens, and we can operate.
Chapter 3 Coming Soon…