For many critical access hospitals, the future looks bleak. They have the same list of priorities as health systems, but with a fraction of the resources. But Mt. San Rafael is not your typical rural hospital, and Michael Archuleta is not your typical leader. Since taking on the IT Director role four years ago, Archuleta has led the transformation from a paper-based system to a Most Wired hospital. In this interview, he discusses the enormous challenges faced by CAHs, how he’s changing the perception of IT from one of “cost center” to “business partner,” and what it took to implement the organization’s first IT strategic plan. Archuleta also talks about the value of young leaders, how he “sold” cybersecurity to the board, what he hopes to accomplish next, and why he won’t apologize for being an over-communicator.
- Building credibility — “They’ve seen the digital transformation here.”
- MSRH’s first IT strategic plan
- Creating a steering committee — “We vote as a team.”
- “Proactive” security strategy
- Mock phishing campaign — “The number of clicks was alarming.”
- Leveraging YouTube to build patient engagement
- “Your new CEO is the patient.”
LISTEN NOW USING THE PLAYER BELOW OR CLICK HERE TO SUBSCRIBE TO OUR iTUNES PODCAST FEED
I tell my team, really look at it when you’re putting in the builds, when you’re designing workflows. I know you do not have any direct contact with patients, but the overall technology we have here in this organization really affects patients. And that is how you are making a difference with this organization.
Visualization and communication is really key in selling something here in rural America, because they really need to see some good examples and bring to life scenarios that can happen with an actual cyber-breach.
I was baffled with individuals clicking on these emails, because it only takes one time to be breached, to be hacked, to receive this ransomware infection — only one time. And with having at the several clicks within the organization, it was very concerning.
I can tell you all the advanced, new tech toys that we have in place to identify specific threats within the organization. But if I’m not focusing on the actual key element, which is awareness and that education toward the employee, I am not going to be successful.
You really need that patient communication, because the first impression is always the best impression. If the patient comes in and goes into a patient portal that’s not user-friendly at all, they’re not going to use it ever again.
Gamble: Coming in to the situation that you did and being willing to work through all of that, I’m sure that really built some credibility with your team, because that’s a situation a lot of people would have walked away from knowing you’re going to have to fight for everything and be a one-person shop in the beginning. I would think that you’ve built up a good amount of credibility with the people you work with.
Archuleta: Absolutely. I have great credibility with my team, the overall organization, and the staff members here. They’ve seen the actual transformation from when we were fully paper to now fully digitalized. It’s been an amazing journey moving forward, and it’s been a very humbling experience. And honestly, I’ve been a hundred percent I’ve been dedicated all my life to this organization; I’ve given my all to this organization. I give my all to my team. I have an open-door policy. We try bringing innovation into this organization to excel in technology. And when individuals see that, they really see some great accreditation on that person.
It’s been amazing that I have been able to mentor older individuals and give them guidance on moving forward with making a difference and becoming an actual leader, because they’ve seen what I’ve been able to accomplish at a very young age, and we continue to do amazing things. At the end of the day, it’s all about that teamwork and it’s all about that open communication. If you have that in place, you’re unstoppable.
Gamble: Being in your position, there’s a lot you have to ask of people with having so many priorities. I’m sure that’s something where you have to have that buy-in to say, ‘these are all of our goals.’
Archuleta: Absolutely. I created the very first strategic plan for this organization with leveraging technology. We looked at what do we need to do with technology — ‘I need you to be in charge of creating this strategic plan, showing the actual IT steering committee what you’re planning on doing with the overall vision of what you have.’ In my opinion, you really need to educate the individuals to understand what technology is and what we’re trying to do, because at the end of the day, for everyone in healthcare, the number one thing we are trying to do is improving patient care — how do we improve patient care, patient lives, those overall concepts. My goal is even though I don’t have direct contact with patients, utilizing technology that we have in place is really what we focus on. And honestly, I tell my team, really look at it when you’re putting in the builds, when you’re designing workflows. I know you do not have any direct contact with patients, but the overall technology we have here in this organization really affects patients. And that is how you are making a difference with this organization, because we want to have the best technology in place to have the best patient care and patient experience here at Mt. San Rafael Hospital. We’re very proud of that.
Gamble: You talked about having that first strategic plan — how long ago was that?
Archuleta: The first strategic plan was when I basically took over the role. We put together the first IT strategic plan, and then we put together the first IT steering committee. So my whole thing was governance. At the time, the organization did not have any type of governance in place. All the departments were purchasing their own equipment, their own items. It was scattered. Technology here, at times, was a major mess. We’d have one Dell here, one HP here, one MPC here, one All-in-One. There was no standardization in place. My thing was is we need to create governance so we can understand the actual specific concepts that we’re trying to do here at Mt. San Rafael.
So when I created the first strategic plan, I showed where we stood as of today, what we were looking at doing moving forward and really showing the overall steps of the objectives for Meaningful Use, how we’re utilizing some of the incentive funds, and how we’re utilizing the IT budget. And we really have come together with this new IT steering committee. We’ve come together to say, ‘okay, these are the current top IT projects.’ We vote as a team. Each department head within the organization is basically part of the IT committee, and that’s another form of improving communication. They can visually see where IT’s budget is going, what specific plans we have in place, and what we’re looking at doing moving forward to the future.
The thing is, visualization, communication, and teamwork are huge aspects, and if you don’t have visualization here in rural America, it’s really going to be hard to sell an item — even cybersecurity, for example. Cybersecurity is such a huge topic in healthcare right now. I had to really sell this is what we’re planning on doing with the organization, and this is what we need to improve moving forward with cybersecurity. What’s been really critical too is individuals just didn’t understand the overall effects of what a cyber breach can really do to more organization. It can ruin a reputation. It can ruin patient information. You can have hacks, you could have ransomware or viruses that totally take down the system completely.
We had to show some examples of current facilities. Hollywood Presbyterian was a good example of having poor backup systems in place, and having a strong backup system in place so you’re not having to rely on that actual ransom and paying the information to the criminals. Because the bottom line is even though you’re paying that ransom, you’re not really guaranteed all your data back either, especially trying to decrypt that specific encrypted file or files. You’re not 100 percent guaranteed that that’s going to come back fully reliable and fully acceptable in your system.
So it was really having those concepts and showing the overall organization what cybersecurity improvements can do for our organization. Because we are focused completely on improving patient care, keeping all our PHI safe, and just making sure that we never get any type of breach in our organization by really trying to do all the preventative measures. The thing is as I’ve stated is, you really need visualizations. When you tell an individual or board members, can cybersecurity or cyberattack kill a patient, the answer is, absolutely. We haven’t heard it recently in news, but hackers are moving forward to these huge organizations. When you look at Hollywood Presbyterian and their budget compared to Mt. San Rafael’s budget, there’s no comparison. They had full IT in their department and so I tell them, if I’m a hacker, the easiest place to really hit is going to be rural America because of the lack of resources and the lack of technology. And really, an electronic medical record is an electronic medical record — they all have mostly the same value in the black market. Period. And so visualization and communication is really key in selling something here in rural America, because they really need to see some good examples and bring to life scenarios that can happen with an actual cyber-breach.
Gamble: Right. That’s really scary. And I would imagine you don’t have somebody else that this falls on; that this is under your realm.
Archuleta: Unfortunately, I do not have a CISO. I take full accountability for anything digital here at Mt. San Rafael. So cybersecurity is falling under my realm. We’ve really been proactive with our cybersecurity plan. The cybersecurity plan first starts out with employee awareness: What is cybersecurity? What is a cybersecurity attack? We did a mock phishing campaign where we basically sent out a phishing email, and we determined around 20 percent of our employees clicked on that email. It was really a good start, because anytime you develop a cybersecurity process improvement for your organization, you really need to focus on the key element. And that key element is education and awareness of the employees, and that’s what we started off doing.
We saw that the number of clicks was alarming. I was just baffled with individuals clicking on these specific emails, because it only takes one time to be breached, to be hacked, to receive this ransomware infection — only one time. And with having at the several clicks within the organization, it was very concerning.
What we’ve done is we’ve developed an Employee Education Awareness program which basically helps them and visually shows what an actual cyber-breach is, the effects of a cyber-breach, and really trying to identify the difference between a legitimate email and an improper email that maybe a potential threat. I mean, 12 percent of all ransomware attacks have come by employees clicking on a bad email. It’s not a good thing at times.
But I think you really need that awareness in your employees, because it even gets a little harder here in rural America, because as I’ve stated, most of the times, technology has never been an overall priority. We really have an older population that we deal with too. These individuals didn’t grow up with technology, so they’re very unaware of these potential threats. If you’re not really keeping up to par with education toward your employees, you will not be successful. I can tell you all the advanced, new tech toys that we have in place to identify specific threats within the organization. But if I’m not focusing on the actual key element, which is awareness and that education toward the employee, I am not going to be successful.
Gamble: What’s the strategy just as far as getting those engagement numbers up? I can imagine that that is a significant challenge with your population?
Archuleta: Absolutely. Patient engagement is a huge thing. I remember when we were looking at the patient view and download for one of the objectives for Meaningful Use, I was a little concerned. Even though the actual percentage wasn’t high, I was concerned because a lot of our population are really not into technology. But what we really tried leveraging, of course, is education toward our patients and really explaining to them. We did an overall YouTube channel where we explain some of our new services that we had here at Mt. San Rafael. We explained the new patient portal that we have in place and the reason for it. And we really did a lot of announcements toward our groups so they can understand the actual need for it. With our new enhanced patient portal, this allowed us to utilize wearables to basically count-specific items, which will be very beneficial.
Educating your patients is number one because, you really need to make them understand what you’re trying to do. Patient engagement, in my opinion, is empowering your patients to take control of their lives and take control of their healthcare. Before, in the older generation, you went to the doctor, they created medical record, and you just left it as is. You would have to go to the doctor’s office, request the paper chart, which is hundreds of pages, read them over if you wanted to. But now, with the enhancements of the patient portal, a lot of our patients are really taking more advantage, and this is just the new future of the digital healthcare age that we’re living now. It’s such an amazing thing to see these individuals really improve on that. I’ve been very impressed.
And what did in our patient care unit is we designated a patient portal liaison that would basically go out, speak to our patients about the patient portal, and help them enroll then and there. We also added some kiosks around our facility. And the kiosk would allow our patients to go in, look at their information, and just really try to engage and improve themselves more in technology. My staff was fully available for any type of training education. We created a patient portal line where they would call our team if they had any issues whether resetting their password or if they had questions about specific lab results or radiology results not coming through. We would answer all of these questions, because the thing is, when you try adopting a process like patient engagement or a patient portal, you really need that patient communication, because the first impression is always the best impression. If the patient comes in and goes into a patient portal that’s not user-friendly at all, they’re not going to use it ever again. Those are just specifics statistics.
But we’ve been very fortunate enough because our vendor, MedHost, has really seen how we’ve leveraged technology as a critical access hospital. We were one of the first individuals to implement their very new patient portal that had really great integration with new wearable tech. This new patient portal was an advanced portal that basically had all their lab results, all their radiology results, and really showed them different concepts of how to improve their overall life. If you had a Fitbit or any type of wearable device, you would have some integration with our system there.
Our patients were like, ‘Wow, this is awesome. I can tell my physician what’s going on a lot better.’ They’re finally getting the point because, as I like to say, your new CEO is the patient. If we are not trying to engage and improve our overall patient experience, especially with technology, we’re not going to see that patient any longer. Those individuals who are trying to take control of their lives through technology — that’s such a huge thing. That is your new CEO of any organization. We answer to those patients on how they are doing and how they’re leveraging technology and how we can be better as an organization.