With 20 years under his belt, John Jay Kenagy is no rookie to the CIO position — and yet, he’s continuously learning and evolving. In his current post at Legacy Health, he spends more time than ever before focusing on the best way to bring independent physicians into the fold, working to ease their skepticism while at the same time not “overselling.” In this interview, Kenagy talks about his team’s efforts to facilitate data flow throughout an ever-changing organization, the security “arms race” the entire industry is grappling with, and the “people first” philosophy he’s employing while leading through an acquisition. He also discusses what it has been like to work for four such different organizations, the need for “confident, yet humble” leadership, and what he believes is next for the CIO role.
Chapter 3
- Elevating security to the C-suite level
- Bringing stability to Legacy
- Engaged employees = satisfied operational partners
- Confident, yet humble leadership
- 20 years as CIO — “You need to be fearless.”
- Planning to “sell the secret sauce”
- A CEO who “really gets it”
LISTEN NOW USING THE PLAYER BELOW OR CLICK HERE TO SUBSCRIBE TO OUR iTUNES PODCAST FEED
Podcast: Play in new window | Download (Duration: 14:39 — 13.4MB)
Subscribe: Apple Podcasts | Spotify | Android | Pandora | iHeartRadio | Podchaser | Podcast Index | Email | TuneIn | RSS
Bold Statements
It really professionalized the department a little bit more, grew it a little bit, and certainly invested in it, both in terms of more, and more importantly, education.
It is a team activity, and I gather as much information as I can, but ultimately, I do make the decision. That sense of leadership and leading people and speaking to their hearts and their heads and their hands is just part of my leadership style.
I’d love to advise companies about how to effectively interact with CIOs and to please stop disenfranchising the IS department when you come and sell to our operational partners. It just puts all of us in an awkward position. So I’d love to sell some secret sauce to how to work with or collaborate with IS and not triangulate us out of the picture.
At Legacy, I am a management attendee of our board. I am on the executive council. I’m a direct report to the CEO — that has changed IS. In every other organization, the role has been further down in the organization.
Gamble: How does it come about as far as having the CISO role? Is that how it was from the start of your time at Legacy?
Kenagy: It is. We had a manager of information security who worked a couple of layers below me, and he and the department were very much generalists. It was a small department and they did identity services, so they created accounts, they did education, and they did auditing, working with our management audit function. They did policy writing, they did some engineering work.
Legacy, as a health system, I don’t think had invested in the number of people or the tools or basically invested in information security that was needed as the threats just continued to increase.
But I would say Legacy was definitely in the pack with other health systems in needing to get increasingly sophisticated. And so, over a fairly short period of time, we revamped the entire program where I elevated information security to a C-level, so it came to me to be directly involved when I got here, rather than having to delegate it too far down the organization for visibility and importance in funding. And then we also transitioned that unit into three different units: one that aligned with our helpdesk/service desk to do identity services, one that aligned with our engineering department to do the security technology, and another one that was aligned with our business and application side that did user support and advocacy and training and consultation. So it really professionalized the department a little bit more, grew it a little bit — not a lot; there’s not a lot of money out there, but grew the department — and certainly invested in it, both in terms of new staff, and more importantly, education. And also raising my level of attention — not to make myself more important than I am, but just in gaining visibility on the radar screen for my boss, the CEO of the company.
Our audit committee is very highly engaged. I love it. They’re very concerned about cyber security. We’re actually having a briefing for our board from the supervisory special agent of the FBI coming up around a threat to information security and integrity. So, as you said in your question, it clearly is a hot topic for anyone in modern IT.
Gamble: I think that will be really interesting hearing from the FBI.
Kenagy: Yeah.
Gamble: From doing research on you, it doesn’t seem like security is the only area where there needed to be changes when you arrived. Coming to Legacy there had been several CIOs in a short amount of time, so I wanted to talk a little bit about what it was like to walk into that situation, because I’m sure that that was a challenge.
Kenagy: Yes. It’s been great having some stability at the organization. With our chief executive officer, George Brown, who’s amazing and has been here probably around eight years now, and having stability in the CIO role, it’s very good. It’s good for our staff, and when we have highly engaged employees, I think that correlates strongly to highly satisfied operational partners. And so that’s been good.
I came to Legacy having spent five years in Catholic health at Providence Health and Services and that experience was wonderful. As a leader in a Catholic Health organization — and I’m a Roman Catholic myself — we’re educated in the spiritual grounding of Roman Catholic Health and the center around the whole person, and whether that was the employees or our patients, it really spoke to me. I really enjoyed that experience profoundly, and it impacted me as a leader and as a CIO. I’ve always been a confident but humble leader, if that isn’t too oxymoronic, in the sense that you don’t want to be cocky, but you also don’t want to be so humble you can’t make a decision and you’re afraid. And so you need to be somewhat fearless in a CIO role because you’ll never get absolute information, and so you can be in analysis paralysis. I don’t shy away from decisions, but at the same time, I don’t believe I inherently have all the information I need to make an informed decision. It is a team activity, and I gather as much information as I can, but ultimately, I do make the decision. That sense of leadership and leading people and speaking to their hearts and their heads and their hands is just part of my leadership style.
I’ve had the pleasure of working for four amazing organizations in my career. I’ve been a CIO now 20 years — a couple of months ago I hit my 20-year CIO anniversary — and believe I have contributed to each of those organizations. That is my hope and expectation, but I know each of those organizations has imprinted on me as a person and as a leader.
Gamble: Your experiences have really run the gamut as far as the type of organization or size.
Kenagy: Yes. I haven’t worked in for-profit and I’ve never worked on the vendor side, although I toyed with that a little bit, and I’ve contemplated doing research. I have a doctorate in business and technology and my dissertation was about physicians using ambulatory CPOE, and I thought about something like The Advisory Board or Gartner and continuing to do some research. That is absolutely in my long-term plan. I’m not yet tired enough of being a CIO to move into that phase of my career, but I know that’s sort of a long-term goal. Frankly, I’d love to advise companies about how to effectively interact with CIOs and to please stop disenfranchising the IS department when you come and sell to our operational partners. It just puts all of us in an awkward position. So I’d love to sell some secret sauce to how to work with or collaborate with IS and not triangulate us out of the picture.
I worked for the federal government (the VA), an academic site at OHSU, Providence, which is a Catholic Health system, and now Community Health. They’ve all been very different. They all at the core have been extremely mission-focused organizations, with slightly different missions, whether it’s serving the veterans who have served our country so admirably, or serving knowledge, which an academic medical center is really about, and that’s really spoken to me.
It’s funny, when I graduated with a degree in electrical engineering in 1985, 31 years ago in Silicon Valley (before Silicon Valley was really Silicon Valley), a number of my fellow EE graduates went to Hewlett-Packard, but several went to new startups of Oracle and Cisco at the time, and I went for a summer internship at the VA being a PC specialist, and what a different path my life has taken because of that.
Gamble: Sure. I can imagine how interesting it’s been for you to see over 20 years how that CIO role has evolved. What do you think has been the most surprising part about how this role continues to change?
Kenagy: What a great question.
Gamble: Not an easy one though.
Kenagy: I think it has evolved over time. As the senior executive with a portfolio of information technology, IT itself has evolved to become more relevant and universal. It’s 2016. There’s not a single aspect of either our strategy or our operations that doesn’t impact IS, or for which IS is either an enabler, or — unfortunately far too often — a disabler. Here at Legacy, I am a management attendee of our board. I am on the executive council. I’m a direct report to the CEO — that has changed IS. In every other organization, the role has been further down in the organization.
I’d say the first decade was myself and my colleagues clamoring to be at the table, clamoring for relevance and attention. Unfortunately, IT is pretty complex, and it costs a lot of money. With CEOs and senior executives and physicians becoming new adopters of an electronic health record, people don’t like to look ignorant in what they’re doing, and IT can be so complex. It isn’t really that complex, but people can self-select not to engage because they’re like, ‘I’m really never going to understand this,’ and executives for sure don’t want to look stupid. That can create a barrier in an effective working relationship. And if you have a CIO that doesn’t feel that they are first a business leader and second an IT leader — if they get that wrong, it’s a problem. Or the organization pigeonholes them to get that wrong, where it might not be their choice, but they’re in a room at the board meeting and the PowerPoint goes off and all eyes turn to the CIO, because you’re supposed to be the desktop support leader at large, it always embarrasses any CIOs. It’s like, ‘Oh lord, here we go.’
And invariably, it’s a little bit of a user error and we go fix it. It’s just unfortunately a self-sustaining view that we’re really geeks at heart. But I would say that has changed, at least in my career, of now being at an organization and serving a CEO who has an utmost respect for the work that we do, a huge dependence on it, an understanding of what it takes, and an appreciation for information resources, human resources, financial resources. They are all critical to run a modern health system. We have a CEO who really, really gets it and that’s amazing. It’s a great place to be.
I think that’s evolved. And that’s not me; it’s the enlightenment of our industry. I don’t take credit in that evolution. Its products from companies like Epic and others that deliver really amazing products and help healthcare move forward. It’s been a wonderful ride with the increasing relevance and importance of information technology to run a modern health system.
Gamble: That was well put, and congratulations on 20 years in this role. I don’t know if that’s what you thought at the time was going to happen, but it did.
Kenagy: Yeah. Even with my two children, a 14-year-old and an 11-year-old, they say, ‘Dad, what do you do at work?’ I say, ‘I go to meetings.’
Gamble: Right. Well, I could definitely talk to you a lot longer, but I know that you have a lot of CIO responsibilities to get to, so I’ll let you go, but I really appreciate this. It’s been really interesting to hear about what your organization is doing, and I wish you the best of luck going forward.
Kenagy: Thank you very much. It’s a team sport, and I’m honored to be part of this fantastic team.
Gamble: Alright, great. I’d definitely like to catch up with you again and touch on more things, but thanks so much for your time.
Kenagy: You’re very welcome.
Gamble: Enjoy the rest of your day.
Kenagy: Thank you, you too.
Share Your Thoughts
You must be logged in to post a comment.