Timing is everything. When the Hospital for Special Surgery was beginning its EHR selection process, Epic released its orthopedic module and announced plans to offer remote hosting. For a hospital that specializes in musculoskeletal health and is located in New York – a city where real estate is at a premium, the decision was easy. Selecting a vendor, however, is just the beginning. In this interview, CIO Jamie Nelson talks about the strategy she used to build an Epic team, why she believes education is the key to data security, and how HSS has made innovation part of its DNA. Nelson also discusses the “boardroom skills” necessary for CIOs, why work/life balance doesn’t truly exist, and the next big frontier for her organization.
- Upgrading to Epic 2016
- User Group Meetings — “There’s a lot of sharing.”
- Phishing campaigns & email tags
- “Educating our users is our most important defense around keeping data safe.”
- Aligning hospital & IT incident response plans
- “Innovation is in our DNA. It’s the key to our growth.”
- 3 F’s of a successful CIO
LISTEN NOW USING THE PLAYER BELOW OR CLICK HERE TO SUBSCRIBE TO OUR iTUNES PODCAST FEED
We’re using a lot of the same governance groups that we did during the implementation to validate which of the changes we’re going to actually implement and use, what needs training, what processes need to change, and what tip sheets needed to be developed.
It only takes one user clicking on it and giving credentials to allow a bad actor and have your data be compromised.
It all gets tied into bundle pricing and pay for performance. It’s not just the first 90 days of care. I think eventually they’ll be looking it at years in terms of what the real options are. Again, that’s where you want to keep your patients engaged, and IT can help enable that engagement.
It’s about innovation in terms of what we can produce here, and commercialize and monetize. It’s about looking at other products and jumping in, and being part of investments and other interesting technologies. Innovation is very important to us; I think that’s really the key to our growth.
CIOs have to be flexible, they have to be fast, and they have to be at the forefront. They have to be with the folks that are working at innovation and thinking about things. In some ways, it’s changing the model where we’re a little bit more conservative, a little bit more methodical.
Gamble: You said you’ve been live for about a year. What version of Epic are you using?
Nelson: We’re on version 15, and we’re going onto 16 in a couple of months.
Gamble: Is it fairly cut and dry — at least as far upgrades go?
Nelson: Yes, it’s a lot of work though. Our teams are working very hard in terms of evaluating what changes are coming with the upgrade, and then going back to their constituents. And we’re using a lot of the same governance groups to guide us that we did during the implementation to validate which of the changes we’re going to actually implement and use, what needs training, what processes need to change, and what tip sheets needed to be developed. We’re working through all of that now. But Epic has excellent documentation around upgrades and features that are available. So it’s been very helpful for our teams to be able to go through that, and then communicate with their end-users. So far, so good.
Gamble: Are there users of the orthopedic module that you’ve been in contact with?
Nelson: At outside organizations?
Nelson: We actually did a few presentations at Epic’s User Group Meeting this year, and there was a lot of interest in what we have done. Not only in orthopedics itself, but also nursing around orthopedics and physical therapy and rehab around orthopedics — all the ancillary things we do as well. So I think we’re helping. One of the nice things about Epic is that there’s a lot of sharing amongst users. So I think we are providing a lot of valuable insights for other Epic customers using the orthopedic module, because a lot of our best practices are being built in. So it truly is good for the whole system.
Gamble: One of the big issues in the industry is cybersecurity. I want to talk about your strategy when it comes to the education aspect, something that really seems to be a big point of focus right now.
Nelson: Educating our users is probably our most important defense around keeping our data safe. We do phishing campaigns where we send out a pretend phish email — we just did one recently. It only takes one user clicking on it and giving credentials to allow a bad actor and have your data be compromised, so education is very important.
So we educate through our phishing campaigns, and our chief compliance officer has a data security manager who goes to departmental meetings and talks about cyber security. We try and link it to not only their behavior in the office, but behavior at home, because you’re just as vulnerable with your systems at home. Keeping it up at the forefront is very important for our users because, again, it can impact every aspect of life. I think these phishing tests that we do monthly are a great way to remind users to be very careful about whatever comes into their inboxes.
We also have done things where for any external email that comes in, we have a big ugly tag that says “external,” so the staff can really distinguish between what might look like an email from somebody within HSS and what may be spoofed. There’s an external tag, so they know it’s not a legitimate email. And also, for emails that are legitimate, at least they know that these are outside people that they may or may not know, and they might want to be a little more careful about opening emails — and especially opening attachments.
Gamble: With the stories that have come out on ransomware, I can imagine that’s something where you might have a hypothetical plan in place, but it could be completely different if you actually experience it yourself. Do you speak with your staff about what you would do in that event?
Nelson: It’s funny you should ask because we’ve been working with Mandiant, and we actually just had a tabletop with our senior leadership team regarding a ransomware attack. It was great. Earlier in the day we had a tabletop with the technical team, and then we did it with the executive team. So we talked about our IT incident response plan and the hospital’s response plan, because you really need two different levels. IT has to go in identify, quarantine, and fix — all those things. And the organization has to think about what’s the communication outside, what do we need to tell patients, do we need to bring in law enforcement. So there are two different tracks that are going on simultaneously. We actually tested both, and we have plans for both.
I don’t think you can over-prepare. We will continue to have these tabletops with just IT and with the leadership organization, because if it happens, we want to be prepared and know how to address everything that needs to be addressed. So far we’ve had some great luck and we’re going to continue doing this.
Gamble: In terms of patient engagement, one of the things that comes up a lot is the portal, but that’s just one way to engage with patients. When you look at the trends among your patient population, what are you finding to be the ways that they do want to engage?
Nelson: Patient engagement is something that we’re really focusing on because an engaged patient is going to take better care of themselves; they’re going to be more informed. There’s a real link between the quality of a patient’s eventual outcome and they’re engagement in their care. What’s very interesting is that we have patients who are so happy with what has happened here that they are willing to tell their stories and become engaged with us as an institution.
If you go to our website, we have over 1,500 stories that patients have elected to tell us and allowed to be published. So they are becoming engaged with our institution. And it’s interesting, because we’re a specialty hospital. We’re only here for one thing, whereas there are general hospitals they may go for many different services and be there for a good part of their lifetime for all different types of care. You’d think that they would naturally want to engage with the place where they get a lot of care and not so much with a place like us where they’re just getting one aspect of that care, but that’s not proving to be true.
We’ve put out tools. We’ve put out a website where they can talk about their success. We are using the MyChart portal — we’ve branded it as MyHSS — and we have a very high percentage of patients using it. And it’s interesting because it goes across age ranges. Our highest percentage of users are some of our older patients. So people are very excited about using a portal and getting information and communicating with their caregivers. I think it’s the right path, and we’re continuing to look at all different forms of engagement to really keep patients involved in their care.
Gamble: There’s a unique opportunity with patients who are going in for a procedure to have that engagement beforehand. And I’m sure that’s something you can build upon.
Nelson: Right. And another area we are extremely interested in and doing a lot of work on — both with Epic and other tools — is patient-reported outcomes. Because especially for orthopedic care, you want to know in 6 months, a year, 2 years, and 5 out years how a patient is doing, how’s their mobility, have they met their goals. Getting these reported outcomes from a variety of patients back into medical record, and being able to do research using them to understand efficacy of different treatments is very important. So not only do we want patients to be engaged before and during their care, but even years after. It’s a lot to accomplish, but we think that we’re able to do it.
Gamble: That’s a really interesting area and I think it’s going to move even more to the forefront in the next year or two.
Nelson: Absolutely. It all gets tied into bundle pricing and pay for performance. It’s not just the first 90 days of care. I think eventually they’ll be looking it at years in terms of what the real options are. Again, that’s where you want to keep your patients engaged, and IT can help enable that engagement.
Gamble: One thing that seems to tie in with this is innovation and how CIOs can work to foster that in an environment where there are so many priorities and there’s so much going on. What are some of your thoughts on how leaders can work to foster innovation?
Nelson: We have a whole division around innovation at HSS that reporting up to our CEO. It’s about innovation in terms of what we can produce here, and commercialize and monetize. It’s about looking at other products and jumping in, and being part of investments and other interesting technologies. Innovation is very important to us; I think that’s really the key to our growth. We have a history of innovation here. Many orthopedic procedures that are common were developed here at HSS, and they’re being developed today by our clinicians. So we combine research and clinical care in one spot. Innovation is in our DNA, and we’re going to continue with innovation really helping to foster our growth as an organization.
From a CIO’s perspective, I was thinking about three F’s: CIOs have to be flexible, they have to be fast, and they have to be at the forefront. They have to be with the folks that are working at innovation and thinking about things. In some ways, it’s changing the model where we’re a little bit more conservative, a little bit more methodical — measure twice, cut once. Sometimes with innovation, we have to be a little quicker, and willing to try new things.
It’s a different business model for us. I don’t think it supplants our overall model because we need certain processes to keep the lights on here and the trains running. But being with the folks who are in charge of innovation at the beginning of projects, helping to understand what the IT implications and the cyber implications are, and whether we can use existing tools to do things — that’s our role in helping to move the organization forward. But again, being fast, being flexible, and being at the forefront I think is very important for a CIO in today’s hospital environment.