This article was written by Chris Wierz, Principal, Co-Leader of IT Practice, Witt/Kieffer, with input from Chris Belmont, VP and CIO, University of Texas MD Anderson Cancer Center; Keith Perry, SVP and CIO, St. Jude Children’s Research Hospital; and Dana Sellers, CEO, Encore, A Quintiles Company.
Healthcare industry headlines are filled with reports of information technology perils: system outages, costly project overruns, patient data stolen and even held for ransom by cyber thieves. The list is long. The landscape is teeming with technology minefields, and every healthcare CIO is faced with navigating through the danger zone.
The four of us (with Dana as moderator) had the opportunity to participate in a panel discussion during the CHIME16 CIO Fall Forum about how CIOs can avoid, or recover from, some of most dangerous technology minefields — for their organizations but also for their careers. Collectively we have survived or heard many harrowing stories of journeys through the minefields. With the pace of technology change in healthcare, it is impossible to avoid them.
The good news is that there are few mistakes that will have serious career repercussions if handled correctly. If the worst happens, and you do find yourself a “victim” of one of the four minefields discussed here, it is possible to get your career back on track by employing the right tactics.
Minefield 1: Privacy and Security Breaches
A healthcare data breach is probably the most visible, and potentially the most costly, of the potential minefields. The number of data breaches and the impact of those breaches continue to escalate at a pace that is hard to comprehend. As moderator, Sellers shared statistics from 2015 suggesting that more than one in three people have been impacted by a healthcare data breach (Forbes). Patients’ records are much more valuable to a cybercriminal than a credit card number — and non-recoverable once stolen, she noted (Healthcare Business and Technology).
Minefield Tactics: It is no wonder that most of the CIOs we speak with say it is the threat that most often keeps them up at night. The escalation in the number and severity of threats leaves many CIOs feeling less prepared to handle security issues than ever. To address this, many CIOs are looking to stronger relationships with the Chief Information Security Officer (CISO) to get out in front of potential future attacks. For example, at St. Jude’s, Perry has been working to expand the role of the CISO. “It’s not about who reports to who — it’s about working together to get the leadership support and funding needed to secure the data,” he shared. “The real focus should be on getting the CISO to be a bigger part of formulating IT strategy.”
Though we have seen CIOs lose their jobs in the aftermath of a security breach, it usually depends on the level of the failure and the response to the breach. CIOs who have a proactive and comprehensive IT security plan are those who are best able to handle this particular minefield. From a career perspective, CIOs must remember that security issues will happen, and it is one’s preparation for and response to them that is important in the eyes of employers.
Minefield 2: Natural (or Human) Disasters and System Downtimes
An outage in any system (such as a revenue cycle system) can be costly, but when a healthcare provider loses access to clinical systems it can significantly compromise its ability to provide quality patient care. The cost of unplanned downtime to a hospital system is estimated at an average of $7,900 a minute, per incident (CSO Online).
Minefield Tactics: Having all the necessary back-ups, redundancies, policies, and procedures is essential to be as prepared as possible should disaster strike, but there will be situations for which a CIO simply can’t plan. Belmont, having worked through Hurricane Katrina — one of the biggest natural disasters in recent history — offered this advice: “As prepared as we thought we were when Katrina hit, it was an eye opener. But in the aftermath of a disaster of that magnitude, there is a tendency to over-plan for next time. These events aren’t predictable, nor are all the steps in the plan always required to recover.”
For this reason, CIOs who have developed their leadership and communication skills tend to handle these types of situations most effectively. Although they don’t welcome downtime or disasters, they are able to remain calm, poised and flexible when they occur.
One career lesson is to surround yourself with good teams. “It is more important to assess those leaders who will help you through when the next potential disaster hits — to identify the team you want in the trenches with you,” Belmont said.
Minefield 3: Troubled Projects
Every experienced CIO has participated in a project that didn’t go as planned — many times in a very public way. For all the highly-visible troubled projects we read about in the news, there are many more that go unreported. Some data suggest that a scant one-third of projects are now completed on time and on budget, and overall success rates have steadily declined over the past five years.
Minefield Tactics: Although public project failures can have career consequences, it’s possible to maintain your credibility by responding with openness and acknowledging the problem, accepting responsibility for what is happening, and being transparent as you work to find the cause and solution. Full transparency will keep your leadership informed, which can make the problem seem less severe. It can also garner much-needed support to help fix the problem.
One well-known example of employing transparency and openness in the midst of crisis was in Dr. John Halamka’s handling of the very public 2002 network outage at the Beth Israel Deaconess Medical Center in Boston. Rather than blame the outage on an underinvestment in infrastructure or other matter, he took full responsibility and openly shared the series of events contributing to the outage with senior management, and later with the public.
No one wishes for a highly visible failure, but by handling it with openness and accepting responsibility, CIOs shine a spotlight on their leadership skills.
Minefield 4: Leadership Change
Generally, a change in leadership is outside the control of a CIO, and a new leader wants to bring in a new team, a CIO may be asked to leave.
Minefield Tactics: What’s important here from a career perspective is how you address this when you interview for your next position. Always be able to clearly and honestly articulate the change in leadership and the “different direction” it chose to take. We know well-respected CIOs who are going through this change, either because of a merger or acquisition or a C-Suite shake up, and always advise them to be forthcoming when asked about why they left their prior institution.
Leaders grow by overcoming adversity. How you handle a challenge, or a failure, shapes how you’ll handle the next one. In fact, we would argue that someone who hasn’t failed at something — or can’t come up with an example of when things didn’t go well — isn’t as self-aware or as valuable to an organization as someone who has been through a minefield and been strengthened by the experience.