Identifying and mitigating cybersecurity threats.
Keeping the trains running while also putting the pieces in place to drive systemic change.
Allocating resources in the most effective way.
Establishing best practices and scaling them across the industry.
No one would bat an eye to hear a CIO talk about these challenges. What’s interesting in this case, however, is that the CIO in question is based in the United Kingdom. But despite the large body of water—and funding model—that separates England from the U.S., there seems to be far more joining the two countries together, especially when it comes to healthcare IT leadership.
Recently, healthsystemCIO had the opportunity to speak with Will Smart, who currently serves as CIO for Health and Social Care in England, about the major changes NHS is undergoing, the ultimate goal of defragmenting a complex system to increase alignment, and the important work being done to incorporate social determinants into the care picture. Smart, who recently announced he is stepping down from his role in late September, also talked about the professionalization of the CIO, how he has benefited from his involvement with CHIME, and why he’s excited about the future.
- Need for collaboration
- “We’re all focused on trying to do the same thing; we need to work together in a respectful way.”
- CIO accreditation – “It’s critically important”
- Global Digital Exemplar program
- Social determinants – “We need to begin to understand those elements.”
- Cybersecurity operations center
- Career growth: “The more senior I’ve become, the more I’ve realized I need good people around me.”
Healthcare is a hugely innovative space. Our challenge has been the ability to scale that innovation — to take it from one organization and apply it in another.
We’re starting to think about career progression in the field of IT and analytics — what should that look like? How do we manage this talent pool in a more coherent and structured way to progress people through a process that gives them the range of knowledge and experience they need?
The reality is, we continue to operate in silos within individual institutions, and we’re very keen to break those data silos down and treat the whole person when we see them — not just the physical symptoms.
We’re better off now than we were a couple of years ago. We haven’t got everything right, but we’ll continue to plug away at it.
As you rise through the ranks, the functional discipline becomes less important, and the management and leadership skillset becomes more valuable.
Gamble: What are your thoughts when it comes to innovation and what it takes to foster it?
Smart: I believe we’re all very good at liking innovation when it’s our own, but then being weary when it’s other people’s innovation. And I’ve been guilty of this in the past.
My experience has been that we have more digital innovation than we actually know what to do with. Healthcare is a hugely innovative space. Our challenge has been the ability to scale that innovation — to take it from one organization and apply it in another. Our objective, and our hope, is to get organizations to collaborate, work together, and actually learn from each other.
It’s been really interesting. When the Digital Exemplar Program started, we received some negative feedback at first, because organizations felt they were being told what to do. As we’ve gone through the process, we’ve seen that when exemplars are buddied up with other organizations, they’ve probably learned as much, if not more, than the followers have learned from them.
It’s that sense of community — that we’re all focused on trying to do the same thing, and so we need to work together in a respectful way. That whole conversation becomes easier as payers and providers split, I believe.
Gamble: There are certainly a lot of parallels between what you’re seeing in the U.K. and what we’ve seen in the U.S., particularly in terms of the need to collaborate and share best practices. Is that one of the reasons you’re involved with CHIME?
Smart: It is. The other thing I think is really important is that I have a great job title. In some ways, it feels like I got here by accident. I started in an acute hospital, and my background is in statistics and analytics. I drifted into technology, I drifted into IT management, I drifted in the CIO job, and I ended up as the national CIO.
There is something really important, from my perspective, about the profession of informatics; the piece where we are recognized as experts in technology and healthcare. What CHIME is doing in terms of accrediting the CIO profession is critically important, and we’re working toward that here as well. We’re thinking about mandating a professional body membership in order to practice as a CIO at the board level. We think it’s important when a chief executive appoints a CIO, to know they’ve taken the time to be accredited through a professional body and are continuing their development. That’s one piece.
The other is that we’re starting to think about career progression in the field of IT and analytics — what should that look like? How do we manage this talent pool in a more coherent and structured way to progress people through a process that gives them the range of knowledge and experience they need? For example, if an accountant goes through a structured program, they’ll gain the experience, insight, and knowledge required to operate effectively as an accountant in the health system. That’s really important, particularly as digital becomes more and more critical to our operations as a set of institutions, but also as digital becomes more important in terms of how our citizens engage with the services we provide.
Gamble: Right. One of the areas where some believe there’s an opportunity for US-based healthcare leaders to learn from what you’re doing at NHS is in the area of behavioral health. Can you touch on that?
Smart: We’re doing two things in that space. A number of the participants in our global digital exemplar program are mental health organizations and community organizations. We’re working hard to understand what good quality digitization of those healthcare services looks like. We have a few initiatives focused on managing that part.
The other piece is our local healthcare records exemplars, which are building the data layer that sits across communities and brings data together across all of the venues of care, whether it’s mental health, community health or social care, so we can begin as clinicians to pull together all of the intelligence we have about that citizen and that patient, and make sure we have a more rounded view of treatment. The reality is, we continue to operate in silos within individual institutions, and we’re very keen to break those data silos down and treat the whole person when we see them — not just the physical symptoms.
Gamble: The topic of social determinants of health is gaining traction in the U.S., but being able to incorporate all of that information into the care picture is difficult.
Smart: Yes. We’re trying to make it so that clinicians can access all the relevant data about a patient they’re seeing, in that moment. We’re also looking to exemplars to enable clinicians to use that same dataset to do case finding; to identify the cohorts of patients they’re interested in. And beyond that, we want them to be able to use the same dataset for population health management. We’re trying to look at data as a single entity across all parts of the lifecycle, rather than seeing it as a set of individual use cases.
In terms of social determinants of health, we believe healthcare services account for 20 percent of outcomes, while the other 80 percent sits well outside the boundaries of health, whether it’s home environment, employment, or other factors. Again, we need to begin to understand those elements and bring that to bear in the care that we deliver, particularly as we try to operate as a single coherent system.
Gamble: Another area I wanted to talk about is cybersecurity, and what you’re doing to improve data security and patient safety.
Smart: We actually operate at two levels: local and national. At the local level, the boards of individual care providers are accountable for the cybersecurity at their institution. We’re focused on things like board-level training and making sure both executive and non-executive directors are fully aware of the risks. We’re also pushing hard to ensure cybersecurity is not seen as something special and techie, but is another risk that needs to be managed.
We’ve spent a lot of time going through organization by organization to assess their risk from a national perspective and identify interventions to support them. We also have ways that we can enforce compliance standards from a national perspective, which we try to use sparingly, but sometimes we need to do it to get an organization’s attention. That’s at the local level. Each local organization has a board member who we hold accountable for keeping with the cybersecurity agenda; we’re continually assessing performance compliance.
From a national perspective, we’re doing a few things. We’ve purchased Microsoft Windows 10 licenses with advanced threat protection for each NHS organization in England. We currently have 820,000 devices being monitored centrally for threats. That gives us a really good sense of what’s happening at the device level.
We also have a national cybersecurity operations center that is monitoring and managing traffic at endpoints, doing threat protection, exploring the dark web, and basically doing all the things you might expect. We’ve even had a couple of examples where our cyber operations center has detected threats ahead of the antivirus vendors. So we are very actively monitoring the broader threat environment.
Finally, we’re continually exploring other interventions we can do around next-generation firewalls and management centers to improve our technical hygiene around cybersecurity. So we’re really quite active. But we’re realistic enough to recognize there is no silver bullet for cybersecurity. We continue to liaise with National Cybersecurity Center to understand the threats and any specific action we need to take. It’s a really complex area. We’re better off now than we were a couple of years ago. We haven’t got everything right, but we’ll continue to plug away at it.
Gamble: I think that’s a common sentiment. There’s still a long way to go in terms of securing data, but we have made progress.
Smart: We certainly hear a lot about records that are stolen in the US health system. Probably one of our advantages — and that’s not to say it’s not sensitive and important data — but because we are a publicly-funded system, there is no financial fraud incentive in hacking our systems. Our overall environment is slightly different, and that gives us a different set of risk profile that we need to manage.
Gamble: The last thing I want to talk about was your career path. You said you have a background in statistics and analytics. When you started as CIO, how did you adjust to that role and the different skill set that’s required?
Smart: The more senior I’ve become, the more I’ve realized that I need people around me who know what they’re talking about. I’m very lucky in my current job to have people working with me that know a great deal more about everything that I do. It’s so important to have the right team around you.
I’ve also been lucky in that up to this current position, each of the roles I’ve had has included an analytics function as well as a technology function. I’ve been able to do a bit of both, and as I’ve become more senior, the information and analytics piece has become less important, while technology has become more important.
I would also say that as you rise through the ranks, the functional discipline becomes less important, and the management and leadership skillset becomes more valuable. I’m a leader, general manager, executive director — whatever you want to describe — who happens to be engaged in a particular discipline. As I said, I rely on my team to give me the advice and guidance I need in order to support others to make the strategic decisions we need to make to move forward.
Every day is exciting. Every day is different. It’s a really great area to be working in, because I think we’re at a point where digital is coming to an age where it can and will truly transform healthcare.
Gamble: I agree. It’s very exciting, even from a consumer perspective.
Smart: Absolutely. I believe we have the opportunity to change the world for the better. That’s quite a nice feeling.