“We’re pretty much on an island.”
For rural health organizations, it’s a harsh reality — especially ones like North Country Hospital, a critical access hospital based in Northeast Vermont where “the community is very dependent” on its facilities. In fact, NCH owns nearly every practice in the area, some of which are operating at a loss, just so patients won’t be left out in the cold.
Being a rural health facility means having to do more with fewer resources, getting creative with growing talent, and for leaders, having to wear many hats. To some it may seem daunting, but Vermont native Kate Pierce, who started with the organization 18 years ago as a systems analyst, wouldn’t have it any other way.
Recently, she spoke with healthsystemCIO about the transformation the organization is undergoing to improve workflow, how they’re working with other facilities to better manage costs, and how they’ve been laying the groundwork for the shift toward value-based care.
- Setting “a foundation for value-based care” with PCMHs
- Cybersecurity challenges – “We don’t have a dedicated team.”
- Rural health networks
- Recruiting trained informaticists
- “There’s a lot of teamwork involved in identifying the right people.”
- 18 years with North Country
- From all paper to creating an informatics dept – “The organization has come a long way.”
LISTEN NOW USING THE PLAYER BELOW OR CLICK HERE TO SUBSCRIBE TO OUR iTUNES PODCAST FEED
When there isn’t another hospital for 40 miles, you can’t afford to be in that situation. We take it very seriously.
If I’m looking at which vendor is the best with spam filtering or data loss prevention, I’ll look at how companies are rated nationally. But we also supplement that by calling our friends and asking, ‘What are you using and how do you like it?’
We can train staff on those other skills. But if you get someone who is a great informaticist but can’t work well with physicians and nurses, they’re not going to be successful.
When you’re working in informatics, you’re able to speak with just about every clinician in the organization, and gain that perspective from seeing how everybody fits into the puzzle.
Gamble: With the move to an integrated system, the ultimate goal is to achieve value-based care. Can you talk about what you’re doing in that space?
Pierce: When I think of value-based care, I look at a lot of the changes we’ve made as a community over the past few years. Since 2011, our primary care and pediatric clinics have all been patient-centered medical homes. That’s really setting the foundation for moving toward value-based care and achieving success in an ACO structure, because it’s about being preventative with care, and not reactionary. It’s about having services wrapped around patients in order to limit the number of emergency room visits, and the amount spent on high-cost care.
As far as value-based care, developing a good quality program and truly embracing those patient-centered medical home concepts has set us up for success in this structure. We currently belong to a statewide ACO called OneCare Vermont for our Medicaid patients.
Gamble: We’ve touched a bit on some of the unique challenges of rural health, but I’d like to talk more about one of them, which is cybersecurity. For organizations with limited resources and a smaller budget, this really seems to be difficult. Can you talk about how your team is approaching it?
Pierce: Sure. Like everyone else, our focus on security has grown exponentially over the past 10 years, and even more recently as ransomware attacks have begun targeting healthcare organizations. I read an article recently that said more than 40 percent of all cyberattacks occur in healthcare, and so it’s no longer an option to address your security needs.
Part of it is driven by HIPAA and the requirements for doing annual security risk assessments, but that’s just the start. Identifying where your gaps are and what your needs are is step number one. Then you have to work on addressing those issues.
Like most small organizations, we don’t have a dedicated security team. We just can’t afford it. Those resources are portions of a lot of individuals’ jobs. And so we’ve partnered with an organization to work with us as sort of a virtual security company. They perform our annual risk assessment, and then address the things we need to accomplish. They work with us throughout the year to remediate those items. So, it’s not just like they come in and do the assessment and leave. They say, ‘here’s what you need to do. Let’s prioritize and let’s work through it together.’
It’s like a supplement. We’re still doing the work, but they’re guiding us and ensuring those issues remain a priority in our day-to-day business. So that’s one thing we’ve done. We spend a lot more on cybersecurity now than we did in the past; it’s an increased priority as you see stories of hospitals that have had to shut their doors. When there isn’t another hospital for 40 miles, you can’t afford to be in that situation. We take it very seriously. We’ve significantly increased our security budget and implemented tools that help us to identify issues sooner. We do our own internal phishing tests for the sole purpose of educating staff on how to spot phishing attacks, and we have very detailed breach protocols. These things used to be a luxury; now they’re a necessity.
Gamble: When it comes to increasing that spend, do you have someone who will present information to the board and educate them?
Pierce: We have a group of folks we call our Information Security Management Team. We actually had a risk assessment a few weeks ago, and presented the recommendations from that. One of them actually involved a request for an additional tool that we hadn’t budgeted for. But if this team decides it’s a priority, they’ll work to get that passed.
Gamble: Is this one of those areas where you find yourself reaching out to other rural health IT leaders to for guidance or to share best practices?
Pierce: It is. Our chief compliance officer, chief security officer and CFO are the same person. He attends statewide meetings on cybersecurity, and brings items back to the security team as a recommendation from another facility in Vermont.
It’s nice to be able to reach out, but we also rely on resources like Black Book and KLAS. If I’m looking at which vendor is the best with spam filtering or data loss prevention, I’ll look at how companies are rated nationally. But we also supplement that by calling our friends and asking, ‘What are you using and how do you like it?’
Gamble: Another area I wanted to touch on is recruiting and retaining staff. I know this can be challenging for different organizations, based on size, geographic location, things like that. What has your experience been like?
Pierce: Staff recruitment and retention are a significant hardship for us at times, but it depends on what type of role you’re looking to fill. I’d say it’s very hard to find a trained informaticist in Northern Vermont; this isn’t a heavily populated area where many people want to move.
On the informatics side, we generally have looked in-house to identify staff who we felt had the right attitude and aptitude. For example, if a nurse in the medical-surgical unit is the go-to person for everyone working the night shift when there’s a question about how to document something, that might be a prime candidate we can reach out to and ask, ‘Would you be interested in this type of job?’
I think our nursing leadership has been very open to moving nurses whom we already know work well with IT into these roles — someone who is a team player, who has shown aptitude, who has a great attitude, and who people like to work with, because we can train staff on those other skills. But if you get someone who is a great informaticist but can’t work well with physicians and nurses, they’re not going to be successful.
Generally, that’s what we do on the informatics side. Although we did hire someone who came out here from California, and she’s been great. That was another example of collaboration; she had applied for a job with our surgical services unit, and the director called us saying, ‘She’s overqualified for this role, but I think she’d be great for you.’ There’s a lot of teamwork involved in identifying the right people. It’s an organizational effort; not an IT effort. And actually, the informatics department has become a desirable position, because the nurses who have come into that role are able to get an organization-wide perspective of how the whole system works, versus, ‘I only know how things are done in the maternal child unit,’ or ‘this is how we did it in the ER.’ When you’re working in informatics, you’re able to speak with just about every clinician in the organization, and gain that perspective from seeing how everybody fits into the puzzle. Of the folks who have left the informatics department — and remember, this is a small team — one person is now the director of maternal child, one person is now the director of primary care, and one left to become the manager of the pharmacy. You’re able to build skills that provide such a wide perspective, and you can grow into a valuable member of the team.
On the IT side, I think those skills are more transferable across organizations. We’ve always had quite a number of qualified applicants on that side. So I would say that probably isn’t quite as challenging as informatics, but generally when we hire staff there, we’ve had very good luck in retaining them. I have folks who have been here 20 and 30 years, so I haven’t had to do a lot of recruiting and hiring on that side.
Gamble: And you’ve been with North Country Hospital for about 18 years, correct?
Gamble: You started as a systems analyst and worked your way up. Is your current role one you had aspired to, or is it just how things panned out?
Pierce: To provide some context, when I started as a systems analyst in 2001, probably 80 percent of the staff didn’t even know they had email. Everything was on paper. We had some systems, but they were mostly financial systems. And so at that point, I don’t know that I had any aspirations of what this would look like, because I had no idea how things would develop.
At that time, my primary job was to educate the staff on basic computer skills. And so I led a number of classes covering the basics — things like ‘How to use your mouse,’ ‘how you open an email,’ etc. It was amazing how many people didn’t know that, and so they needed a baseline.
A little while later, I was put on the committee to select an electronic medical record for the clinic, and things kind of grew from there. Around 2008, I could see a growing need for informatics, and I started to think about taking on a management role. But I still had a lot to learn, so I went back and got my masters in Managing Innovation and Information Technology. Once I completed that, I was offered a position elsewhere, but leadership asked me what my vision would be for this organization if I stayed. And so I wrote a proposal to develop an informatics department. It was accepted, and I became the director. You really never know what tomorrow might hold.
It’s funny; I remember one of our doctors thought I made up the word ‘informatics.’ He said, ‘director of informatics? What is that?’ So we’ve come a long way since then, and this role is something that developed along the way. I was director of informatics and we had a director of IT, and the COO said, ‘Look, I don’t need two directors. I’m going to make you director of both departments, and we’ll go from there.’ And so the department evolved over time into what it is today.