When asked the all-too-common question of ‘what keeps you up at night,’ most CIOs cite data breaches, or a similar cybersecurity nightmare. For Reid Stephan, however, that isn’t the case — not because he isn’t tuned into the threats that seem to lurk around every corner, but because he has “incredible team members and colleagues who are experts in that space.”
The biggest concern for Stephan is the culture and well-being of the staff, who had been accustomed to working side by side and engaging in water cooler discussions. As the pandemic dragged on, he worried that “the credits of good will and trust” team members built would start to fray at the edges. And so he has made it a key priority to ensure he has “the right touch points and a firm finger on the pulse to measure and assess the culture,” whether that’s done through cross-sectional group meetings, or simply asking managers to check in.
Recently, Stephan spoke with healthsystemCIO about the “incredible work” St. Luke’s has done throughout Covid to make sure clinicians have the tools and support they need, why he thinks it’s time to retire the phrase ‘work-life balance,’ how coming up through IT security has shaped him as a leader, and how he believes the CIO role will continue to take shape going forward.
LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE.
- By partnering with Epic, St. Luke’s was able to build better workflows to support the vaccine rollout, including a registry that notified patients when doses became available.
- Hewlett-Packard, where Stephan worked for 10 years as an IT Security Manager, provided “a great environment to refine and shape how I thought about things.”
- The best career advice Stephan can offer? Don’t let complacency or self-preservation stop you from pursuing challenging roles.
- Achieving real growth as a CIO requires two things: be vulnerable and curious, and seek out a group of peers who will tell you what you need to hear, not what you want to hear.
- Healthcare leaders must have “an inexhaustible supply of curiosity,” and a willingness to bring forward and take on new ideas and new business capabilities, and provide oversight and leadership.”
Q&A with CIO Reid Stephan, Part 2 [Click here to view Part 1]
Gamble: In terms of what you had to do to create workflows for things like rolling out vaccines, how was your experience working with Epic and some of the other vendors? How has it been through the pandemic?
Stephan: There’s been some great dialogue. I think everyone is leaning in, from the government to St. Luke’s to other healthcare providers in our community, to our vendors, there’s been some great examples of healthcare providers cooperating working with each other. And that really has been a great example for our community.
Here’s one example. We had a vaccine clinic that was short on doses for the Moderna vaccine. This was when the southeastern part of the US was hit with some bad weather, and it impacted the flight that was carrying the product. We faced potentially having to close the vaccine clinic that day, which was problematic, because for many of these folks, it was their booster shot.
Then, a local clinic stepped up and offered to give us 2,000 doses of Moderna. We had a handshake agreement that when we got our shipment in the following week, we’d replenish their stock. The local news actually ran a story about that; it was really gratifying and uplifting for the community. In this day and age, there seem to be fewer examples of cooperation between parties that have competing interests. And so when you see an example of that, it restores peoples’ faith in the reality that most of us are good people doing the best we can and are honest and willing to give others the benefit of the doubt. That was a consistent feeling in the interactions we had with others, including Epic.
Building better workflows
One of the challenges we were facing was that there was so much demand for the vaccine early on. We had a groundswell early in year, and we didn’t have a great way to engage with those who were interested and let them know when the vaccine might be available. They had to log into MyChart to see if there are any available appointments, or call our Epic Connect team to talk to somebody about scheduling an appointment.
And so we worked with Epic to come up with a patient registry solution where you could sign up if you were interested. We would then consume that list, and when a spot became available, we could reach out to that patient. That way, instead of them having to log in multiple times a day, they could sign up once, and we were able to reach out to them when an appointment was free because we had built out those workflows.
We’re still working through the workflow in that context, and we’re learning a lot. As we think about dealing with another surge of vaccines for the flu or the next round of Covid vaccines, we want to take those lessons we’re learning and use them to create a smoother and more consumer-centric workflow around it. That way, we can minimize as much as frustration and anxiety that we can.
Gamble: You mentioned your experience as a CISO, and you also spent some time with HP. How did that experience influence your approach as CIO?
Reid: For me, it was an ideal career track. I didn’t have aspirations of being a CIO. It was a situation where opportunities presented themselves. It worked out that way as I progressed through my roles here at St. Luke’s, and even before that when I was with HP.
When I came to St. Luke’s, I was the first cybersecurity person they hired, and was able to help build and grow a team. It’s funny; HP is massive, and so if you made changes, it was a big shift to see that change have an effect on the course we were on. St. Luke’s is ideal because with two and a half billion dollars, it’s big enough so that there are resources available to do things, but it’s not so massive that you had to wait months to see the results of something you believe would prove effective.
Using risk assessments to guide decisions
So it was a great environment to refine and shape how I thought about things. Coming up through an IT security background, I gained an appreciation for how to assess risk and how to use that assessment to help guide decisions. That still shapes a lot of how I approach opportunities today. I really try to look at things through a ‘risk lens’ to quantify the risk and provide evidence-based output to help guide the decision. And you can apply that framework, whether you’re talking about a potential cybersecurity risk, a resource capacity risk, or an opportunity cost risk.
I take a pragmatic approach when it comes to how I look at the opportunities and challenges that lay ahead of us, and focus on quantifying the risk in those situations to guide the decision. And it’s been a fairly effective model for me. It helps to remove any unknown bias, and any emotion I may unintentionally bring to a situation. It also distills down and increases the likelihood of making good evidence-based decisions in the future.
Gamble: What made you interested in pursuing the CIO role at St. Luke’s?
Stephan: It’s interesting. I loved my role as CISO at St. Luke’s. I remember talking to my wife one night about an associate CIO position that had just been created. The CIO at the time approached me and asked if I’d be interested in applying. My first response was, ‘I don’t think so. I really like what I’m doing. I love the team that I’m working with, and the results we’re seeing.’ During the course of that conversation, I realized I was approaching this opportunity differently than I’d approached every other previous opportunity in my career, which was to pursue opportunities when they presented themselves to gain the learning and expertise.
“I challenged myself and pursued it”
In some cases, that meant interviewing for a role and not being selected, but still gaining experience. And so I thought, if I don’t pursue this, I’m going to wake up 10 years from now and wonder what if, and I didn’t want to have that experience. I also realized that there was an element of self-preservation that was guiding my decision to not consider it initially.
At St. Luke’s, I was viewed as the cyber guy; I could be in any room of the hospital, and I felt that I knew as much, if not more, about cybersecurity than anyone else at the table. When that’s the case, you can get a little complacent; it’s a comfortable feeling that doesn’t really promote growth. I realized that in this new role, it would be just the opposite. I would be in a lot of meetings where I would know the least of anybody in that room about what was being discussed. So I challenged myself and pursued it. And, as they say, the rest is history. The things I’ve learned in the past 3 or 4 years, and the growth I’ve experienced, wouldn’t have happened otherwise. So it was absolutely it was the right choice.
Gamble: With a move like that, I can imagine there’s a learning curve. How did you approach that?
Stephan: I was incredibly vulnerable and curious. I have, and continue to cultivate, a group of internal peer mentors — people who will tell me what I need to hear, not what I want to hear, and give me unfettered feedback and perspective. I also sought external support. I’ve done a couple of different types of executive coaching engagements. Over time, I’ve tried to grow a network of a fellow CEOs.
One of the most rewarding aspects of the role is the connections you make — when it’s not about ego or trying to demonstrate how smart you are or what a good CIO you are. It’s about recognizing that I have blind spots and weaknesses. I want to do the very best I can for the organization. And I know that I cannot do that unless I have people who are willing to invest time in me and tell me where I might be missing things, or where I might be misstepping or misspeaking. That’s a pattern I don’t think I’ll ever lose through the rest of my career.
I found that it’s a proactive effort. I can’t just sit back and wait for others to come to me and say, ‘Hey Reed, I know you meant well, I’m just really worried about what I heard you say in this meeting or what I read.’ Very seldom do people come forward like that with unsolicited coaching or feedback, but if you’re willing to reach out and to verbalize your desire to grow and improve and be better, people are incredibly gracious and forthcoming with that feedback. And it’s invaluable.
Gamble: I agree. The last area I wanted to touch on is the CIO role, which we know has evolved a lot in the past year or so. Looking forward, what do you think are the qualities CIOs will need to have?
Stephan: That’s a great question, and it’s one I wrestle with daily and have a lot of conversations about with others. When I was just out of school, I worked as a systems engineer. There was a gentleman teaching a course on Microsoft solutions, and he made a comment about the CIO role. He said, ‘you know what CIO stands for, right?’ And we said, ‘yeah, chief information officer.’ And was like, ‘nope. It stands for career is over. Because once you get in that role, it’s about a three-year life expectancy, and you’re going to get fired because it’s just such a dynamic, ever-changing role. And it’s hard.’ That story has stuck with me.
When I think about the CIO role, the ‘I’ can stand for a lot of different things. I could stand for information. It could stand for innovation. It could stand for integrity. There’s a lot that goes into this role.
“It’s more than running the technology”
I view St Luke’s as a technology company that happens to deliver healthcare. That’s how ubiquitous technology is, and how intertwined it is with just about everything we do. And so, as I envision the role going forward, there has to be an inexhaustible supply of curiosity. There has to be a willingness to bring forward and take on new ideas and business capabilities, and provide oversight and leadership. There has to be a willingness to embark in efforts that traditionally have not been considered part of the core IT competency.
It’s much more than just running the technology day-to-day that serves the needs of the organization. It’s being a trusted thought leader and a trusted executive partner to help drive the overall effectiveness of business operations. And that can take on a variety of, of aspects. In my role, there are times when I feel like I’m part of the legal team. There are times when I feel like I’m part of marketing, or finance, or clinical operations. This department has such a broad impact on the organization. And so, by extension, I think the leader of a department like that has to be willing to wear a variety of hats, and to interchange them in a very agile and dynamic way.