As the role of the Chief Technology Officer becomes increasingly strategic, the skillset needed to succeed has evolved significantly. But the most important aspect of the position has nothing to do with technology, according to Chris Carmody.
“You have to be able to listen,” he said during a recent interview with Kate Gamble, Managing Editor and Director of Social Media. “Shut your mouth and let your stakeholders tell you, ‘here’s where we can get better,’ and ‘here’s where we need help.’” It’s a philosophy that has served Carmody well at UPMC, where he has held various IT roles for the past 25 years.
During the discussion, he talked about his most pressing objectives, one being the effort to migrate analytics to the cloud, which he believes will help “create a new data layer to apply our current tools and technologies,” and provide the scale needed to fully leverage tools like predictive modeling to improve care. Carmody also discussed the importance of being “tied to the hip” with key leaders such as the CISO and chief data and analytics officer; the “rigid” policy to help protect against third-party breaches; and why he has stayed in healthcare.
LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE.
- On the CTO role: “You have to be able to juggle many balls in the air, and at the same time be available and be the person who can do the blocking and tackling so that leaders and teams can do their jobs most effectively.”
- On engaging with clinical, operational, and executive leadership: “You have all these great inputs and I think that makes us successful. I think it helps minimize and mitigate our risks because we’re not making decisions just for IT sake, we’re making decision that are best for our patients, for our health plan members, for our users, our clinicians, and staff across the many different business units of UPMC.
- On migrating analytics to the cloud: “We’re moving to cloud-based technology to really help us scale and grow and really accelerate those insights and place them back at the point of care where clinicians can take action on them.
- On third-party risk management: “Third-party breaches are very high up on the list for healthcare organizations because we do rely upon other companies and technologies to help deliver patient care or support our operations so it’s very important that we stay on top of that and establish the right partnerships.
- On healthcare’s bright future: “We’re transforming healthcare into a more consumer-centric service industry to give consumers options about how, when, and most interestingly, where they received their care. It couldn’t be done without technology.”
Q&A with Chris Carmody, SVP & CTO, UPMC
Gamble: Hi Chris, thanks so much for putting aside some time to speak. I look forward to talking about your role at UPMC and what you’re doing. You’re the CTO, correct?
Carmody: Yes. I’m CTO for all of UPMC and responsible for a pretty large component of the IT organization. Obviously, your traditional CTO role is usually responsible for the infrastructure and the architecture teams which I am, but my scope of responsibilities also includes cybersecurity, about four of our nine current EHRs in all the hospital regions and outpatient and ambulatory sites domestically, the corporate applications like the HR systems, finance, supply chain, interoperability solutions — for which we use DBMotion to connect all those disparate clinical and ancillary systems, along with our enterprise project management office, help desk, and PC support. All those different functions report up through me. It’s a vast array of groups. No two days are alike.
Blocking and tackling
Gamble: I’m sure. It seems like the CTO role today is very different from what it was even just a few years ago, and it’s probably not the same from one organization to the next. For you, how do you approach having so many things that fall under your purview?
Carmody: I have a great leadership team that’s well seasoned. At this point, I actually have 15 direct reports. Many are vice presidents that lean toward different areas, like our Chief Security Information Officer. I work very closely with them and stay engaged bouncing around doing proactive planning, strategy, and vision, while also dealing with issues on the ground. You have to be able to juggle many balls in the air, and at the same time be available and be the person who can do the blocking and tackling so that my leaders and my teams can do their jobs most effectively.
That’s my role. Again, the fun part is doing the vision and strategy and looking at which new technologies can be used, especially at an organization like UPMC where size and scale is usually the determining factor in terms of what will work and what will not. Oftentimes that’s the challenge we have with different technologies. We definitely exceed a lot of upper limits of capabilities for different tools.
Gamble: So there’s a balance there. You have to do that blocking and tackling, but also focus on the strategy and vision. I think that really speaks to how roles like the CTO are evolving.
Carmody: Absolutely. If you look back 20 years at information technology and the CTO role, it was a separate function. One of the best parts of being in this role today is the engagement with clinical leadership, operational leadership, executive leadership, and our board. You have all these great inputs and I think that makes us successful. I think it helps minimize and mitigate our risks because we’re not making decisions just for IT sake, we’re making decision that are best for our patients, for our health plan members, for our users, our clinicians, and staff across the many different business units of UPMC.
To me, that makes our job better by having input and involvement and being able to collaborate and share ideas and thoughts. I think it truly makes a difference and positions us in a way that we might not have been in 15 or 20 years ago.
Gamble: You have UPMC Enterprise as part of the organization. What has it been like from your perspective having that innovation arm?
Carmody: They do great work there and we work very collaboratively together. The best part is that we have a lot of standards, best practices, and a cybersecurity presence. That’s part of the value that UPMC Enterprise brings to the technologies that they’re developing and investing in — to really raise the bar, because they understand how things work at UPMC and what’s really acceptable.
To my point before about being able to scale to our size, it’s a great partnership to help vet these different technologies or improve upon those technologies, whether we develop the things in-house or it’s something that invest in and help make better.
That’s the way I kind of look at it. We do a lot of collaboration. We just had a great meeting around the ways we can leverage analytics back and forth with the products they’re developing and the things we’re doing from a clinical and operational perspective.
Driven by clinicians, not IT
Gamble: That’s a really interesting area. Can you talk a bit more about what the strategy is as far as leveraging these analytics and being able to put them into practice?
Carmody: The great thing is that it’s a real-life example of a partnership where it’s not being driven by IT; it’s being driven by our clinicians. I work very closely with Dr. Oscar Marroquin. He’s a cardiologist by trade and is the Chief Data and Analytics Officer for all of UPMC. We’ve been working together for the last 5 or 6 years and have really pushed our analytics capabilities around improving how we deliver care across all of UPMC.
We’ve taken a lot of the work that his data scientists have built in terms of the specific algorithms at UPMC — these are the best practices that have been identified. We’re leveraging the data and leveraging the input of clinicians and are able to distribute that knowledge and those insights at different points of care. For example, anyone who comes to a UPMC facility and is scheduled for surgical procedure is run through our predictive models that Oscar’s team has built based upon years of data to help identify patients who might be more at risk for adverse outcomes.
It could be something as simple as, ‘this person is a smoker. Let’s engage with that patient before they come in and see if we can help them stop smoking.’ That’s a simplified view from a technical perspective. Oscar has many different examples where that type of engagement can truly make a difference in the outcome.
Changing the care pathway
On the flipside, in terms of discharging patients, readmission rates are really important because, as a health system, we want to send patients home in a position where they’re going to continue their journey to recovery and hopefully back to full health — or at least, better health than when they came to a UPMC facility. We’re looking at leveraging our predictive models for patients who are at risk and changing the care pathway for them as well as improving engagement from a post-acute perspective.
We give them the right information. We have the right level of engagement. We’re checking in with them, and we’ve seen a tremendous improvement over the last number of years using these models and these analytics to reduce that readmission rate. What we’re doing right now with analytics is at the technology level, we’re re-platforming. We have an on-prem environment today. We’re moving to cloud-based technology to really help us scale and grow and really accelerate those insights and place them back at the point of care where clinicians can take action on them. It’s really an augmentation of that care delivery and great input for clinicians to improve outcomes for the patients we’re caring for at UPMC facilities.
Creating “a new data layer”
Gamble: This really goes across so many different aspects of care. Where are you now in that cloud journey?
Carmody: We’ve been in the cloud for almost a decade. This is specific to analytics. What happened was, we saw the opportunity. We were bouncing up against boundaries in the physical on-prem environment where it no longer made sense from a financial perspective.
Most of the AI and ML tools are being developed based upon cloud. I think we’re in a great position to create a new data layer to apply our current tools and technologies — that UPMC DNA, all those algorithms that our data scientists, researchers and clinicians have developed and refined over the last few years — and building upon that with the size and scale that the cloud affords us. We’re so excited about that.
We actually just flipped the switch and went live with one of our environments. We’re starting to migrate data to different jobs and algorithms that will enable us to continually make that transition and leverage the cloud for what it’s really designed and built for, which is that growth and scale so that we can get more closer to providing real insights in real time at the point of care.
Gamble: That’s really the overarching goal, right?
Carmody: Absolutely. If you’re a patient coming in, whether it’s in the emergency department or ICU, time is of the essence. We want to be able to deliver those insights for different scenarios as close to real-time as possible. We know there’s some processing that takes place, and that’s something that we’ll continually refine and get better at. But that’s really the goal and the vision. Our entire purpose for making these investments and working with data and technology and leveraging analytics is to improve the outcomes of our patients. That’s what it’s all about.
CISO John Houston – “We’re tied at the hip”
Gamble: And along those lines, you work pretty closely with the CISO of UPMC?
Carmody: Yes, the CISO reports to me. His name is John Houston. We’re pretty much tied at the hip, whether it’s the day-to-day cybersecurity issues that we deal with or taking a step back and doing the planning. We take a risk based approach to where we make our investments to best mitigate that risk across UPMC. Sometimes it means investing more in people or providing more training for our team and staff. Sometimes it means investing in new technologies to help mitigate risks or give us better insights in terms of what’s happening in our environment so we can take those appropriate actions. And other times, it’s the process side.
Being “rigid” with third-party solutions
We’re very rigid when new technologies are being introduced to go through an architectural review. Before we sign a contract with the vendor, we want to know how it plugs into our ecosystem of technology so that we have a good sense of how they address cybersecurity.
One of the big checkboxes that we look for is whether they are HITRUST Certified or if they have NIST or another certification that shows some demonstration of caring about the security and design of their product. We also do a security review of all the products and services that we leverage from third parties. That is done annually at a minimum, in addition to all of the other steps we take to assess and evaluate our environment as an ongoing effort. That’s why it’s a never-ending journey. We’re always looking for ways to improve upon that and to become more efficient and more effective at leveraging the resources that we do have.
Gamble: You touched on something that comes up a lot in our discussions, which is third party risk management. It seems to be gaining more traction now as people realize how important it is, especially with how many third-party solutions are out there.
Carmody: Third-party breaches are very high up on the list for healthcare organizations because we do rely upon other companies and technologies to help deliver patient care or support our operations, and so, it’s very important that we stay on top of that and establish the right partnerships. That’s why we’re always looking at what those third parties are doing and how they’re protecting data — whether it’s UPMC data, patient data or health plan member data — and ensure that they’re taking the right steps.
We like to be ahead of that when we engage with a new vendor. We want to make sure they subscribe to a framework, how they’re configured, and what type of technologies construct the solution or service that they’re providing to UPMC. And we have to continually monitor them throughout the life of that agreement, along with the work that they do.
It’s definitely a challenge. It’s definitely front of mind for us and we’re always looking for different ways, whether it’s partnering with the third parties or putting the right controls and safeguards around how we leverage those third parties to best protect the data that they may have access to or that we may be sharing in the ways that they’re servicing UPMC.
“Technology is the easy part”
Gamble: It seems like a lot of your role comes down to managing relationships and communicating. Is that a skill you’ve been able to hone during your time with UPMC?
Carmody: Absolutely. People think of the CTO role as being all about technology, but it’s really not. Technology is the easy part. It’s the relationships with the people, not just your customers and stakeholders, but your teams. I find myself spending a lot of my time honing those skills for myself and my team to make sure we’re communicating well and that we’re applying our critical thinking to problem solve, engage, and take proactive steps. We’re all in this together. We’re working and moving forward as teams.
That’s so critical. One thing I’ve learned over my almost 25 years at UPMC is that probably the best skill set that you could have in this role is to be able to listen. I know I’m doing a lot of talking right now, but it’s important to shut your mouth and let your stakeholders, your customers, and your teams — your staff and your leaders — tell you, ‘Here’s where we think we can get better. Here’s where we need help. Here’s where we need resources.’ I always try to put myself in a position where I can listen to them.
“It’s a team effort”
It gets back to what I mentioned before about blocking and tackling. I need to respond and help them by doing those types of things, whether it’s obtaining more support financially from a resource perspective or making a decision on a technology. All of that is important in this role. And it’s not just me; it’s a team effort to be in healthcare these days and deliver technology services and solutions to a very big organization. Obviously, we can’t do it alone. That’s the great part of my job — the people I get to work with. They’re so talented. Their expertise is so valuable to putting us in a position to be successful.
Gamble: You just mentioned being there almost 25 years. I don’t have to tell you that’s rare in healthcare. What has made you want to stay with the organization?
Carmody: I think we’re in a unique position. Being a technologist in healthcare, I know that anyone who has a technology skill set can go work in any other industry and probably make a lot more money. But I think there’s a true sense of giving back and being part of helping people at their most vulnerable state. When they come to one of our hospitals — and we’re all going to experience this, if you haven’t already, of having a family member or a friend that is sick and has to seek treatment — it’s scary. It’s overwhelming. It’s daunting. It’s stressful.
From a technologist’s perspective, to be able to help ease that and make it better, and to help use technology to drive better outcomes for the patients and the communities that we serve — to me, it’s a greater sense of calling from a career perspective. I think that’s why a lot of us stay in healthcare for our entire careers. Because, again, there’s a tremendous amount of value in contributing our talent and skills to help a fellow Pittsburgher, western Pennsylvanian or Pennsylvanian, overcome their illness at UPMC. That’s really the driver for me.
As the technologist, though, the great part about healthcare is the changing dynamics of technology adoption. If you think about it, 20 years ago a lot of healthcare systems in the US were still using paper to deliver care. It’s amazing how much we’ve advanced in the last 20 years. I see such a bright future because of things like advanced analytics with machine learning and artificial intelligence — all the automation and the improvements we can make to change that trajectory of how healthcare is delivered in a very positive way, whether it’s more efficient or effective. To me, that’s the exciting part. That’s what keeps me motivated and moving forward. Like I said before, I don’t think I’ve ever had two days alike over the last 25 years, which to me is a great thing. It’s fun. From a planning, strategic, and vision perspective, or in terms of fighting fires, which we do a lot in IT.
Gamble: Everything you’re saying about digital transformation perspective—that’s so exciting. I can see why you want to be part of that.
Carmody: The transformational part of healthcare today is the decentralization of care. We’ve been so used to going into a hospital or going into a doctor’s office; Covid really helped accelerate the use of telemedicine. Even though we had been doing telemedicine for years or decades, that really helped adoption and made patients and health plan members feel more comfortable receiving care that way.
It’s about leveraging technology — the whole IoT concept of wearables and sensors and high-definition video. With the advent of 5G becoming more and more available to different communities, we’re transforming healthcare into a more consumer-centric service industry to give those consumers options about how, when, and most interestingly, where they receive care. It couldn’t be done without technology. There’s a lot of growth there. I think there’s a lot of transformation that’s going to happen, and I look forward to being part of that into the future.