What Does a Healthcare CIO Do?

What should they be doing instead?

Introduction

A healthcare Chief Information Officer, CIO, is a title that requires a plethora of hats to be worn.  He or she has to know the healthcare industry, it’s history so s/he knows why things are the way they are, dozens of disparate technologies, and a myriad of products built on those technologies.  Even worse, s/he has to be able to evaluate architecture, design patterns and workflows.  More about workflows later.  Today we’ll discuss each of these what a CIO does, how they do it and what could be done better.

The Problem

C-Suite leadership in the healthcare industry is woefully inadequate to the task of running Healthcare Information Technology (IT).  Expert level knowledge must be possessed in these fields:

• Hardware
• Software and Architecture
• Networking
• High Availability
• Disaster Recovery
• DevSecOps
• Backup/Recovery and Resiliency
• Packaged Applications
• Running a Development Company
• Running an IT Company

We’ll look at these things in more depth later.  For now, let’s say that Nobody has all the expertise necessary to do this job, so the successful candidate has to also be able to pick worthy minions to suggest solutions and to get the actual work done.  Let’s look at this list and see what each entails.

Hardware

While it is easy enough to call Dell or HP and order a bunch of servers, a CIO should know what each is for, what its capacity is, what its cost is and how long it is viable.  I wager that there aren’t more than a few CIOs that can answer any of these questions.  Worse, many of these companies are using or going to cloud computing.  This requires an additional level of knowledge and the ability to calculate the costs and benefits of having on-premises servers, co-located servers, or cloud based computing. All these things must be balanced and an appropriate decision made.  A picture is worth a thousand words.

Figure 1-Hardware Architecture

Software and Architecture

These are related but not the same so will tackle them separately

Software

Do we write the software, or do we purchase the software?  While nobody ever got fired for choosing IBM, probably a few got fired over choosing Cerner or Epic.  These big packages cost hundreds of millions of dollars to implement, tens or hundreds of thousands of dollars a month to maintain and take months to learn to use.  Alternatively, there are precisely zero CIOs on this planet that can write or even commission an Electronic Medical Record (EMR) or Electronic Health Record (EHR).  Well, maybe there is one, but he is writing this article.   If not Epic and Cerner, then what?  Those aren’t Practice Management Systems (PMs) and can’t do all that needs to be done to run the business of medicine.  The larger the practice, the more it will need a fully-fledged Enterprise Resource Management System (ERP).  So not only does the CIO need expert level EMR/HER experience they need ERP experience.

Architecture

Evaluating software architecture is an art that most developers can’t even do, much less MBA types you will find in the C-Suite.  Epic uses an archaic programming language from the 60s with a built-in key value pair (KVP) database that has been long abandoned in every case save Epic.  Cerner uses every software development language and architecture imaginable, making them both wholly unmaintainable, difficult to write and repair, and close to unusable.  This points to the fact that none of these C-Suite people know the first thing about architecture, or they wouldn’t pick Epic and Cerner.  At Sentia we use a Single Sign On (SSO) and Master Data Management (MDM) approach along with a Backend for Frontend (BFF).  The SSO manages all things authorization and authentication, the MDM houses all enterprise data, like addresses, phone numbers, email people, companies, etc., and the BFF aggregates all the API calls to the SSO, MDM and application API into one cohesive whole.  Again a picture is worth a thousand words.

Figure 2-Application Architecture

Networking

This is another place where you can’t just throw money at a problem.  Do you have multiple sites? Do you need or want a domain controller?  What kind of DNS do you have for resolving names on the network?  Do you join the open-source movement and have everything on a different port?  How do you handle logins?  What kind and how many firewalls do you need, want or have?  How do you handle network security? What about redundancy and fail over and fail back?

High Availability

Something is going to happen to your hardware or software.  There is nothing you can do to stop it.  Drives fail, power supplies fail, networking cards fail, everything can potentially fail.  Even if you had perfect hardware somebody will accidentally unplug the server.  High availability is the art of having redundant servers waiting for this failure.  At Sentia we use a shared storage cluster We have a Storage Area Network (SAN) with two machines that have terabytes of redundant storage.  We keep three copies of each piece of data on each machine.  Should one machine break, we fail over to the other.  If a disk should fail, we have two more copies of the data.  Each server on the network has its own hot standby including domain controllers, email servers, firewalls, application servers (these run in a virtual machine server farm since they can only utilize a few GB each of memory) and database servers.

Disaster Recovery (DR)

Basically, you need a completely separate location with all the same hardware and software present in your primary location.  When disaster strikes, you flip the switch sending all your traffic to the backup location.  This is called failover.  Every company should practice failing over and failing back every year.  The amount of time you run on the DR site is up to you but we generally run a week and then fail back.  This also implies the question of ‘how do you get your data to the DR site?’  Applications should have their configuration copied when the DR setup is completed.  We use log shipping for our SQL Server databases.  

DevSecOps

DevOps is the art of having a repository, and deployment for everything you do, and having all that automated.  The ‘Sec’ in DevSecOps is the art of securing each of the steps in these operations.  If you don’t have a development department, you probably don’t need DevSecOps.  Since every business these days is a software company at some level, you probably will have at least a guy who does some kind of development.  The larger the organization the larger the department.  Do you know at what point you need this department?  

 Backups, Redundancy and Resiliency

We alluded to redundancy earlier.  This is just one part of the whole resiliency equation.  Optum encountered a ransomware attack earlier this year and never recovered.  With the proper backups, this would have been a less-than-one-day outage.  Is YOUR system better than Optum’s?  Mine is.  What happens if someone trips over a power cable on one of your servers or one of your cages?  Is your system ready to fail over to an alternate server or cage or datacenter?  What does your storage solution look like?  Do you have a big NAS or a SAN?  Do you even know what those are?  Are they backed up?  What file system and transfer protocol do they use? Are they redundant?  How many copies of each piece of data do you maintain?

Packaged Applications

We talked about Epic and Cerner previously.  These aren’t the only packages your hospital or practice needs.  What do you buy?  How do you buy it?  What things are most important to you?  Have you looked at the architecture?  Is it on-prem or cloud based?  What are the costs associated with each?  Did you take the word of a salesman on a golf course (or other, unmentionable venues)?

Development Company

At some point you are going to commission a piece of software.  What experience do you have managing a software company?  Even the most rudimentary software is as complex as designing and building a car.  Do you think you could evaluate someone who says he can design and build software (or a car)?  What questions do you ask?  What proof do you require?  Can you design software yourself?  If you can’t, you can’t possibly know what questions to ask.

Running an IT Company

You, Mr./Ms. CIO are running an IT company.  Your clients are all internal but it is an IT company nonetheless.  All of the previous points were leading up to the revelation that you are tasked with doing a job that the other C-Suite people didn’t even know they hired you to do, and you didn’t know it either.  How can you possibly be successful at a job you never even knew you had?  It is like that dream you have where you suddenly realize that you enrolled in a class that you forgot to attend and today is the final exam.

One will notice that what we DID NOT include is being a doctor.  Medical IT is being done incorrectly; I would go so far as to say wrong.  The electronic systems need to get out of the way of the practitioner and let them practice medicine.  This is not the case currently.  Since these systems are coded incorrectly you should have no compunction to learn the wrong way.  Doctors are great at medicine, but not so much at designing electronic systems.  As evidence, we present that we don’t need systems that cater to medical specialties.  We need one medical record, done in a way that it is configurable for specialties and with one code set, like the Unified Medical Language System (UMLS) that encompasses everything that can medically be done to a body and has crosswalks to all the major code sets plus VSAC (look it up) and RxNorm, the definitive list of drugs.  

The Solution

This is probably going to be hard to hear.  Your MBA is utterly worthless.  You need to know the things I have detailed above and, in most cases, you need to know how to do all those things yourself, personally.  The only other recourse you have is to know just enough to hire subordinates in each of these areas you trust to give you good advice, or to have a partner who just takes care of these things for you. Never listen to salesmen.  In fact, cash out your membership to the golf course (and other less savory places).

Partnering

At Sentia we have all the skills mentioned.  Unfortunately, you can’t hire us.  Out products are not ready for your organization and we do things completely differently than anyone you have worked with.  If you ask us, you don’t need an EMR/EHR with specialties.  You need ONE solution that encompasses all the specialties, as described earlier.  We are a cloud-based solution.  We have the redundancies mentioned, the security, the storage and have and do run DevSecOps in our own development and IT companies.  You will have to make your own decisions with respect to whom you partner with.  I am trying to give you the ammunition you need to make good decisions.  I can explain how we solve all the problems mentioned.  That is beyond the scope of this article, however, but all that documentation can be found elsewhere on this platform.

Conclusion

We have described what the Modern Healthcare CIO needs to know to successfully run his or her healthcare company.  We didn’t go over having a game plan with dates and metrics because you already know that.  Our goal was to educate you on the things you don’t know and the things that will cause you to fail.  Sitting in the C-Suite is a big deal.  With this big deal comes amazing responsibility.  One sure way to fail is to have a job you didn’t know you were supposed to be doing.  This is more than controlling costs, or setting milestones, it is quite literally knowing everything that goes into purchasing or building and maintaining your organization’s systems.

Call to Action

We have built a way to cut the cost of health coverage by half or more, mitigating one of the root causes of healthcare failure in the US.  We have built a way to incentivize healthy behaviors and choices, mitigating the other of the root causes of healthcare failure in the US.  With these two things we will be not only the cheapest medicine in the world, but also the best.  We already have the best doctors and the best equipment; we just need to implement the above detailed framework to give them all the tools necessary for success.

We have this system in prototype now, fully functioning.  Contact us here or on our site and we will be happy to provide a demonstration of the fully functional prototype.

If you liked what you read, please like and subscribe, click on the notification icon, subscribe to our newsletter, and follow us on all our social media and blog sites.  

We have built a comprehensive health information system to keep the patient healthy and on the right track with the ability to incentivize healthy living.  Implementing this system should be fairly simple and will completely revolutionize the way healthcare is paid for, saving countless lives.  We have shown a way to use this system to make the best healthcare system in the world also the most efficacious and the most affordable, and a way to move toward value-based care.