healthsystemCIO.com Anthony Guerra

“Sometimes as technologists, we overplay the technology aspect.”

In today’s digitally driven world, one might think that statement was made in jest. But Michael Carr, CIO at Health First, is completely serious. During a recent conversation about his team’s core objectives at Health First – which include an Epic migration and planning new construction – he talked about the approach they’ve adopted and why he thinks it’s the best course.

“We wanted to find the right balance between cutting edge and fit for purpose,” he said, which means holding off on some promising solutions. “We’re trying to be budget-conscious while also offering a great experience.” The key, Carr noted, is being careful “not to overload it with technology.”

It’s a bold stance, but one that has served him well, both at Health First (where he became CIO in 2023 after spending three years as CTO/CISO), and in his prior experiences with Legacy Health and Providence Health. Throughout his career, his passion has been to help deliver the best possible tools and services, and doing so in a way that “really helps our clinicians do the right thing and is not a barrier.”

During the interview, Carr talked about how his team is able to achieve that balance while also striving to become a high-reliability organization; why it’s so important that initiatives are led primarily by clinicians rather than IT; the key difference between CIOs and CTOs; and the valuable lessons he learned while serving in the US Army.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Bold Statements

‘Who’s going to make decisions for this workflow, this application, this position?’ We spent a lot of time thinking through who needs to be involved in those decisions, because we wanted those decisions to be made close to the work as possible

 ‘You’re the experts. You should be the ones to decide what the workflow looks like in the ED or in the OR.’ A lot of work has gone into the governance.

On the technology side, we’re looking at how do we modernize without having to get too creative? What is it going to look like when we have Epic there? What is it going to look like from the perspective of workflow and patient experience?

We want to find that right blend between cutting edge and fit for purpose. We want to be practical. We want it to be a great experience. Sometimes, I think as technologists, we overplay the technology aspect of that.

The realization was, we can do a lot. We can improve the experience for our patients and our members. We can provide better care. We can get in front of some of the things that tend to be dissatisfiers for patients or lead to poor outcomes.

My passion has always been around tools and services and creating an experience that helps our clinicians do the right thing and is not a barrier.

 

Q&A with Michael Carr, VP & CIO, Health First

Gamble:  Why don’t you give kind of a high-level overview of Health First — what you guys have in terms of hospitals, where you’re located, things like that?

Carr:  Sure. Health First is an integrated delivery network located in the space coast of Florida. We’re about an hour east of Orlando and primarily Brevard County. We have four hospitals. We have a 500-member physician group, and we have a health plan with a little more than 80,000 members. It’s starting to grow, not just in Brevard, but across central Florida and across the state.

 

Gamble:  Being located where you are, do you get a pretty decent seasonal population, or has it evened out somewhat?

In this interview with healthsystemCIO’s Anthony Guerra, Bob Schlofelt, Executive Director and CISO at Valleywise Health, discusses:



* His experience in multiple industries;

* Why healthcare is up there with the most difficult industries to be a CISO (hint: because every doctor is another boss);

* Why the fact that many health system physicians are not employees makes IAM challenging;

* Keys to successful BCP (hint: practice, practice, practice);

* Thoughts on the merits of different CISO reporting setups;

* Keys to a great first 100-days plan for CISOs starting new positions;

* How to handle risk acceptance by business units (hint: document it)





LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Anthony: Welcome to healthsystemCIO’s interview with Bob Schlofelt, Executive Director and CISO at Valleywise Health. I’m Anthony Guerra, Founder and Editor-in-Chief. Bob, thanks for joining me.

Bob: Thank you, Anthony. Appreciate the opportunity to talk to you.

Anthony: Awesome, Bob. Let’s start off with you telling me a little bit about your organization and your role.

Bob: I’m with Valleywise Health. We are a health system in Phoenix and the county hospital for Maricopa County. We used to be part of the county government, we sort of are now. We do get some of our revenue from county property taxes.

We are also what’s called the safety net hospital for the county. In the event there’s any kind of disaster, we get called up first. We’re also the POTUS hospital for Arizona. If the President or VPOTUS comes to town, they don’t necessarily stop by but if there’s an event we’re their first stop.

Anthony: I didn’t know that. Is there a designated hospital in every city?

Bob: It depends on the President and the Secret Service. There was one time last year when POTUS came to town and one of our other hospitals in the area was called upon because he was going to be visiting there anyway, it made sense for them to just do that. Myself and/or the CIO will get a call from Secret Service or advance team asking “are you guys ready, anything we need to know about, anything going on?”

When the VPOTUS came to town we had just moved into the new hospital so it’s kind of a showcase. It’s all brand new. That was one of the reasons we were picked again. Usually they’ll pick a government related facility, not just a private facility. Being a safety net hospital is just that, we’re the county entity for Maricopa County, the largest county, population wise, in the state.

Anthony: Very good. I know that you have spent the majority of your career outside of healthcare, correct? But in security?

Bob: I’ve been in and out. I’ve was in healthcare once before with St. Joseph Health in California. I was a Regional Security Officer, and I covered Texas and New Mexico.  I was also with BASE, a life sciences company that made heart valves and then I came to Valleywise, a true health system.

Anthony: With that experience, do you have any thoughts in terms of what you see inside healthcare versus outside when it comes to cybersecurity, either a commitment to, a percentage of spend or even risk profile?

Bob: I think the risk profile is the same regardless of the industry. Because we’re a county hospital system, we are a target. If you think about the bad guys who try to get data, then try to get money. We have a lot of data. If you think about your medical record outside what your accountant or tax preparer h...

The level of innovation happening in healthcare is off the charts. Digital tools are being leveraged to transform the way care is delivered and increase efficiencies — that is, when it’s done right.

Unfortunately, that’s not always the case. As the pressure to advance is ratcheted up, solutions are increasingly being developed without input from those in the trenches, and as a result, often stumble out of the gate.

University of Utah Health aims to change that with the Digital Health Initiative, which was established in 2022 to “cultivate a thriving research community” and provide the guidance needed to “get transformative tools to the bedside and do it in a scalable way,” according to Victoria Tiase, who serves as Director of Strategic Development. The differentiator for DHI — and a significant selling point in her decision to move from New York to Utah to help lead it — is involvement from nursing leaders.

Nurses “are in the room having conversations with patients and families,” she said during a recent interview with Kate Gamble. “Can you imagine capturing all of that data and being able to very quickly understand the needs when a patient is discharged and getting all the appropriation done in advance? There are huge efficiencies that could be gained there.”

At Utah Health, harnessing those efficiencies is a core objective, according to Tiase. During the discussion, she spoke about how the organization strives to foster innovation and help guide ideas to fruition by providing “digital health domain expertise.” She also talked about the tremendous value nurses bring to the leadership table; the catch-22 when it comes to innovation and burnout; her participation in the Future of Nursing 2030 initiative; and her message to vendors.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Bold Statements

The fact that we are not always including clinicians is a problem. Researchers are designing these tools without the bedside folks, patients and clinicians, and then asking them to try them. And they might provide very valuable feedback that might not go anywhere.

We had a couple of listening sessions last year and we thought, let’s bring that in-house and let’s stand up a software development core and see if that might help if we put money and resources behind it; that way, it can serve as a resource for digital health researchers.

‘For any of you in the audience who are looking to fund a project or create some sort of tool, it’s all on the care coordination space. We still don’t have good tools for that. If you can figure out how to do that and consult with nurses on the best ways to do it, that would be a huge win.’

The way we fix the documentation burnout and burden is by having tools that can help support nurses and create efficiencies. The hard part is that we don’t have time right now for them to provide input. It’s a really tricky balance.

Nurses are in the room with patients and families way more than physicians. They’re having conversations with patients and families. Can you imagine capturing all of that data and being able to very quickly understand the needs for when the patient is discharged and getting all the appropriation done in advance?

 

Q&A with Victoria Tiase, Strategic Director, Digital Health & Assistant Professor of Biomedical Informatics, University of Utah

Gamble:  Hi Vicky, thanks so much for joining me. It’s been a while since we last spoke. So, you started with University of Utah in June of 2022.

It sounds simple and it makes sense – to ease the burden on clinicians that comes with logging into multiple systems, and thus improve patient safety, all data should reside in one place. When it comes to imaging, that means all images, regardless of how they were created or where they are currently housed (think PACS), should either come into the EHR or be easily accessible via it. What’s more, to further facilitate workflow, all images should reside in one PACS. But, for a number of practical reasons, pursuing such a strategy can’t be followed at all costs. That’s because images, unlike a lot of other clinical data, are massive and, thus, large numbers of them don’t lend themselves to easy migration (as one might want to do if sunsetting one PACS in order to reduce vendor sprawl). In this interview with healthsystemCIO Founder & Editor-in-Chief Anthony Guerra, Tampa General Hospital’s Senior Director of IT Enterprise Imaging Steven Johnson & Director of IT & Clinical Ancillary Systems Matthew Butler, discuss the challenges and tradeoffs that come with moving a health system in an enterprise imaging direction.



LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Bold Statements

… there’s a lot of consolidation, and what happens is you have these leftover systems and, if you took a look at your stack – your information stack, the technology that you have – and you wanted to standardize on one system, it becomes a very complex problem. Oftentimes, it’s financially driven, because to get off all of your helper systems and disparate systems, there’s a lot of dollars that follow that to migrate and standardize.

There’s a world outside of radiology that we have to be in tune to as imaging experts.

We’re on site every single day. We have a physical presence in the office. I know that not every organization is like that, based on size, but I do think that’s one thing that might set us apart, that the industry might need to key in on for future success.

Anthony: Welcome to healthsystemCIO’s interview with Steve Johnson, Senior Director of IT Enterprise Imaging with Tampa General Hospital and Matthew Butler, Director of IT & Clinical Ancillary Systems, also with Tampa General. I’m Anthony Guerra, Founder and Editor-in-Chief. Steve and Matt, thanks for joining me.

Steve: Thanks for having us, Anthony.

Anthony: All right. Great.

Matthew: Thanks for having us.

Anthony: Awesome. Thank you. Steve, let’s start with you. You want to tell me a little bit about your organization and your role.

Steve: We work for Tampa General Hospital. We are an academic medical health system located in Florida. We’re currently in expansion mode. Matt and I’s roles are over Enterprise Imaging for the health system. Our scope is radiology, imaging, Enterprise imaging, anything that has imaging in it touches our scope.

Anthony: Very good. Matt, a little bit about your role.

Matthew: Yes, absolutely. Pretty similar to Steve. We are somewhat of a pair, if you will. Steve and I worked together for a long time and basically, Steve pretty much summed it up. One thing he missed on was inpatient, outpatient, whatever it is imaging wise, that’s really our realm. We are traditional IT guys at our core, your typical server stuff, things like that, we have background in that. We came up doing all those kinds of things, supporting those things.

But as the industry has grown and progressed, acquisitions and things like that,

It makes perfect sense – study what your adversaries are doing and plan your defenses accordingly. If they’re coming in the windows every time, perhaps you don’t need to keep adding locks to the door. And studies have been done in healthcare showing there is a typical attack profile that often entails moving from a beachhead attained via some sort of social engineering or phish to finding an admin account in order to obtain domain dominance, before ultimately encrypting files, exfiltrating data and deploying ransomware. And one of the dynamics that allows for such escalation is when administrators are doing both privileged and run-of-the-mill productivity work (think email) from the same workstation. To help combat this, Intermountain Health VP/CISO Erik Decker & Director of Endpoint Data & Application Security Shawn Anderson are working to implement a new construct of Microsoft’s Active Directory that will make such a push to domain dominance more time consuming and expensive for the bad guys, rendering it less attractive. In this interview with healthsystemCIO Founder & Editor-in-Chief Anthony Guerra, Decker and Anderson discuss why such a change can be beneficial, who it’s right for, and what it entails.



LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Bold Statements

… when you’re doing the management of the IT work from the same place that you do the management of your productivity, your email, you just opened up the door to where those bad actors can operate.

The game that we’re playing – and it’s a horrible game – is we want to break the methods that the bad actors are using at scale. If you break the method, then they have to deploy and invest a lot more in order to do what they’re going to do, which they still might do. Don’t get me wrong. It’s not a panacea. But you are making it more expensive for them to do what they’re trying to do, which is absolutely what we’re trying to do.

… you have to start changing the way you think about this from a perimeter mindset, from a network mindset, from a “trusted user mindset,” and just assume that something bad is happening.

Anthony: Welcome to healthsystemCIO’s interview with Erik Decker, VP and CISO at Intermountain Healthcare, and Shawn Anderson, Director of Endpoint Data and Application Security, also with Intermountain. I’m Anthony Guerra, Founder and Editor-in-Chief. Erik and Shawn, thanks for joining me.

Erik: Thanks for having us, Anthony.

Anthony: All right, very good. Let’s jump right in. Let’s start with the usual. Tell me a little bit about your organization and your role. Erik, let’s start with you.

Erik: Sure. So Intermountain Health, we’re an integrated delivery network located in the Mountain West region in about seven states. Headquartered in Salt Lake City, about 70,000 employees, $16 billion in revenue, 34 hospitals, and a health plan that covers a million lives. That’s what makes up the integrated delivery network. We’ve got a pretty broad expanse. We believe in value-based care as the healthcare model, meaning the best care comes from preventative wellness and so forth. And the whole capitative model around population health and keeping people out of the hospital as much as we possibly can, and of course, when acute and chronic issues arise, caring for those people. That’s pretty much who we are.

I’m the CISO for Intermountain, so I head up our cybersecurity program. I have a great organization, 150 caregivers on my team. Shawn is one of them,

To deliver the kinds of experiences patients expect, a healthcare system must act as just that—a unified system. This ideal system breaks down when patients are asked to re-enter their information with each care encounter or staff lose time dealing with cumbersome and repetitive processes that keep them from practicing at the top of their licenses. IT executives have the power to smooth these points of friction by electively and intentionally applying technology to automate manual processes and ensure information flows wherever it is needed.  In this webinar, we’ll speak to leaders who are focused on making sure that— through a combination of technology and process change— their organizations are moving in the right direction.

Speakers:



* Shafiq Rab, MD, EVP/Chief Digital Officer & System CIO, Tufts Medicine

* John Henderson, VP/CIO, CHOC Children’s

* Grace Nam, Strategic Solutions Manager, Healthcare, Laserfiche