Changing Influence of the Healthcare CIO
by Lynn Harold Vogel, Ph.D., LCHIME(1)
Influence Changes Start Early
During the 1970s and early 1980s, decisions about healthcare IT investments were strongly influenced by Directors of Data Processing and subsequently by Chief Information Officers (CIOs).(2) IT investments during that time focused largely on automating clerical processes, e.g., admissions/discharge/transfer tasks, patient billing, general ledger and accounting activities. IT was focused on the “back office” functions, with a main frame computer handling much of the electronic “data processing”. What to purchase and how to use those purchases was generally considered the province of the IT department and the CIO, in consultation with their primarily administrative colleagues.
Advocating for your department, and for what your department does on a daily basis, is an important challenge in any bureaucracy. Therefore, it is understandable that CIOs were (and continue to be) typically outspoken advocates of information technology investments. Heading into the 1980s, when IT adoption in healthcare was in its infancy, the CIO (or Director of Data Processing) was expected—and accepted—as the voice of information technology in the organization. Most early applications resided on a mainframe computer, housed in a dedicated data center, managed by a team that reported to the CIO. As a result, an organization’s investment in IT was the acknowledged domain (and expertise) of the CIO, and there were few roles or spheres of IT influence beyond the purview of the CIO.
Beginning in the 1980s, however, IT investments became increasingly focused on departmental applications running on minicomputers, and the leaders of those departments—starting with clinicians in laboratory, radiology and pharmacy—began to challenge the CIO’s domain. Their acknowledged expertise about the clinical workflows in their departments enabled them to exert increasing influence over the IT investments that were being made to support their activities. New departmentally focused applications increasingly ran in dedicated computer environments that were not mainframe-based. In some cases, dedicated rooms for these new systems were created outside of the mainframe data center, and in many cases, outside the CIO’s scope of responsibility. The CIO’s job became more about how to get the resulting disparate systems to work with each other than about the selection of a specific application or platform.(3)
By the end of the 1990s, IT investments were increasingly accepted as essential to hospital and healthcare operations, and interest in what types of IT investments should be made began to spread widely across the organization, further challenging the CIO’s influence.
In earlier years, contracts for IT investments and IT purchasing in general, were typically managed and negotiated directly by the CIO. However, as IT investments became more extensive—and expensive—healthcare organizations began to rely on procurement specialists whose primary experience was with products such as syringes, gowns, masks, etc. These are, of course, quite different from complex software and hardware acquisitions. However, by shifting control of the decision processes to professional procurement officers, organizations hoped to minimize potentially fraudulent decision-making and subject IT decisions to proscribed procurement processes and procedures.
The creation of the HL7 protocol in 1989 represented a milestone in the challenge of getting many different systems, some selected and managed outside of the IT department, to work in a more integrated fashion.
Therefore, fundamental changes were taking place not only on who was influencing the content of the IT investments (e.g., clinicians), but also on who was managing the processes of these investments (e.g., procurement specialists). The combination of clinicians focusing on the content of IT applications and procurement specialists focusing on selection processes created significant challenges for CIOs.
1 Dr Vogel is a former Board Member and Chair, College of Information Management Executives (CHIME), Founding Member, Huntzinger Advisors, Huntzinger Management Group, and author, Who Knew? Inside the Complexity of American Health Care, Taylor&Francis, 2019.
2 One of the first uses of the term “Chief Information Officer” can be found in Synnott W.R. and Gruber W.H., Information Resource Management: Opportunities and Strategies for the 1980s. New York: Wiley-Interscience (1981). The CIO role in Healthcare became prominent starting in the late 1980s and early 1990s.
3 The creation of the HL7 protocol in 1989 represented a milestone in the challenge of getting many different systems, some selected and managed outside of the IT department, to work in a more integrated fashion.
Challenges for the CIO in the C-Suite
Although the CIO may nominally be considered a member of the “C-Suite” (along with the COO, CFO, CNO, etc.), and CIOs have sought to be viewed as a peer of other C suite members, the CIO’s reporting relationship is typically at least one level down from other C-Suite members. CIOs often report to the COO or the CFO, not the CEO, as other “C Suite” members—an unusual circumstance in which one member of the C Suite reports to another. This reporting relationship weakens the influence of the CIO in decisions related to the organization’s business, including IT investments.
Over the past decade, healthcare organizations’ investments in information technology have been increasing, by some accounts rising more quickly than overall revenues. Some healthcare CIOs have been hopeful that by striving to be a CEO or a COO, they can have more impact on the development of an organization’s IT strategy. But with few exceptions, there has been little success with this path.
Shifts in Influence Accelerate
The influence of the CIO role in healthcare continued to change with the introduction of electronic medical records (EMRs) in the 1990s. EMRs spurred a significant broadening of stakeholders with interests not only in what IT investments were being selected, but in how they were being implemented and managed. Interest in EMRs spread throughout the healthcare organization, reaching into every aspect of administration and clinical care. The expectation became that any point at which a clinician interacted with a patient would be captured and stored in the EMR.
As users of IT were becoming more sophisticated about IT, the domain expertise that the CIO had enjoyed earlier was being challenged by both administrators and clinicians. Computing power was rapidly moving from mainframes to file servers, desktops and, with the advent of the 2000s, mobile devices and smart phones. With the proliferation of computing capabilities outside the traditional data center, CIOs were increasingly challenged to provide a network infrastructure that would enable these disparate platforms and applications to capture, send, receive and more generally to share data. The “Chief Information Officer” was becoming more of a “Chief Infrastructure Officer”.
Formal Certifications Recognize Broader and Deeper IT Expertise
The continuing development of both broader and deeper IT expertise across the enterprise saw another major step with the introduction of Chief Medical Informatics Officers (CMIO) and Chief Nursing informatics Officers (CNIO). As early as 1992, the American Nursing Association recognized Informatics as a subspeciality with board certification. In 2010, The American Board of Medical Specialties approved Clinical Informatics as a subspeciality for diplomates of all 24 Member Boards. Starting in 2013, board certifications in clinical informatics were offered by the American Board of Preventive Medicine and the American Board of Pathology. To date, more than 2,000 physicians have achieved a certification in clinical informatics(4), and overall, there are now an estimated 20,000 nurse informaticists and close to 12,000 CMIOs.(5,6)
On the non-clinical side, in 2008 the College of Health Information Management Executives (CHIME) developed a certification program leading to the Certified Healthcare Chief Information Officer (CHCIO).(7) To date over 700 CIOs have qualified. In November 2019, The American Medical Informatics Association (AMIA) introduced a new program leading to the AMIA Health Informatics Certification (AHIC) designed to provide an informatics certification pathway to a broad range of professionals, many of whom do not have clinical training.(8)
With healthcare IT investments continuing to increase year over year, increasingly touching every aspect of the healthcare organization, the one group that seems least prepared to participate productively are administrative leaders. Master of Health Administration (MHA) degree programs, which are relatively common among healthcare CEOs, typically offer little more than a semester course or “project experience” in information technology. Similarly, the American College of Healthcare Executives (ACHE), the predominant professional association for healthcare executives, doesn’t offer information technology as a significant component in their educational programs. Masters of Business Administration (MBA) degrees are also a frequent degree for CEOs and COOs (and CIOs), but few of these programs prepare their students for the complexities of IT investment decisions, particularly in healthcare. Yet CEOs and COOs operate at the highest administrative level of the healthcare organization and are the formal (and often “final”) decision makers with regard to IT investments.
Physician training faces similar challenges. There is so much medical content that needs to be included in the few short years of medical school, that physicians learn about IT capabilities (and risks) largely through OJT—On the Job Training. But it must also be acknowledged that an increasing number of physicians (and administrators) educated over the past decade or two have grown up using computers (including desktops, laptops and now smart phones) as an accepted and essential part of their lives.
4 Lehmann, et. Al., “Five Years of Clinical Informatics Board Certification for Physicians in the United States of America” Lehmann, et al., IMIA Yearbook of Medical Informatics 2018, pp 237-242.
IT Strategy: a Competition for Resources
As IT investment operating and capital expenditures increased, C-Suite executives (and often the Board) increasingly worried that there would be no end to the expectations of clinicians, administrators (and the CIO!) as to how much needed to be spent and in what time frame. Initial investments typically led to more expense for maintenance, upgrades, and “new and better” applications, and C-Suite executives jockeyed to influence what and how to spend.
In these types of discussions, the CIO has been at a disadvantage. C-Suite executives (with the exception of the CEO and COO, who occupy the highest ranks) come to the table representing not only their area, but typically with accepted—and respected– expertise (and certifications and degrees) unique to their areas of responsibility. In other words, they bring recognized content expertise to the table. For example, Finance is represented by a CFO, who typically has a CPA; Human Resources, is represented by the CHRO, who brings expertise in employee relations, government regulations, etc.; Nursing, is represented by the Chief Nursing Officer, who has clinical nursing training; other clinical activities are often represented by a Chief Medical Officer, who has medical training. CIOs typically don’t come to the table with similar types of recognized formal content expertise (other than the aforementioned MBA and the CHCIO certification).
With the expansion in IT knowledge and experience across the enterprise, the CIO is no longer perceived as the sole IT expert. We are now seeing clinicians with undergraduate degrees in computer science and, of course, an increasing number receiving board credentials in Informatics. While acknowledged 30+ years ago as the content expert in IT, the CIO no longer can lay claim to this role. Virtually every member of a healthcare organization may now think of themselves as an IT content expert—at least in their area of work.
As noted earlier, CIOs often report to another member of the C-Suite. In addition, even though a CIO may come to the table with an advanced degree (e.g., MBA), other than the CHCIO certification, he/she often isn’t considered to have the content expertise that would be similar to what other members of the other C-Suite bring. The CIOs IT content expertise, which was acknowledged in the earlier days of healthcare IT, has largely been eclipsed by the increasing experience and knowledge of non-IT clinicians and administrative staff.
IT Strategic Plans
There isn’t enough money in any healthcare organization to satisfy the IT expectations of every administrator and clinician. C-Suite members, looking to expand their influence on IT investment decisions that impact their area of responsibility, constantly seek more control over the organization’s IT investment strategy. IT investment decisions become a competition among administrators, clinicians and, too often, the CIO. So, trade-offs have to be made. Unfortunately, politics, organizational position and too often, outright favoritism, have determined many IT investment decisions. The result has been decisions that are short-sighted, often isolated, driven more by personalities than by what the business needs to succeed.
IT strategies for healthcare organizations have in many cases “evolved” over time, driven largely by specific needs and opportunities. Much of the IT evolution from the 1980s onward wasn’t a part of an overall “IT strategy”, but more the result of needs and requirements voiced by “the loudest voice in the room”. Decisions about IT investments were made based on (often dubious) claims about cost saving and revenue enhancement.
Information technology investments in any organization are most effective if they are considered as integral and essential components of an overall business strategy. Successful IT strategies are designed to support the organization’s business strategy(9):
IT strategy . . . is a comprehensive plan that outlines how technology should be used to meet IT and business goals. An IT strategy is a written document that details the multiple factors that affect the organization’s investment in and use of technology.(10)
A key question for business strategy is, “Who decides what the business strategy should be?”, and the most important questions for IT strategy are, “Who decides what the IT strategy should be and how it should support the business strategy?” and “Who should be responsible for its success or failure?”
By the late 1990s, many CIOs (and consulting firms!) were successful in developing “IT Strategic Plans” for healthcare organizations, focused primarily on the list of applications to be purchased, timeframes for implementations, and the network and hardware infrastructure needed to support the expected applications. By the early 2000s, most healthcare organizations had some type of “IT Strategic Plan”.
Having a formal IT Strategy is an important starting point, but is of limited value unless there is also a structure and processes designed to implement that strategy. Strategies without a mechanism to execute can be ineffective. The structure and processes of allocating IT investment resources is typically referred to as “IT Governance”, the processes and structures which specify “the decision rights and accountability framework to encourage desirable behavior in the use of IT”.(11) In other words, IT governance concerns who should be making IT investment decisions, and who is responsible for the results of those decisions.
9 A common definition of business strategy describes it as “ . . . a clear set of plans, actions and goals that outlines how a business will compete in a particular market, or markets, with a product or number of products or services”. https://www.imd.org/imd-reflections/reflection-page/business-
10 https://www.techtarget.com/searchcio/definition/IT-strategy-information-technology- strategy#:~:text=IT%20strategy%20(information%20technology%20strategy)%20is%20a%20comprehensive%2 0plan%20that,in%20and%20use%20of%20technology.
11 Peter Weil, IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Harvard Business Review Press, 2004.
CIO Role: Managing the Competition for Resources
Healthcare organizations no longer have an option whether to invest in information technology. As a result, most have some type of statement about their “IT Strategy”. White papers, PowerPoint presentations and even full-length books have been written about what an IT strategy is and how to develop one.(12) Moreover, it is assumed that the CIO has an important role to play in developing and implementing an organization’s IT strategy. But defining this role—and therefore, its influence–in clear and unambiguous terms is not so well understood.
There is no person better equipped to manage IT Governance–the structure and processes of selecting the most appropriate IT investments–than the CIO. These processes, described earlier as “IT Governance”, include a set of structures (i.e., committees) and processes (most requiring formal project management techniques) that guide the organization’s assessment, selection, implementation and management of IT investments. Given the huge sums of money at stake with these investments, and the serious consequences of failure, it is of utmost importance that IT Governance be formalized (and mandated) by the highest levels of authority in the organization— typically the CEO—and supported enthusiastically and consistently by everyone in the organization, starting with members of the C-Suite.
In the absence of formal IT Governance structures and processes, healthcare organizations have no way to keep IT investments aligned with corporate goals and objectives. Without IT Governance, IT investment decisions can become almost ad hoc and opportunistic, rather than clearly aligning with the organization’s business goals. A transparent IT Governance structure and related processes greatly facilitate the ability of employees to align with the organization’s goals. Done right and well, IT Governance can become the most important and effective risk management tool for IT investments.(13)
Implementing IT Governance can be a significant challenge to organizational cultures and leadership, especially if investment decisions have historically been made by a small number of C-Suite individuals, informed by personal preferences with a minimum of analysis. Successful IT Governance in a healthcare organization involves clinicians, administrators and IT staff, working together, communicating and reaching agreement on which investments to make and how much to spend.
12 See, as an earlier example, John Glaser and Claudia Salzberg, The Strategic Application of Information Technology in Health Care Organizations, (3rd Edition), Jossy-Bass, 2011.
13 https://www.forbes.com/sites/forbescoachescouncil/2021/07/06/why-executives-shouldnt-eliminate-it- governance-from-their-vocabularies/?sh=1dc6e1f23362
The Complexity of Healthcare IT Investments
IT investments bring a level of complexity not typically found in other types of investments, and further, are often not well understood by procurement officers or others beyond the CIO and members of the IT organization. They are at once substantive and technical. The substantive question is whether the application does what the customer expects it to do. The technical question is more complex, especially given that there are no truly “stand-alone” applications in today’s highly interconnected and interdependent healthcare environment. In order to function well, most applications need data from other applications and in turn feed data into other applications, leading to significant technical challenges:
- Is the IT investment (typically a combination of hardware and software) supportable by the IT organization, and have provisions been made to pay for this support going forward?
- Is the application capable of receiving data from other already installed applications?
- Is the application capable of sending data to other already installed applications in a format that they can accept?
- Can the application operate within the organization’s current network environment?
- Who will manage the hardware (e.g., file servers and desktops) on which the application will be installed and accessed, and will they meet the organization’s standards for security, backup and recovery?
- Does the application meet the organization’s standard for the security and management of (often patient) data?
CIO Influence: Credibility Earned and Granted
In today’s environment, the CIO should be leading and managing the process of selecting, implementing and managing IT investments. In order to do this, the CIO needs credibility—a status that must be both earned and granted.
Influence and credibility earned through performance must also be granted, typically by the organization’s most senior executive (e.g., CEO). Both must be in place for the CIO to function as a leader of the organization’s IT Governance processes. In some situations, a high performing CIO may not be granted the authority to lead the IT Governance processes. The CEO on his/her own (or in conjunction with other C-Suite executives) may choose to keep IT investment decisions to themselves. This can lead to decisions about IT products and services that present serious connectivity challenges, may not be supportable by the IT Department (or in some cases, even by the vendor), and may even introduce significant risks to the organization. In these situations, the CIO’s primary challenge is educational, calling out the importance of risk management, the cost of ownership for investments, possible technological incompatibilities, and the need for active vendor management. Unfortunately, observations of this type may not be well-received, with the result being either “just get it done” or “move on”.
Earning credibility is a challenge much more within the control of the CIO. By establishing him/herself as a strong performer, the CIO can overcome issues associated with reporting relationships that have him/her reporting to another C-Suite executive and lacking a recognized “expertise” that earns other executives a seat at the C-Suite table.
The CIO can earn credibility and influence in part by being acknowledged by other members of the C-Suite and by the organization more generally, as a superb performer by taking responsibility and being accountable for the following activities:
- Establishing and supporting clear standards for IT activities throughout the organization;
- Successfully managing a high performing team of IT professionals who support organizational IT activities, including mainframe and server hardware and software, network, desktops, mobile, etc., to a high standard of performance;
- Creating opportunities for IT staff not only to perform at high levels, but to accept greater levels of responsibility;
- Engaging with non-IT staff in activities designed to increase the depth and extent of IT knowledge throughout the organization;
- Maintaining an appropriate balance between an IT environment that is secure from external intrusions while appearing almost seamless in its usability for internal customers;
- Establishing and maintaining highly transparent change management processes as the systems environment undergoes upgrades, enhancements and new implementations;
- Establishing, supporting and maintaining accountability for performance of new system installations in terms of time and resources;
- Establishing Total Cost of Ownership models for all applications and infrastructure investments;
- Being perceived as the “go to” department for the management of IT- related activities, which will include a strong project management discipline;
- Managing and overseeing a reliable IT infrastructure staffed by experts who in many cases have deeper technical knowledge than the CIO;
- Maintaining a clear-eyed understanding of what the business needs to be successful.
The most important role for the CIO in today’s healthcare organization is to manage the IT investment processes and to frame the questions that need to be asked about the potential effectiveness of various IT investment opportunities and alternatives. The CIO should not decide the IT strategy, but rather should manage the processes by which IT strategic investment decisions are made. In order to create the opportunity to influence—and manage–IT Governance, the CIO must bring credibility to the organization’s IT activities. Demonstrated credibility can lead to acknowledged expertise, which in turn can lead to an influential and respected role in the C-Suite, regardless of the CIO’s reporting relationship.
CIOs are often characterized as technology “evangelists”. It is tempting to chase every new technology that shows up at HIMSS or garners a financial commitment from a venture capital firm. And always, the next new game in town is expected to “transform” healthcare. News flash: it won’t.(14) Healthcare is arguably the most complex industry in our economy, and in many ways is seriously dysfunctional. Issues of cost, access and quality measurement have remained unsolved after decades of effort. And technology can do little to improve a fundamentally dysfunctional industry.
CIOs can have a clear and unique role to play in ensuring that an organization’s IT investments are best positioned to support its business strategy by influencing and managing the IT investment decision-making processes. This will in its own way increase the probability that the organization’s business strategy, and the care of its patients, will be successful.
14 Clearly the author’s opinion. However, for a more detailed discussion of this issue, see Vogel, Lynn Harold, Who Knew? Inside the Complexity of American Health Care, Taylor&Francis, 2019.
RETURN TO CHIME MEDIA