There was a time when bringing even one IT executive into a C-level position seemed like an exotic idea, and only the most forward-thinking hospitals and health systems had a chief information officer (CIO). Now, an organization may have a growing family of “chiefs” running its data-related activities.
Every new, important, pressing development that has anything to do with computers, networks, or data — from mobile apps to hacking to population health analytics to artificial intelligence to the “internet of things” — seems to spawn the need for another “chief,” whether it’s a chief digital officer (CDO), a chief information security officer (CISO), or a chief technology officer (CTO). And while a happy family of “chiefs” can work miracles for the performance of a health system, an unhappy one can be mired in any number of tangled reporting relationships, unproductive turf wars, and blurred lines of accountability.
Maybe some of these scenarios sound familiar:
- The chief medical information officer (CMIO) and the CTO prefer different vendors for a new system. The CMIO wants the one whose workflow is reasonably close to what the physicians already do, so they can adapt to the new system easily. The CTO thinks the other vendor’s architecture is better designed and will fit best into the organization’s infrastructure.
- The chief nursing information officer (CNIO), CTO, CISO, and CIO have different priorities for the always tight IT budget. The CNIO wants a system to support nursing documentation. The CTO wants to introduce new mobile technologies. The CISO wants to strengthen security. The CIO wants to advance a population health application that will support the organization’s move to value-based contracting.
- The chief analytics officer (CAO) wants the physicians to use more structured templates to get better data. The CMIO says templates will hamper patient care and advocates putting money into emerging natural language processing technologies instead.
Every family needs a parent or two who can shoulder the bulk of the authority, responsibility, and accountability; and who can coordinate the needs of all family members, while making sure they understand their roles and get their chores done. How can we construct our IT management “family” to avoid an accountability challenge that gets more acute with every new technological development, the extension of the health systems across multiple venues and new lines of service, and zero-sum scenarios like those above? And which executives should take on that parental role and be genuine “chiefs,” with a place in the C-suite and a voice in governance?
There isn’t one “right” number of chiefs to guarantee a happy family, or one best reporting structure. CMIOs, for example, say they report in about equal numbers to the CIO (33 percent) or the chief medical officer (CMO) (30 percent), while a scant three percent report directly to the chief executive officer (CEO), according to a 2016 survey conducted by Gartner and AMDIS. A recent survey from IDG shows that, across all industries, only 47 percent of CIOs report directly to the CEO.
Proliferating Titles and Roles
The CIO — who I think is the best “parent” candidate in many organizations currently, and ideally should have a seat at the head table — has seen a fundamental shift in role in the past decade or so. He or she is no longer an ambassador from the arcane world of hardware and software; today, every C-suite executive regardless of title carries enough computing power in his or her pocket to power an Apollo moonshot, and enough personal and organizational experience to appreciate how IT permeates everything.
Instead, the CIO must help the organization manage that permeation, and find ways to leverage the power of IT while mitigating its significant hazards. Across all industries, 88 percent of CIOs say their role is becoming more strategic and focused on innovation, according to the IDG survey cited earlier. Health care is no exception. At the same time, there are so many aspects to IT that CIOs can be challenged to understand or manage them all equally well. Hence, CIOs may need any or all of the following family members:
- Chief technology officer: a leader who manages technology strategy; reviews and monitors promising new technologies; and manages relationships with key technology suppliers.
- Chief information security officer: a leader who manages security of data, applications, and infrastructure; and protects continuity of data and systems.
- Chief medical information officer: a leader who works with the medical staff on system implementations; and makes sure systems meet all clinical needs.
- Chief nursing information officer: a leader who works with the nursing staff, as a CMIO works with the medical staff.
- Chief digital officer: a comparatively new role, and thus somewhat fuzzy, but most commonly ensuring that the organization’s digital initiatives support business transformation. Some CDOs are responsible for consumer-directed capabilities, such as websites and mobile apps.
- Chief analytics officer/chief data officer: a position that leads efforts to capture high-quality data and deliver high-quality analytics to leadership.
Not all hospitals and health systems will need or be able to afford all of these roles. However, even with a subset of these roles, it’s easy to see how the roles can overlap. Who’s in charge of a patient-facing app that helps chronically ill patients manage their conditions? The CDO may be on the hook to make sure it works well for its users, while the CAO needs the data to manage a population health program.
When a clinical function can be optimized for either physicians or nurses, but not both, how do the CMIO and the CNIO resolve the conflict?
Who’s accountable for making sure a certain infrastructure choice works out as envisioned: the CTO or the CIO?
When nonconforming IT habits among the staff create a security issue, does the CISO have the clout to get physicians and nurses to strengthen their passwords and refrain from sharing them, or does that job fall to the CMIO and the CNIO? And who’s accountable for a breach?
Compounding the problem is the wide range of definitions for many “chief” titles. For example, some CMIOs are responsible for serving as a liaison to the medical staff, while other CMIOs do that and also manage the implementation of an electronic health record (EHR) across the enterprise. Some CMIOs oversee population health IT initiatives, while others do not.
Moreover, variations in one role contribute to variations in other roles. Some CMIOs are responsible for managing the functions that provide analytics to measure care quality, while other organizations place that role with the CAO. In addition, some organizations have a chief health information officer (CHIO) who not only oversees clinical information system implementations but also is responsible for developing the organization’s overall strategy for using IT to improve care: we might think of this role as CMIO 2.0.
How to Think about Your IT “Family”
While each organization must handle these overlaps and conflicts differently, I think the following principles can apply universally to make your IT team one of the happy families:
1. The creation of any IT-related “chief” is only appropriate when an area of IT — like security, analytics, or EHRs — has very significant strategic or operational contributions or impacts. The “chief” label should imply the same level of skills, responsibilities, and knowledge base that the organization would expect from the chief financial officer (CFO) or chief nursing officer. Sometimes the prefix “chief” is used when “manager” or “director” is more appropriate. Resist the temptation to use “chief” title inflation to lure talent.
2. Role definitions and the distribution of accountability must be clear. There is no single right answer, but the wrong answers are fuzzy and ambiguous. For example, which of the chiefs is responsible for developing the overarching IT strategy for the organization and associated budget? Which chief manages the organization’s analytics functions and works to assure high-quality data? Which chief is the point person for working with the organization’s EHR vendor?
3. As the organization sorts through the distribution of responsibilities, it must also be clear about how the IT organization links with the rest of the organization. If the CIO oversees the development of the IT strategy, what is the role of the CFO or chief operating officer? How are decisions made about the strategy? If the CMIO reports to both the CMO and the CIO, which CMIO issues should be brought to which boss?
4. It takes time for the health care sector to arrive at a stable and reasonably consistent definition of the roles and responsibilities for a new “chief,” and to determine whether the new role provides value. Take the relatively new “chief digital officer.” Some sector observers say the role was created because of disappointment with the performance of the CIO; hence, the CDO is the CIO with a new abbreviation. Changing the abbreviation does not solve a performance problem.
5. Sometimes sector norms will be no help at all because a role is too new or has too many conflicting definitions. If an organization needs an IT executive to strategically advance its use of analytics, for example, it may need to create a definition for the “chief analytics officer” role from scratch: scope of responsibilities, scope of authority and accountability, and reporting relationships.
A Happy and Productive Family
Just as there is no “right” distribution of responsibilities in a family, there is no right distribution of IT responsibilities. And no family is completely happy and immune to tensions and conflicts. However, clarity of roles and responsibilities can help ensure that the happy moments predominate, that problems can be resolved without lasting damage, and that the IT family can deliver strategic and operational value to its organization.
John Glaser, Ph.D., is senior vice president of population health with Cerner in Kansas City, Mo.