The challenge of attracting and retaining talent while warding off cybersecurity threats was top-of-mind for hospital and health system CIOs who gathered at the Becker's Hospital Review CIO/HIT + Revenue Cycle Summit in Chicago July 21.
Those two topics dominated a panel discussion between Pravene Nath, MD, CIO of Stanford (Calif.) Health Care; Jake Dorst, CIO and interim CEO of Tahoe Forest Health System in Truckee, Calif.; Michael O'Rourke, CIO of Englewood, Colo.-based Catholic Health Initiatives; and Akanksha Jayanthi, a reporter with Becker's. Scott Becker, publisher of Becker's Healthcare, moderated the discussion.
Talent retention and recruiting
According to Mr. O'Rourke, as organizations transform to meet the new era of healthcare, they will be required to make several substantial new investments. These include investments in traditional IT functions, such as cloud technology, as well as innovation, venture capital and talent retention.
Increasingly, healthcare CIOs are turning to other industries to recruit a different type of IT talent. Mr. O'Rourke said this is the case at CHI. "We are trying to bring in fresh thinking," he said. "We are looking for people who are not so embedded in healthcare and its culture, which can be a barrier. I think from a leadership standpoint, we need new innovation, new capabilities and new ideas. We are bringing in outside talent that may not be healthcare-oriented, though they do need to be assimilated."
Dr. Nath is implementing a similar strategy at Stanford Health Care. "We are actively bringing in people from outside of healthcare," he said, highlighting recent hires who had experience at Java and Hewlett-Packard Co. In addition to diverse backgrounds, Dr. Nath also wants people who have "intellectual horsepower," he said.
Mr. Dorst said one of the most important traits in hospital and health system IT departments is the ability to work effectively with others, even across the organization.
"Silos in big hospitals impede things, and silos in small hospitals are deadly," he said. "The talent needs to be there, but we also need people who can work with others and cross-pollinate. That's what I look for."
Cybersecurity
Data breaches in healthcare are happening more and more frequently and on a larger scale than in the past. Ms. Jayanthi noted a large cyberattack that occurred within days of the panel — that on Los Angeles-based UCLA Health, which affected the personal information of about 4.5 million people.
All three CIOs agreed that breaches, like the one at UCLA Health, are a stubborn problem.
"It is inevitable that you are going to get breached," said Mr. O'Rourke. "You can pour money into trying to prevent that. We have provided protections around the perimeter and internal systems, and we have security compliance tests staff take every year, but the reality is you're going to get breached. The question is, how fast can you react and shut it down? It's a ticking time bomb."
Dr. Nash called the fight against cyberattackers an "arms race" and noted that healthcare is woefully behind. "When you look at the money that we and other organizations spend, we're still doing things that [people call] primitive," he said. "We're going after security at the wrong layers."
Mr. Dorst agreed: A breach is not a matter of if, but when. He suggested healthcare organizations direct more energy on user education. "Another part of social breaching is phishing and social engineering. How do you create savvy users in your organization and prevent this? Through training."