C-suite leaders are developing governance policies to provide guardrails for technology and AI proposals, but there’s not a one-size-fits-all solution. Here, three IT leaders share how their systems are navigating technology and AI governance structures amid rapid digital transformation.
UR Medicine
UR Medicine is a large academic health system in Western New York; the largest health system outside of New York City in the state. The health system is fully integrated into the University of Rochester, which is a differentiator when it needs expertise in engineering, computer science, data science and more.
Michael Hasselberg, chief digital health officer at UR Medicine, has spent a considerable amount of time over the last year setting up an artificial intelligence governance systemwide.
“We felt that having a governance that could help us think through how do you deliver this really exciting technology in a safe and reasonable way across all of our missions and the university,” said Mr. Hasselberg. “But we also need to set it up in a way that allows us to be more nimble and accelerate the advances using this technology. It was no small task and it took us easily six months to a year to get it right.”
The governance structure set the foundation for leaders to use technology and artificial intelligence within healthcare as well as the education and research missions of the institution. UR Medicine’s governance structure begins at the top of the university with the artificial intelligence council, which reports to the president of the university and members of the president’s cabinets.
The Artificial Intelligence Council includes several stakeholders, chairs and representatives from IT, privacy, legal compliance, ethics and more. The system also has experts thinking about figuring out how to create equitable actress to AI use within the community.
Below the AI Council, UR medicine positioned five “domaine committees”:
- Clinical
- Research
- Education
- Administrative
- Marketing and communications
“Those committees have a diverse group of stakeholders that sit on the committees and the purpose of the AI Council is to really enable the committees at the domain level to be autonomous, to be able to identify what are the specific artificial intelligence drivers that align with the vendors of that domain support those committees need to develop their own guidelines, procedures, and in some cases, actual policies.”
The domain committees are designed to support regulatory and compliance concerns and inform the council about where UR Medicine should be making strategic investment.
“It’s that group’s job to try to standardize where we can across all domains, on our guiding principles and policies to make sure we have safe and internally improved AI tools that are equitable across our students, staff and faculty, and really serve as a group sounding board for the AI committees if they run into issues that need further strategic guidance,” said Mr. Hasselback. “Then within that governance structure, we have workflows identifying for the submission of new AI tools that individuals within our university and health system would like to try. We’ve built a nimble workflow to get those tools vetted.”
He’s also developed a new contract addendum guidance for longstanding vendors introducing AI functionality into their platforms to ensure vendor partners continue protecting data up to the university’s standards.
“We have to make sure they are protecting our data to the standards that we hold ourselves to at the university, and that they are also thinking about what are the ethical biases, accuracy, reliability, implications of these tools, especially on the generative AI side,” he said.
Renown Health
Reno, Nev.-based Renown Health is a nonprofit network of healthcare providers serving communities in Northern Nevada. The system is on the forefront of digital transformation and has developed a sophisticated governance structure to introduce new technology in a thoughtful way, especially as margins are tight.
“A lot of healthcare organizations are really looking at how they can balance cost to digital transformation in a meaningful way to have what we need to support the clinical growth,” said Steve Ramirez, chief information security and technology officer at Renown.
He works with his team to integrate new technology in three pillars: stabilization, modernization and optimization.
“The first few years, we look at how can we stabilize things? Do we have the right people, process and technology? And then where do we really need to strategically focus and modernize our infrastructure, as well as our cybersecurity stack?” Mr. Ramirez said. “Then, obviously, optimization and then it’s ongoing lifecycle management.”
Renown has a risk and compliance committee, co-chaired by Mr. Ramirez and Mark Neu, chief compliance officer, which includes key stakeholders from across the organization. His team also partnered with the President’s Council to develop an SBAR process governing any new technology and projects coming into the organization tied to third-party risk management.
“We have different checks and balances for new technology,” he said. “We are going to look at that within our application rationalization process and go through our intake with our TMO, PMO office, so we’re really making sure we have all the right eyes on any net new technology projects to really ensure success. We’re making sure we’re able to properly roll it out across the organization. That governance strategy is super crucial, but so is implementing and adhering to various frameworks, so it’s a subset of overall governance.”
Mr. Ramirez and his team are “starting to take a deeper dive” into IEEE for AI governance as more AI-driven technologies appear on the market. But his team is careful to only select technologies with a clear business case and return on investment into the pilot phase.
“We as an organization make sure that if there is a technology that makes sense to really supplement what we’re doing, we’re able to properly secure it or roll it out and support it, and then the business actually gets true value out of that,” he said. “We’ve done a good job of using that from a governance and intake process to really make sure we’re getting the most bang for our buck for any proposed technology.”
Tampa General Hospital
General’s IT team has done a lot of work in the last year bringing three newly acquired new hospitals and more than 70 system applications into a single instance of Epic in the last year.
“The team’s really worked hard to get them onto our platform so we can start to transform care in our area and really become more of a health system than we were previously with some of the main hospitals,” said Amit Patel, MSN, chief nursing informatics officer at Tampa General.
But the technology isn’t the only change needed when new hospitals join a system. It’s also important for teams to integrate and align around a single vision for success. It takes significant time and education for IT leaders to bring their teams together.
“It’s about going out there and getting to know those people up in the new hospitals,” said Mr. Patel. “They already had a great sense of culture and we’re just adding to it. We all have one goal and that’s to make sure the patients get what they need and get out as best they can, and have great quality care and experience.”
Mr. Patel said the IT teams at the hospitals joining Tampa General were excited about gaining new technology and motivated to make the change. Their engagement in projects accelerated the timeline for achieving their goals. Now, the IT team is focused on meeting the demands of the growing system, which now includes six hospitals and more than 150 locations.
“IT is the glue that keeps everything together,” Mr. Patel said. “We’re making sure the team has the tools and things they need to help support our operational partners and clinical partners. We’re really looking to help standardize some of our workflows, establish governance committees that need to expand past the main hospital now that we’ve got up to six hospitals under our belt. It’s really creating that health system and the cohesiveness that needs to happen between all of them.”
Standardization is important, but easier said than done as health systems grow.
“The challenge is we have one big academic medical center, which we’ve modeled everything under because that was what we had at one point in time,” said Mr. Patel. “But now that we have community hospitals and we have a behavioral health hospital standing up in the next month, and we have a rehab hospital, it’s really about how do we make the standardization really work for all the different sites because they all have different needs. That’s the challenge we’re looking to keep moving on.”
The pace of change in the healthcare space, accelerated by the introduction of AI-driven technologies, is overwhelming. The current cybersecurity concerns and infrastructure security requires a certain amount of agility to pivot as needed.
“We’re going to continue to grow at a rapid pace, so we as an organization and as an IT shop have to keep up with that pace and make sure our end users understand that because I think a lot of that is dependent on them and understanding why we’re doing what we’re doing,” said Mr. Patel. “Not everyone loves change, but it’s a necessary evil in this day and age, especially with our IT infrastructure.”
