Healthcare organizations are facing a persistent, accelerating barrage of cybersecurity threats that pose risks to data security and patient privacy. Increasingly, healthcare CISOs and IT leaders are recognizing that when it comes to securing patient data, it takes a village—every team member at the organization needs to advance upon the organizational cybersecurity framework.
Pamela Banchy, R.N., is the CIO and vice president of clinical informatics and transformation at Western Reserve Hospital and Health System, a physician-hospital organization based in Cuyahoga Falls, Ohio, with Western Reserve Hospital serving as one of Northeast Ohio’s most advanced community hospitals. Banchy is slated to be a speaker at Healthcare Informatics’ Cleveland Health IT Summit at the Hilton Cleveland Downtown on March 27 to 28, where she will participate in a panel discussion on clinician and IT collaboration on cybersecurity and privacy practices. Banchy will share her perspectives on cybersecurity challenges and how clinicians and security personnel can collaborate to craft effective incident response protocols, among other topics.
Banchy is an experienced health IT and nursing informatics leader and has been in healthcare for more than 30 years. Before becoming CIO of Western Reserve, she was the system director of clinical information systems for Summa Health System in Akron, Ohio. Healthcare Informatics Associate Editor Heather Landi recently caught up with Banchy to discuss cybersecurity challenges as well as what her top priorities are right now and what her nursing informatics background brings to the CIO role.
There is often tension between security personnel and clinicians regarding clinical workflows and security elements. Is that changing, and are you working to address that at your organization?
It’s evolving, and it’s evolving through public recognition that that this is something that needs to be paid attention to and that there needs to be education and training. I think that the government has done a good job of leading organizations to awareness. Obviously, with Meaningful Use, and with the security aspect of walking through what that means from a regulatory requirement perspective, that was a first step. That was several years ago, and now it’s at a different level whereas, across the U.S., there have been some known risks and exposures, and with the expectation and confidence that those who are in IT value and respect that, and do everything they can to protect that information. From a tension perspective, security is an inconvenience and it is viewed that way by many, but it’s also seen as a necessary aspect of risk-adverse behaviors, with the recognition that there are people out there who want to cause harm. It is seen as an inconvenience; it’s extra steps, it’s extra clicks. The biggest area where we see that is communication, peer to peer, and secure texting. That, right now, is uppermost in many organizations, and CMS [The Centers for Medicare & Medicaid Services] just came out with a statement about texting and PHI, and the rules around that. I think a lot of that is difficult; it’s creating some challenges with respect to enforcement. And so, if I see any tension, it’s around the enforcing of the best practices from a security and safety perspective. [Editor’s note: In January, CMS released a memo clarifying its policies on whether healthcare providers can use text messages to communicate patient orders. CMS stated that texting patient information among members of the healthcare team is permissible if accomplished through a secure platform, but texting of patient orders is prohibited regardless of the platform utilized. CMS stated that providers should use Computerized Provider Order Entry (CPOE) to submit patient orders.]
What are your top priorities right now at Western Reserve?
Our biggest one is obviously security. We have a major undertaking, both with our internal and external security program. Another priority is to look at ways that we can continue to be efficient in providing our clinicians with the right information at the right time with the right method, and how do we do that, whether it’s through HIEs [health information exchanges] or dynamic tools. So, that’s a huge undertaking for us.
You are a CIO with a nursing and nursing informatics background. What does your nursing background bring to the CIO role?
I would consider it unusual [for a CIO to have a nursing background] and I’ve been in healthcare for over 35 years, as a nurse. I’ve been in IT for 25 of those years. I think it’s allowed me to understand the needs of the patient, and organizationally, our mission and vision of a patient-first, patient-centric focus. I understand what that means and I am able to translate that. I’m also what I would consider a transformational leader; I transform for those that are more technical in their skills, training and job functions as to what that means to the patient and the clinician. And that, I believe, lends itself to not only credibility to the organization, but also credibility to the IT and IS department.
What are some current initiatives that you are focusing on in that clinical transformation role?
From that technology perspective, we have wireless infrastructure that is built on older technology, an older architecture, and its functionality has become obsolete. So, when physicians say, ‘I’m having challenges with delivering care, because the workstation on wheels keeps dropping,’ that’s a problem. In looking at the why, and how to resolve that, I can then take that example and go to my infrastructure team and say, ‘Do you understand what that means? In this particular example, we have to make sure that we have the infrastructure to support the patient care needs.’ I always tell the story of ‘Tell them the why.’ So, I go to my infrastructure team and say, ‘If your or one of your family members was in that patient’s bed and your physician comes into the room with a mobile cart, and they try to look up your chest X-ray and the computer didn’t work, would that be acceptable to you?’ That’s the why. We need to focus on maintaining and optimizing and keeping our technology that’s invisible to most, keeping that up-to-date and current as possible. So that’s a transformation, in my opinion.
Health systems are increasingly focused on population health and the data and analytics to support that. What has been Western Reserve’s journey so far into population health management, and what is IT’s role in that?
We are very involved in our population health and analytics platform. We work very collaboratively with our medical staff leadership, our clinical leadership, and our quality management department to understand what the guidelines are and monitor those on a regular basis, so regular monitoring and providing the tools and the timely reporting, both data extraction and feedback, to our clinicians to understand where we have opportunities. We have one or two vendors that we use heavily. For example, IT initiated the relationship with the vendor and they came on site and helped our organization look at our quality metrics of population health and to show us, with real-time data, where we are performing well, and also where we have opportunities. So, that’s a big collaborative effort between IT and clinicians, and we are outcomes-focused and so we’re looking at those quality metrics, in collaboration with not only IT on-site but also vendors. So, we facilitate that triad—clinicians, IT and vendors.
How are you leveraging data and analytics in Western Reserve’s value-based care and payment initiatives?
We use real-time data to look at where are cost occurrences are and to understand how we can have an impact on that. We have a value analysis committee that looks at our spend with a lot of focus on our surgical areas because of things like joint replacements, and the medical supply equipment issues, in the operative services area. There is a committee that meets to review the spend and evaluate products for the most high-quality, low cost supplies. And that’s a multi-disciplinary group; supply chain, finance, medical staff and clinical nursing all participate in that.