For CIOs across the healthcare industry, times are changing in the area of IT governance, and the time is now to position themselves and their organizations for the future. With core clinical implementations such as EMR, CPOE, and other complex technologies going live and costing millions, the whole concept of IT governance is undergoing fundamental change. And with so much money on the line — as well as so many careers — the smartest CIOs are rethinking how they relate to CEOs, senior management teams, and boards of directors. The result? Boards in particular are becoming engaged as never before in strategic IT issues.

Heartland Health in St. Joseph, Mo., is one example of an organization whose leaders, including its CIO, have recently made the shift. Leaders of the 350-bed integrated health system decided at last year's annual board planning retreat that it was time the board became more closely engaged on strategic IT issues, and approved the founding of a technology committee of the overall system board. That committee, with five board representatives (one each representing the component medical center, physician group, foundation, and health plan boards, plus a chair from the system board) held its first meeting in March.

Helen Th ompson, CIO, Heartland Health, St. Joseph, Mo

How did it go? “The committee members interacted together very well,” reports CIO Helen Thompson, who has been CIO at Heartland Health for the past six years. (Thompson does not have the title vice president. “We have a very flat organization here,” with only four layers of management, she notes.)

She and Heartland's COO — the two executive staff members of the new board-level committee — were eager to hear committee members' thoughts and share their own perspectives with the board members on the committee.

“We had wonderful dialogue about what it is you need to know, how you get everyone on the same page of music, how you level the playing field in terms of knowledge, and what have been the long-standing guiding principles of technology, applied to our current situation at hand,” she says. “And there was a lot of good dialogue about what it is they want to see, and how we can create a set of healthcare IT best practices within our organization going forward.”

A nationwide shift

What's happening at Heartland Health is increasingly taking place nationwide, say industry experts and observers. Indeed, as budgets, expenditures and risks grow daily, it's only natural that boards are becoming more engaged in strategic IT issues. The choice for CIOs is to either engage as well or take an ostrich-like approach.

Dave Garets

Indeed, says Dave Garets, president and CEO of HIMSS Analytics, a division of the Chicago-based Healthcare Information and Management Systems Society (HIMSS), “What we're finding in our research and studies of the subject is that the best practice in this area is to have an IT subcommittee of the overall board of directors” of a hospital or health system. The Blaine, Wa.-based Garets and HIMSS Analytics Director Mike Davis have been studying IT governance for years and have found there are specific aspects of establishing such a committee that are additional best practice-type success factors.

“What we're talking about here is different from having a steering committee composed of department managers and a token physician,” Garets clarifies. He says most IT steering committees are essentially the executive management team plus one doctor added for good measure. “The reason for putting a subcommittee of the board over this is that there are only three kinds of resources available for anything,” he says, “financial resources, human resources, and information. That's it. And if you look at the composition of a healthcare organization board, you'll find a finance committee, which is usually the most powerful committee of the board. You'll more often than not find a human resources committee, but rarely do they have an IT committee. The percentage of hospital organizations with an IT committee of the board is under 10 percent. But we came up with a whole list of things that such a committee or subcommittee needs to be responsible for, including executive sponsorship issues.”

In other words, he says, if a nursing documentation project is taken on, the vice president of nursing should be the executive sponsor of that project, with board responsibility for overseeing that executive sponsorship.

Another example of a hospital board taking on strategic IT issues is the 259-bed Rady Children's Hospital and Health Center in San Diego, where the committee was established a year ago (May 2007), according to vice president and CIO Albert Oriol.

“I think it's a great idea,” Oriol says. “But it wasn't mine. It was the idea of one of the board members, who basically said we have a task force for our other largest investment, which is our facilities investment, and we're getting ready to turn the corner and make some major investments in information technology.” Oriol says the idea was, “Shouldn't we have an oversight board that provides the same level of governance and oversight over IT?”

The Rady Children's Hospital board-level IT committee has five members, one is a physician, and the others are board members who represent the community at large. The committee is staffed by the CIO, CEO, CFO, and CMO.

The governance opportunity

So what should CIOs know about establishing and IT governance structures and processes in their own organizations? “Well, the first success piece is putting some in,” says Tim Stettheimer, Ph.D., senior vice president and regional CIO of the four-hospital St. Vincent's Health System in Birmingham, Ala., and regional CIO of the national, 67-hospital, St. Louis-based Ascension Health system.

Tim Stettheimer, Ph.D.

“I personally find it fairly astonishing the lack of formal governance in place across healthcare, regarding IS,” says Stettheimer, who works with committees and boards at a variety of levels within Ascension, and who is responsible not only for guiding IT development at his four St. Vincent's inpatient hospitals, but also for nine Ascension hospitals in the Southeast. (And as if he weren't busy enough already, he is also national advisor to the Ascension system for clinical information system development.)

Tim Zoph

“My view around IS governance is that it should preferably be an integrated function,” says Stettheimer. At St. Vincent's, he says, “We have a quality committee of the board, and we work with them so that we have the appropriate quality tools. We have an audit committee, and because of the risk potential around IT, I attend meetings of that committee as well.” In addition, he says, “My attendance is required at the full (St. Vincent's) board meeting as well. And all that actually mirrors somewhat the operational governance structure for the overall Ascension health system.”

Key words: engagement, relationships

“Engagement” is one of two key words that CIOs should focus on when it comes to board interactions, says Stettheimer. “Helping to educate, being a communicator, integrating discussions on strategy, the high view as well as the details, are all very important,” he says. “But there is one other thing that's critical to be successfully engaged, frankly, which is that you have to have relationships with those board members. Because if they don't know you, and get to know you, the level of trust and engagement is not going to be there to accomplish things.”

Tim Zoph agrees. Zoph, the vice president and CIO of the 897-bed Northwestern Memorial Hospital in Chicago, co-teaches with Stettheimer a session on governance at the Healthcare CIO Boot Camp held twice a year by the Ann Arbor–based College of Healthcare Information Management Executives (CHIME).

“For CIOs as strategic leaders,” Zoph says, “you want the opportunity to be able to communicate directly to the board on some regular basis about the technology strategy.” Zoph says further that he tells CIO Boot Camp attendees, “It's not (communicating) so much about what you're buying and implementing, but about how that strategy supports the quality, safety, etc., that you're supporting.” In short, he says, “You want to be able to communicate to the board a broad message about how you're supporting the overall strategy of the organization. They need to know that they have a strategist, not just a technician.”

And therein lies the core of the message that industry leaders like Zoph and Stettheimer try to communicate to their colleagues when they speak publicly: that CIOs must demonstrate clearly and regularly to the boards, as well as to the c-suites of their organizations, that they are hospital and health system strategic leaders, not merely technicians or implementers. That element of their work is now becoming a critical success factor, they stress.

As Zoph puts it, “Many industries, because of their state of maturity with technology, have really thought about how technology, operational processes and governance go together, so they are further along than healthcare. But healthcare is now becoming more strategic. And I've always said that how you set up your strategies, link strategy and operations, and in turn, link those to governance, will be a key predictor of success.”

Do reporting relationships matter?

Even as many in IT management begin to absorb these new realities around working with boards and board-level committees, IT executives continue to evolve in their staff reporting relationships. And the push for CIOs to report as high up in their organizations as possible has taken on new nuances.

Interestingly, Northwestern's Zoph, who for years reported to Northwestern's CEO, has had a recent shift; he now reports to the organization's senior vice president for administration. (Northwestern has two COOs, one clinical and one administrative, and the SVP-administration is its non-clinical COO.) The change wasn't a demotion, Zoph emphasizes. Instead, he says, Northwestern's CEO, Dean Harrison, simply needed to streamline his reporting relationships.

Betsy Hersher

“I'm still in senior management, a vice president, and an officer of the corporation,” he notes. In fact, he says, “People always worry about who they'll report to, but the reality is that CIOs need to look far more across than they need to look up,” he says. “You've got to be able to build and sustain your relationships across the executive team and be seen as a leader.”

Betsy Hersher, founder and CEO of Northbrook, Ill.-based Hersher Associates, Ltd., which specializes in recruiting and placing CIOs and other IT senior executives, says that while she knows of numerous situations like Zoph's, these days there are broader reporting shifts afoot. “We are right in the middle of a change” with a number of dimensions, Hersher says.

A survey her firm conducted in November found that 46 percent of CIO survey respondents report to the CEO, 23 percent to the CFO, 17 percent to the COO, 5 percent to an executive vice president, and 9 percent to other titles. The worrisome trend, she says, is finding more CIOs are once again reporting to CFOs, which in her view is the least desirable reporting arrangement.

Glenn Galloway

“We do have a couple of gaps right now,” Hersher says. “First, we are seeing a phenomenon that we knew would happen, which is that CIOs are failing once again to be recognized as strategic leaders. We saw a lot of people, both CEOs and CIOs, being fired in the past year, having to do with money, a lack of confidence on the part of boards in what has been going on in hospital organizations,” and above all, she says, the huge expenditures going to EMR and other core clinical IT implementations. Fortunately, on that front, she says, “We're moving forward again.”

More pressing, Hersher says, is the gap between the demand for truly strategic CIOs and the far smaller number of available IT executives who can think and act strategically. Finding and recruiting the true strategic thinkers and organizational leaders remains one of her biggest challenges, she says.

Given that the most intense focus right now is on implementing EMR and other core and advanced clinical information systems, Glenn Galloway says an absolute career development priority among CIOs and would-be CIOs must be to learn more about patient care and clinical processes, at least certainly those elements most closely tied into clinical information systems.

Galloway, the founder and CEO of Healthia Consulting in Minneapolis, spent a number of years as a CIO himself before moving into consulting. On the one hand, Galloway says of reporting relationships, “From the service-level standpoint, I think the CIO really reports to the entire C-suite anyway. So it never mattered much whom I reported to, because I worked with all of them.”

But he says that CIOs, regardless of the title they report to, need to improve their understanding of what clinicians do, in order to be successful at what has become a career maker or breaker these days — the core clinical IS implementation. The degree of knowledge that must be gained can be debated, Galloway says, but he adds, “I think the CIOs of the future will have some actual clinical background.”

In the end, whether it is with regard to staff reporting relationships or board relations, all those interviewed for this article agree that the ultimate critical factor for CIO career and leadership success will be learning the art of mastering an expanding, obligatory constellation of relationships and interactions. Or, as Heartland Health's Thompson puts it, “As CIO, I don't own any of the technology initiative, I'm just the facilitator. And I need the board's help to make sure we're tracking everything we need to be tracking, that we're thinking the thoughts we need to think, and we're doing what we need to, to support the organization's strategic direction.”