CHAPTER 12 Organizing Information Technology Services
By now you should have an understanding of health care data, the various clinical and administrative applications that are used to manage those data, and the processes of selecting, acquiring, and implementing health care information systems. You should also have a basic understanding of the core technologies that are common to many health care applications, and you can appreciate some of what it takes to ensure that information systems are reliable and secure.
In many health care organizations, an information technology (IT) function employs staff who are involved in these and other IT-related activities—everything from customizing a software application to setting up and maintaining a wireless network to performing system backups. In a solo physician practice, this responsibility may lie with the office manager or lead physician. In a large hospital setting, this responsibility may lie with the IT department in conjunction with the medical staff, the administration, and the major departmental units—for example, admissions, finance, radiology, and nursing.
Some health care organizations outsource a portion or all of their IT services; however, they are still responsible for ensuring that those services are of high quality and support the IT needs of the organization. This responsibility cannot be delegated entirely to an outside vendor or IT firm. Health care executives must manage IT resources just as they do human, financial, and other facility resources.
This chapter provides an overview of the various functions and responsibilities that one would typically find in the IT department of a large health care organization. We describe the different groups or units that are typically seen in an IT department. We review a typical organizational structure for IT and discuss the variations that are often seen in that structure and the reasons for them. This chapter also presents an overview of the senior IT management roles and the roles with which health care executives will often work in the course of projects and IT initiatives. IT outsourcing, in which the health care organization asks an outside vendor to run IT, is reviewed. Finally, we examine approaches to evaluating the efficiency and effectiveness of the IT department.
INFORMATION TECHNOLOGY FUNCTIONS
The IT department has been an integral part of most hospitals or health care systems since the early days of mainframe computing. If the health care facility was relatively large and complex and used a fair amount of information technology, one would find IT staff “behind the scenes” developing or enhancing applications, building system interfaces, maintaining databases, managing networks, performing system backups, and carrying out a host of other IT support activities. Today the IT department is becoming increasingly important, not only in hospitals but in all health care organizations that use IT to manage clinical and administrative data and processes.
Throughout this chapter we refer to the IT department usually found in a large community hospital or health care system. We chose this setting because it is typically the most complex and IT intensive. Moreover, many of the principles that apply to managing IT resources in a hospital setting also apply in other types of health care facilities, such as an ambulatory care clinic or rural community health center. The breadth and scope of the services provided may differ considerably, however, depending on the extent to which IT is used in the organization.
IT Department Responsibilities
The IT department has several responsibilities:
Ensuring that an IT plan and strategy have been developed for the organization and that the plan and strategy are kept current as the organization evolves; these activities are discussed in Chapter Thirteen.
Working with the organization to acquire or develop and implement needed new applications; these processes were discussed in Chapters Seven and Eight.
Providing day-to-day support for users: for example, fixing broken personal computers, responding to questions about application use, training new users, and applying vendor-supplied upgrades to existing applications.
Managing the IT infrastructure: for example, performing backups of databases, installing network connections for new organizational locations, monitoring system performance, and securing the infrastructure from virus attacks.
Examining the role and relevance of emerging information technologies.
Core Functions
To fulfill their responsibilities, all IT departments have four core functions. Depending on the size of the IT group and the diversity of applications and responsibilities, a function may require several subsidiary departments or subgroups.
Operations and Technical Support
The operations and technical support function manages the IT infrastructure—for example, the servers, networks, operating systems, database management systems, and workstations. This function installs new technology, applies upgrades, troubleshoots and repairs the infrastructure, performs “housekeeping” tasks such as backups, and responds to user problems, such as a printer that is not working.
This function may have several IT subgroups:
Data center management: manages the equipment in the organization’s computer center.
Network engineers: manage the organization’s network technologies.
Server engineers: oversee the installation of new servers and perform such tasks as managing server space utilization.
Database managers: add new databases, support database query tools, and respond to database problems such as file corruptions.
Security: ensure that virus protection software is current, physical access to the computer room is constrained, disaster recovery plans are current, and processes are in place to manage application and system passwords.
Help desk: provide support to users who call in with problems such as broken office equipment, trouble operating an application, a forgotten password, or uncertainty about how to perform a specific task on the computer.
Deployments: install new workstations and printers, move workstations when groups move to new buildings, and the like.
Training: train organization staff on new applications and office software, such as presentation development applications.
Applications Management
The applications management group manages the processes of acquiring new application systems, developing new application systems, implementing these new systems, providing ongoing enhancement of applications, troubleshooting application problems, and working with application suppliers to resolve these problems.
This function may have several IT groups:
Groups that focus on major classes of applications: for example, a financial systems group and a clinical systems group.
Groups dedicated to specific applications (this is most likely in large organizations): for example, a group to support the applications in the clinical laboratory or in radiology.
An applications development group (this is found in organizations that perform a significant amount of internal development).
Groups that focus on specific types of internal development: for example, a web development group.
Specialized Groups
Health care organizations may develop groups that have very specialized functions, depending on the type of organization or the organization’s approach to IT. For example:
Groups that support the needs of the research community in academic medical centers
Process redesign groups in organizations that engage in a significant degree of process reengineering during application implementation
Decision-support groups that help users and management perform analyses and create reports from corporate databases: for example, quality-of-care reports or financial performance reports
In addition, the chief information officer (CIO), who is the most senior IT executive, is often responsible for managing the organization’s telecommunications function—the staff who manage the phone system, overhead paging system, and nurse call systems. Depending on the organization’s structure and the skill and interests of the CIO, one occasionally finds these other organizational functions reporting to the CIO:
The health information management or medical records department
The function that handles the organization’s overall strategic plan development
The marketing department
IT Administration
Depending on the size of the IT department, one may find groups that focus on supporting IT administrative activities. These groups may perform such tasks as
Overseeing the development of the IT strategic plan
Managing contracts with vendors
Developing and monitoring the IT budget
Providing human resource support for the IT staff
Providing support for the management of IT projects: for example, developing project status reports or providing project management training
Managing the space occupied by an IT department or group
A typical organizational structure for an IT department in a large academic medical center is shown in Figure 12.1.
Source: Courtesy of the Medical University of South Carolina.
IT Senior Leadership Roles
Within the overall IT group, several positions and roles are typically present. These roles range from senior leadership—for example, the chief information officer—to staff who do the day-in, day-out work of implementing application systems—for example, systems analysts. In the following sections we will describe several senior-level IT positions:
Chief information officer (CIO)
Chief technology officer (CTO)
Chief security officer (CSO)
Chief medical information officer (CMIO)
This is not an exhaustive list of all possible senior-level positions, but the discussion provides an overview of typical roles and functions.
The Chief Information Officer
Many midsize and large health care organizations employ a chief information officer (CIO). The CIO not only manages the IT department but is also seen as the executive who can successfully lead the organization in its efforts to apply IT to advance its strategies.
The role of the CIO in health care and other industries has been the subject of research and debate over the years (Glaser & Williams, 2007). Studies conducted by College of Healthcare Information Management Executives (CHIME) (1998, 2008) have chronicled the evolution of the health care CIO. This evolution has involved debates on CIO reporting relationships, salaries, and titles and the role of the CIO in an organization’s strategic planning. Through extensive research, CHIME has identified seven key attributes, or competencies, exhibited by high-performing CIOs (CHIME, 2008). CHIME provides intensive “boot camp” training sessions for its CIO members, to aid in their professional development of these competencies.
Earlier work by Earl and Feeney (1995) found that CIOs from a wide range of industries who “added value” to their respective organizations had many of these same characteristics. Earl and Feeney found that the value-added CIOs
Obsessively and continuously focus on business imperatives so that they focus the IT direction correctly.
Have a track record of delivery that causes IT performance problems to drop off management’s agenda.
Interpret for the rest of the leadership the meaning and nature of the IT success stories of other organizations.
Establish and maintain good working relationships with the members of the organization’s leadership.
Establish and communicate the IT performance record.
Concentrate the IT development efforts on those areas of the organization where the most leverage is to be gained.
Work with the organization’s leadership to develop a shared vision of the roles and contributions of IT.
Make important general contributions to business thinking and operations.
Earl and Feeney (1995) also found that the value-added CIO, as a person, has integrity, is goal directed, is experienced with IT, and is a good consultant and communicator. Those organizations that have such a CIO tend to describe IT as critical to the organization, find that IT thinking is embedded in business thinking, note that IT initiatives are well focused, and speak highly of IT performance.
Organizational excellence in IT doesn’t just happen. It is managed and led. If the health care organization decides that the effective application of IT is a major element of its strategies and plans, it will need a very good CIO. Failure to hire and retain such talent will severely hinder the organization’s aspirations.
Whom the CIO should report to has been a topic of industry debate and an issue inside organizations as well. CIOs will often argue that they should report to the chief executive officer (CEO). This argument is not wrong nor is it necessarily right. The CIO does need access to the CEO and clearly should be a member of the executive committee and actively involved in strategy discussions. However, the CIO needs a boss who is a good mentor, provides appropriate political support, and is genuinely interested in the application of IT. Chief financial officers (CFOs) and chief operating officers (COOs) can be terrific in these regards. In general about one-third of all health care provider CIOs report to the CEO, one-third report to the CFO, and one-third report to the COO.
The Chief Technology Officer
The chief technology officer (CTO) has several responsibilities. The CTO must guide the definition and implementation of the organization’s technical architecture. This role includes defining technology standards (for example, defining the operating systems and network technologies the organization will support), ensuring that the technical infrastructure is current (for example, that major vendor releases and upgrades have been applied), and ensuring that all the technologies fit. The CTO’s role in ensuring fit is similar to an architect’s role in ensuring that the materials used to construct a house come together in a way that results in the desired house.
The CTO is also responsible for tracking emerging technologies, identifying the ones that might provide value to the organization, assessing them, and when appropriate, working with the rest of the IT department and the organization to implement these technologies. For example, the CTO may be asked to investigate the possible usefulness of the new biometric security technologies. The CTO role is not often found in smaller organizations but is increasingly common in larger ones. In smaller organizations, the CIO also wears the CTO hat.
The Chief Security Officer
As discussed in Chapter Ten, the chief security officer (CSO) is a relatively new position that has emerged as a result of the growing threats to information security and the health care organization’s need to comply with federal and state security regulations. The primary role and functions of the CSO are to ensure that the health care organization has an effective information security plan, that appropriate technical and administrative procedures are in place to ensure that information systems are secure and safe from tampering or misuse, and that appropriate disaster recovery procedures exist.
The Chief Medical Information Officer
Like the CSO, the chief medical information officer (CMIO) is a relatively new position. The CMIO position emerged as a result of the growing interest in adopting clinical information systems and the need for physician leadership in this area. The CMIO is usually a physician, and this role may be filled through a part-time commitment by a member of the organization’s medical staff.
Examples of the types of responsibilities a CMIO might assume include
Leading clinical information system initiatives such as electronic health record implementations
Serving as physician advocate for computerized provider order entry (CPOE)
Engaging physicians and other health care professionals in the development and use of the EHR system
Leading the clinical informatics steering committee or other designated group that serves as the central governance forum for establishing the organization’s clinical IT priorities
Keeping a pulse on national efforts to develop EHR systems, and assuming a leadership role in areas where the national effort and the organization’s agenda are synergistic
Being highly responsive to user needs, such as training, to ensure widespread use and acceptance of clinical systems
Like the CIO and CTO, the role of the CMIO is emerging. Leviss, Kremsdorf, and Mohaideen (2006) conducted structured interviews with five CMIOs at health systems that used health information technology widely. The aim of the study was to identify individual skills and organizational structures that helped the CMIO to be effective. The Perspective here lists the recommendations that Leviss and his colleagues offer to hospital and health system leaders.
The CIO, CTO, CSO, and CMIO all play important roles in helping to ensure that information systems acquired and implemented are consistent with the strategic goals of the health care organization, are well accepted and effectively used, and are adequately maintained and secured. Sample job descriptions for the CIO and the CMIO positions are displayed in Exhibits 12.1 and 12.2.
IT Staff Roles
The IT leadership team cannot carry out the organization’s IT agenda unilaterally. The department’s work relies heavily on highly trained, qualified professional and technical staff to perform a host of IT-related functions. In this section are brief descriptions of some key professionals who work in IT:
The project leader
The systems analyst
The programmer
The database administrator
The network administrator
The telecommunications specialist
The Project Leader
The project leader manages IT projects such as the implementation of a departmental system, deployment of infrastructure in a new medical office building, or determination of the need for a new system. At times project leaders are staff from user departments, though in general they are members of the IT department. This role will be discussed in more depth in Chapter Sixteen.
The Systems Analyst
The role of the systems analyst will vary considerably depending on the analyst’s background and the needs of the organization. Some analysts have a strong computer programming background, whereas others have a business orientation or come from clinical disciplines, such as nursing, pharmacy, or laboratory sciences. In fact, due to the increased interest in the adoption of clinical information systems, systems analysts with clinical backgrounds in nursing, pharmacy, laboratory science, and the like (often referred to as clinical systems analysts) are in high demand. Most systems analysts work closely with managers and end users in identifying information system needs and problems, evaluating workflow, and determining strategies for optimizing the use and effectiveness of particular systems.
When an organization decides to develop a new information system, systems analysts are often called upon to determine what computer hardware and software will be needed. They prepare specifications, flowcharts, and process diagrams for computer programmers to follow.
They work with programmers and vendor staff to debug, or eliminate, errors in the system. Systems analysts may also conduct extensive testing of systems, diagnose problems, recommend solutions, and determine whether program requirements have been met. They may also prepare cost-benefit and return-on-investment analyses to help management decide whether implementing a proposed system will deliver the desired value.
The Programmer
Programmers write, test, and maintain the programs that computers must follow to perform their functions. They also conceive, design, and test logical structures for solving problems with computers. Many technical innovations in programming—advanced computing technologies and sophisticated new languages and programming tools—have redefined the role of programmers and elevated much of the programming work done today (Department of Labor, Bureau of Labor Statistics, 2008).
Programmers are often grouped into two broad types—applications programmers and systems programmers. Applications programmers write programs to handle specific user tasks, such as a program to track inventory within an organization. They may also revise existing packaged software or customize generic applications such as integration technologies. Systems programmers write programs to maintain and control infrastructure software, such as operating systems, networked systems, and database systems. They are able to change the sets of instructions that determine how the network, workstations, and central processing units within a system handle the various jobs they have been given and how they communicate with peripheral equipment such as other workstations, printers, and disk drives.
The Database Administrator
Database administrators work with database management systems software and determine ways to organize and store data. They identify user requirements, set up computer databases, and test and coordinate modifications to these systems. An organization’s database administrator ensures the performance of the database systems, understands the platform on which the databases run, and adds new users to the systems. Because they may also design and implement system security, database administrators often plan and coordinate security measures. With the volume of sensitive data growing rapidly, data integrity, backup systems, and database security have become increasingly important aspects of the job for database administrators (Department of Labor, Bureau of Labor Statistics, 2008).
The Network Administrator
As discussed earlier in this book, it is essential that the organization has an adequate network or network infrastructure to support all its clinical and administrative applications and also its general applications (such as e-mail, intranets, and the like). Networks come in many variations, so network administrators are needed to design, test, and evaluate systems such as local area networks (LANs), wireless networks, the Internet, intranets, and other data communications systems. Networks can range from a connection between two offices in the same building to globally distributed connectivity to voice-mail and e-mail systems across a host of different health care organizations. Network administrators perform network modeling, analysis, and planning; they may also research related products and make hardware and software recommendations.
The Telecommunications Specialist
Working closely with the network administrator is the telecommunications specialist. These specialists manage the organization’s telephone systems: for example, the central phone system, cellular telephone infrastructure, and nurse call systems. They often manage the communication network to be used by the organization in the event of a disaster. Because of the progressive convergence of voice networks and data networks, they may design voice and data communication systems, supervise the installation of those systems, and provide maintenance and other services to staff throughout the organization after the system is installed.
Comments
The distinctions between the roles and functions of IT staff may seem a bit murky in practice. In one organization, the systems analyst might do computer programming, advise on network specifications, and assist in database development. In another organization, the systems analyst might have a clinical focus and work primarily with the end users in a particular unit, such as a laboratory, identifying needs, addressing problems, working with the application vendor, and providing ongoing training and support.
The specific qualifications, roles, and functions of the various IT staff members are generally determined by the pattern of IT development and use within the organization. For example, in a large academic medical center, the IT staff may be actively involved in designing in-house applications, and therefore the organization may employ teams of IT staff to work with faculty and clinicians in developing customized IT tools. This same level of IT expertise would be rare in an organization that relies primarily on IT applications purchased from the health care IT vendor community.
Furthermore, an organization might have an in-house IT services department, yet outsource a number of IT functions, having them performed by staff outside the organization.
Staff Attributes
In addition to ensuring that it has the appropriate IT functions and IT roles (and that the individuals filling these roles are competent), the health care organization must ensure that the IT staff have certain attributes. These attributes are unlikely to arise spontaneously; they must often be managed into existence. An assessment of the IT function (as discussed later in this chapter) can highlight problems in this area and then lead to management steps designed to improve staff attributes.
High-performing IT staff have several general characteristics:
They execute well. They deliver applications, infrastructure, and services that reflect a sound understanding of organizational needs. These deliverables occur on time and on budget, so that those involved in a project give the project team high marks for professional comportment.
They are good consultants. They advise organizational members on the best approach to the application of IT given the problem or opportunity. They advise when IT may be inappropriate or the least important component of the solution. This advice ranges from help desk support to systems analyses to new technology recommendations to advice on the suitability of IT for furthering an aspect of organizational strategy.
They provide world-class support. Information systems require daily care and feeding and problem identification and correction. This support needs to be exceptionally efficient and effective.
They stay current in their field of expertise. They keep up to date on new techniques and technologies that may improve the ability of the organization to apply IT effectively.
Recruitment and Retention of IT Staff
In addition to ensuring that IT staff possess desired attributes, senior leadership may become involved in discussions centered on the attraction and retention of IT staff. Although the IT job market ebbs and flows, the market for talented and experienced IT staff is likely to be competitive for some time (Committee on Workforce Needs in Information Technology, 2001).
The changes in the health care system discussed in Chapter Six have resulted in a significant increase in the demand for health care IT professionals, in particular those with experience with electronic health record implementations. A 2010 Modern Healthcare (Conn, 2010) survey of health care executives found that
Fifty-eight percent of respondents planned to increase IT staff in the next twelve months
Forty percent expected to increase their IT workforce by 10 percent or more and 9 percent planned to increase between 30 percent and 50 percent
The same survey found that 49 percent reported difficulty recruiting.
Estimates of the additional IT staff needed to support payment reform changes range from a 2008 Bureau of Labor Statistics estimate of 35,000 to an Office of the National Coordinator for Health Information Technology estimate of 50,000 (Conn, 2010). An increase of 50,000 staff would represent a 50 percent increase in the current health care IT workforce.
Recruitment and retention strategies involve making choices about what work factors and management practices will be changed and how they will be changed in order to improve the organization’s ability to recruit and retain. Management may need to determine whether the focus will be on salaries or career development or physical surroundings or some combination of these factors.
For example, the IT managers at Partners HealthCare were asked to identify the factors that make an organization a great place to work and then to rate the Partners IT group on those factors using letter grades. The factors identified by the managers were
Salary and benefits
Physical quality of the work setting; for example, well-maintained surroundings
Caliber of IT management
Amount of interesting work
Importance of the organization’s mission
Opportunities for career growth
Adequacy of communication about topics ranging from strategy to project status
The managers’ grades for Partners IT on these factors are presented in Table 12.1.
Using these scores, Partners IT leadership decided to focus on
Establishing more thorough and better-defined career paths and development programs for all staff
Improving training opportunities, ranging from brown bag lunches with invited speakers to technical training to supervisory training to leadership training
Reviewing work environment factors such as parking, free amenities (such as soda), and office furniture
Improving communication through mechanisms such as sending a monthly e-mail from the CIO, webcasting staff meetings so they could be attended remotely, and having regular dinners and lunches hosted by the CIO and deputy CIO
Taking steps such as these is important. Fundamentally, people work at organizations where the work is challenging and meaningful. They work at places where they like their coworkers and respect their leadership. They work at places where they are proud of the organization, its mission, and its successes.
ORGANIZING IT STAFF AND SERVICES
Now that we have introduced the various roles and functions found in the health care IT arena, we will examine how these roles and functions can be organized. Essentially, four factors influence the structure of the IT department:
Definition and formation of major IT units
Degree of IT centralization or decentralization
Core IT competencies
Departmental attributes
Definition and Formation of Major IT Units
There is no single right way to organize IT, and a department may iterate various organizational approaches in an effort to find the one that works best for it. (No approach is free of limitations.) There are several overall approaches to structuring formal departments, and an organization may employ several approaches simultaneously.
First, many IT departments organize their staff according to major job function or service areas. For example, a department might have a communications unit that sets up and manages local area networks and access to wide area networks, a research and development unit that keeps abreast of technology advances and experiments with new products, and a data administration unit that designs and maintains the organization’s databases, data warehouses, and data management applications. Under this structure, staff members working in these various areas typically have both specialized and common skills, which they then apply to a wide range of systems or applications throughout the organization.
Second, the IT staff and services may be organized along product lines. That is, IT staff might work as project teams to develop, implement, maintain, and support a particular application or suite of applications. For example, there might be an applications unit comprising five to six major project teams. One team might support the administrative and billing systems, a second might support human and facility resources, and a third might cover clinical areas such as the laboratory, pharmacy, radiology, or nursing. Each team might combine IT staff and end users from the respective area. For example, a CPOE project team might include a systems analyst, a network administrator, a database manager, and key representatives from the clinical areas of medicine, nursing, laboratory, and pharmacy. This approach enables team members to work together closely, gain extensive knowledge about a particular application or suite of applications, and engage in holistic problem solving. In fact, the IT staff on the team may be physically located near the user department.
Third, the IT staff may be organized according to critical organizational processes. For example, there may be an IT team that manages and provides IT services to support the patient revenue cycle or patient access or medical services. This arrangement would enable the IT staff to understand all the information systems issues associated with a cross-organization process and develop a comprehensive understanding of critical organizational processes. This approach recognizes that patient care is based not on processes defined by organizational silos—for example, the laboratory or admitting—but rather on processes that cut across silos. Despite the conceptual appeal of this approach, it is not common. Its rarity is due largely to the fact that most organizations are organized by departments and not cross-organization processes: for example, it is rare to see a vice president of patient access. In general it is not intelligent to have IT organized in a way that is radically different from the approach used by the organization overall.
Fourth, the IT department may support a health care organization that is an integrated delivery system (IDS); it has multiple subsidiaries and divisions and may span a wide geography. The form of the IT department in an IDS is invariably matrixed. Kilbridge, Classen, Bates, and Denham (2006), in a study of IT organization in integrated delivery systems, found three dimensions that defined this matrix. The functional dimension was devoted to IDS-wide infrastructure, such as a communications network and enterprise master person index, and the support of IDS-wide consolidated functions, such as finance. The geographical dimension was devoted to supporting distinct geographical sites or logically separate provider sites, such as one of the IDS’s community hospitals. The cross-continuum, process-oriented dimension might support acute care in general or a carve-out, such as oncology services. Figure 12.2 depicts a two-dimensional structure based on function and geography. Figure 12.3 shows a two-dimensional structure based on function and process.
Figure 12.2. IT department organized by function and geography
Figure 12.3. IT department organized by function and process
These four approaches are by no means the only ways that one might approach organizing IT staff. The CIO, in conjunction with the organization’s executive team, should consider a wide range of options for organizing IT staff and resources. As part of this process, the executive team should seek input from key constituents, examine the culture of the organization and the IT department, assess the long-term goals of the organization, and ultimately employ a structure that facilitates IT staff efficiency and effectiveness. In determining the structure of the IT organization, the team may ask these strategic questions: Which approaches will be used? Do the IT groupings represent well-circumscribed clusters of like expertise or common goals? Is the resulting set of departments comprehensive in scope?
Degree of IT Centralization or Decentralization
A critical factor in determining the structure for the IT department is the degree of centralization of organizational decision making. A health care organization might be a highly structured, vertical hierarchy where decisions are made by a few senior leaders. Conversely, an organization might delegate authority to the departmental level, or to the hospital level in an integrated delivery system, resulting in decentralized decision making.
There is no right level of centralization. Centralized organizations can be as effective as decentralized organizations. There are trade-offs, however. For example, centralized organizations are more likely to be able to effect uniformity of operations and to be more rational in their allocation of capital dollars, whereas decentralized organizations are more likely to be innovative. Moreover, an organization can be centralized in some areas, such as the process for developing the budget, and decentralized in other areas, such as developing marketing plans.
Ideally, the management and structure of IT will parallel that of the executive team’s management philosophy; centralized management tends to want centralized control over IT, whereas decentralized management is more likely to be comfortable with IT that can be locally responsive.
One approach is not necessarily better than the other; they both have advantages and trade-offs. Some of the advantages to centralizing IT services (Oz, 2004) are
Enforcement of hardware and software standards. In a centralized structure, the organization typically develops software and hardware standards, which can lead to cost savings, facilitate the exchange of data among systems, make installations easier, and promote sharing of applications.
Efficient administration of resources. Centralizing the administration of contracts and licenses and inventories of hardware and software can lead to greater efficiency.
Better staffing. Because it results in a pool of IT staff from which to choose, the centralized approach may be able to identify and assign the most appropriate individuals to a particular project.
Easier training. In a centralized department, staff can specialize in certain areas (hardware, software, networks) and do not need to be jacks of all trades.
Effective planning of shared systems. A centralized IT services unit typically sees the big picture and can facilitate the deployment of systems that are to be used by all units of a health care system or across organizational boundaries.
Easier strategic IT planning. A strategic IT plan should be well aligned with the overall strategic plan of the organization. This alignment may be easier when IT management is centralized.
Tighter control by senior management. A centralized approach to managing IT services permits senior management to maintain tighter control of the IT budget and resources.
Despite the advantages of a more centralized approach to managing IT services, many health care organizations have moved in recent years to a relatively decentralized structure. Some of the advantages to a decentralized structure (Oz, 2006) are
Better fit of IT to business needs. The individual IT units are familiar with their business unit’s or department’s needs and can develop or select systems that fit those needs more closely.
Quick response time. The individual IT units are typically better equipped to respond promptly to requests or can arrange IT projects to fit the priorities of their business unit or department.
Encouragement of end-user development of applications. In a decentralized IT services structure, end users are often encouraged to develop their own small applications to increase productivity.
Innovative use of information systems. Given that IT staff are closer in proximity to users and know their needs, the decentralized structure may have a better chance of implementing innovative systems.
Most IT services in a health care organization are not fully centralized or decentralized but a combination of the two. For example, training and support for applications may be decentralized, with other IT functions such as application development, network support, and database management being managed centrally. The size, complexity, and culture of the health care organization might also determine the degree to which IT services should be managed centrally. For example, in an ambulatory care clinic with three sites that are fairly autonomous, it may be appropriate to divide IT services into three functional units, each dedicated to a specific clinic. In a larger, more complex organization, such as an integrated delivery network (with multiple hospitals, outpatient clinics, and physician practices), it may be appropriate to form a centralized IT services unit that is responsible for specific IT areas such as systems planning and integration, network administration, and telecommunications, with all other functions being managed at the individual facility level.
Core IT Competencies
Organizations should identify a small number of areas that constitute core IT capabilities and competencies. These are areas where getting an A+ from the “customers” matters. For example, an organization focused on transforming its care processes would want to ensure A+ competency in this area and would perhaps settle for B− competency in its supply chain operations. An organization dedicated to being very efficient would want A+ competency in areas such as supplier management and productivity improvement and would perhaps settle for a B− in delivering superb customer service.
This definition of core competencies has a bearing on the form of the IT organization. If A+ competency is desired in care transformation, the IT department should be organized into functions that specialize in supporting care transformation: for example, a clinical information systems implementation group and a care reengineering group.
Partners HealthCare, for example, defined three areas of core capabilities: base support and services, care improvement, and technical infrastructure.
Base Support and Services
The category of core capabilities at Partners HealthCare included two subcategories:
Frontline support: for example, mobile device problem resolution
Project management skills
The choice of these areas of emphasis resulted in many management actions and steps: for example, the selection of criteria to be used during annual performance reviews. The emphasis on frontline support also led to the creation of an IT function responsible for all frontline support activities, including the help desk, workstation deployments, training, and user account management. The emphasis on project management led to the creation of a project management office to assist in monitoring the status of all projects and a project center of excellence to offer training on project management and established project management standards.
Care Improvement
Central to the Partners agenda was the application of IT to improve the process of care. One consequence was to establish, as a core IT capability, the set of skills and people necessary to innovatively apply IT to medical care improvement. An applied medical informatics function was established to oversee a research and development agenda. Staff skilled in clinical information systems application development were hired. A group of experienced clinical information system implementers was established. An IT unit of health services researchers was formed to analyze deficiencies in care processes, identify IT solutions that would reduce or eliminate these deficiencies, and assess the impact of clinical information systems on care improvement. Organizational units possessing unique technical and clinical knowledge in radiology imaging systems and telemedicine were also created.
Technical Infrastructure
Because Partners HealthCare recognized the critical role of a well-conceived, well-executed, and well-supported technical architecture, infrastructure architecture and design continued to serve as a core competency. A technology strategy function was created, and the role of chief technology officer was created. Significant attention was paid to ensuring that extremely talented architectural and engineering staff were hired along with staff with terrific support skills.
Departmental Attributes
IT departments, like people, have characteristics or attributes. They may be agile or ossified. They may be risk tolerant or risk averse. These characteristics can be stated, and strategies to achieve desired characteristics can be defined and implemented. To illustrate, this section will briefly discuss two characteristics—agility and innovativeness—and discuss how they might affect the organization of IT functions. These two characteristics are representative and are generally viewed as desirable.
There are many steps that an organization can take to increase its overall agility and also that of the IT department (Glaser, 2008a). For example, it is likely to try to chunk its initiatives so that there are multiple points at which a project can be reasonably stopped and yet still deliver value. Thus, the rollout of an electronic health record might call for implementation at ten clinics per year but could be stopped temporarily at four clinics and still deliver value to those four. Chunking allows an organization and its departments to quickly shift emphasis from one project to another.
An agile IT department will have the ability to form and disband teams quickly (perhaps every three months) as staff move from project to project. This requires that organizational structures and reporting relationships be flexible so staff can move rapidly between projects. It also means that during a project, the project manager is (temporarily anyway) the boss of the project team members. The team members might report to someone else according to the organizational chart, but their real boss at this time is the project manager. Because team members might move rapidly from project to project, they might have several bosses during the course of a year. And a person might be the boss on one project and the subordinate on another project. Agile organizations and departments are organized less around functions and more around projects. The IT structure must accommodate continuous project team formation, and project managers must have significant authority.
An organization or department that wants to be innovative might take steps such as implementing reward systems that encourage new ideas and successful implementation of innovative applications, and also punishment systems that are loath to discipline those involved in experiments that failed (Glaser, 2008b). The innovative IT department might create dedicated research and development groups. It might form teams composed of IT staff and vendor staff in an effort to cross-fertilize each group of staff with the ideas of the other. It might also permit staff to take sabbaticals or accept internships with other departments in the organization in an effort to expand IT members’ awareness of organizational operations, cultures, and issues.
IN-HOUSE VERSUS OUTSOURCED IT
For the past two decades, health care organizations have generally provided IT services in-house. By in-house we mean that the organization hired its own IT staff and formed its own IT department. In recent years, however, health care organizations have shown a growing interest in outsourcing part or all of their IT services. Outsourcing IT means that an organization asks a third party to provide the IT staff and be responsible for the management of IT.
The reasons for outsourcing IT functions are varied. Some health care organizations may simply not have staff with the skills, time, or resources needed to take on new IT projects or provide sufficient IT service. Others may choose to outsource certain IT functions, such as help desk services or web site development, so that internal IT staff can focus their time on implementing or supporting applications central to the organization’s strategic goals. Still other organizations contract with a cloud computing vendor to run system applications, manage the data, and provide technical support. Outsourcing IT may enable organizations to better control costs. Because a contract is typically established for a defined scope of work to be done over a specific period of time, the IT function becomes a line item that can be more effectively budgeted over time. This does not mean, however, that outsourcing IT services is necessarily more cost-effective than providing IT services in-house. At times, new organizational leadership finds an IT function that is in disastrous condition. After years of mismanagement, applications may function poorly, the infrastructure may be unstable, and the IT staff may be demoralized. An outsourcing company may be brought in as a form of rescue mission.
A number of factors come into play and should be considered when evaluating whether outsourcing part or all of IT services is in the best interest of the organization. The following questions should be asked:
Does our organization have IT staff with the knowledge and skills needed to provide necessary services? Effectively manage projects? Adequately support current applications and infrastructure?
How easy or difficult is it to recruit and retain qualified IT staff?
What are our organization’s major IT priorities? How equipped is our organization to address these priorities? Do we have the right mix of skills, time, and resources?
What benefits might be realized from outsourcing this IT function? What are the risks? Do the benefits outweigh the risks?
What parts, if any, of the IT department does it make the most sense to outsource?
If we opt to outsource IT services, with whom do we want to do business? How will we monitor and evaluate IT performance and service? What provisions will we make in the contract with the outsourcing company to ensure timeliness and quality of service? How will the terms of the contract be monitored?
It is important to evaluate the cost and effectiveness of the IT function and services, whether they are performed by in-house staff or outsourced. There are pros and cons to each approach, and the organization must make its decision based on its strategy goals and priorities. There is no silver bullet or one solution for all.
EVALUATING IT EFFECTIVENESS
Whether IT services are provided by in-house staff or are outsourced, it is important to evaluate IT performance. Is the function efficient? Does it deliver good service? Is it on top of new developments in its field? Does the function have a strong management team?
At times, health care executives become worried about the performance of an IT function. Other organizations have IT functions that seem to accomplish more or spend less. Management and physicians frequently express dissatisfaction with IT; nothing is getting done, it costs too much, or it takes too long to get a new application implemented. Many factors may result in user dissatisfaction: poor expectation setting, unclear priorities, limited funding, or inadequate IT leadership. An assessment of IT services can help management understand the nature of the problems and identify opportunities for improvement.
One desirable approach to assessing IT services is to use outside consultants. Consultants can bring a level of objectivity to the assessment process that is difficult to achieve internally. They can also share their experiences, having worked with a variety of different health care organizations and having observed different ways of handling some of the same issues or problems.
Whether the assessment is done by internal staff or by consultants, several key areas should be addressed:
Governance
Budget development and resource allocation
System acquisition
System implementation
IT service levels
Governance
How effective is the governance structure? To what degree are IT strategies well aligned with the organization’s overall strategic goals? Is the CIO actively involved in strategy discussions? Does senior leadership discuss IT agenda items on a regular basis? We will discuss governance in Chapter Fifteen.
Budget Development and Resource Allocation
The IT budget is often compared to the IT budgets of comparable health care organizations. The question behind a budget benchmark is, Are we spending too much or too little on IT? Budget benchmarks are expressed in terms of the IT operating budget as a percentage of the overall organization’s operating budget and the IT capital budget as a percentage of the organization’s total capital budget. On average, hospitals spend 2.7 percent of their operating budget and 15 percent of their capital budget on IT (Gartner, 2008).
These budget benchmarks are useful and in some sense required because most boards of directors expect to see them. Management has to be careful in interpreting the results, however. These percentages do not necessarily reflect the quality of IT services or the extent and size of the organization’s application base or infrastructure. Hence, one can find a poorly performing IT group that has implemented little having the same percentage of the organization’s budgetary resources as a world-class IT group that has implemented a stunning array of applications.
Spending a high percentage of the operating budget—for example, 4.5 percent—does not per se mean that the organization is spending too much and should reduce its IT budget. The organization may have decided to ramp up its IT investments in order to achieve certain strategic objectives. A low percentage—for example, 1 percent—does not per se mean that underinvestment is occurring and the IT budget should be significantly increased. The organization may be very efficient, or it may have decided that given its strategies its investments should be made elsewhere.
We will discuss the IT budget and resource allocation in Chapter Fifteen.
System Acquisition
How effective are system acquisitions? How long did they take? What process was used to select the systems? We discussed system acquisition in Chapter Seven.
System Implementation
Are new applications delivered on time, within budget, and according to specification? Do the participants in the implementation speak fondly of the professionalism of the IT staff or do they view IT staff as forms of demonic creatures? We discussed system implementation in Chapter Eight.
IT Service Levels
IT staff deliver service every day: for example, they manage system performance, respond to help desk calls, and manage projects. The quality of these services can be measured. An assessment of the IT function invariably reviews these measures and the management processes in place to monitor and improve IT services. IT users in the organization are interested in measures such as these:
Infrastructure. Are the information systems reliable, that is, do they rarely “go down”? Are response times fast?
Day-to-day support. Does the help desk quickly, patiently, and effectively resolve my problems? If I ask for a new workstation, does it arrive in a reasonable period of time?
Consultation. Are the IT folks good at helping me think through my IT needs? Are they realistic in helping me to understand what the technology will and will not do?
An organization faces a challenge in defining what level of IT service it would like and also how much it is willing to pay for IT services. All of us would love to have systems analysts with world-class consulting skills, but we may not be able to afford their salaries. Similarly, all of us would love to have systems that never go down and are as fast as greased lightning, but we might not be willing to pay the cost of engineering very, very high reliability and blazing speed. The IT service conversation attempts to establish formal and measurable levels of service and the cost of providing that service. The organization seeks an informed conversation about the desirability and the cost of improving the service or the possibility of degrading the service in an effort to reduce costs.
In general it can be very difficult to measure the quality and consequences of consultative services. This makes it difficult to understand whether it is worth investing to improve the service other than at the service extremes. For example, it can be clear that you need to fire a very ineffective systems analyst and that you need to treat your all-star analyst very well. But it may not be clear whether paying $10,000 extra for an IT staff member is worth it or not.
Formal, measurable service levels can be established for many infrastructure attributes and day-to-day support. Moreover, industry benchmarks exist for these measures. Common infrastructure metrics are
Reliability: for example, the percentage of time that systems have unscheduled downtime
Response time: for example, how quickly an application moves from one screen to the next
Resiliency: for example, how quickly a system can recover after it goes down
Software bugs: for example, the number of bugs detected in an application per line of program code or hour of use
Common day-to-day support metrics are
The percentage of help desk calls that are resolved within twenty-four hours
The percentage of help desk calls that are not resolved after five days
The percentage of help desk calls that are repeat calls: that is, the problem was not resolved the first time
The time that elapses between ordering a workstation and its installation
It is important that the management team define the desired level of IT service. For example, is the goal to achieve an uptime of 99.99 percent, or does the organization want to have 90 percent of help desk calls closed within twenty-four hours? If the service levels are deemed to be inadequate, a discussion can be held with IT managers to identify the costs of achieving a higher level of service. Additional staff may be needed at the help desk, or the organization may need to develop a redundant network to improve resiliency. Conversely, if the organization needs to reduce IT costs, the management team may need to examine the service consequences of reducing the number of help desk staff.
The assessment of the IT function requires examining areas that range from strategy development to service levels. And the assessment can use a variety of data collection techniques. Exhibit 12.3 is a sample survey used by an IT services department to assess user satisfaction.
Answers to these questions provide an indication, clearly rough, of how well the IT function is being run and, to a degree, of whether the aggregate IT investment is providing value. All these questions come from common sense, management beliefs about what is involved in running an organization well, and tests of IT domain knowledge.
SUMMARY
It is critical that health care organizations have access to appropriate IT staff and resources to support their health care information systems and system users. IT staff perform several common functions and have several common roles. In large organizations, the IT department often has a management team comprising the chief information officer, chief technology officer, chief security officer, and chief medical information officer, who provide leadership to ensure that the organization fulfills its IT strategies and goals. Having a CIO with strong leadership skills, vision, and experience is critical to the organization achieving its strategic IT goals. Working with the CIO and IT management team, one will often find a team of professional and technical staff including systems analysts, computer programmers, network administrators, database administrators, and web designers and support personnel. Each brings a unique set of knowledge and skills to support the IT operations of the health care organization.
The organizational structure of the IT department is influenced by several factors: definition of major units, level of centralization, core IT competencies, and desired attributes of the IT department.
IT services may be provided by in-house staff or outsourced to an outside vendor or company. Many factors come into play in deciding if and when to outsource all or part of the IT services. Availability of staff, time constraints, financial resources, and the executive management team’s view of IT may determine the appropriateness of outsourcing.
Whether IT services are provided in-house or outsourced, it is important for the management team to assess the efficiency and effectiveness of IT services. The governance structure, how the IT resources are allocated, the track record of system acquisitions and system implementations, and user satisfaction with current IT service levels are some of the key elements that should be examined in any assessment. Consultants may be employed to conduct the assessment and offer the organization an outsider’s objective view.
KEY TERMS
Applications management
Chief information officer (CIO)
Chief medical information officer (CMIO)
Chief security officer (CSO)
Chief technology officer (CTO)
Database administrator
Governance
IT centralization and decentralization
Network administrator
Operations and technical support
Outsourced IT
Programmer
Systems analyst
Telecommunications specialist
LEARNING ACTIVITIES
Visit an IT department in a health care facility in your community and interview the CIO or department director. Examine the IT department’s organizational structure. What functions or services does the IT department provide? How centralized are IT services within the organization? Does the organization employ a CMIO, CSO, or CTO? If so, what are each person’s job qualifications and responsibilities?
Find an article in the literature that outlines either the advantages or disadvantages, or both, of outsourcing IT. Discuss the findings with your classmates. What have others learned about outsourcing that may be important to your organization?
Plan and organize a panel discussion with CIOs from local health care facilities. Find out what some of their greatest challenges are and what a typical day is like for them. To what degree are their organizations facing workforce shortages? In what areas, if any? What strategies do they employ to recruit and retain top-notch staff?
Assume that your organization is concerned about employee satisfaction with IT services. How might the organization assess employee satisfaction? What methods and tools might be used? How would you use these methods and tools?
Investigate any one of the following roles and interview someone working in this type of position. Find out the individual’s roles, responsibilities, qualifications, background, experience, and challenges.
Chief medical information officer
Chief security officer
Chief technology officer
Nursing informatics specialist
Clinical systems analyst
Biomedical informatics expert
REFERENCES
Agarwal, R., & Sambamurthy, V. (2002). Organizing the IT function for business innovation leadership. Chicago: Society for Information Management.
College of Healthcare Information Management Executives. (1998). The healthcare CIO: A decade of growth. Ann Arbor, MI: Author.
Committee on Workforce Needs in Information Technology. (2001). Building a workforce for the information economy. Washington, DC: National Academies Press.
Conn, J. (2010, May 24). Working on IT. Modern Healthcare, p. 28.
Earl, M., & Feeney, D. (1995). Is your CIO adding value? McKinsey Quarterly, 2, 144–161.
Gartner, Inc. (2008). Forecast: Healthcare IT spending worldwide, 2006–2011. Stamford, CT: Author.
Glaser, J. (2006, January). Assessing the IT function in less than one day. Healthcare Financial Management, pp. 104–108.
Glaser, J. (2008a, April). Creating IT agility. Healthcare Financial Management, pp. 36–39.
Glaser, J. (2008b, February 6). The four cornerstones of innovation. Most Wired Online.
Glaser, J., & Kirby, J. (2009). Evolution of the healthcare CIO. Healthcare Financial Management, 63(11), 38–41.
Glaser, J., & Williams, R. (2007). The definitive evolution of the role of the CIO. Journal of Healthcare Information Management, 21(1), 9–11.
Kilbridge, P. M., Classen, D., Bates, D. W., & Denham, C. R. (2006). The National Quality Forum safe practice standard for computerized physician order entry: Updating a critical patient safety practice. Journal of Patient Safety, 2(4), 183–190.
Leviss, J., Kremsdorf, R., & Mohaideen, M. F. (2006). The CMIO: A new leader for health systems. Journal of the American Medical Informatics Association, 13(5), 573–578.
Oz, E. (2006). Management information systems: Instructor edition (4th ed.). Boston: Course Technology.
