When Dustin Hufford was named full-time CIO at Cooper University Health Care — after serving as AVP of IT applications and interim CIO — he was ready to hit the ground running. “If I get this, we’re going to jump right into strategy development,” he recalled thinking.

That was in December of 2019, which meant just a handful of weeks passed before his team had to pivot to focus on facilitating new models of care delivery. Like so many other leaders, he realized how quickly things happened when there was a single objective, and so, when it was time to reassess priorities, Hufford adopted a new strategy: agility.

“We were able to move quickly,” he said during an interview with Kate Gamble, Managing Editor of healthsystemCIO. “That’s what we’re trying to harness. How do we get to that level of focus and attention? We think agile is a way to do that.”

During the discussion, Hufford talked about the foundational work his team is doing to take on a new approach, and why they’re flipping the traditional IT governance model. He also discussed the challenges of retaining staff in a competitive market, how he has benefited from his experience with community hospitals, and Cooper’s ultimate goal of improving access to care.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Key Takeaways

* For Cooper University Health Care, one of the keys to being able to retain talent in a competitive market is to “treat our staff like professionals,” and avoid micromanaging.

* Although the first-year turnover rate from 2021 was somewhat high, long-term retention has held steady, which Hufford attributes to constant engagement with teams, as well as its transparent remote work policy.

* “Because it’s a small team, you have to get your hands into everything, and you gain a deep knowledge of all the different IT domains,” said Hufford, explaining why being CIO of a community hospital was so beneficial.

* Although Cooper has chosen to keep digital within IT, “we’ve tried to embrace what would come from a separate chief digital officer, which is really just a tight partnership with business operations.”

Q&A with Dustin Hufford, Part 2 [To view Part 1, click here.]

Gamble:  You mentioned strengthening the staff as one of your goals. That’s been an issue for so many organizations. What are you doing to recruit and retain people?

Hoffman:  A couple of things. One is to treat our staff like the professionals they are — not micromanage them, but empower them to make decisions. We also use rounding. For instance, I meet with our team in larger groups, and we do a session where I meet with subsections of the team to go over our strategy and make sure they understand where we are.

It also gives them a chance to ask me tough questions, and I answer in short order. This helps make sure they’re comfortable the things we’re doing in our world. We engage with them as much as possible, which has helped a lot in keeping our scores high.

It has also kept our turnover rate low. The rate of turnover for people within the first year of employment was a little bit higher than we would have liked. A lot of people are shifting around in the market trying to figure out what works for them, whether it’s consulting or part-time employment. But our staff retention for people who have been here longer than a year has been extremely tight. We’ve it at a very low number.

The other pillar,

For healthcare leaders, creating a culture of collaboration can be extremely challenging, particularly in groups that include both extroverts and introverts. Laura Marquez has a solution that involves doing something out of character for those in senior positions.

“I have an idea, but I’d like to hear from you guys first.”

Doing so, she said during a recent interview, “opens up the platform” and encourages individuals to float their own ideas. It’s one of many pieces of advice Marquez, AVP of IT Applications at UConn Health, offered to colleagues based on her own experiences.

During the discussion, she shared insights on what it takes to build “a culture of safety, her approach in leading virtual teams, the critical role IT governance strategies can play, and what UConn Health is doing to more effectively engage with patients.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Bold Statements

We’re also taking a step back to say, how can we improve access for our patients in terms of reducing new patient lead time? Let’s stand up direct scheduling. Let’s implement fast pass in more areas. We want to leverage the tools that we have at play.

It’s imperative that we’re working both with the marketing and patient experience offices, as well as our other business stakeholders throughout the organization. We want to make sure we’re rowing in the same direction.

We wanted a diverse selection of patient volunteers who would then have access to our test environment. That way, before new features are rolled out, we’re able to bring it to the work group. We get their candid, honest feedback, and we’re able to pivot.

I think all systems struggle with the fact that there’s never a shortage of work. As a matter of fact, there are far more projects submitted than we could even get accomplished.

 

Gamble:  I’m really glad we could set aside time to chat. Can you start by providing a high-level look at UConn Health — what you have in terms of hospitals, where you’re located, things like that?

Marquez:  Sure. We’re a 224-bed academic medical center located in Farmington, Conn. We pride ourselves on serving the community as a state organization. We have a great ambulatory network with clinics representing a wide variety of specialties. We also have the School of Medicine and School of Dental Medicine. We’re diverse in who we serve. It’s been a wonderful opportunity to continue to use technology in different ways to help our caregivers.

 

Gamble:  In your role as AVP of IT applications, what do you consider to be your core objectives?

Marquez:  We’re an Epic shop, and so there’s no shortage of work keeping up with the quarterly updates and the new migration to Hyperdrive. One of the really important things on our roadmap is our partnership with Connecticut Children’s to stand up a NICU within our hospital. As part of that, we’re bringing them onto our electronic health record. It’s been a great cross collaboration with Connecticut Children’s to partner and find some creative solutions for how we can best serve those critically ill babies.

 

Gamble:  Were they already on an EHR?

Marquez:  They were still on paper. UConn went live on the EHR in 2018, but because the NICU is owned and operated by Connecticut Children’s, it was out of scope for the EMR implementation. We certainly had plans to bring it live much sooner, but unfortunately, the pandemic got in the way of our priorities, as it did for every organization. And so, we made it a point to make sure we circle back and get them brought up to an EHR.

 

As post-pandemic work arrangements continue to evolve, IT executives are left to navigate how best to keep their teams in touch and on track. It’s not an easy balance, as organizations seek to retain sought-after talent by providing flexibility, while also ensuring the necessary collaboration to not only move forward but innovate. In this important webinar, we’ll hear from leaders about the arrangements they are experimenting with, lessons learned and plans for the future.

Speakers:

* Lisa Dykstra, SVP/CIO, Ann & Robert H. Lurie Children’s Hospital of Chicago

* John Kravitz, CIO, Geisinger Health System

* Ed McCallister, SVP/CIO, UPMC

* Ajay Kapare, Chief Strategy & Marketing Officer, ELLKAY

Longo, who feels healthcare CISOs must have a ‘business-enabling’ approach, says going slow and saying no is never an option.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Bold Statements

I often say we are 10 miles wide and 10 feet deep as CISOs, and then you want really strong leaders who are 10 feet wide and 10 miles deep on your leadership team.

I’ll tell you what the best language is. The best language is numbers, metrics, quantifiable views of the status of the organization.

You need to have your eyes and ears open at all times to what’s going on because there is a problem with shadow IT in every industry.

 

Guerra: Welcome to healthsystemCIO’s interview with Anthony Longo, VP and Chief Information Security Officer with Baptist Health South Florida. I’m Anthony Guerra, Founder and Editor-in-Chief. Anthony, thanks for joining me.

Longo: Thank you, Anthony. I appreciate the time. Happy to be here.

 

Guerra: I look forward to chatting. Do you want to start off by telling me a little bit about your organization and your role?

Longo: Sure, sure. As you said I’m VP and Chief Information Security Officer of Baptist Health South Florida. We are a large not for profit healthcare system based in the South Florida region, in the Miami area mostly.

We are in the middle of a massive digital transformation, really focusing on bringing out best in class technology as it relates to clinical healthcare and how we interact with our patients, and with that comes the need for best in class security as a part of that program.

You know it’s been a great first year at Baptist, really just a time to invest in the program and continue to expand our capability and the people, process and technology, and just having a lot of fun.

 

Guerra: Excellent. I like to ask all CISOs how they wound up where they are. How did you wind up in security? How did you wind up in healthcare, the whole thing?

Longo: That’s a fun question. I’m in year 23 of my career, the majority of it being in security. I always joke that if you found me in the late ’90s in a data center and told me that I would be sitting in board rooms talking about information security to some of the strongest leaders in the country, I would say you are crazy. But here we are and here it is, nobody knew that security would be so critical as a part of the digital transformation of our industry as it is today.

I started out just like everyone else. I was an engineer. I started in help desk and desktop support, network engineering, server engineering and then somewhere around 2002, 2003, I made the decision to do some work in security. I had an interest in it. It was really just working in AV and anti-spam. It was very early days in security back then. Early days of fixed firewalls, ASA firewalls and Trend Micro, whatever. I went to work for an anti-virus company and the rest is history.

The majority of my career has been in retail and hospitality. That has been my primary focus as Chief Information Security Officer but I’m really, really excited to take on something new, a new challenge. Healthcare is at the frontlines right now of attacks across the globe. We’re seeing threats against critical infrastructure day after day and healthcare is one of the most targeted sectors. I want to take the experiences that we learned from retail and hospitality and the breaches of the late 2000s and 2010s around payment and bring them to healthcare.

When Dustin Hufford was named full-time CIO at Cooper University Health Care — after serving as AVP of IT applications and interim CIO — he was ready to hit the ground running. “If I get this, we’re going to jump right into strategy development,” he recalled thinking.

That was in December of 2019, which meant just a handful of weeks passed before his team had to pivot to focus on facilitating new models of care delivery. Like so many other leaders, he realized how quickly things happened when there was a single objective, and so, when it was time to reassess priorities, Hufford adopted a new strategy: agility.

“We were able to move quickly,” he said during an interview with Kate Gamble, Managing Editor of healthsystemCIO. “That’s what we’re trying to harness. How do we get to that level of focus and attention? We think agile is a way to do that.”

During the discussion, Hufford talked about the foundational work his team is doing to take on a new approach, and why they’re flipping the traditional IT governance model. He also discussed the challenges of retaining staff in a competitive market, how he has benefited from his experience with community hospitals, and Cooper’s ultimate goal of improving access to care.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Key Takeaways

* Among the “key pillars” of the IT strategy are: strengthening the foundation (particularly in terms of staffing), assessing digital capabilities, and converting to an agile framework.

* One of Cooper’s core objectives is leveraging technology to improve access to care and ensure “people aren’t bouncing around” when they contact the call center.

* Number one lesson learned from Covid-19? “When everybody was focused on one core mission, things happened quickly. Decisions happened quickly.”

* Hufford’s team hopes to flip the traditional IT governance strategy on its axis by assigning project owners and making them responsible for the order in which tasks are done.

Q&A with Dustin Hufford, Part 1

Gamble:  Hi Dustin, thanks so much for taking some time to be with us today. Let’s start with a high-level view of Cooper University Healthcare — where you’re located, what you have in terms of hospitals, things like that.

Cooper:  Sure. Our headquarters are in Camden, N.J, right across the river from Philadelphia, which is also where our hospital is located. We’re an academic tertiary care center with just over 600 beds. We have around 120 ambulatory locations as well. That includes urgent care, laboratory locations, and clinics spread out all over south Jersey. We’re the only Level 1 trauma center for south Jersey, and one of the busiest ones in the region.

Our medical school is partnered with Rowan University. It’s a fairly new arrangement — within the last 10 years. We had our first graduating class a few years ago. We’re really trying to build up our research infrastructure along with that and strengthen our program. It has grown really fast; we have quite a few residents and staff at this point.

 

Gamble:  I can imagine that’s going to be a game-changer once you’re able to get more students and residents into the rotation.

Hufford:  Definitely. We have goals around how many we convert into full-time employees after they’re done with their medical school stint. It’s a good feeder for our programs and for our academic mission. It helps us to be innovative with our clinical delivery.

 

Gamble:  And in terms of clinical applications, you have Epic in the hospitals and clinics?

Hufford:  Correct.

Now that it has been more than a decade since the initial push to establish EMRs through the federal Meaningful Use program, healthcare organizations are beginning to face something just as monumental, the need to tie technological advances across the enterprise: enterprise resource planning (ERP). It’s a big undertaking, but one that Onyeka Nchege, SVP/CIO with Novant Health in North Carolina, is queuing up to help his organization meet its overall goals. Not only will the ERP system alleviate pain points, but it will be part of the “secret sauce” all organizations need: a good back-office system, combined with a good EMR, he says. It will help the organization better manage day-to-day business activities, including accounting, procurement, project management, risk management, compliance, and supply chain operations.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Bold Statements

“I think gone are the days where you said, ‘Hey, it’s going to take me a year and a half to implement something,’ right? Those days are long gone, especially when you think about the pandemic and the things that we had to do to react and react very quickly.”

“We aren’t simply taking Novant Health’s current processes and transplanting them into a new technology. It’s not just a lift and shift for us, instead, you know, we’re making an investment that transforms the way our team members perform their work.”

“ … at the end of the day, I aim to ensure that these department leaders understand what our new systems have to offer, and secure their buy-in and input, and create change champions in those spaces.”

 

Guerra: Onyeka, thanks for joining me. Tell me about your organization and your role.

Nchege: I’m happy to do that. Novant Health is an integrated network of physician clinics, outpatient centers, and hospitals that delivers a seamless and convenient healthcare experience through more than 6 million patient visits annually. And our network consists of more than 1,800 physicians and over 35,000 team members that provide care at more than 800 locations that include 15 medical centers, and hundreds of outpatient facilities and physician clinics. Our core markets are in Winston Salem, N.C., where we are headquartered. We also have a significant presence in Charlotte and Wilmington as well.

 

Guerra: You have a big ERP (enterprise resource planning) project going. It’s a big deal. I saw the release about some help you were getting with that project. We’ll talk more about that. People have said that Meaningful Use spurred on the EMR implementations, and that went on for quite a long time, and now it’s time for some other big projects. Do you see that evolution over the last 15 years?

Nchege: So you see the big ERP, EMR implementations that are happening, but I think folks are starting to realize the value of what I’m going to call “time to market” and getting implementations done faster, so that your business can start to realize value sooner rather than later. I think you’re seeing more and more of that out in the marketplace, especially in the healthcare space, related to corporate systems, or back-office systems, from an ERP perspective. And then you’ve also got the patient-facing solutions, like the EMR. So, the combination of both of those together is really the secret sauce from a technology perspective within the healthcare space.

 

Though the cloud may be a key element to empowering today’s work-from-anywhere workforce, there are many aspects of it that concern security professionals. Questions abound around the security implications of different cloud arrangements, such as public or private, multi or hybrid and, when those seem a bridge too far, what to keep on-premises. Once a cloud strategy has been set, critical considerations around networking and access arise, and finally, but perhaps most importantly, is the issue of enforcing end-user policies and permissions, and securing the endpoints or devices employees ultimately use. In this important webinar, we’ll delve into all these issues and elicit best practices for securing your journey to the cloud.

Speakers:

* Todd Bell, CISO & Executive Director, IT Compliance, Valleywise Health

* Sahan Fernando, CISO, Rady Children’s Hospital-San Diego

* Chris Feeney, Healthcare Workflow Specialist, IGEL Technology

While most health systems have an effective process for training newly hired clinicians on the applications they will be using, few have one for training existing employees on upgrades to those applications. Unfortunately, after a few such upgrades, the software on the screen can bear little resemblance to the one on which they were trained. The result? Dissatisfaction and frustration with the applications that are supposed to make their lives easier, leading, in some cases, to burnout. In this timely webinar, we’ll hear from leaders who are working hard to keep doctors and nurses up to speed on the software that will either make or break their productivity.

Speakers:

* Donna Roach, CIO, University of Utah Health

* Lee Milligan, MD, SVP/CIO, Asante

* Ryan Seratt, Director of Training and Development, 314e Corporation

There’s no shortage of scenarios that can conjure fear in even the most seasoned leaders. For Kate Pierce, it’s a cyberattack that causes North Country Hospital to go offline. Not because it would mean losing patients to a competitor, but because it could mean losing patients.

“We have to be able to offer care,” she said during a recent interview with Kate Gamble, Managing Editor at healthsystemCIO.com. “There’s not another facility for 40 miles. We can’t just say, ‘sorry, we can’t take you. Our network is down.’”

For Pierce, who holds both the CIO and CISO roles at the Newport, Vt.-based organization, having the right plan – and people – in place to prevent cyberattacks is the ultimate goal. It’s not an easy one, particularly given the limited resources and access to talent faced by most rural organizations.

During the discussion, she talked about the creative thinking her team is utilizing to stay one step ahead of bad actors, the critical lessons they learned with UVM suffered a data breach, why North Country will never leave the cloud, and how she manages the competing priorities of her dual roles.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Key Takeaways

* After its EHR vendor pulled out of the healthcare vertical, North Country was forced to “go back to the drawing board and figure out what we were going to do.”

* One of the key criteria in the search for a new vendor partner was cloud capability. “Because we were in the cloud already, it wouldn’t be feasible to bring everything back in house.”

* North Country has adopted a three-pronged approach to cybersecurity focused on providing educating and tools, creating a culture of security, and thinking outside the box by partnering with other organizations.

* For remote organizations, being able to maintain a secure network is vital. “There’s not another facility for 40 miles — we can’t just say, ‘sorry, we can’t take you.’”

* Although the CIO and CISO role are often in competition with each other, they can also go “hand in hand.”

Q&A with North Country Hospital CIO/CISO Kate Pierce

Gamble:  A lot has happened since the last time we spoke. Your team is implementing CommunityWorks from Cerner, which was scheduled to go live in May. What has that process been like, particularly in terms of training?

Pierce:  We had a five-week period where we trained end users. Cerner has a dual approach. For staff, they use a ‘train the trainer’ model. And so, they’re training our staff, and we have subject matter experts that have been trained by Cerner as well as some super users. We have a variety of groups across the organization that are training in different areas.

That schedule was put together by one of our CIS staff members. The big challenge we face is bringing staff up from their daily work in order to attend the training and participate in the education.

With the shortage in nursing — and really across the board — it’s one of those areas where we (both North Country and Cerner) have had challenges resourcing the project. But I think we’re in a good spot right now. We’ve got a plan in place and I’m confident we’re going to be successful.

 

Gamble:  There’s so much going on right now; I can imagine it’s really difficult to pull physicians and nurses away from what they’re doing. What’s the approach to making sure they’re trained?

Pierce:  It’s been an organizational effort. We didn’t have a lot of choice with the timing of it. Our current vendor had decided to exit the hospital EHR market,

With power (and lots of data) comes responsibility. And it’s the responsibility of health systems to make sure patient records aren’t accessed when they’re not supposed to be. In this important webinar, we’ll hear how leaders are working to identify, investigate and resolve compliance breaches – and reduce the risk – when they do occur. We’ll also hear how AI holds the potential to reduce the manual burden of patient privacy monitoring, and increase the time-saving distinction between proper and improper system access.

Speakers:

* Jim Brady, PhD, VP, Information Security & Infrastructure, CISO, Fairview Health Services

* Krista Fink, Privacy Officer & System Director for Information Privacy and Investigations, Fairview Health Services

* Nick Culbertson, CEO, Protenus