As CIO for Methodist Hospital, Randy McCleese, winner of the 2017 College of Healthcare Information Management Executives John E. Gall Jr. CIO of the Year award, views himself as “among the trees” compared with previous recipients from larger provider organizations. Methodist comprises a 192-bed acute-care facility in Henderson, Ky., and a 25-bed critical-access hospital in Morganfield.
One factor that helped McCleese stand out is his participation in public policy discussions, providing a voice for small, rural hospitals at a national level.
“I’ve enjoyed the opportunity to add my 2 cents on behalf of those providers,” he says.
HealthTech spoke to McCleese about the importance of advocating for smaller organizations, as well as the challenges involved with managing IT efforts for such facilities.
HEALTHTECH: What is your biggest IT concern on a day-to-day basis?
MCCLEESE: There are several: maintaining our basic infrastructure; computerized documentation in patients’ records; our security posture. One of the main things we’re currently considering is improving our network reliability. That is one of the very basic things every organization must have to be able to function and provide quality patient care.
HEALTHTECH: In 2016, about a year before your arrival, Methodist suffered a ransomware attack. How has that shaped your strategy going forward?
MCCLEESE: At the time of the ransomware attack, there was one layer of security. We’ve now beefed that up so that we’ve got four different layers. I usually describe it as layers of Swiss cheese; if you’ve only got one layer, you can get through that rather easily. But when you put two, three and four pieces together, it makes it much more difficult to get through all those layers. That’s where we are now.
We’ve put things in place that will watch our users as they get into their emails and start clicking on links. We’re also looking at those emails as they come in, looking at where people go and limiting access to some outside sites, restricting the end users’ access to things that are deemed unnecessary for their business functions.
HEALTHTECH: How do you organize personnel for such efforts, given the size and location of your organization?
MCCLEESE: Because we have a small organization, many of our staff members must become jacks-of-all-trades. Those employees support maybe 10 different applications or modules, as well as the electronic health record, and they also have to take care of end users.
Those are the kinds of issues I’ve talked about at briefings in Washington. While it’s really been advantageous for us as an industry to get to the point where we’re fully using EHRs, on the other hand, those demands have pushed us very hard and fast, which has been a burden for those with fewer resources.
HEALTHTECH: You’ve been a very vocal member of CHIME. Why do you think it’s important for healthcare CIOs to actively participate in public policy conversations?
MCCLEESE: CHIME really jumped into that arena about 10 years ago. I got in on the front end of that and became involved with it right off the bat.
Some of the regulations that are required of providers make it very difficult for some of us to survive. Also, there are so many small providers that are being absorbed by larger organizations, or they’re going out of business, unfortunately. It makes it more difficult for our patients to find and receive the care that they need if a local provider goes out of business.
HEALTHTECH: You talk to a lot of different CIOs who represent organizations of all shapes and sizes. What are some of the most common challenges?
MCCLEESE: The theme that runs through all of us is the need to meet regulatory requirements and get our organizations fully functional in an electronic environment. We all have very similar issues when it comes to doing that, whether it’s teaching our end users on different tools or building up the appropriate infrastructure to ensure that there’s both care and business continuity.
Regardless of whether you work at a 100-bed hospital or a 500- or 600-bed organization, we all worry about providing those services.
HEALTHTECH: What are some of the biggest differences?
MCCLEESE: Most larger organizations have staff who can become specialists. When I say specialist, if I were in a 500-bed organization, then I would be more likely to have somebody who oversees servers, and somebody who is in charge of the network. At a smaller organization, someone would be in charge of the servers and network, printers, desktops and laptops, and wireless access points. That person has to multitask and be knowledgeable about every one of those areas.
HEALTHTECH:What advice would you give to future healthcare CIOs?
MCCLEESE: Learn the business side of the organization. Understand healthcare and business, because that makes such a difference in how you’re perceived at the executive level.
The CIO role has evolved from utilizing purely technical skills to knowing how to use technology to improve our business.