True story: Despite the HITECH Act of 2009, the CEO of a major urban hospital continued his institution's policy of not hiring a CIO or CISO. Like many others, he took a wait-and-see attitude, even though HITECH strengthened the enforcement of healthcare security and privacy laws, and provided financial incentives for healthcare organizations to adopt electronic health records and information security.
In 2010, while other organizations were getting a portion of billions of dollars in federal incentive money to implement health information technology (HIT), this CEO did nothing -- until someone mentioned the fact that penalties loomed for non-compliance.
After a three-year delay, the CEO finally decided to hire a CIO. Correctly, he opted to have the CIO report to him as a member of the cabinet; clearly he wanted someone with a strategic vision. The CEO's requirements were stringent, and he was emphatic about his needs.
“I want someone who has already implemented Meaningful Use somewhere. We need to implement it very quickly here," he said.
His IT department, board of directors, and human resource staff all echoed the same sentiment:
"Since Meaningful Use is very new, few people have actual experience with it. These CIOs are in high demand, there are very few of them to go around, and they are very expensive. You really do not need to make this a hiring criterion. Implementing Meaningful Use should be similar to any IT project; just look for a track record of successful program or project management. Experience at organizational adoption of technology will be important. Implementation is one thing. Getting everyone to use it and navigating through the associated security and privacy compliance will also be important. Our hospital should also hire a chief information security officer."
“Our budget is limited right now,” the CEO retorted.
“You will also need to hire a project manager or a senior systems engineer to help with the implementation,” his advisors said.
“Actually, I am looking for a CIO who is very hands-on, someone who can implement and upgrade the software as well,” replied the CEO, pensively.
“But the CIO is not an operational role. Your CIO will need to follow everything that's going on in the industry and ensure that what happened to this organization in the past does not happen again. If the person has operational duties too, he or she will not be successful in either role. There is no good way to divide these roles. A true CIO would not be happy with an operational role,” the increasingly frustrated advisory group noted.
“In our organization, everyone, including me, has an operational role. I get into contract negotiations and solve many problems,” the CEO said earnestly.
This type of conversation occurs in many organizations. I find it amazing they continue in 2013, a time when technology drives everything and IT strategy is equivalent to organizational strategy in any business, government, or educational organization. Quality CIOs know more about how an organization functions than any other C-level executive. They cannot focus on the big picture if they're bogged down in operational details.
Organizations need to leverage their incredible CIO resource in order to move forward.
— Mansur Hasib has served in CIO/CISO and other leadership roles in the public, private, and education sectors.