When I was a freshman at Penn State, I landed a summer internship at Merck & Co., Inc. Within weeks of working there I knew I wanted to be the Chief Information Officer (CIO) of Merck.
A good definition of a CIO can be found at Answers.com.
A company executive who is responsible for the management, implementation and usability of information and computer technologies. The CIO will analyze how these technologies can benefit the company or improve an existing business process and will then integrate a system to realize that benefit or improvement.
My view of a CIO is a person that is responsible for the overall Information Technology (IT) including:
- Hardware (desktops, laptops, network, wide area network, Internet, firewalls, etc.).
- Software (customer relationship management [CRM] systems, accounting systems, manufacturing systems, etc.).
- Security (policies, procedures and technology to implement and enforce security).
- Support of the entire Information Technology.
A CIO must be involved with the selection of new technologies, the implementation of new technologies and must ensure that any new technology is secure and supportable within the company.
Most of the time a CIO is associated with a large enterprise but as the title of this article states, it is my belief that every medical practice should have a CIO. Just like in large organizations, a medical practice has information technology needs. As I mentioned in this article, as a practice implements an EMR the size of their network will grow rapidly.
Whether it is a small, midsize or large medical practice, the need for a CIO exists. The CIO should understand the details, the workflow and the requirements of the practice. If the practice is at the point of trying to select an EMR, the CIO should be involved in the selection process. The CIO should understand what the functional requirements of the EMR should be but should also be concerned with the network, security and support requirements. In addition, the CIO should be involved with the implementation and coordination of the multiple vendors (software, network, training, Internet Service Provider [ISP], lab vendors, digital x-ray vendors, etc.) to successfully implement the EMR.
Once the EMR has been implemented, the CIO will need to ensure that the system is supportable, secure, and reliable. The CIO will need to be involved if any of the components of the information technology need to be upgraded or new components need to be added. The CIO must ensure that an upgrade of one component does not negatively impact the functionality of other components. The CIO will also need to be involved if there is a problem with one of the IT components. The CIO must resolve the unavoidable vendor finger-pointing that occurs when multiple vendors are involved.
A practice will need to ensure that they are compliant with all government regulations including HIPAA and the HITECH Act. The CIO should be responsible for ensuring that the policies, procedures and proper technologies are implemented for the practice to be in compliance. The CIO should also be involved with the monitoring and adherence to the security polices and procedures.
After 16 years, I left Merck and eventually co-founded Entegration, Inc. For over 10 years I have been the CIO of my client’s medical practices. I have to admit that it is one of the most rewarding jobs I could have hoped for.
