EXCLUSIVE - A day in the life of a CIO
A man with a fractured arm in cast walks into the outpatient orthopaedic clinic of a hospital with an appointment to see the doctor. At the front desk, his identification is entered into the system by the Patient Service Assistant as he is not able to scan his appointment himself at the self-service kiosk. With that, his appointment is actualised.
A medical assistant takes the vital signs of the patient with the devices which automatically send the data to the Electronic Medical Record (EMR) system. The patient moves to the assigned room and is seen by a doctor, who checks the system for any past x-rays images and medical summaries. After consultation, the doctor puts in a radiology order using the Order Entry system (CPOE) and also does medicine reconciliation to check medication prescriptions, allergies and refill requirements.
All patient medical information is available real-time to the doctor, anywherein the campus and outside. After seeing the patient, the doctor enters the after-visit summary, detailing actions taken and also schedules a follow-up appointment. The medical summary and orders are also transmitted to the National Electronic Health Record (NEHR) system. The e-prescription is them filled at the pharmacy counter on the same clinic floor. The patient can also access his key health records anytime, enquiries can be made and recommendations provided by caregivers.
Every step of the way, ICT facilitates seamless service delivery. ICT is the central nervous system of any organisation today. The CIO is responsible for the people, processes and technologies which constitute ICT. As ICT developed, the role of the CIO evolved. Today, ICT has assumed strategic dimensions and has to be closely aligned with and supports the core business.
OpenGov sat down with Mr. Lim Soo Tong, CIO of JurongHealth Services (JHS) to catch a glimpse of the day-to-day life of a CIO. JHS is one of the six public healthcare clusters under the Ministry of Health (MoH) in Singapore. His IT division is a part of Integrated Health Information Services (IHiS), which manages ICT for the public healthcare system in Singapore. OpenGov has spoken previously with Mr. Lim about the Hospital ICT Systems and fully Integrated EMR Suite.
Here is what a typical day looks like for the CIO of a modern healthcare institution with cutting-edge IT systems.
A normal day in office
Typically, I start my day at around 7:30 am, checking first on daily operational reports and statistics.
The statistics includes dashboards, providing up-to-date information. Information on bed occupancy, average length of patient stay, number of patients coming in through the emergency department, gender distribution and many more data points are monitored and reported to get a sense of how busy the day will be like for the hospital. It is about having your finger on the pulse of the hospital operations throughout the day.
Between 8 and 8:30am, I check on the system and network resources and catch up with the IT engineers working on the hospital floors. They make sure that resources are available and all the critical equipment is in good running order. Checks are done by starting as early as 6:30am so that they are minimally disruptive to the clinicians’ rounds.
It takes time to start up the machines and to get applications online. Sometimes, we help to start up the machines earlier so that when doctors and admin staff come in, the systems are already running.
The rest of the morning is spent checking emails, reading reports and agenda papers, and preparing for meetings .Depending on the schedule for the day, the meetings could be operational or with senior management or even with the Board. I also have to set aside time for my own staff meetings. I have to disseminate important messages and directives to the ground, to my IT people. We use broadcast emails, but if it is important enough, I pass on the message in person at meetings.
During the second half of the day, there could be planning meetings, for implementation of new modules and change requests. Sometimes, there could also be product updates and meetings with vendors
I would classify the meetings into two types, strategic and operational. In operational meetings, we talk to users to get a feel of how the systems are running, whether there are any issues and improvements needed. These usually cover the bread and butter issues, eg, ensuring that the queue system, registrations, EMR (electronic medical record) and other operational systems are running smoothly.
Strategic and operational components
On an average, around 30% of my time is spent in dealing with operational, backend issues. The rest of the 60% goes to tactical, strategic and planning matters.
The agenda of the IT Steering Committee meetings can give you an idea of the tactical work that we cover. We have these meetings once every three weeks..
The Committee is updated on:
- Operational aspects - from a maintenance point of view, keeping the lights on
- Our status on operating and capital expenditures
- Progress of projects we are working on and whether we are on time, on target
- IT security incidents and vulnerability report.
- Approval for new projects-A portion of my time goes to ensuring that we have all the information required to gain the endorsement of the Committee.
I have meetings with senior management on a monthly basis. In these meetings too, I provide a snapshot of IT operations and projects. I also need to report on my KPIs which are measured in the , Balanced scorecard .
At senior management meetings, I also present strategic IT issues. To take an example, the plan at the opening of the hospital was to phase in the operations in stages, due to two reasons. Firstly, we want to reduce the risk of a ‘big bang’ opening and secondly, we were not sure if there would be immediate demand for all the hospital facilities such as beds. We decided to stage the opening up of beds, as and when demand increased, rather than having low occupancy rates and resource wastage.
I need to ensure that IT resources are ready, whenever the next phase of ramping up the business activities kicks in. Any additional infrastructure required must be in place, such as more PCs, more computers-on-wheels, more servers and network resources. It may also require login IDs to be created for additional users.. It is like catering to production rollout on a continuous basis.
Integrating new systems and modules
The other strategic component relates to bringing in new systems and processess or major change requests/enhancements major enough to warrant an implementation plan.
When we opened the new hospitals, we literally flipped a switch and went from zero to hundred, from partially legacy and manual systems to fully digital systems.
To prepare for such massive implementation, we did a lot of planning. In the System Development Lifecycle, I have to ensure that everything is tested thoroughly, that it goes through to the development environment and end-users are brought to complete and signoff acceptance testings. Then we move everything into production.
But prior to that, we did many rounds of dress rehearsals, so that all users (doctors, nurses, allied health staff, finance, HR and other administration staff) know exactly what they need to do on the first day of operation. We also conducted a full dress rehearsal before everything goes live. Rehearsals are important because systems and processes are integrated, they are not standalone and there over 50 systems in the hospitals that will be in operation. We must check and ensure all the touch points are working according to our specifications and user needs right from the start.
Dealing with statutory changes
In public healthcare, statutory policy get changed and updated regularly. We have to make changes to the IT systems to reflect the policy changes accordingly.
For example, Medishield Life was implemented recently. Medishield coverage used to stop at a certain age. It also excluded persons with certain pre-exisitng conditions or illnesses. MedishieldLife now covers all Singapore Citizens and Permanent Residents for life, including those with pre-existing conditions. Health financing for the Pioneer Generation (PG) Citizens is another example. The PG card entitles them to enhanced government subsidies.
These government mandated changes warrant modifications to the systems which must be effected together with process and administrative changes as well.
Sharing information vertically and laterally
Being in public healthcare, we are accountable to the Ministry of Health, as the regulator. There are committees set up by the Ministry that I have to update regularly. IT security is a noted area where regular updates are necessary. In the unfortunate and unlikely event that we are being hit by security threat, we must follow the established framework of incident reporting to the Ministry.
A not so normal day – Dealing with Security Incidents
Cyber security threats are on the increase recently. We grade security incidents by severity level. The lowest level could be the case of a few computer desktops affected with no impact to the business.
For such minor incidents, I will perform an impact assessment and if confirmed to be low, it will stop it at my level with a update to the management..
For higher severity incidents that affect an entire department or widespread enough, . I will have to immediately notify senior management and Ministry. Operationally, we will have to make sure that the system recovery is done as quickly as possible and systems are up and running again. In the event that recovery is not possible, then decision will have to be taken to invoke business continuity plan which could mean to operate from the Disaster Recovery (DR) site.
If we have to take a decision whether to move to disaster recovery (DR) site, that decision is taken by the executive committee comprising the CEO, COO and me, taking into consideration the provisions in our Business Continuity plans.
Going to disaster recovery side is tough and major decision. It takes a lot of effort and resources and time to switch to the alternate site. It involves significant resources and costs. Image and reputation of the organisation also has to be considered. But most important is the impact on operations and the delivery of patient care – these must not be compromised.
In DR, we switch to secondary site. In that scenario, it is critical to ensure that the data in the primary site is replicated completely and accurately to the secondary systems. There could l be some lost time, some lost data. But by and large, the image of the system is as latest as we can get.
To complete the cycle, once the primary systems are up again, we will need to switch back from the secondary site to the primary site. These involve another round of migration and checking to ensure that all systems and data are restored and ready for operation again.
Thankfully, I haven’t faced a situation yet, where we need to go to DR. But we are not taking any chances. My team and I together with the users go through planning and desktop exercises to familiarise ourselves with the drill. There are also planned full dress rehearsals where we will simulate the switch to DR. We are prepared for any contingencies.