As healthcare providers emerge from the operational disruptions caused by the global pandemic, IT and business leaders are renewing their focus on “quality”– specifically, have digital investments provided quality and value for IT systems; is technology improving quality for caregivers inside facilities; and have digital transformation efforts enhanced the patient experience and the quality of care they’re receiving?

Trent Sanders, director of U.S. Healthcare & Life Sciences at Kyndryl, says much has changed for healthcare providers over the past three years. “2020 was reaction mode,” he says. “Healthcare providers kept the lights on and sprinted to solve problems like suddenly having to serve 50% of your population via telehealth.”

In 2021, he says, healthcare providers could see a light at the end of the tunnel, “so there was a lot of planning and preparation to open back up.”

2022, he says, “is all about action and execution. That’s why we’re seeing significant pressure at the board level around technology value realization – are we getting results from the areas where we placed our bets?”

The key for success in many of these new digital transformation efforts will be collaborating with partners in areas such as technology modernization, security, data, and artificial intelligence (AI). “Companies like Amazon and Kyndryl are coming together to help organizations and their employees perform,” says Sanders. “This concept is especially true in healthcare, where many companies are ingrained in decades-old processes that inhibit their ability to modernize.”

Many digital transformation efforts require a level of digital expertise that many organizations are not equipped to handle. “Hospitals and large payer institutions are not in the core business of IT,” Sanders says. “They are in the core business of how to improve the caregiver experience and improve the member population.”

It’s safe to say that healthcare providers, just like organizations in most industries, have moved some applications or workloads to the cloud. But there’s been a slower shift of mission-critical workloads, which in the case of healthcare providers include electronic health records (EHR) applications and imaging systems. Moving those systems to the cloud to make them more scalable, more secure, and more accessible – and enhancing them with advanced analytics and AI capabilities – is an important next step.

“It’s now about taking great technology, great services, and merging together in a programmatic approach to align to better caregiver and patient outcomes,” says Sanders. “Moving an EHR system to the cloud is not the outcome. The outcome is what you can do with it once it’s there.

“It’s also about the services that you wrap around it,” he says. “For example, taking advantage of AWS’s AI and machine learning capabilities to do population and health modeling much faster than you could before.”

The scale, performance, and advanced capabilities of the cloud will help healthcare organizations justify future investments in digital transformation to drive better caregiver and patient experiences and improve the quality of healthcare.

Learn more about how Kyndryl and AWS are innovating to help healthcare providers and other organizations achieve transformational business outcomes.

Cloud Computing

Digital platforms and technologies are transforming healthcare by providing secure, seamless access to disjointed islands of data and siloed technology. The goal is improving the experience for both healthcare providers and their patients, which ultimately leads to better healthcare and, hopefully, better outcomes for patients. And that’s a pretty good KPI.

In this episode of The New Work podcast, we hear from John Kosobucki and Emma Stratful, two executives from OX Digital Health, a startup whose “healthcare as a service” model shows the power of the cloud and digital technologies in supporting the new world of work, and new ways of doing business.

“There’s a lot of unnecessary friction in healthcare,” said Kosobucki, OX.DH’s CEO and founder. “Our focus is on bringing a degree of automation to clinicians and patients, who as digital consumers have a very high expectation set of what they should be able to achieve in healthcare.”

In this episode you’ll learn:

How Covid-19 accelerated the adoption of new technology to address longstanding inefficiencies in healthcare workflows and processes.How digital workflows can save patients time and expense, reduce stress, and improve the overall healthcare experience.How the move toward API-type economies can accelerate delivery of solutions, increase customization capabilities, and improve integration across different systems.


John Kosobucki, CEO & Founder, OX.DHEmma Stratful, Chief Operating Officer, OX.DHMartin Veitch, contributing editor, Foundry/CIO (host)
Remote Work

By Tapan Mehta, Global Healthcare Solutions Executive at Palo Alto Networks

Over the last decade, healthcare has offered new lines of services such as telehealth and remote patient monitoring, expanded accessibility and ease for both patients and healthcare professionals, and supported innovations that measurably improve patient outcomes. It’s a profound digital transformation.

Today’s digital healthcare organizations rely on data and IT in ways they never have before. Healthcare delivery has expanded beyond the four walls of a traditional acute care setting to ambulatory to the nascent hospital-at-home settings. IT continues to play a pivotal role in this ever-expanding healthcare delivery model and is tasked to not only drive successful business outcomes but also do so in a secure manner whereby patient privacy and data security are not compromised.

The pandemic further reinforced and accelerated the digitization of healthcare services. When COVID hit, within a matter of days, healthcare organizations had to pivot and create an environment whereby not only their employees could work remotely but also find ways to still deliver healthcare services in a virtual setting. They created new environments for operation and care — but also significantly expanded the surface that needed to be secured

The top challenges of securing healthcare now

Healthcare’s digital transformation has created so many new opportunities — not only for patients and care providers but also for bad actors. Today, healthcare leaders need to think about three things:

1. Ransomware: As healthcare operations have become digitized, attackers have taken notice. The healthcare industry is now a top target for ransomware attacks. When successful, those attacks can impact operations in ways that are life-threatening, beyond simply harming the business. In 2021, hackers published extensive patient information from US hospital chains in Florida and Texas. Confidential patient data was posted to the dark web, including files with personally identifiable information as well as tens of thousands of scanned diagnostic results and letters to insurers.

2. IoT/IoMT: Another challenge the industry faces is the abundance of devices within healthcare settings that are connected to the organization’s network. The majority of these connected medical devices, such as patient monitors and infusion pumps, have been around for a long time. In fact, there can be multiple generations of devices present across healthcare environments including hospitals, acute care, and outpatient facilities.

This abundance of older devices creates visibility challenges as organizations attempt to identify all their connected devices. Security challenges are then multiplied by the need to update devices for potential security vulnerabilities, even when many devices have minimal security capabilities. These vulnerabilities make medical IoT devices perfect entry points for malware or ransomware attacks. The real risk is that when an attacker breaks into one of these devices, they can move laterally within a healthcare organization’s network, which can have catastrophic impacts. The FBI issued its own alert that unpatched medical devices were a growing target for cyberattacks, adversely impacting healthcare operational functions, patient safety, data confidentiality, and data integrity.

3. Hybrid environments: With many healthcare staff now having the ability to work both on-site as well as remotely, there are new security challenges that need to be solved. Whether working from home or anywhere else, healthcare employees need to have the same level of security as they do within the four walls of a medical facility. They also need the same level of bandwidth and low latency for accessing patient records in order to provide an appropriate level of care.

The new fundamentals for securing healthcare

With all the security challenges that healthcare organizations face, what has become abundantly clear is that they must adopt a proactive programmatic approach to delivering comprehensive security throughout the continuum of care. What that really means is making sure that organizations have the right infrastructure and that the applications that are running in healthcare environments have the necessary security capabilities. It’s also about making sure that the users who are accessing information while providing care are protected and secured.

See and secure IoMT: Healthcare organizations need to proactively manage their devices. Your biomedical and clinical engineering teams know and feel the pain of managing these devices. You want to empower them to make smarter capital planning decisions while ensuring that the operational burden of maintenance and repair is reduced.Enable secure hybrid work: Enabling healthcare professionals with connectivity to securely provide services from anywhere is a top priority.Protect your cloud environments: The use of the cloud is growing across healthcare. As organizations move to the cloud, having the right security controls and visibility in place to enable workloads is a must.Ensure compliance: Regulatory compliance will never go away. It is incumbent on healthcare organizations to have the right investments to enable ongoing compliance with regulations such as HIPAA.Leverage cyber automation: Healthcare is under tremendous staffing and resource constraints. Organizations can optimize healthcare resources by integrating automation to help secure operations, endpoint devices, cloud or hybrid workplaces, and security operations centers.

Security should never be an afterthought. As we continue to come out of the pandemic, moving toward some new norm, security should not be viewed as a cost center but more of a critical business partner within the healthcare organization.

To learn more about Palo Alto Networks healthcare solutions, please visit our site.

About the author:

Tapan Mehta is the Global Healthcare Solutions Executive at Palo Alto Networks. In his role, Tapan is accountable for the overall global strategy, solution development, thought leadership, business development efforts, and go-to-market execution. He’s a graduate of the University of Michigan where he studied electrical engineering with a minor in business administration. He has spoken at several healthcare conferences and is an active member in the global healthcare community. Tapan has authored multiple articles/papers/blogs in industry-leading publications. More information can be found on LinkedIn.

Data and Information Security, IT Leadership

By Anand Oswal, Senior Vice President and GM at cyber security leader Palo Alto Networks

Connected medical devices, also known as the Internet of Medical Things or IoMT, are revolutionizing healthcare, not only from an operational standpoint but related to patient care. In hospital and healthcare settings around the world, connected medical devices support critical patient care delivery and a wide variety of clinical functions, from medical infusion pumps and surgical robots to vital sign monitors, ambulance equipment, and so much more. At the end of the day, it’s all about patient outcomes and how to improve the delivery of care, so this kind of IoT adoption in healthcare brings opportunities that can be life-changing, as well as simply being operationally sound.

Yet, enabling these amazing patient outcomes through IoT technology brings with it an associated set of security risks to hospitals and patients that are in the news far too often. Ransomware, for example, is a particularly prevalent threat to healthcare providers around the world. In August 2022, the French hospital Centre Hospitalier Sud Francilien (CHSF) was the victim of a ransomware attack that disabled medical imaging and patient admission systems. And in October 2022, CISA issued an advisory to healthcare providers warning of a ransomware and data extortion group targeting the healthcare and public health sector with a particular interest in accessing database, imaging, and diagnostics systems within networks. But ransomware isn’t the only risk. In fact, according to a report in HIPAA Journal, there has been a 60% increase in cyberattacks of all varieties in healthcare in 2022,1  making it an unfortunately routine aspect of delivering care that the industry must be prepared to address.

Why Medical IoT Devices Are at Risk

There are a number of reasons why medical IoT devices are at risk. Among the most common reasons is the fact that many of these devices are not designed with security in mind.

Many connected devices ship with inherent vulnerabilities. For example, according to research from Unit 42, 75% of infusion pumps have unpatched vulnerabilities.2 Over half (51%) of all X-Ray machines had a high severity CVE (CVE-2019-11687), with around 20% running an unsupported version of Windows.3

Unit 42 research also found that 83% of ultrasound, MRI, and CT scanners run on an end-of-life operating system.4 Those operating systems have known vulnerabilities that can potentially be exploited. Attackers are known to target vulnerable devices and then move laterally across the organization’s network to infect and damage the rest of a hospital network.

The impact of medical IoT device vulnerabilities is serious and potentially life-threatening. It’s not always easy and sometimes not even possible to update or patch some of these devices, either because doing so requires operational disruption of care delivery or due to a lack of computing capability of many types of devices. As a result, we’ve seen patient data exposed. We’ve seen hospital operations halted. While the attack potential is widespread, healthcare providers can take proactive steps to help minimize the vast majority of device-related security risks.

Four Necessary Steps to Improve Medical IoT Security

Among the challenges that medical facilities and health providers face is actually being aware of all the connected devices that are present. Visibility, however, isn’t the only thing that is needed to improve medical device security. In fact, there are four steps that can be taken to secure devices and reduce risk:

Ensure visibility and risk assessment of all connected medical and operational devices. The first step in securing IoT in healthcare is to know what’s there; you can’t secure what you can’t see. Device visibility isn’t enough—you have to be able to continuously assess the risk the devices and their evolving vulnerabilities pose to the network.Apply contextual network segmentation and least-privileged access controls. Knowing a device is present is useful. What’s more useful is understanding what network resources or information can be accessed by the device. That’s where network segmentation comes into play, creating and enforcing policies that limit device access to only the resources necessary for its intended use and nothing more.Continuously monitor device behavior and prevent known and unknown threats. As these devices communicate across clinical environments and with external networks and services, they ensure that you establish baseline behavior, monitor devices for anomalous behavior, and protect network-connected devices against threats such as malware.Simplify operations. In order to effectively manage and secure the sheer volume of devices on a healthcare network, providers require a solution that integrates with existing IT and security solutions to eliminate network blind spots, automate workflows, and reduce the burden of tedious manual processes for network administrators.

Better IoT Security Helps Ease Regulatory Compliance Challenges

Understandably, there are a lot of compliance requirements in healthcare. Healthcare compliance covers numerous areas like patient care, managed care contracting, Occupational Safety and Health Administration (OSHA), and Health Insurance Portability and Accountability Act (HIPAA) privacy and security, to name a few. Any attack that involves a patient system or medical IoT device is most likely a compliance breach, resulting in the loss of sensitive data or access to sensitive data from unauthorized entities. Limited IoMT visibility and risk assessment make it difficult to meet regulatory, audit, and HIPAA requirements. Having complete visibility into all devices and their utilization data reduces the burden of preparing for compliance audits and compiling compliance reports.

Implementing Zero Trust for Medical IoT

Humans place their trust in medical professionals to improve and sustain human health. Medical facilities rely on their technology to do the same. But trust should not be granted by default. It needs to be continuously monitored and validated. That’s where a Zero Trust approach comes into play.

Zero Trust, in very straightforward terms, is a cybersecurity strategy that seeks to eliminate implicit trust for any user, application, or device accessing an organization’s network. Zero Trust is not a product. For many customers, Zero Trust is a journey. For medical IoT security, Zero Trust starts from understanding several key things:

Who is the user of the device?What is the device?What is the device supposed to do?Is the device doing what it is designed for?

On a continuous basis, Zero Trust means monitoring devices and their behavior for threats, malware, and policy violations to help reduce the risk by validating every interaction.

Take the Zero Trust Path of Least Resistance to Improve Healthcare IoT

Healthcare IT and security teams are overburdened, so security implementation shouldn’t be onerous. Improving security for medical IoT devices shouldn’t require a forklift upgrade of hospital networks either.

Most healthcare providers already have network firewalls that act as enforcement points for Zero Trust device security. When you want to enable visibility, risk assessment, segmentation, least privilege policies, and threat prevention on the journey toward Zero Trust, it should be done with as little friction as possible. Machine learning (ML) can also dramatically accelerate policy configuration, which can be automated. If security becomes another big project that requires significant human effort, it has less chance of being successful. Security needs to be integrated, easy to deploy, and as automated as possible.

Medical IoT devices help to improve human healthcare every day. Just like humans need to do the right things to stay healthy, it’s essential for medical IoT devices to remain healthy too. Lives literally depend on it.

Recommended Reading

Learn more about Medical IoT Security.Read our whitepaper, The Right Approach to Zero Trust for Medical IoT Devices

 1. “Healthcare Seeks 60% YoY Increase in Cyberattacks,” HIPAA Journal, November 17, 2022,

2. Aveek Das, “Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization,” Unit 42, March 2, 2022,

3. Jun Du, Derick Liang, Aveek Das, “Windows XP, Server 2003 Source Code Leak Leaves IoT, OT Devices Vulnerable,” Unit 42, November 6, 2020,

4. Ibid.

IT Leadership

Veneeth Purushotaman, Group CIO at Aster DM Healthcare explains how the hospital digital strategy helped them to become the first private hospital in Dubai to secure HIMSS Stage 6 certification.

Watch the episode:

Listen to the episode:

CIO Leadership Live

When the world’s largest healthcare company by revenue went looking for a technology solution that could improve quality of care while reducing costs, the search took ten years. What they found—an innovative way to model healthcare data—is saving the company an estimated $150M annually and enabling its medical professionals to provide accurate and effective care path recommendations in real time. It’s a remedy with important implications for the future of healthcare. 

This same solution, graph databases and graph analytics, proved crucial at the height of the Covid-19 pandemic. A testament to its potential, the market for graph technology is projected to reach $11.25B by 2030.[1]

Graph technology isn’t new. It’s what social networking applications use to store and process vast amounts of “connected” data. It turns out graphs can do much more than connect people to their high school friends. They are also perfect for storing and visualizing large healthcare data models so it can be quickly processed and analyzed. Graphs can make previously unavailable connections from disparate data spread across many different platforms. One example would be making connections between data collected from a patient’s various doctors and pharmacies. 

Why Graph Analytics is Important for Healthcare

Hospitals deal with stockpiles of data. Every touchpoint is stored in a hospital’s electronic health record including visits, prescriptions, operations, and immunizations. Too much data can be a challenge, making it difficult to access and analyze information when and where it’s needed.

Hence the business case for graph databases. Data that’s represented in the form of a graph rather than a table enables quick analysis and faster time to insights. For healthcare professionals, sophisticated graph algorithms can return specific results, and graph visualization tools allow analysts to make useful connections and identify patterns that help solve problems.

Graph analytics is an ideal technology to help to tackle the challenges caused by large, disparate, datasets since it becomes more impactful as the volume, velocity and variety of data expands.[2] Storing and accessing this data alone is not enough. As a tool set, graph analytics prioritizes the relationships between the data—an arena where relational databases fall short.

Data scientists and leaders in the healthcare industry can use the most advanced graph analytics, known as native parallel graphs, to link datasets across multiple domains. This would allow the system to find frequent patterns and suggest the next best action. Ultimately, medical professionals would be able to rely on the most accurate data to provide patients with beneficial, real-time recommendations. 

“In the past, when somebody called into our call center, we would have had to log into 15 different systems to get a view of this member’s activity. Now users log into just one screen and have a beautiful timeline view of every touchpoint we’ve had with members,” said a distinguished engineer from a major healthcare company that recently deployed graph technology.

The Impact of Graph Technology on Covid-19

A graph-based approach to community tracing and risk detection was essential in 2020 as government officials and healthcare professionals worked overtime to understand and prevent the spread of Covid-19. For government agencies, graph technology led to agile and evidence-based emergency management and improved public health emergency response. 

Because graph analytics can sift through thousands of data sources and find relationships, even with complex and varying inputs, it was an excellent way to answer complicated questions related to the spread of disease. These capabilities helped with contact tracing used to identify, locate, and notify people who had been exposed to the virus. 

The technology also recognized relationships between data points—for example, common symptoms of people more likely to have a serious case of Covid based on pre-existing conditions. Armed with this insight, healthcare providers could warn patients when they were at higher risk. 

Future Implications for Healthcare and Beyond

As the healthcare industry moves beyond the pandemic, it emerges more prepared to respond to a wide variety of situations—from widespread health crises and everyday patient care. Healthcare companies already applying graph databases and graph analytics are experiencing the benefits. The technology supports their work to help members embrace healthier lifestyles, avoid costly pharmaceuticals, recover faster from medical procedures and more. Essentially, healthcare companies using graph technology are better equipped to provide quality care while controlling costs.

For data-centric companies looking to implement these solutions, a graph database running on Dell PowerEdge servers is the optimal offering in terms of performance, efficiency, and scale. To learn more about the business benefits of connected data, read this brief and visit to learn about solutions for analytics.



IT Leadership

The Electronic Health Record (EHR) is only becoming more critical in delivering patient care services and improving outcomes.  As a leading provider of the EHR, Epic Systems (Epic) supports a growing number of hospital systems and integrated health networks striving for innovative delivery of mission-critical systems. 

However, legacy methods of running Epic on-premises present a significant operational burden for healthcare providers. Implementing, maintaining, and scaling the solution can be slow, complicated, and costly. Furthermore, supporting Epic Honor Roll requirements, purchasing cycles, and disaster recovery places heavy demands on staff time, and recruiting, training, and retaining IT professionals can prove difficult.

The good news is that health systems now have options for managing their Epic solution, thanks to advancements in hybrid multicloud and integrated support services. In this article, discover how HPE GreenLake for EHR can help healthcare organizations simplify and overcome common challenges to achieve a more cost-effective, scalable, and sustainable solution.

The benefits of hybrid multicloud in healthcare

When it comes to cloud adoption, the healthcare industry has been slow to relinquish the traditional on-premises data center due to strict regulatory and security requirements and concerns around interoperability and data integration.

But as with many industries, the global pandemic served as a cloud accelerant. Increasingly, healthcare providers are embracing cloud services to leverage advancements in machine learning, artificial intelligence (AI), and data analytics, fueling emerging trends such as tele-healthcare, connected medical devices, and precision medicine. Flexible, hybrid multicloud service models enable healthcare providers to run mission-critical workloads anywhere, from on-premises to colos to all hyperscalers, moving data securely from edge to cloud.

In fact, in a recent survey, 90% of respondents agreed that hybrid multicloud provides an optimal solution for meeting the healthcare industry’s unique challenges. Hybrid multicloud delivers benefits such as:

Enhanced clinical operations, including tighter EHR system integration and improved access to integrated technology, a variety of cloud options, and software management service options.Enterprise-level standardization, simplifying the cloud experience, unifying systems under a common framework, and lowering the total cost of ownership.IT modernization and the ability to rapidly adopt new and emerging platforms during the contract term.Improved compliance across the hybrid cloud ecosystem.Business resiliency, including greater access to consumption-based infrastructure, disaster recovery, and business continuity services.Greater agility to embrace innovation and disruption and respond quickly to business opportunities.Increased sustainability, including reduced greenhouse gas emissions and energy consumption.

HPE GreenLake for EHR delivers private and public cloud options

That brings us to HPE GreenLake for EHR, which couples Epic software management with infrastructure-as-a-service (IaaS) for a complete, end-to-end managed solution. HPE GreenLake for EHR integrates with both private and public clouds to ease healthcare providers’ operational burden and deliver a highly secure, scalable, pay-as-you-go service.

From a design standpoint, HPE GreenLake for EHR is HIPAA and Target Platform compliant, helping a health system achieve Honor Roll and supporting Epic Enterprise and Community Connect accreditation. It is cloud-enabled to access Azure and AWS and can support both colocation centers and on-premises data centers while leveraging existing licensing agreements.

Furthermore, HPE GreenLake for EHR streamlines the addition of services through a single portal and enables deep data insights. It builds a foundation for healthcare organizations to support rapidly emerging requirements, innovate faster, and launch health system initiatives more quickly. It also helps optimize spending and lower risk while increasing patient satisfaction.

Finally, HPE eases the strain on IT staff by providing a dedicated team that designs, installs, and supports all technology aspects of Epic, including storage, network, and compute. Service components include:

Advise and optimize

Epic technology best practicesInfrastructure and security optimizationCompliance managementContinuous improvement


Patching and updates for the Epic infrastructure, associated software, application, and securityPerformance and capacity management


Incident management and problem resolutionEffect changes on listed resolutions


Automated alertingTriage24×7 surveillance

Contact GDT to learn more about HPE GreenLake for EHR

HPE and Epic have a long history of collaboration and excellence. In fact, 65% of Epic customers rely on HPE infrastructure. As a trusted solutions provider and HPE partner, GDT can support your organization’s implementation of HPE GreenLake for EHR from start to finish, accelerating solution time to value and freeing up your staff to focus on healthcare innovation and improved patient outcomes.

Contact the experts at GDT today to discover how your healthcare organization can benefit from HPE GreenLake for EHR.

Multi Cloud

Andy Callow was appointed Group CDIO at the University Hospitals of Northamptonshire in December 2020, and has spent the last three years unifying the Kettering and Northampton hospitals through one digital strategy, taking strides to adopt cloud, build an RPA Centre of Excellence, and roll-out AI proof-of-concepts.

Then the call came that CEO Simon Weldon was going on sick leave, and looking in-house for his replacement.

“It wasn’t part of my trajectory but I agreed to do it out of loyalty to him,” says Callow. And although it was a departure for him to helm an unfamiliar leadership role, unique opportunities presented themselves like fresh intellectual stimulation, addressing white privilege, and plans to stabilise the hospitals through winter.

Gaining a new perspective

Having started the interim CEO role in September, and appointed an interim successor for his CDIO role, Callow admits he’s still coming to grips with the new structure. In the first few weeks, he spent time preparing the organisation for a challenging winter, opening internal conferences, addressing Black History Month, and hearing from staff around the wards. Knowing that his role is temporary, his focus is on not letting anything slip through the cracks, as he adjusts working at a system level with less hands-on, day-to-day involvement, and more emphasis on being a facilitator for outcomes.

It’s still early days and Callow is unsure if he’d pursue a CEO role in future, but he’s enthused about a new perspective.

“The technical challenge of my substantive role as CDIO provides a lot of intellectual stimulation, but I’ve been pleasantly surprised to find similar stimulation in the new challenges I find on my plate now,” he says. “What I didn’t appreciate is that I’d also get that buzz from some really tricky problems you’re trying to deal with, which are wider organisational issues. I’ve been involved in conversations about the money for a while, but now I’ve got accountability for that to happen, rather than being part of the solution.”

This leap into the unknown can be unsettling, even for the most experienced leaders. Callow casts his mind back to earlier in his career when a series of promotions pushed him further into leadership roles and away from his love of coding. A “grieving process” ensued, as he moved away from a skillset he had built his reputation on, but he believes it won’t happen this time around.

“I’ve not felt that I’m losing all the techie stuff,” says Callow, formerly the head of technology delivery at NHS UK and programme director at NHS Digital. “I’ve thought that this is actually helping people do their best work in a different guise.”

A CIO’s leadership principles

Callow attributes his transparent and reflective leadership style to workplace experience and his own development, and cites Daniel Pink’s Drive as an influencing factor in letting teams become autonomous and take ownership, continuously improve, and buy into the mission of the NHS.

Callow also believes in the value to reflect on past achievements in order to tackle future obstacles and land key messages in meetings. The weekly notes he writes have also become a routine that helps crystallize successes and challenges, but also prompts new conversations with colleagues and third parties, helping to make sense of the more troubling weeks.

“I look back [at my notes] and say, ‘There was that situation’ or, ‘That conversation was fantastic’. Or, actually, ‘There’s a situation I need to put more effort into progressing’, or, ‘There’s a person I need to give more time to.’ If no one else read them, I’d still do them because it’s a discipline to look back on and think about what you’re doing.”

Callow keeps what he calls shadow notes of circumstances he’d rather not make public, and attributes this activity to the importance of being open, a key NHS principle that’s pinned to his wall at his office in Kettering, in North Northamptonshire. He takes a similar approach to Twitter, saying the social media platform doesn’t have to be about mudslinging, but an opportunity to forge connections. He recalls a time he Tweeted about the possibility of machine learning being used to improve bed management, an idea that would eventually spark online conversations, NHSX funding, and a proof-of-concept on bed scheduling with AI start-up faculty.

“That has now gone into a product that’s available, and that code is open-sourced on GitHub,” he says.

A CIO’s guide to addressing white privilege

Ranked in the top five of this year’s CIO UK 100, Callow drew high praise from the judges for a proactive approach to tackling diversity, equity and inclusion.

Last autumn, he bought 10 copies of White Fragility by Robin DiAngelo and invited the 300 staff across the digital directorate of both hospitals to borrow them. He also bought each member of the board a copy of the book. Later that year, Callow hosted discussions about tackling diversity and discrimination with the directorate and trust board, leading to a joint board development session on how to address racism.

The University Hospitals of Northamptonshire would go on to launch a new leadership programme for Black and Asian staff in the spring, while Callow has since recruited up to 25 board members to volunteer their time for career coaching sessions to these same professionals. Callow himself offers two hours a month.

“A lot of colleagues don’t have access to somebody who can have those kind of conversations, particularly if you’ve come from overseas and you haven’t built up a network,” says Callow, who is executive sponsor of both Trust REACH (Race, Equality and Cultural Heritage) staff networks. But he admits that addressing such issues can only begin with leaders getting uncomfortable, and tackling subjects that may be beyond their expertise.

“Reading White Fragility was a pivotal moment,” he says. “It made me feel more equipped to have some of these conversations.”

2023 is about stability and the next job

Callow says he is most proud of his automated coding project of endoscopy patient episodes, whereby the Trust has used AI to automatically code 87% of monthly endoscopy activity, with an average accuracy of primary diagnosis and procure assignment of 94%—approximately the same as a human coder.

He acknowledges there are challenges ahead for his successor Dan Howard to the CDIO post, from integrating digital strategies to rolling out electronic patient records, but as interim CEO, Callow is looking at the bigger picture of improving clinical collaboration, managing rising costs, and supporting staff through a difficult winter.

“We need to strip out some of those things that are no longer needed [from Covid],” he says. “And that’s hard when you’ve still got your emergency department full, ambulances queuing, and wards where people wait a long time to be discharged.”

Callow believes that CIOs are equally equipped to take the CEO role as other board members, and admits he would be more interested in a deputy CEO position than six months ago. Yet a return to familiar territory beckons.

From mid-January, Callow will become CDIO at the University Hospitals of Nottingham, a move influenced in part by a new challenge as well as a shorter commute. “There’s a lot I can contribute to their digital progression and I like the established links with the university that I can be part of,” he said. “The focus for the new year will be on getting up to speed with the NUH CDIO role and strong delivery.”

Diversity and Inclusion, IT Leadership, IT Management

3M Health Information Systems (3M HIS), one of the world’s largest providers of software solutions for the healthcare industry, exemplifies 3M Co.’s legendary culture of innovation. By combining the power of a cloud-based data ecosystem with artificial intelligence (AI) and machine learning (ML), 3M HIS is transforming physician workflows and laborious “back office” processes to help healthcare organizations streamline clinical documentation and billing, enhance security and compliance, and redesign the physician-patient experience.

The cloud served as the foundation for this transformation. Migrating its 3MTM 360 EncompassTM System clients to Amazon Web Services (AWS) is helping 3M HIS improve the capture, management, and analysis of patient information across the continuum of care. 3M 360 Encompass is a collection of applications that work together to help hospitals streamline processes, receive accurate reimbursement, promote compliance, and make data-informed decisions. The cloud-based version of the platform has helped 3M HIS and its clients address three primary challenges: a disjointed patient care journey; the byzantine processes that often inhibit timely and accurate billing, reimbursement, and other record-keeping; and the ongoing need to protect and properly use patient data.

Improving the patient care journey with data and the cloud

The broader objective of 3M HIS’s evolving cloud transformation strategy is to help caregivers improve patient outcomes and staff efficiencies by removing barriers to care and providing access to contextually relevant insights at the time of care, according to Detlef Koll, Vice President of Product Development with 3M HIS. Caregivers now work with consistent, reliable tools within 3M 360 Encompass that improve communication and reduce the types of errors and delays that cause patient anxiety and revenue cycle inefficiencies.

The journey a patient takes through the healthcare system can span years and touch multiple providers, from primary care to specialists, test labs, medical imaging, and pharmacies. During each step, multiple types of data are captured in the patient’s medical record, which serves as an ongoing “narrative” of the patient’s clinical condition and the care delivered. Physician notes from visits and procedures, test results, and prescriptions are captured and added to the patient’s chart and reviewed by medical coding specialists, who work with tens of thousands of codes used by insurance companies to authorize billing and reimbursement.

A complete, compliant, structured, and timely clinical note created in the electronic health record (EHR) empowers many downstream users and is essential for delivering collaborative care and driving appropriate reimbursement. Supporting physicians with cloud-based, speech-enabled documentation workflows, 3M HIS further creates time to care by delivering proactive, patient-specific, and in-workflow clinical insights as the note is being created.

The goal of this automated computer-assisted physician documentation (CAPD) technology is to reduce the cognitive overload on physicians regarding coding requirements while closing gaps in patient care and clinical documentation. Without CAPD closing that loop in real time, errors or ambiguities in the clinical note lead to what Koll describes as an “asynchronous” process, requiring physicians to review and correct the note on a patient seen days earlier, thus taking the physician’s time away from patient care and causing delays in the revenue cycle.

To address the issue, 3M HIS needed a way to semantically integrate information from multiple data sources based on the needs of various use cases, so it deployed AWS data management tools and services, including Amazon RDS, Amazon Redshift, and Amazon Athena, for what Koll calls “opportunistic aggregation of information.” For example, for billing coding, the platform extracts only the relevant billable elements such as an office visit for which a claim will be submitted. This type of flexible, cloud-based data management allows 3M HIS to aggregate different data sets for different purposes, ensuring both data integrity and faster processing. “This is a dynamic view on data that evolves over time,” said Koll.

Improving workflows through intelligent, automated processes

The process for gathering data about a patient’s care, then extracting the billable elements to submit to an insurance company for reimbursement, has long been handled by professional coders who can accurately tag each medical procedure with the correct code out of tens of thousands of possibilities. Errors in that process can lead to rejected claims and additional time required by caregivers to correct any gaps or inconsistencies in clinical documentation, which in turn delays cash flows across the complex network of physicians, hospitals, labs, pharmacies, suppliers, and insurers. 

3M HIS’s cloud transformation strategy addressed this challenge by giving clients access to a new suite of data management and AI/ML tools that deliver levels of processing power, functionality, and scale unthinkable in the former on-premises model.  

“If you had to build some of the capabilities yourself, you would probably never get there,”
said Michael Dolezal, Vice President of 3M  Digital Science Community.  With AWS tools such as Amazon QuickSight and Amazon SageMaker, 3M HIS’s clients can “get there” today: “Now our clients not only have a cloud-based instance for their data, but they gain access to tools they never had before and get the ability to do things they otherwise wouldn’t,” Dolezal said. By bringing 3M 360 Encompass to the AWS Cloud, 3M HIS has been able to scale natural language processing and automation capabilities and leverage tools such as Amazon Textract to improve data input and processing to more efficiently organize a patient’s chart.

Automatic speech recognition to capture the clinical narrative at the point of care, along with AWS AI/ML services, helps 3M HIS aggregate, structure, and contextualize data to enable the development of task-specific workflow applications. For instance, to mitigate the administrative burden on physicians, real-time dictation and transcription workflows can be enhanced with automated, closed-loop CAPD, whereby a physician dictating an admit note can be “nudged” that a certain condition is not fully specified in the note and can fix the gap in real time.

Taking frontline physician-assistive solutions to the next level, embedded virtual assistant technology can automate everyday tasks like placing orders for medications and tests. Innovating incrementally toward smarter and more automated workstreams, the 3M HIS ambient clinical documentation solution makes documentation in the EHR a byproduct of the natural patient-physician conversation and not a separate, onerous task for the doctor. This frees the physician to focus completely on the patient during the visit, thereby transforming the experience of healthcare for all stakeholders.

“We want to reduce the inefficient steps in the old model by unifying and information-enabling workflows so that documentation of the procedure and the coding of that procedure are no longer separate work steps,” said Koll. “It has the potential to save hours of time per day for a doctor.”  

Enhancing the security of patient data

The security and governance of patient data is non-negotiable in healthcare, an industry subject to the most stringent data privacy regulations. Administrators are obligated to make sure patient data is consistently used only for its intended purpose, is processed only by the application it was collected for, and stored and retained according to the specific national regulations involved. The cloud gives 3M HIS more confidence that the data passing through its platform remains secure throughout its journey.

“Using a cloud-based solution means you can apply the same security practices and protocol monitoring across all of your data in a very consistent way,” said Dolezal. The platform ensures a shared responsibility for security across 3M HIS, its clients, and AWS.  

Securing patient data in an on-premises health information system puts the onus to protect that information on the client’s infosec team, with risks compounded by each client’s unique IT infrastructure and internal data access policies. Security by design is one of the underlying operating principles for AWS. With a single set of code to monitor, maintain, and patch, 3M HIS is able to keep its platform current, quickly respond to new threats, and vigorously protect patient data centrally, with more certainty that its clients are protected as well.

4 best practices for data-driven transformation

Dolezal and Koll advise anyone considering moving large sets of data to the cloud to follow some fundamental precepts in designing a new solution:

Start with the client and work backward to a solution:  Be clear on the problem you want to solve and the outcomes you want to deliver to the caregiver and patient and work backward from there to identify the right technology tools and services to help achieve those goals.Don’t over-engineer the solution: Many IT organizations are moving away from traditional point solutions for collecting, storing, and analyzing patient information. To reduce complexity, enhance security, and improve flexibility, consider an end-to-end solution that is easier to deploy and update than traditional on-premises solutions, and lets organizations add new functionality incrementally.Bake in security from the start: In highly regulated industries, such as healthcare and financial services, security regulations demand high levels of security and personal privacy protection. These capabilities must be built in as foundational components of any system used to collect, manage, and analyze that data.Don’t constrain native data: Create a data management strategy that accommodates all types of data and isn’t confined to a specific set of use cases today. With both structured and unstructured data flowing into the system, the future ability to analyze the past means having data schema that doesn’t need to be re-architected.

In an intense environment with a relentless focus on cost reduction and improved clinical outcomes in conjunction with greater patient and physician well-being, 3M HIS helps clients efficiently capture and access patient data, gain meaningful insights from all the data, and drive high-value action to meet complex goals.

Learn more about ways to put your data to work on the most scalable, trusted, and secure cloud.

Cloud Computing, Healthcare Industry

Increasing its focus on healthcare industry customers, Oracle on Wednesday announced updates  for its Cloud Fusion suite aimed at meeting their financial planning, supply chain and human resources needs.  

The updates, which were announced at the company’s ongoing annual CloudWorld conference, include additions to the company’s Enterprise Performance Management (EPM), Supply Chain management (SCM) and Human Capital Management (HCM) suites.

The healthcare sector has become a major target for Oracle, as signaled by its $28 billion acquisition of healthcare systems maker Cerner, which closed in June.

Better financial planning via EPM suite

In order to help healthcare companies optimize financial and operational management, the company said it was launching planning capabilities that can model scenarios, determine future demand, optimize resources, and help users make better financial, workforce, and patient care decisions.

Dubbed Oracle Cloud EPM Solutions for Healthcare, the new features will be offered as part of Oracle Fusion Cloud Enterprise Performance Management (EPM) suite.

“Outdated financial systems and processes prevent many healthcare organizations from being able to adapt quickly to operational uncertainties, which impact their ability to manage costs, operate efficiently, and provide the best possible care,” Matthew Bradley, senior vice president of applications development at Oracle, said in a statement.

The additions to the EPM suite will offer planning and management capabilities for financial statements, balance sheets, and cash flow.

Other capabilities include performance management monitoring, demand forecasting, workforce optimization and capital expense planning.

Updates to supply chain management suite

Oracle on Wednesday also added specific tools to aid healthcare firms with supply chain issues.

These tools, according to Oracle, will help improve patient care by optimizing supply chain planning, automating processes, and enhancing visibility into what’s happening across a company’s supply chain.

Dubbed Oracle SCM for Healthcare, the new capabilities will be offered as part of Oracle’s Fusion Cloud Supply Chain and Manufacturing (SCM) suite. They include a new home equipment delivery application, a new supply chain planning service and added capabilities for the Oracle Procurement application to help drive down supply chain costs.

Updates to human resource management suite

In an effort to help healthcare providers manage staff efficiently, Oracle said that it was launching a specialized set of tools for Oracle ME (my experience), which is part of the Fusion Cloud Human Capital Management (HCM) suite.

The new capabilities will reduce burnout and costs by improving efficiency, and deliver better patient care by providing a user interface that meets the unique needs of healthcare workers, the company said in a statement.

The tool set includes capabilities designed to attract talent and develop staff skills, reduce costs, improve productivity, and optimize staffing and scheduling.

Oracle said that the healthcare additions to the EPM suite are generally available now; some of the new HCM features are available now, and a schedule for rollout of all the new capabilities will be issued soon; and the SCM updates will be generally available soon.

(This story has been updated to correctly spell out the term EPM, which stands for Enterprise Performance Management.)

Cloud Computing, ERP Systems, Healthcare Industry