Few health systems have a chief application officer, but that role is growing as health systems expand their technology base and address growing privacy and security considerations.
The leading national organization for healthcare IT executives is putting new emphasis on the value and quality of applications and data.
Key to that strategy is the appointment of Stacey Johnston, MD, as board chair of the Association for Executives in Healthcare Information Applications (AEHIA), a volunteer leadership team of the College of Healthcare Information Management Executives (CHIME).
CHIME launched AEHIA in 2014 as the first professional organization serving healthcare's senior information technology applications leaders, during the surge in digitization of medical records enabled by Obama administration initiatives. That focus has since widened to reflect an increased emphasis on data as well.
Johnston is the vice president, chief application officer, and Epic program executive at Baptist Health, a Jacksonville, Florida-based five-hospital system with about 1,100 beds and roughly 160 ambulatory clinics.
While only a handful of health systems have a chief application officer, Johnston believes there will be many more in the future.
Stacey Johnston, MD, vice president, chief application officer, and Epic program executive at Baptist Health in Florida. Photo courtesy Baptist Health.
"When I went to the [CHIME] CIO boot camp, there were three of the 40 of us," Johnston says. "Some organizations have it as a senior director."
Applications in health systems are not plug-and-play. The need for executive oversight of their management has grown as different healthcare departments acquire these systems during operations, Johnston says.
Baptist Health went live with its implementation of Epic on July 30, replacing previous electronic health records software. That platform will be used when the health system opens a sixth hospital in December.
"We felt Epic was scalable to whatever size organization Baptist would end up becoming," Johnston says.
Johnston joined Baptist Health in August 2018 as its chief medical information officer, spearheading online training of physicians as the pandemic surged. But she also found herself responsible for some of Baptist Health's more complex applications, including those in the system's pharmacy, labs, and cancer clinics.
"Our new CIO leadership explained that in most institutions, the CMIO just focuses on physician workflow adoption," Johnston says. "The team being built up to support application adoption doesn't typically report to CMIOs. So I was given the choice of remaining as CMIO, or moving into this role of chief application officer."
There was a lot to do after she switched roles in November 2021.
"Some of the apps we found were 20 years old, and people weren't even using them," Johnston says.
"We didn't even have a contract. Part of my process was to review contracts to determine [if it was] needed to move forward as we're moving into Epic. How long do you have to keep that system up and running?"
In at least one case, the answer was to keep the older application running for a time, even after the Epic go-live, to validate infectious disease reports Baptist Health was sending to the National Health Safety Network and the Florida Department of Health.
It's no exaggeration to say that many hospitals are running hundreds of applications, and as some of these are retired, a chief application officer must oversee what is to become of the data generated by these applications.
Another role popping up in healthcare organizations is the chief data officer. At Baptist Health, that role is filled by a vice president of data intelligence and decision science, who also happens to be a physician, Johnston says.
Johnston's main task as chief application officer is to maintain Baptist Health's applications. She describes this role as "patching appropriately, reviewing data and archiving, determining how long you keep that data, that you're consistently doing the quarterly Epic upgrades, and turning on all the features and functionality."
Recently, AEHIA leadership has also been concerned about the importance of adequately protecting patient data as new threats emerge.
"We are just now in my opinion, getting to the point where CEOs, CFOs, COOs, and boards of healthcare provider organizations are starting to understand the seriousness of this security issue," says David Finn, vice president of AEHIS for CHIME, as well as CHIME's Association for Executives in Healthcare Information Security (AEHIS). "We're only going to be as strong as everyone we connect to."
Executives in charge of applications face twin challenges of late: The information blocking rules due to take effect on October 6, and recent lawsuits alleging that Facebook enabled patient tracking on health system and hospital Web sites.
Regarding the Facebook allegations, "they got marketing to give them a place inside the organization," Finn says. "No one stopped them to say, what data are you getting, and how are you using it? It's very difficult to separate privacy from security. Clinical practice depends on trust. The doctor has to trust the data, and the patient has to trust the data. It all comes down to the data. I've been saying that for 20 years."
Regarding information blocking, "interoperability is going to be problematic as it rolls out," Finn says. "We defined the data, its elements and how it should be expressed. We didn't define any of the requirements of our own privacy and security. We're going to have to do something, and that's probably going to mean spending some money at our individual provider organizations."
In addition, patients don't always understand the implications of releasing their data through apps such as Apple Health, which may then be accessed by third-party apps, Johnston says.
"We have changed our consents a little bit, so patients can opt out of interoperability, data sharing, or [Epic] Care Everywhere," she says.
Despite tension between marketing and IT, health system leadership must ensure that the two work together to promote common initiatives, such as digital front doors. Executives with titles such as chief digital officer are playing a large role in making these happen, Johnston says.
As for AEHIA, Johnston says her immediate priority is to rebuild its board, which suffered some attrition due to job transitions and the pandemic.
"Standing the board back up is probably going to take a good couple of months," she says.
Johnston will remain as board chair into 2023 to help complete the organization's rejuvenation.
"As chief application officer, you have to be an advocate," she says. "It's your responsibility to both your patients and your organization to make sure if there's something that you felt could be done differently, to do whatever it takes."
“As chief application officer, you have to be an advocate. It's your responsibility to both your patients and your organization to make sure if there's something that you felt could be done differently, to do whatever it takes.”
— Stacey Johnston, MD, vice president, chief application officer, and Epic program executive, Baptist Health
Scott Mace is a contributing writer for HealthLeaders.
KEY TAKEAWAYS
Baptist Health in Florida is one of a handful of health systems to have a chief application officer, who oversees the growing collection of applications within and outside of the electronic health record.
That role is filled by Stacey Johnston, MD, who also serves as the board chair for the Association of Executives in Healthcare Information Applications (AEHIA) at the College of Healthcare Information Management Executives (CHIME).
Johnston is busy not only vetting new and old applications as the health system adopts the Epic EHR platform, but dealing with privacy and security concerns and such issues as Facebook patient tracking allegations and new data blocking rules.