Month: October 2016

Managing line-of-business projects

By Jeffrey Morgan




How can you distinguish a green CIO from a seasoned one? That is simple! The newly minted CIO will agree to manage a line-of-business (LOB) project.

A colleague recently related this story to me: “When our hospital’s executive team held a meeting to announce they were pursuing a new EMR (electronic medical records) solution, the CIO immediately stood up and said, ‘We will gladly provide IT support, guidance and leadership, but this is a line-of-business project and an LOB expert should lead the project.’” That’s a savvy CIO! He will still have a job if the project sinks into the cold, dark abyss of failed enterprise initiatives.

Line-of-business projects are shoals no CIO should ever enter unless he or she is an expert in that specific business. Whether you are a hopeless ingénue or a good captain ordered to enter those dangerous waters, you’ll need a really detailed map that you may have to build yourself. That map includes a deep understanding of specific business requirements, workflow, expertise in industry best practices, regulatory compliance and much more. If you scrape your hull against just one hidden iceberg, you might end up going down with the ship.


Assessing business requirements

Do you have trusted staff members qualified to identify and analyze all the business requirements for such a project? I’m not sure what qualifies someone to perform this type of work. I learned it from 15 years of studying composition and music theory that included five years of graduate school. If you analyze and account for every note in hundreds of sonatas and symphonies, complex business processes will seem simple by comparison.

Learning a new business process is a lot like learning a new piece of music: You immerse yourself in it for days, weeks, months — whatever it takes. You examine the processes from every perspective, map out the requirements and isolate the difficulties. Switch views between the micro and the macro constantly. You should always be thinking about what the end product will ultimately look like from the beginning of the project.

I’ve seen programmers, engineers, business types, clinicians, sociologists and others do it well. I have been less than impressed with IT staff performing these tasks, but maybe I am jaded from 20 years of salvaging or condemning failed enterprise projects. Often, those projects were unsuccessful because they were approached from an IT perspective rather than from a line of business point of view. In many of those projects, end user concerns were marginalized and invalidated in favor of some nebulous IT agenda. In the finales, the end users always got their revenge.

Beware of dragons

dragon-1571287_1280There’s another reason why a CIO might volunteer to manage an LOB project — empire building. This is another characteristic that distinguishes the seasoned CIO from the guppy. Successful CIOs drive in their lane. They follow my Nana’s sage advice: “Mind your own beeswax.”

I don’t understand what drives some IT executives to get involved in “improving” business processes in another department or division, and these attentions are often unwelcome in the enterprise. Time and again, these activities are driven by the CIO’s failure to manage his or her own operations well. “Nothing to see here folks, look over there.” If you have time to worry about other people’s jobs and activities, you either don’t have enough to do or you’re doing it poorly.

Should you still have aspirations for building an empire, do some research by binge-watching a few seasons of Game of Thrones. If you have the required analytical skills, and the project turns out to be a success, you may be knighted for your excellent work. However, when things go wrong, aspiring kings and emperors are poisoned, lose their heads or end up uttering “Et tu, Brute?” as they are ushered into a premature retirement. That unassuming line of business executive you stepped on might have a few dragons at her disposal.

Empire building is bad for business and bad for everyone in the organization. It creates conflicts and resentments and it can lead to massive project failures.

The root cause of enterprise project failure

Why do enterprise and line-of-business projects so often fail? Although it has been written about for 2,500 years by everyone from Aeschylus to Tom Wolfe, the answer isn’t taught in business school. We all learned about the root cause of project failure in high school English class but most of us seem to have forgotten those important lessons. Or perhaps we have never bothered to apply metaphors learned so long ago to our careers.

At the root of it, projects fail because of hubris. The hubris I have seen over the years from CIOs, CEOs and CFOs who were overseeing failed projects has always been incredible to behold. Overconfident and underprepared, they set sail without a compass, a map or enough provisions for the journey. They left port trying to catch a whale with a crew that only knew how to catch minnows. They cast off without knowing where they were going, and they are always astonished when they end up lost at sea. The next time you are asked to manage an LOB project, don’t make the same mistakes.

This was first published on CIO.COM at

Facebooktwitterredditpinterestlinkedinmailby feather
Tags : , , , , ,

The ACA and the death of medical privacy


By Jeffrey Morgan

I never sign medical release forms anymore. That’s because I read them. These forms tend to be lengthy documents which ultimately state that your medical records can be shared with just about everyone on the planet.

Don’t believe me? Here’s the first paragraph of a 2,000-word explanation of how PHI (protected health information) can be used by a nationally recognized pediatric provider:

Quality Improvement Activities: Information may be shared to improve the quality or cost of care. For example, your PHI may be reviewed by XXX XXX or outside agencies to evaluate and improve the quality of care and services we provide.

Outside agencies? Are you kidding me? Who would you sign that release?

Three can keep a secret if two of them are dead

Maybe I’m just an old-fashioned Luddite, but I prefer to be treated by a doctor rather than a corporation. A private practitioner who has a personal relationship with me is much more likely to take steps to ensure my privacy. Once those records are on a corporate network, my chances of privacy are considerably diminished. If my records are accessible to a RHIO (regional health information organization), the probability that I have medical privacy is near zero.

The problem isn’t necessarily one of policy or procedure; it’s more human behavior. Clerks and bureaucrats at Giga Health Services or the RHIO don’t know me and aren’t likely to care if my records are released to someone who shouldn’t see them. Their pockets are too deep for me to sue, and chances are that I wouldn’t ever even know whether my information was inappropriately or illegally disclosed.

Opt-out programs are a privacy abomination

In the cases where I have refused to sign releases, I was at least presented with the option to opt in based on informed consent. Opt-out programs are far more insidious, and I know of at least one DSRIP (delivery system reform and incentive payment) program in New York that is using opt out as the basis for its privacy policy. The most vulnerable behavioral health clients, some of whom are paranoid or unable to understand the impenetrable legal jargon, will receive letters in the mail with an opt-out form to sign and return. If they don’t return the form, they have automatically agreed to the release of their medical information. Does that constitute informed consent? Will they understand it? Will they even open the letter?

Providers, CIOs, mental health directors, public health directors, and consumers should all be campaigning against the erosion of privacy that results from extensive sharing of health information. Instead, they are drinking the Kool-Aid and rolling over.

The Affordable Care Act has exacerbated the problem considerably, and I read all too much from healthcare IT industry pundits about the need for increased sharing of information and more “visibility.” This is all rationalized by dubious claims about saving lives and “improving outcomes.”

We’re all team players

In county and municipal government, it is often the case that consumers getting public or mental health treatment may also be involved with other departments, including social services, law enforcement, the court system and probation.

“We’re all on the same team, we’re all county employees. Why not show us what’s in those records?” asks the sheriff. The correct response from health officials should be “Get a subpoena, prepare to show cause, and we’ll see you in court buddy!” Unfortunately, a common response is “Sure, let’s have a look. We’re all team players here.”

I know what you’re thinking. “Those people might be criminals! They wouldn’t do that with my records.” Yes they will. Even worse, you might be saying “I have nothing to hide. I don’t care who sees the information.” Not everyone would feel the same way, and many public figures have refused to release their medical records and even their academic records.

Once we begin to get cavalier about disclosure of PHI and other personal information, we are way past the slippery slope stage. We’re already rolling down the mountain in an avalanche. Redisclosure is governed by federal and state law and the problem isn’t restricted to local government entities. State and federal law enforcement and intelligence officials are likely to be granted access to PHI and all sorts of other personal information as well, without any of the legal protections that should be in place.

What’s the role of IT in protecting privacy?

CIOs should be playing a greater role in protecting privacy, but very few IT professionals have had any training on the subject. How many IT people do you know who are familiar with 42 CFR Part 2?

There are so many questions. What happens when IT directors receive subpoenas to provide protected information? Would they fight, or comply? Would they have any idea of how to respond? And what if your SaaS vendor gets the subpoena, circumventing professionals who will know how to respond? Is that addressed in your contract? Extensive training in privacy should be part of the tool set of every IT professional, but this is not currently the case.

So, next time you go to the hospital, read the release and privacy policy before you sign it. Let’s all opt out together!

This article was first published on CIO.COM at:

© Copyright Jeffrey Morgan, 2016


Facebooktwitterredditpinterestlinkedinmailby feather
Tags : , , ,

The high price of complaining

Take a breath

By Jeffrey Morgan

“Private Stooper, front and center! Assume the front leaning rest position.” That’s army talk for get ready to do pushups. It’s a bitterly cold January morning at Fort Leonard Wood and every drill sergeant is here. Even the first sergeant and a couple of lieutenants showed up, which never happens. There are 200 recruits standing in formation freezing our butts off and the vapor rising from the ground has created an eerie, surreal atmosphere. What on earth is happening?

“Private Stooper,” the drill sergeant shouted in his North Carolina drawl, “I spoke with the Colonel yesterday afternoon. It seems your mama called him. Start beating your face!” That’s army talk for start doing pushups. “Knock ‘em out till I get tired. It seems you don’t like the conditions here in Charlie Company. You don’t appreciate the gourmet food and you don’t like the luxurious accommodations we provide.” Stooper is weeping like a baby and still doing pushups, occasionally shouting “Yes Sergeant.” At one point, there were about 6 NCO’s standing over him screaming. The hazing seemed to go on for hours. We all felt sorry for the guy, even though he was a pretty big screwup.

What’s the message?

The message was clear – don’t complain or your life will get a whole lot worse. In many public sector IT audits I have done, I have found that the IT Director and staff used the same tactics as my drill sergeants. If end users complained about the horrendous customer service provided by the IT Department, the IT staff would punish and humiliate the culprits in order to train the rest of the staff not to complain. It’s a common practice and not only in the public sector. Is this happening in your organization? If it is, how would you know? Everyone is afraid to be Private Stooper.

IT and Customer Service Best Practices

Many of the IT Departments I encounter aren’t using any best practices for Information Technology Governance and aren’t concerned with customer service. They are an internal service organization, don’t face the public, and don’t feel any pressure to achieve acceptable industry standards for performance. They get a paycheck whether or not they actually solve problems. The root cause of this problem is lack of executive oversight and non-tech executives frequently have no idea of where to begin or what to do. They are stumbling in the dark.

Here are a couple of DIY steps for approaching customer service problems with IT.

  1. Draft and adopt a service level agreement.
  2. Acquire a Professional Services Automation System and use it according to industry best practices.
  3. Establish a Tech oversight committee, chaired by an assertive advocate for better IT services. Don’t let the IT Director hijack this role.
  4. Write a strategic plan (or hire a consultant to do an audit and strategic plan). If followed, this sort of plan will quickly pay for itself and can save you hundreds of thousands of dollars a year. But, only if you follow it and make the hard decisions.

Your IT Department, and all your public sector departments should be trying to provide customer service that is on par with Amazon. How well is that working out for you?

I’m sure you are wondering what happened to Private Stooper. He loved basic training so much that he went through it a second time. Feel free to send me an e-mail and share your army stories or your concerns about customer service in your organization and don’t let you users or customers get treated like Private Stooper.

This article was first published on Careers in Government at:

© Copyright Jeffrey Morgan, 2016


Facebooktwitterredditpinterestlinkedinmailby feather
Tags : ,