Forget CIO vs CMO: Worry about the CIA of data

The debate today in healthcare comes down to data and how the data can be used to target patient populations for new offerings and treatment decisions. Chief Analytics Officers (CAO) and Chief Medical Information Officers (CMIO) who are responsible for driving the use of advanced analytics for clinical, operational, and financial outcomes have to worry about one thing: the Confidentiality, Integrity, and Availability (CIA) of data in decision support.

discussion chatter talk debate ideas questions
Credit: iStockphoto

The canary has been in the coalmine for a few years now. If we are to believe the reports we read, the ascendancy of Chief Marketing Officers (CMO) in influencing and controlling IT spend has effectively pushed CIO’s even further into the organization as a support function. The rise of the CMO has also coincided with the rise of big data analytics and has bestowed CMO’s with even more power than ever before.

While this may be true in consumer-oriented sectors like retailing and banking, the theory is playing out differently in other sectors like healthcare. Consider this:

  • Healthcare in general is not a consumer-facing business, although sectors like health insurance are turning more and more towards targeting individual members with suitably designed products, specifically as a response to Obamacare.
  • A recently published report by consulting firm Accenture on the CMO vs CIO gap in the pharmaceutical industry implies that less than on third of CMO’s felt well prepared to exploit opportunities presented by digital marketing channels.

We need to consider this debate in the context of the organization structures of enterprises in specific sectors.

In healthcare, marketing is subject to certain historical constraints. An example of this is the restriction imposed by the government on pharmaceutical companies designed to prevent over-representation of a particular drug’s benefits in marketing campaigns. In addition, the Health Insurance Portability and Accountability Act (HIPAA) imposes many recommended practices around the use of healthcare data that enterprises and service providers alike are expected to comply with.

Eventually, the debate comes down to data and how the data can be used to target patient populations for new offerings and treatment decisions. Hence we have the rise of new titles such as Chief Analytics Officers (CAO) and Chief Medical Information Officers (CMIO) who are responsible for driving the use of advanced analytics for clinical, operational, and financial outcomes.

They all have to worry about one thing: the CIA of data. This refers to the Confidentiality, Integrity, and Availability of data in decision support. Confidentiality refers to the role-based access to data, and HIPAA makes recommendations about physical, administrative, and infrastructure security related to the access to Protected Health Information (PHI). Integrity refers to the quality of data, and Availability refers to the physical access to the data, when and where it is required. There are very specific legal ramifications that I will not go into here, however the day to day use of data in decision support needs to consider these aspects regardless of the legal obligations.

I will make the argument here that the CIA of data will drive increased collaboration between the CIO and other parts of the organization and can restore the importance of the CIO function in the healthcare enterprise of the future.

Confidentiality: Most healthcare enterprises work with service and solution providers who are referred to as Business Associates from the point of view of HIPAA. CAO’s and CMIO’s are increasingly turning to providers with cloud-based offerings in an effort to get access to the burgeoning innovation out there and also to get around internal IT who they consider to be slow and unsupportive. However, they have to be careful about what kind of data is being made available to their providers. In the light of the Anthem data breach, business users of data have to work closely with the CIO organization to ensure that confidentiality is maintained at all times while transferring data to an external entity.

Integrity: Contrary to all the hype about “big data”, many healthcare enterprises, especially hospitals, operate with relatively small amounts of data (in the hundreds of thousands of lines of data vs petabytes of data). In addition, the integrity of the data is compromised by insufficient, incorrect, and incomplete data. This not only reduces the data set available for robust analysis, but also presents risks to patient safety when incorrect conclusions are made from faulty datasets. At the same time, the anticipated growth of data from the Internet of Things (IoT) is going to increase the complexity of data discovery processes such as integration, standardization and normalization to make the data more usable for analysis. The CIO organization is best positioned to deal with all this technical complexity today.

Availability: Most health systems have implemented electronic health record (EHR) systems that provide real-time access for patient care. However, the currency of the data is determined by timeliness of data entry, frequency of data refreshes, and real-time data integration between various systems. This is a technical aspect of the program that the CIO organization is best suited to perform in today’s context.

The role of the CIO will change dramatically in the near future, especially with the rise of cloud-computing and outsourcing arrangements. CIO’s have an opportunity to effectively communicate their value to top management and take the leadership role in the transformation of their enterprises.

This article is published as part of the IDG Contributor Network. Want to Join?

To comment on this article and other CIO content, visit us on Facebook, LinkedIn or Twitter.
Download the CIO October 2016 Digital Magazine
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.