5 consequential IT-related mistakes healthcare CEOs make

A CEO’s role is to maintain a high-level understanding of every area within their organization—from finance and procurement to marketing. IT is one of those key areas that CEOs should be familiar with; however, its technical complexity often makes it harder to fully grasp.

I’ve been in healthcare for 7 years. And here are the five biggest IT related mistakes I’ve seen healthcare CEOs make: 

Relying on just one on-premise server

It is common practice in healthcare to rely on on-premise servers as opposed the cloud (for privacy, security or because of government regulations). However, sadly, having only ONE on-prem server is also common practice.

IT is all about backups (e.g. database backups) and fallback solutions in case your main computer crashes, and not respecting this principle can cost your business serious downtime - or worse, irrecuperable loss of data.

Not maintaining software

Non-IT people mistakingly believe that developing a piece of software is a one-and-done affair. But this is far from reality. Software needs continuous monitoring and maintenance. Monitoring is needed to catch unexpected behavior (bugs, errors, poor performance, security breaches) and maintenance is crucial in cases where technologies used in developing this piece of software go obsolete or when, for instance, a security vulnerability is spotted in any of them.

Being nonchalant about where patient data ends up

I think we Europeans got anesthetized to GDPR: it just became a nuisance we ignore like the "no parking" sign. But in healthcare, we deal with sensitive patient data and should think through the places this data ends up with a bit more care. For instance, having your patients chat with an assistant powered by an OpenAI model and not disclosing that their data leaves the EU (to go to Open AI's US-based servers) violates GDPR and can thus inflict fines.

Being lax about cybersecurity, especially social engineering

Cybersecurity is another area CEOs blissfully ignore until it knocks on their office door to ask them for ransom. Literally. A healthcare CEO I know recently went through the nightmare of hackers blackmailing patients to publish their revealing medical images after hacking into a patient relations manager's phone that was connected to the whole internal system.

Social engineering (exploiting human nature to gain access into a system) is one of the most common attack modes in large organizations and can only be combatted with thorough employee training, spearheaded by the CEO.

Investing only in patient-facing and medical software

Healthcare organizations usually do not have problems with software behind electronic medical records or AI radiology aids. But behind shiny EMR, there are dozens of accounting, procurement, operations, patient services, and admin employees toiling away copy-pasting things in Excel and printing out sheets of paper.

If you are a CEO or a manger, try asking your subordinates to count up the number of hours they spend on repetitive tasks every day, such as bringing data from one system to another or creating reports, graphs or slides. And then ask an IT guy or woman in how many lines of code they can automate this task or eliminate it altogether (by connecting systems, for instance).

Adding AI into core medical processes is important, no doubt. But just think about the amount of money you could save by also paying attention to the non-medical side of your healthcare organization.

I've actually put together a self-audit you can go through to see which areas of your business are too manual: get the link to it by filling out the form on the bottom of this website.