A CIO who masters disasters
Protecting institutional reputation means communicating problems, says John Halamka
Computerworld - TUCSON, Ariz. -- On his 50th birthday, John Halamka, the CIO of Beth Israel Deaconess Medical Center in Boston, was eating cake, surrounded by his senior staff. Then his second-in-command came in with "some" news.
A physician had gone to the Apple Store and returned with a MacBook. He used the laptop to download email and then left the office. When he returned, the new MacBook was gone. On it was a spreadsheet embedded in a PowerPoint presentation with information on 3,900 patients -- data for which the hospital was responsible.
The hospital issued a news release about the laptop's disappearance in which Halamka pointed out that the incident was being treated "extremely seriously" but also noted that it was being used to bring about change -- specifically, it was a catalyst for implementation of a program to help employees protect devices that they purchase on their own.
That's how Halamka operates. He doesn't let any crisis go unused as either a teachable moment or as a chance to lead IT into new directions -- or both.
For Halamka, who spoke here today at the Computerworld Premier 100 IT Leadership Conference, communication comes naturally. He runs a blog, "Life as a Healthcare CIO," where he discusses his career in healthcare IT and life on his farm. He is also a Computerworld columnist.
In a recent blog post, Halamka outlined his plan for managing wood on his farm. In another, he discussed electronic health records. That one begins: "There's nothing like a crisp New England winter evening, a roaring fire, a cup of cider, and a 242 page Notice of Proposed Rulemaking to fill your Friday night."
Halamka, who is also a full professor at Harvard Medical School and a practicing emergency room physician, has some clear ideas about how to manage a crisis that don't follow the typical corporate mold of retreating behind a veil of secrecy or downplaying a problem until events force full disclosure.
If Halamka had been the CIO of Target, you get the impression that the retailer's breach would have been handled differently.
"Be open, be honest, be forthcoming, hide nothing and use it as a podium, a bully pulpit to move an entire industry," said Halamka.
Commenting on Target's handling of its security breach, Halamka said he would have advised disclosing the severity of the incident fully, up front, instead of building up to it. "Customers would rather hear about what you experience and why it is making you stronger and what adversity you are working through," he said.
On the day of the Boston Marathon bombing, Halamka was on a plane heading back to Boston. He got a message about the bombing. His 25 most senior IT leaders were all volunteering at the finish line -- and fortunately none were injured. But cellular phone service was shut down. Other issues soon arose.
A few days after the marathon, the two alleged bombers, brothers Tamerlan Tsarnaev and Dzhokhar Tsarnaev, were brought to Halamka's hospital, BIDMC, after being apprehended in a police manhunt. Tamerlan died in a shootout with police, but Dzhokhar survived and was kept in the hospital for treatment. This made BIDMC a global target for hackers, Halamka said.
The hospital's compliance officials wanted IT engineered in such a way that they had real-time views on everything going on with the records, said Halamka.
Again, Halamka used the crisis as an opportunity to bring reform. A consulting organization was brought in to look at the hospital's security policies, and the hospital embarked on a three-year effort to improve security, with the goal of making Beth Israel Deaconess Medical Center a national leader.
"Do you become the CIO who is the guy in the trenches just trying to deliver services day to day," said Halamka, or do you become the person "leading the charge as the exemplar on how an industry can change its security practices?"
Halamka has answered that question for himself.
Patrick Thibodeau covers cloud computing and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld. Follow Patrick on Twitter at @DCgov or subscribe to Patrick's RSS feed . His email address is email@example.com.
See more by Patrick Thibodeau on Computerworld.com.
Read more about IT Leadership in Computerworld's IT Leadership Topic Center.
- The Social Business: Unlocking the collective knowledge of people Five years ago, IBM observed the planet was becoming instrumented, interconnected and intelligent. 20,000 engagements later, here's what we know and believe about...
- Market Overview: Digital Customer Experience Delivery Platforms Forrester states that businesses today struggle to understand and use the tools necessary to create and manage unified, multichannel digital customer experiences across...
- Enabling Unified Service Delivery Management With the nGeniusONE Platform Today's IT organizations manage diverse business services comprising a host of applications running on many server farms within the data center.
- Transform Your Data Center from Basic to Strategic by Increasing Operational Efficiency and Optimizing Intelligence Find out how data center and facilities management are able to use DCIM solutions and a pioneering "zone" approach to bridge the information...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Zoning in on Energy and Physical Infrastructure Management In this Webcast you will learn how to develop and execute a strategy to optimize the energy efficiency of your data center. All IT Leadership White Papers | Webcasts