John Glaser

IT is an increasingly hot topic for hospital boards-and one that can challenge board members, who may not have any background or experience in this area to draw from when making critical decisions about the organization's IT strategy.

There are three primary reasons for the elevation of the IT agenda.

Investments in IT can be a critical element of organizational strategies and plans. When hospitals make plans to advance patient safety, streamline the revenue cycle, and enhance operational efficiency, the acquisition of new and expensive information systems is usually viewed as essential. Hence, the IT discussion becomes inseparable from discussions on strategy. Additionally, board members may have heard of significant IT investments by rival organizations and may be unsure whether similar investments should be made.

The implementation of major application suites brings a significant risk exposure to the organization. There are organizations that have been damaged by IT initiatives that were not well implemented or have experienced material cost and timetable overruns. The significance of this risk, and the strategies to manage it, may merit board discussion.

The continued growth in IT investments may be placing sizable demands on the organization's capital and operating budgets. The IT operating budget may be growing faster than almost all other budget line items. Large IT capital demands may require hard tradeoffs with investments in buildings and equipment. These growing pressures may lead to a full board discussion.

Despite these realizations, hospital board members may be unsure how to best perform their responsibilities and assist the organization's management team on IT-centric issues-particularly if IT has never been on the board's agenda and board members do not know what questions they should ask or what critical issues should form the focus of their discussions.

The IT responsibilities of hospital boards are challenging. However, there are ways that healthcare finance professionals can facilitate the board's emerging IT role. By understanding the role of hospital board members in regard to IT strategy, hospital finance and audit professionals can better support technologies that are critical to improving organizational performance. 

Core Responsibilities

When it comes to IT, hospital boards have three core responsibilities.

Ensuring that IT strategy and plans have been well developed and are tightly integrated with the overall organizational strategy and plan. As IT becomes a critical component of many strategic initiatives, hospital boards need to understand the contribution that will be made by IT. Boards should ensure that IT is not being viewed as a silver bullet and, conversely, that the potential of IT is not being ignored.

Making sure that major IT initiatives are well conceived and well structured. Major IT initiatives (e.g., computerized physician order entry) are complex and difficult undertakings. Poor execution of these initiatives can significantly diminish the value proposition of the investment and hinder the organization's operations. The board should ensure that plans for major IT initiatives are thoughtful and comprehensive.

Monitoring the organization's progress in implementing its strategy, including its IT strategy. The board has responsibility for monitoring the organization's progress in carrying out its strategy. To the degree that IT is a key contributor to that strategy, board members should monitor IT strategy and plans.

To support these roles, the hospital finance committee should ensure that the IT capital budget demands have been accounted for in the organization's multiyear capital plan. IT can consume 10 percent to 20 percent of a provider organization's capital budget. In addition, the IT operating budget may be placing significant pressure on operating margin targets. Although capital and operating plan oversight is the purview of the finance committee, the hospital board needs to understand the budget pressures created by IT investments.

The audit committee should ensure that risk factors associated with application systems and infrastructure have been addressed. Viruses and theft of patient data can harm the organization.

With increasing reliance on IT for day-to-day operations, an unreliable and poorly performing set of applications can paralyze major departments. Controls in financial applications must be strong. Although assessing risk is a function of the audit committee, the board should be aware of the increase in risk posed by IT. 

Alignment with Organizational Strategy

The relationship between the IT strategic plan and the organization's overall strategy should be clear and convincing. For example, if there is a proposal to invest in an electronic medication administration record, it should be clear that this investment is tightly linked to organizational efforts to improve patient safety.

In discussions of IT strategy, the board should ensure that each aspect of strategy has been addressed from an IT perspective, recognizing that not all aspects have an IT component and not all components will be funded. This requires an understanding of the non-IT organizational initiatives needed to ensure maximum leverage of the IT initiative (e.g., process reengineering).

As they discuss IT strategy, board members should be able to respond with a strong "yes" to each of the following questions: 

  • Is it clear how the IT plan advances the organization's strategy?
  • Is it clear how care will improve, costs will be reduced, or service will be improved as a result of the proposed IT investments?
  • Are the measures of current performance and expected improvement well researched and realistic?
  • Have the related changes in operations, workflow, and organization been defined?
  • Are senior leaders whose areas of responsibility are the focus of the IT plan clearly supportive of the plan?
  • Are the resource requirements well understood and convincingly presented?
  • Have these requirements been compared with those experienced by other organizations undertaking similar initiatives?
  • Have the investment risks been identified-and is there an approach to addressing these risks? 

Assessing Major Project Plans

As the board assesses plans for large IT projects, there are several cues that the plan is as solid as possible at the inception of the project.

The plan goals are clear and explicit. Fuzzy objectives and vague understanding of resource needs indicate that the plan needs further discussion and development.

Key leaders have publicly committed to the plan. Leaders of areas that will be affected by the plan or that need to devote resources to the plan have reviewed the plan's goals and are committed to performing the work needed.

Project budgets and timelines have been reviewed by multiple parties. Organizational leaders have evaluated the reasonableness of the plan and have taken into consideration factors that will impact the plan (e.g., the relative uncertainty that might exist for certain phases or tasks).

The accountabilities for the plan are explicit. Each plan phase and task can be described in detail.

The charter has comprehensively assessed project risks and developed thoughtful approaches to addressing risks. Examples of risks include unproven technology and major process change. 

Monitoring IT Progress

Tracking the progress of implementing IT strategy is no different than tracking the progress of the hospital's overall strategy. In fact, the IT progress should be included as a series of tasks and initiatives within the overall strategy, not presented separately. The true measure of progress is whether the intended improvements in operational and clinical performance have been seen and, to a lesser degree, whether the initiatives are on time and on budget. 

IT Capital Demands

Approving the IT strategic plan should lead to a multiyear IT capital budget review by the finance committee. This capital should be reviewed during discussions on strategy and major IT projects. In general, the board may have to come to grips with three unpleasant facts about IT capital budgets: 

  • IT is often expensive.
  • Infrastructure costs (e.g., servers and networks) are recurring, nontrivial capital expenses.
  • There may never come a time at which the organization is "done" with IT initiatives. 

Boards sometimes assume that IT and buildings are similar. Buildings do get to the point where the construction is complete. For IT, however, there can be a never-ending series of IT-enabled major initiatives. 

Managing IT Risk

Three major areas of IT risk assessment should be discussed by the board: 

  • Financial controls for major financial information systems
  • Security of the IT systems and mechanisms to protect patient privacy
  • Appropriate management of the organization's applications and infrastructure (e.g., the orga-nization is up to date on major vendor releases, and its IT staff have the skill and tools necessary to provide day-to-day management of computer systems)

There are several ways that hospital boards can improve their ability to address IT-centric issues and opportunities.

Appoint new board members who have IT backgrounds. These members could be current or former CIOs, executives from IT consultant or vendor organizations, or IT academics from a local business school.

Establish an IT subcommittee of the board. This committee could be composed of several trustees and outside members with IT experience. The committee could undertake the responsibilities described above. However, the board may decide that IT capital discussions should occur in the finance committee and IT risk factors should be addressed in the audit committee. Or the board may ask that these topics be addressed in joint committee meetings.

Form an external advisory committee. This committee, which could meet a couple of times a year, would comprise several trustees and managers who would comment on the organization's IT strategy and its progress.

Request a regular update from the CIO on IT initiatives. This update should include the status of the IT agenda and the performance of the IT group.

Convene a special board meeting or retreat. Discussions during the meeting or retreat could center on IT strategy, plans, and performance.

These action steps are not mutually exclusive. For example, the board may add members with IT backgrounds, request a regular update from the CIO, and form an IT subcommittee.

There is no "one size fits all" approach to IT-specific board governance. For some organizations, IT is an important support function, but is not strategically critical. For these organizations, a board member with an IT background may be sufficient.

For those organizations that deem IT to be a major contributor to their strategy, an IT subcommittee may be important. An IT subcommittee also may be important for organizations that are in the process of turning around a poorly performing IT function. 

The Role of the CIO

An effective CIO can be instrumental to an organization's IT success and to the board's ability to engage in an IT conversation. In addition to competently orchestrating the creation of the IT strategy and the execution of that strategy, the CIO can: 

  • Work with the organization's leadership and board to develop a shared vision of the role and contribution of IT
  • Communicate the relationship between the organization's strategy and the IT strategy
  • Interpret the meaning and nature of the IT success stories of other organizations
  • Monitor IT performance and report on progress to the board

Meeting the Challenge

As hospital boards grapple with IT, perhaps the most important thing board members can do is to do what comes naturally: Ask good questions and continue to ask them until they are satisfied with the answer, and make sure that the management team is strong and supported as necessary. These techniques are, in most ways, no different from techniques used in any strategy discussion, review of major initiatives, or evaluation of large capital investments.

Hospital finance professionals can support board members in their emerging IT role in a number of ways, such as ensuring that IT capital budget demands have been accounted for, that financial controls for major information systems have been developed, and that risk factors associated with application systems and infrastructure have been addressed. In doing so, they can better
support technologies that are critical to improving organizational performance.

 John Glaser, PhD, FHIMSS, is vice president and CIO, Partners HealthCare, Boston; president emeritus, eHealth Initiative; and senior adviser, Deloitte Center for Health Solutions (

Publication Date: Monday, January 01, 2007

Login Required

If you are an existing member, please log in below. Username and password are required.



Forgot User Name?
Forgot Password?

If you are not an HFMA member and would like to access portions of our content for 30 days, please fill out the following.

First Name:

Last Name:


   Become an HFMA member instead