It's More Than the Technology: An Interview with CIO Tim Zoph - Northwester Memorial HealthCare executive discusses plans for hospital information technology - Interview

Healthcare Financial Management, August, 2001

Timothy R. Zoph, MBA, MS. is vice president of information services and chief information officer of Northwestern Memorial HealthCare, including Prentice Women's Hospital and the new Northwestern Memorial Hospital, a 2-million-square-foot facility, colocated with 1,000 physicians, a clinical tower, and ambulatory clinical tower off of Chicago's Magnificent Mile. Of those 7,000 physicians on staff, 450 are members of the Northwestern Medical Faculty Foundation, the academic group practice for the North western University Medical School. Zoph has been in health care for 21 years, and is a member of HFMA's First lllinois Chapter.

HFM: Please talk about your organization and your responsibilities within the organization?

Zoph: I am the vice president for information services and CIO at Northwestern Memorial HealthCare. Northwestern Memorial HealthCare includes our hospital, home health organization, as well as a 65-member, primary care, physician group practice and a large foundation that contains our community services program and our research programs. My primary responsibility is managing all the information technology and systems within Northwestern Memorial Hospital, a large, tertiary-care facility and trauma center. Our Prentice Women's Hospital, part of the main facility of the hospital, is the largest maternity center in the Midwest.

HFM: Can you give me some idea of your organization's service area and patient mix?

Zoph: We have a very diverse patient population. Within our primary service area are some of Chicago's most affluent neighborhoods, like the "Gold Coast" community along the lake, as well as some of Chicago's underserved neighborhoods.

And we are a level-one trauma center serving metropolitan Chicago. As a result, more than a third of our patient admissions come through the emergency department, which also adds to our patient diversity

HFM: What is a main mission of your organization?

Zoph: Our mission statement identifies Northwestern Memorial Hospital as an academic health center where the patient comes first. Our strategic plan for the institution has the goal of achieving, "The Best Patient Experience with the Best People."

What we mean by "best patient experience" is providing the best care from a patient's perspective. We will look to improve patient satisfaction with their care, reduce error and variance, and provide a very safe and nuturing environment for healing.

Where information technology enters into this initiative is in making sure that our physicians and nurses have the best available information to take care of the patient. We also want to be a trusted source of health information for the patients and their families so that they will look to us for the clinical knowledge and information that they can rely on to better manage their care not only when they're in the hospital, but also when they're not here.

HFM: Obviously, a part of that trust revolves around confidentiality and security, which brings us to HIPAA. This law involves a massive IT undertaking? What have you done or planning to do to get your organization ready for HIPAA?

Zoph: Our organization has formed a task force and an active HIPAA program. In the information services department, much of what we will be doing is making sure that our security systems and policies, procedures, and practices are state-of-the-industry; our patients expect that from us. We also will be investing in technology that will help us further secure our information systems environment. We have a security officer and leader in my organization, but we'll also have additional staff in my department who will focus on the security needs of the institution.

Like a lot of healthcare organizations, we buy systems in the marketplace, and so, a lot of our efforts will involve going through the due diligence and testing process with our vendor suppliers to see that their software and systems are HIPAA-compliant and meet security standards we believe are appropriate.

HFM: A lot of people are saying that HIPAA is going to be extremely costly to implement. Do you agree?

Zoph: Yes. I think a distinct difference with this effort as opposed to other technology compliance efforts, such as for the Year 2000, is that the main focus must be centered on process and people. A lot of the cost is going to go into process redesign, procedure design, and organizational training, particularly in our chain-of-trust relationships with companies that we provide patient information to or exchange information with. Because patient information touches so many points in the organization, HIPAA compliance is a real cultural issue for health care.

The regulations give you a guideline, but they don't design your ultimate privacy program. Much of this design comes back to philosophy What do their patients expect? And what is the best way to design and implement that program within the institutional culture?

We know patients expect that their information will be managed by a secure method; therefore, we're designing our privacy programs consistent with what we see as an overall best patient experience at Northwestern. So we are approaching our program at a very high strategic level, rather than simply as a regulatory-compliance effort.