HIMSS Questions & Answer for ImConnect with John Daniels, Global Vice President at HIMSS Analytics

13 July, 2017

We know first-hand the complexities healthcare organizations face.

As the first firm to be certified on all four HIMSS Analytics maturity models, Impact Makers (ImConnect’s parent company) has significant in-market experience partnering with healthcare organizations and a proven track record of success. HIMSS Analytics is solely-focused on supporting and measuring healthcare transformation enabled by information technology. As an expert global market intelligence resource, HIMSS Analytics brings all the complexity together into a centralized repository of methodologies, promoting common language, and ensuring organizations are directionally-aligned and challenged at the industry level. As one of only a handful of firms certified across all four HIMSS Analytics maturity models, Impact Makers has the expertise to help organizations maximize the value from HIMSS Analytics’ tools no matter where they are in terms of maturity.

John Daniels - HIMSS

We sat down with John Daniels, Global Vice President at HIMSS Analytics, to ask a few questions about the complex challenges facing providers and what they can do to position themselves wisely.


Impact Makers and HIMSS Analytics share a similar passion for a consultative, partner-centric approach to client relationships. What value does this bring to healthcare organizations?

John: Meeting healthcare organizations where they are to join in their specific mission is what both Impact Makers and HIMSS Analytics do best. We are both dedicated to advancing healthcare through the best use of information technology for the entire industry. As organizations work at optimizing how they use IT, HIMSS Analytics provides roadmaps that enable success in the form of maturity models while Impact Makers lends its expert, strategic leadership to advance their clients' healthcare mission.

Which significant opportunities and challenges will healthcare organizations face in the coming 1-2 years that they may be underestimating? And how will the upcoming changes to the EMRAM address these?

John: Never before has security in healthcare garnered so much attention. Healthcare organizations are threatened by malware daily, even multiple times a day. It seems we are hearing about security breaches in healthcare on a regular basis. To help organizations focus more deliberately on their information technology security posture, we are implementing new security-related criteria in the EMRAM (EMR Adoption Model). One of the new criteria prescribes not only frequent information technology security risk assessments, but hospitals will need to demonstrate that the assessment reports are presented to the appropriate governing committee or body within the hospital’s governance structure with decision-making authority to do something about mitigating any unacceptable risks identified. HIMSS Analytics will begin scoring and validating healthcare organizations against the new privacy and security program criteria starting in January 2018.

What are the biggest challenges for organizations as they move through the adoption models?

John: One of the hardest steps toward system optimization is employing data governance to advance analytics. The Adoption Model for Analytics Maturity (AMAM) offers healthcare leaders a roadmap to strategic implementation of an analytics program. The EMRAM includes some basic clinical and business analytics capabilities, but the AMAM helps an organization optimize its analytics strategy, competencies, and tools. And like any other IT project, healthcare organizations who have successfully reached EMRAM Stage 7 did so because they view it as an enterprise project and not just an IT project, with multidisciplinary stakeholders (clinical and business) sharing in project responsibilities and accountabilities.

How and where does patient experience / engagement factor into the adoption models?

John: In my view, patient engagement enabled by information technology begins with establishing the right foundation from which the organization can launch patient engagement initiatives. That foundation is an EMR environment where clinical summaries, test results, medication lists, and other patient information can be accessed by the patient. Like the acute care EMRAM, the outpatient EMRAM (O-EMRAM) serves as the roadmap for clinics to effectively establish a foundation with patient engagement capabilities such as a patient portal, which gives patients the ability to access their information anytime, and from anywhere. The next step is to now make the patient’s information available to any other caregiver the patient may encounter (e.g. emergency department, hospitalization, rehab, specialists, etc.). This is the core purpose of the HIMSS Analytics Continuity of Care Maturity Model (CCMM). The CCMM includes a strong focus on patient engagement capabilities within a care community that promotes treating the patient as part of the care team, using technologies and communication that enable a high level of coordinated care. It points back to that fundamental challenge of ensuring the right people (including the patient) have the right information at the right time to do the right thing.

How can companies leverage analytics to extract the most value from their EMR investments?

John: Analytics is not just about technology, it requires a cultural trait that has to be nurtured and developed over time. EMRs typically collect a tremendous amount of data, as do healthcare businesses in general. Using that data to gain meaningful insights into the financial, operational, and clinical activities is becoming standard practice; i.e., the act of complementing experience-based decision making with data-driven decision making. The HIMSS Analytics Adoption Model for Analytics Maturity (AMAM) helps healthcare organizations develop and advance their analytics skills.

Cybersecurity is going to be a major component to the EMRAM updates coming in 2018… In what ways do provider organizations need to get the ball rolling in preparation?

John: Providers should already be addressing security in a big way. High profile hacks have significantly tarnished specific provider organizations in the last several years. The WannaCry and Petya threats have attacked thousands of providers around the globe in the last few weeks. Expecting these types of threats to continue and perhaps increase, healthcare organizations must engage in careful consideration of their security programs to ensure these threats are mitigated as fully as possible. It is not an easy task, but the good news is there are many resources available to help them through this preparation process.

The new EMRAM criteria updates coming in January do include, for the first time, some security criteria that will help an organization think through building a good privacy and security foundation.