The words CIOs don't want to hear

'My laptop was stolen, but it had a password. That’s the same as encryption, right?'

No matter what your job, there are certain phrases – whether said by bosses, colleagues or clients – that are just plain unwelcome: words that foretell frustration and added workload at best, panic and red-alert crisis response at worst.

For hospital chief information officers, there's no shortage of these ominous sentences. With so much at stake – integrity and uptime of critical IT systems, omnipresent threats to data security, millions of meaningful use dollars – the last thing CIOs want to hear are words that promise to complicate or delay their long daily to-do lists.

We asked CIOs from hospitals across the country about the phrases they dread hearing – from their IT staff, from the CEO or CFO, from the compliance department, from doctors or nurses. Whether they had to do with technology snafus, privacy threats, budget challenges, clinician complaints or assorted other headaches, there were plenty of them.

The longest list came from one former CIO of the Year who preferred to remain anonymous. There were some gems. The phrase, "I just wanted to give you a heads-up," for instance, doesn't usually augur good news. Others he suggested:

  • "It's been a couple weeks and we've not heard from IT about next steps."
  • "We've been working with this vendor for some time. We know what we want but will need the help of IT."
  • "I have a close friend who has developed this incredible software that can change our organization."
  • "I have concern that our strategic project is not receiving top priority from IT."
  • "Capital is tight ... looks like we're going to have to delay infrastructure and system upgrades."
  • "We don't have enough people to ensure we follow policy."
  • "We didn't budget for that."
  • "We lost our candidate of choice over salary."
  • "We have no one else who knows this system."
  • "Just in case this hits your radar ..."
  • "We thought we had everything covered for this conversion that would ensure no downtime. Sorry."
  • "We assumed ..."
  • "We didn't budget for contingency."
  • "We didn't budget for fail-over."
  • "Our users wouldn't allow us enough time to conduct system recovery testing."
  • "He failed to fully document the system admin procedures as well as the code."

A second CIO who asked for anonymity offered a couple other unwelcome turns of phrase. One – "I just signed a contract for X system; don't worry, the vendor will handle all of the IT" – doesn't typically inspire cheerfulness. Another – "I just went to a conference and…" – similarly suggests headaches to come. "Anything that follows this statement is usually trouble!" she said.

Daniel Barchi, CIO of Yale New Haven Health System, says that in the complex and fast-changing world of health IT, surprise developments just come with the territory.

"As a healthcare CIO, I am used to getting bad news – and to delivering it as well," he says. "Bad news is better if it is delivered clearly and rapidly. Our executive team can address and respond to any bad news when we know about it."

On the other hand, "the worst news is that which we don't hear," says Barchi. "There is nothing as bad as learning from a member of our team about a problem which happened hours or days ago which has become worse. The first two of my seven personal guiding principles are, 'Be open and honest' and, 'Have no secrets or skeletons.'"

Jim Turnbull, CIO at University of Utah Health Care in Salt Lake City, says most unexpected hurdles can be taken in stride – except when they involve valued staff members.

"After several years of experience as a CIO there aren't too many things that consistently rattle me," says Turnbull. "The exception is hearing that an employee in my division has accepted a job outside of our organization.

"I immediately feel a sense of loss, even on those occasions when it is clearly a great opportunity for the employee that is leaving," he says. "When one is blessed, as I am, with a great team – it is these moments that cause me to reflect on what we could have done to challenge, reward and retain great team members."

Turnbull's cross-town counterpart, Marc Probst, vice president and CIO of Intermountain Healthcare, offered a list of words he doesn't enjoy hearing, categorized according to who's saying them – and how badly they'll ruin his day.

From my IT staff:
"XYZ application is down" – bad day.
"The network is down" – really bad day.
"The data center is down" – very bad day.

From compliance:
"Dr. Jones is inappropriately using our system" – bad day.
"There may have been a data breach" – really bad day.
"There was a data breach" – very bad day.

From my boss:
"I need to speak with you ASAP" – generally, a bad day.
"I'm having a problem with my laptop (or phone, printer, tablet or any other device which could even possibly connect to our network)" – bad day.
"We need to discuss the IT budget" – really bad day.

From a physician:
"You have _____________" – bad day
"Your family member has _____________" – really bad day
Any other call from a physician – very bad day (they only call with problems).

From my wife or children:
"Why is the Internet down again?"

George "Buddy" Hickman, executive vice president and CIO of Albany Medical Center in Albany, N.Y., hates being left out of the loop.

"What are the words I dread hearing? 'Let's involve the IT folks on this later,'" he says. "That doesn't happen so much at my place these days, but it still can be said. Playing catchup or being the voice of complexity or disappointment later is not a preferred position for any IT leader."

Meanwhile, Pamela McNutt, senior vice president and CIO of Methodist Health System in Dallas, dreads hearing that technology has failed: "Since the data network is the circulatory system of our healthcare system," she says, "the worst news I could get is, 'The network is down.'"

John Halamka, MD, CIO of Beth Israel Deaconess Medical Center in Boston, gets a chill when he hears about potential privacy breaches. His least favorite words? "My laptop was stolen, but it had a password. That’s the same as encryption, right?" And, "I made a copy on Dropbox."

Finally, Ralph Johnson, CIO of Franklin Community Health Network in Farmington, Maine, has recently heard one unwelcome phrase that should give bad dreams to any CIO.

"It just happened to me and it is keeping me up at night," says Johnson. "For the second attestation year in a row I received an e-mail that stated, 'You have been selected by CMS for a HITECH EHR Meaningful Use Audit.'"