Podcast Summary: Risk Never Sleeps, Episode #105
Title: Bridging Quality and Technology: Transforming Healthcare Management
Host: Ed Gaudet
Guest: Andrea Steele, Associate Vice President of Information Technology and Business Intelligence, Health Care District of Palm Beach County
Date: November 7, 2024
Overview
This episode of "Risk Never Sleeps" features Ed Gaudet in conversation with Andrea Steele, who oversees IT and Business Intelligence at the Health Care District of Palm Beach County (HCDPBC). The talk dives deep into the intersection of healthcare operations, data, and technology—exploring how quality improvement methods can be bridged with IT, what it means to manage risk in a complex system, how AI and data governance are evolving, and the challenges of cybersecurity and medical device management.
The conversation provides listeners with firsthand insight into the challenges and priorities facing modern healthcare IT leaders, with practical examples drawn from Andrea’s wide-ranging role.
Key Discussion Points & Insights
1. Background & Role at HCDPBC
- Andrea details her journey from quality management roles to her current position bridging IT and business intelligence (00:55).
- The HCDPBC acts as a public safety net, providing services from rural hospitals to school health programs.
- She describes herself as a “purple person”: “...the person you go to to ask questions when IT is not getting back to you fast enough.” (01:19)
- Importance of internal translation—communicating effectively between IT and healthcare operations.
2. Blending Quality Methodologies with IT
- Andrea is leading the translation of longstanding healthcare quality tools (like root cause analysis and Plan-Do-Check-Act cycles) into the IT environment (03:47).
- Recent efforts include adopting Scrum/Agile methods in business intelligence to improve responsiveness and delivery (04:03).
- Andrea highlights a technical integration: "We can actually feed the tickets from the managed engine system into Azure DevOps to sort of start the process and set up our actual two week sprints with the business" (04:44).
3. Organizational Best Practices & Security Frameworks
- The district has adopted NIST’s Cybersecurity Framework (CSF) and is evaluating Cybersecurity Performance Goals (CPGs) (05:56–06:03).
- Agile practices are becoming a best practice beyond IT, with performance excellence and project management also engaging in these processes.
4. AI Governance and Risk Management
- Initial attempts at AI governance led to a dedicated committee, which has since merged with the district’s broader data governance (06:20–06:54).
- Focus on legal and compliance issues: “...the concerns always come back to the data and the data integrity and, you know, where is it getting stored?” (06:59)
- Risk analysis for AI currently uses a structured Excel approach, with plans to use Tableau’s AI-enabled tools for enterprise risk data (07:32).
- “Maybe we can actually combine the enterprise risk data with our NOW data that we get from Censinet on each of our vendors...” (08:01)
5. Cybersecurity, Asset Management & Medical Devices
- Asset and medical device management is a chief worry: “What keeps me up at night, honestly, it's asset management and medical device management as well.” (08:37)
- Biomed group currently lacks dedicated cybersecurity; a third-party vendor will soon coordinate security between Biomed and IT (08:47–09:12).
Memorable Quotes & Moments
-
On being a “purple person”:
Andrea: “I think I'm one of those folks that you call purple people who, you know, was identified by my business unit as the person you go to to ask questions when IT is not getting back to you fast enough.” (01:16) -
On learning and language:
Andrea: “I'd like to think of myself as a linguist these days, but who knows?” (02:16) -
On risk priorities:
Andrea: “What keeps me up at night, honestly, it's asset management and medical device management as well.” (08:37). -
On blending data for risk:
Andrea: “Maybe we can actually combine the enterprise risk data with our NOW data that we get from Censinet on each of our vendors...” (08:01) -
On the hardest career lesson:
Andrea: “…that discrepancy between the desire to accomplish something versus the capacity to actually accomplish it... being able to understand what is somebody's desire to get something done versus their actual knowledge, skills, and abilities...” (12:56–14:26)
Timestamps for Key Segments
- 00:55 — Andrea’s background, introduction to healthcare, and transition into IT
- 03:47 — Strategic initiatives: Root Cause Analysis, Plan-Do-Check-Act, and Scrum methodology
- 05:56 — Adopting NIST CSF and Cybersecurity Performance Goals
- 06:20 — Approach to AI governance, integration with data governance
- 07:32 — Risk analysis processes for AI and Tableau plans
- 08:37–09:12 — Asset management, medical device cybersecurity, and use of third-party vendors
- 11:16 — Advice to her 20-year-old self: “...just to believe in myself more.”
- 12:12 — Riskiest experiences: skydiving vs. driving in Guatemala/Mexico
- 12:56–14:26 — Hardest lesson in leadership: balancing desire, capability, and capacity
- 16:48 — Career advice for newcomers to healthcare/cybersecurity IT
Personal & Leadership Reflections
- Passions & Life Outside Work:
Camping, family road trips, adventure, and love for the outdoors (09:24–10:20).
“We camped all over Northern California... did some panning for gold... rafting down the river…” (09:24–09:48) - Favorite Music & Movies:
- Music: Odessa (“In Return”), Faithless (“Outrospective”) (15:00–15:12)
- Movies: "Feds" (1980s), mutual admiration for classics like "Jaws" and "Grease"
- Advice to Early-Career Professionals:
- “Be willing to start small and learn.”
- “For cybersecurity, there’s so much free education out there these days... and then you can also sort of think about the way that you are addressing it, security, even in your home, and bring that to an interview as well.” (16:48)
- On Internal Advancement:
Encourages non-IT staff with interest to take courses and apply for internal IT/security openings.
Key Takeaways
- Success in healthcare IT requires bridging the gap between quality/process improvement and technology.
- Adapting business-measured, agile approaches can bring substantial benefits to healthcare organizations.
- Effective risk and data governance means integrating security, legal, compliance, and AI considerations.
- Asset and medical device management, especially cybersecurity, remain core challenges.
- Early career growth can be fostered by curiosity, internal mobility, self-directed learning, and openness to starting with small responsibilities.
For show notes, resources, or to learn more about improving patient safety in a digital world, visit censinet.com.
