Ontario’s Smart Systems for Health Agency might be underperforming in pretty much every area you can measure right now, but you just wait, says the organization’s acting CEO.
SSHA, which provides connectivity to health care organizations across Ontario and develops and hosts e-health applications, was the object of a scathing report released last week by consulting firm Deloitte.
According to the report, the agency has no strategic plan. Few health-care organizations know what the organization is or does, and those that do aren’t particularly pleased with it. It’s crippled by restrictions imposed by it by the Ministry of Health and Long-Term Care, and while it has done a good job of putting together the technology end of its value equation – it has installed more than 1,700 circuits to connect public hospitals, public health units, community care access centres, doctors and other health care provider, as well as provisioning two data centres where it can host 19 applications – users have been slow to sign up. Security measures haven’t met expectations, which explains why only one third of the 60,000 secure e-mail boxes that have been installed since 2003 are in active use.
On top of that, Deloitte has little faith in the agency’s ability to manage its $145 million 2006/07 budget adequately, due to the lack of an effective, centralized controllership function, and said it also lacks the required skills in the areas of project management.
“At the request of the ministry, SSHA has also been dealing with a transition from a consultant-based to an employee-based organization,” says the report. “Because this transition took place in parallel with capacity building activities, SSHA had difficulty managing the significant degree of change and acquiring appropriately skilled staff. This has led to a skills gap in some areas such as business and financial management. Fundamentally, the culture of the organization needs to change to one that is customer focused, deliverable-oriented, and able to partner effectively with the ministry and other health sector stakeholders.”
“The board of directors is quite clear they want to see this as a best practices organization,” said Michael Lauber, the SHHA’s acting CEO. “We haven’t worked out a timetable, and we won’t get there in every area at the same time,” but, he adds, “We have set up a change management office led by senior executives that reports to a board committee and to the CEO, and all of the work is going to be done with a focus on widely recognized standards of excellence.”
Lauber, who is also chairman of the organization, said while there are issues that need to be ironed out with respect to the agency’s relationship to the ministry of health and its lack of autonomy, it has to bear the blame for many of the shortcomings identified in the report.
“The report makes it clear there is a lack of policy and direction,” he said. “Smart Systems has worked in an environment that has been challenging to plan and operate in because there wasn’t a clear roadmap.” But, he added, “The fact that some of our systems lacked the level of maturity they should have in the view of Deloitte — I don’t think that’s an issue we can look outside our own walls for; I think that is something that was generally within our control to be further along.”
One of the areas Lauber said the agency can improve in is in articulating the range of products and services it can provide to clients – and the costs associated with those services.
But even if it does figure out how much it costs to deliver services, it’s not like SSHA can generate revenue – that’s prohibited by the ministry.
“We’ve been asking for the ability to do business transactions with stakeholders, for extra services,” he said. “For example, say a hospital wants to get rid of its data centre and would like us to host their operations just on a black box basis. We are not funded to provide that service. We’ve had cases where hospitals wanted greater bandwidth than we were funded to provide them with, and the hospitals say, ‘We’ve got money, we’ll pay for it; we just need the bandwidth.’”
Despite getting its knuckles rapped for “significant questions” relating to past decisions, however, improving its track record in that area is easier said than done, said Lauber.
“Some time ago we bought a bunch of PKI certificates. We’ve used some but not a lot,” he explained. “A few years ago that was the flavour of the month. Now not as many people are using them.”
They certainly weren’t popular in the health care community, he said, mostly because people were not familiar with how they worked, but also because they were not easy to use due to the environment that health care takes place in.
“Any security things are a little hard to engineer in health-care,” he said. “You’ve got people with glasses, rubber gloves, you’re in sterile environments, and PKIs were not acceptable; that’s the advice I’ve had. So we have some licences. Was it a bad decision when it was made? The advice I’ve had was not really. Looking back, maybe.”
But those issues are more governance than security-related, said Bernard Courtois, president of the Information Technology Association of Canada.
“You’re dealing with a system with many actors and intervenors and many people needing access to data, so first of all you’ve got to figure out a protocol as to who is going to access what kind of data,” he said. “The technology solutions exist. Canada is not a backwater in that.”
Courtois said it’s not surprising SSHA faces the challenges it does, given the fact its mandate has been so ill-defined. But he’s confident SSHA’s work is part of a well-structured e-health strategy that is “in the works.”
At the same time, he said, as a taxpayer and an industry he is dismayed to find a government agency trying to take on roles best left to the private sector.
“The report does address the strategic challenges – things like financial controls — but it skirts the issue that the agency started off quarterbacking something that will be executed as it should by the private sector, with the rationale they had to understand better what the marketplace wanted,” he said.
For example, he said, if you were in the private sector and developing applications wasn’t your core business you would have someone outside do it. “That’s an important issue that remains unsolved in this report.”
SSHA, he said, should focus on developing a core team in-house to figure out what it is trying to deliver and what it needs to buy to deliver those products and services.
“That requires project management skills and expertise in what your customer base demands, but that does not require that you do the work yourself. Then you try to collect money from your user base to pay for that and you’ve created a paragovernment agency to try to get into private sector business.”
While it’s up to organizations such as Canada Health Infoway and the provinces to develop a strategy for a national e-health record, it’s time for the government to stop trying to reinvent the wheel, he said.
“The thing we want is for everybody to stop saying we’re going to require different standards and certifications in every province,” said Courtois. “If we want to save taxpayer dollars we should use international standards every way we can and minimize customization by jurisdiction. That’s a waste of time and money for suppliers and it increases time to market.”