SEI recently helped a major healthcare provider to define, implement, and execute a strategic planning process. In part 1, I addressed the selection of a framework and the definition of current state and ended with defining the future roadmap and an accompanying governance process.
In the first part of this Strategic Planning for Healthcare IT series I focused on defining a framework and assessing the current state of a healthcare organization’s IT portfolio. In the second part I will describe the definition of the desired future state, address the identification of gaps between current state and future state, and discuss the definition of the organization’s strategic plan – i.e., roadmap.
Strategic planning efforts are challenging, especially in Healthcare IT, given the continuously changing environment. Because of this, it is all too common for organizations to forgo a strategic planning exercise, maintain (or reduce) current budget levels year over year, and struggle to keep up with the next high priority request. A significant challenge with this approach is that every request is a high priority and there are limited hours, resources, and dollars available to meet those requests. All too often, stakeholders become discouraged and only focus on the fact that their high priority request is not getting done.
In the first part of this series I focused on the best practices of understanding the intent of the assessment, the value that a dedicated project manager will add to the effort, and the importance of selecting the right firm. In the second part I will focus on the best practices of selecting the right framework, preparation of materials, and presentation of materials. These efforts are discussed separately however they are tightly coupled and rely heavily on good communication.
Preparing for an information security assessment is a daunting challenge – especially if previous assessments were not handled well. In most cases, adequate preparation and a mindset geared towards getting an honest assessment of the current state will yield significant benefits for the organization only if sufficient effort is spent on delivery.
Great teams sometimes fail because of a lack of delivery management. This is as true for an information security assessment as it is for a development project. In fact, some may argue that it is truer of an assessment because of the finality and timing of the final report versus the iterative nature of many development projects.