An Interview With Roy Sookhoo, CIO at University of New Mexico Health Sciences Center

As technology professionals, it’s all too easy to become too tightly focused on the technology at the expense of the bigger picture — technology is simply a means to an end. That end for Roy Sookhoo, CIO at the University of New Mexico Health Sciences Center, is to improve people’s lives in some way and make the organization more resilient, agile, and efficient. 

Sookhoo started his career as a math and computer science high school teacher, then became a systems integrator and entrepreneur, and eventually, a CIO focused on healthcare organizations. Prior to his current role, Sookhoo has served in many other IT leadership roles at Tenet, Sutter Health, Ochsner Health System, SUNY Downstate Medical Center, Coordinated Health, and others. With his career path, Sookhoo brings nearly two decades of leadership experience and a unique perspective with an emphasis on storytelling in successful enterprise technology management.  

In this interview, we delve into why he changed careers, his view of storytelling in IT, and the nature of the relationship between the CIO and the CISO. 

You started your career as a teacher. Can you tell us why you decided to make the switch to IT? 

It comes down to economics — it was tough to afford to raise a family on a teacher’s salary in Los Angles, California, and IT was something I was very interested in and familiar with. So, after getting an MS in software engineering, it was easy for me to find a job in technology. I started as a consultant working as a system integrator and a teacher in the technology space. At the time, there was a shortage of technologists who could communicate, educate and bridge the gap between technology and business requirements. And, really, at the end of the day, being a teacher and a technologist was a strong combination. The career has been very gratifying.  

Why did you decide to remain in healthcare IT?  

Working with clinicians is rewarding for me. Nurses — in general — are not technologists but caregivers who often shy away from or are intimidated by technology. They often use paper and other manual means to get their job done. I have been able to show them that they can successfully and efficiently use technology to deliver better care for their patients.  

For instance, I introduced a technology that helped nurses reduce the number of wasted steps walking back and forth each day so they could be more efficient. A Nurse walks about seven to eight miles a day in a shift, and we reduced that fatigue and extra burden through the aid of technology.  

Technology has also facilitated improvements for other clinicians. When electronic medical records (EMRs) came on the scene, physicians became data entry people. I enjoy helping physicians optimize their workflow and use EMRs as a tool in a way that doesn’t interfere with the patient-physician relationship. I’ve found that a physician typically spends two-thirds of their time doing data entry in the EMR — that’s not right. I want to free up the physician from the computer to spend more time with their patients. 

What are some of the lessons you have learned in your career? 

The biggest lesson learned for me is that people matter more than technology. We’re in the business of helping people. Technology is just a tool to get there. Sometimes we’re focused more on the technology than on the people. My goal is to create service-oriented organizations rather than technology-oriented organizations. You can have the best technology in your organization, but people won’t use or appreciate the technology if you’re not service-oriented.  

Our IT projects must improve the organization in some way. We need to make the business more efficient and make peoples’ lives easier. That requires a shift to more of a service-oriented mindset.  

Have your storytelling skills helped you in your career? 

Storytelling helps because people can relate to the stories rather than technology jargon. If we want buy-in on an initiative, it’s the story around why we need the initiative and how it will help the physicians, nurses, patients, and customers that matters the most. Many people see IT as this foreign entity and expense that sucks up 5% to 10% of the revenue, but storytelling illustrates the relevance of IT as a strategic partner with each business unit, and this can go a long way to changing perception.  

Generally, CIOs do not do a very good job telling our stories about the value IT brings to the organization. In this competitive world, sharing our vision of how technology can provide a better customer experience while improving business processes and outcomes is critical. Good data can fortify a story, but a compelling vision of a streamlined process that simplifies people’s lives can really make an impact. 

How important is the role identity management plays in healthcare and IT today? 

Identity management is critical in healthcare because almost every user has multiple personas or identities. For example, a physician can be a clinician, researcher, educator and leader all in the same day. Each role requires different access and resources. We need tools to seamlessly navigate among the various roles without fussing about usernames and passwords. 

SailPoint is a technology that helps seamlessly navigate the different personas in a way that is convenient for the user. We know from experience that it becomes a security concern if IT does not address the multi-identities. SailPoint allows many organizations to manage these multi-personas in a secure and unobtrusive way for the users. 

Regarding enterprise security management, how do you see the role of the CIO in building security programs or helping to enable the CSO to succeed in enabling the security program? 

Security is my number one priority, but there has to be a balance between security and operations. We see organizations where security and operations are not balanced and security hinders performance. When an organizations’ workflow is hindered with security controls that hurts productivity, employees will resort to using unsecure practices to get their job done. 

To get that balance right, the CIO needs to work closely with the CSO to provide a strong security posture to maximize operational excellence. It’s a balancing act because if you favor operations, you risk sacrificing security and that’s not good either. If you favor security too much, you can hinder operations. It’s a coordinated dance between the CSO and the CIO.  


Discussion