The implementation of “software referents” as the first step in the transformation of hospital CIOs


Digitalization presents increasing challenges for public health care establishments. In this context, it is necessary that the departments of the information system have the means to put an ambitious strategy on the subject. However, often, these departments are set up as “service providers” and do not need a break to implement their own strategy. Therefore, this article suggests setting up a “software referent”. This system will designate a person in each department of a hospital who is responsible for knowing and monitoring the use of business software and providing care services to the keys to manage the software used. At the same time, this provision will make it possible to begin the repositioning of hospital CIOs.

By means of Boris SIMONIN: Deputy Information System Director – [email protected]

Corentin RINGOT: Civil servant student – ​​[email protected]

Kevin ATTAL: Civil servant student – ​​[email protected]

In 2021, French hospitals suffered 730 cyber attacks (Kerkour, 2022). According to the Digital Health Agency (ASN), the number of these incidents is increasing significantly with a doubling of their occurrences between 2020 and 2021. At the same time, between the development of the “digital twin” (Farthouat, 2022), he increased data warehouses (Vitard, 2019), the proliferation of business software and even the launch of the first hospitals in the metaverse (Caudron, 2022), IT flooded the hospital.

In this context, digital technology has become a growing challenge in the management of a French hospital. This trend is such that an entire section of the recovery plan is dedicated to the subject. The digital health investment plan plans to invest in a number of “modernization, facilitating interoperability, reversibility, convergence and security of information systems” (Ministry of the Economy, 2020)

As a result, it is necessary for healthcare establishments to define a real strategy that allows their management information system (DSI) with the necessary resources to respond to these new challenge.

The strategy design of the IT department seems to be particularly important because digital technology is at the heart of the practice of all hospital service agents, whether they are health professionals, caregivers or administrators. Because of this, the methods of organizing this department must be rethought to provide more security and increase the ability of agents who are the first and sometimes the only users of business software.

However, in a context of multiple directions and constrained resources, implementing an ambitious strategy for hospital CIOs is sometimes complicated. Based on these observations, it is possible to imagine the initiation of this change by setting up “software referents” outside the IT department.

The need to spread digital culture in the hospital

Hospital CIOs are often established outside of other hospital departments and divisions. This organization makes it possible to envision two goals: to guarantee them autonomy and freedom of their actions. In many cases, this position ultimately has the opposite effect. In fact, they are gradually placed in a service provider position that must change according to the demands of other departments and make it difficult to create a global and independent strategy.

However, IT issues are increasingly important in hospitals and the role of CIOs should be increased. For example, strong management makes it easier to implement a strategy regarding the management of its resources or the security and storage of data. Similarly, this dynamic is essential to build an architecture and links between strong computer software or to effectively develop telecommunication systems that allow safe exchanges between professionals, patients and colleagues. territory (especially in the logic of decompartmentalization of towns -hospitals).

The software referent, the first stone of an overhaul of hospital CIOs

Based on previous findings, it is possible to consider the establishment of a “software referent” as the first stone in the building responsible for reversing the tendency of “quasi subordination” of some CIOs to other departments.

This system leads to the appointment of referents in each center or department of the hospital and to train them in the software used by the associated departments. These software referents thus have a role of training, information and advice for service agents. They can unblock agents in their practice or even advise hospital purchasing departments on software replacements and support the IT department during its interventions.

By bringing computer software skills closer to those in the field, agents have direct contact within their department or division. This tool saves time on both the agents’ side and the DSI’s side. This tendency may be more marked if the software referent is a real user of the software. In fact, in this day and age, CIOs are often contacted to solve problems with software they don’t use every day, if at all. A referent who is also a user appears to be more consistent at all levels. It would be possible to get away from the logic according to which the DSI would be a “service provider” responsible for responding to all the requests of its “customers”. In fact, in theory, they should be responsible only for the part installed and not for the use of said device. In the same way that we would not ask a work engineer to configure the IRM he installed, it should be natural that a computer engineer should not be moved to explain the operation of business software to professionals who , for their part,, see the application of these tools and have the associated skills. Finally, it often happens that the software is installed in the hospital and that it stops being used when the driving person leaves the subject. This causes loss of money, time and motivation. This tendency is related to the fact that the driving person is not known as the software referent person. He is first and foremost a caregiver, nurse, doctor or other. As a result, the position was replaced without considering the loss of software-related skills. Identifying a software referent therefore makes it possible to avoid this difficulty.

Establishing this referent can take different forms depending on the services and establishments. If it is necessary to rely first on the organization of each establishment and on the appetites of the agents, we propose to entrust this task to the medico-administrative assistants (AMA) if there is no volunteer. In fact, unlike nurses or nursing assistants who often work different hours, most AMAs have fixed hours while in direct contact with the field. In this way, they can be positioned as a resource person while limiting the risks of interruption. In addition, with the hope of a gradual repositioning of part of their activities due to the emergence of new digital tools, being a software referent will allow them to increase their skills and have a more important place in establishments.

To continue, the possibility of adding a software security referent

Faced with the resurgence of computer attacks, the French government has chosen to strengthen the fight against cybercrime in the health system. In this prism, important measures have recently been adopted such as the obligation of hospitals to have 5 to 10% of their IT budget dedicated to cybersecurity in order to benefit from the help from the digitalization plan for healthcare establishments. – health care. In the same trend, the Government plans to integrate more and more hospitals in the list of essential service operators (OSE) (Ministry of Finance, 2021) subjecting them, de factoof reinforced obligations in terms of security provided by the framework of the NIS directive (Network security and information systems) (Adam, 2021).

Therefore, health care establishments must prepare to interpret this right from an operational point of view and imagine preparing for computer attacks in the same way as they do to face in fires. Computer attacks are actually very frequent and can have consequences no less than a fire. This prerogative is especially necessary because the “degraded” modes of business software, if they exist, are little mastered by agents. That is why some do not even suspect the existence of these degraded ways. This ignorance also prompts a second difficulty: the quality of the degraded mode often does not follow the expectations of the agents because it is often not checked until it needs to be implemented. Software updates can also affect the quality of damaged modes.

For all these reasons, it is important to have someone responsible for verifying and monitoring these emergency tools.

In the same way that there are fire referents in every department, the software security referent can be a person responsible for setting up malicious procedures in the event of a computer attack. In the long run, it is even possible to plan to organize computer emergency trainings, on the model of fire emergency trainings with software safety referents.

As for the identity of the person intended to be appointed software security referent, the most natural is to appoint the same people as the appointed software referents. However, each establishment is different and should adapt its practices, if necessary.

Finally, it is important to rethink the place of DSI within our public health establishments. Faced with organizational limitations and limited hospital resources, ISD change must be done gradually and proceed with small changes to have an impact over time. With this in mind, setting up software referents can be seen as a first step that will help change the way the IT department works and its relationship with departments.


ADAM, L. (2021), “Hospital security: The government plays carrots and sticks”,

CAUDRON, T. (2022), “The first hospital in the metaverse”, Futura Tech

KERKOUR, T. (2022), “Cyberattacks against establishments to double in 2021”, Le Figaro

MINISTRY OF THE ECONOMY (2020), “Digital health investment plan”,

MINISTRY OF THE ECONOMY (2021), “Security of IT networks in healthcare establishments: the Government strengthens its strategy”, Press release Olivier Véran and Cédric O

VITARD, A. (2019), “To support clinical research, the Foch Hospital will open its own health data warehouse in January”, L’Usine numérique

#software#dsi#software#digital#security#computer attack#hospitable

Leave a Comment