It’s not hard for Eugene Cullen to remember why his work matters; all he has to do is look around. As he walks Roswell Park Comprehensive Cancer Center’s twenty-eight-acre campus on any given day, he’ll pass full operating rooms, encounter 150 chemotherapy patients, and interact with top researchers and physicians actively pursuing the latest breakthroughs.
Founded in 1898, Roswell Park is the nation’s oldest cancer center. As vice president of internal audit and advisory services, Cullen’s job is to manage risk through the performance of internal audits and risk assessments and providing advisory services to facilitate positive change. This helps clinical and nonclinical teams and operations improve efficiency and effectiveness to the benefit of Roswell Park and its patients.
Cullen is a realist. He knows administrators, clinicians, and other care providers are busy working as hard as they can to save lives. That’s why he does all he can to identify realistic improvements that can be made within the parameters of the organization and the constraints of the burdensome and highly regulated healthcare industry.
“Auditing and advising a medical facility is not an exercise in idealism; it’s an exercise in practicality,” he says. “We can’t produce lofty goals and fancy reports that sit on a shelf. We have to suggest changes that people are willing to make so we can improve patient care.”
At Roswell Park, Cullen’s internal audit and advisory services team gives input to leaders and board members regarding risk mitigation and performance improvement opportunities. He’s been in the role for ten years and is applying the full knowledge from a long career in the healthcare industry.
Cullen earned a master’s degree in healthcare from New School University and worked for Big 8, Big 6, and Big 4 advisory firms where he represented major clients like Northwell Health, Lenox Hill Hospital, NYU Downtown Hospital, RWJ Barnabas Health, Stony Brook University Hospital, Greenwich Hospital, St. John’s University, and Empire Blue Cross.
Cullen started when computer systems were just beginning to change the way providers and patients interact. Compared to today’s tech-filled and regulated world, it was a simpler time. Physicians had more freedom to dictate treatments. Payments and reimbursements were relatively straightforward. Administrators knew what to expect.
But now, times have changed. “The fast-paced nature of healthcare has totally changed the auditing and advisory landscape,” Cullen says. “It is night and day.” Regulations and restrictions have increased. Costs have climbed higher. Technology has brought new threats. The ability to identify clinical, regulatory, process, privacy, and IT risk matters that should be mitigated is perhaps more critical than ever before.
“The fast-paced nature of healthcare has totally changed the auditing and advisory landscape. It is night and day.”
It takes a diverse team to do this work well, and Cullen has purposely assembled a group of people from different vocational backgrounds. He has an IT professional, a regulatory expert, and a generalist. “I ask each person on my team to be a go-to person for one area and then provide support in other matters,” he says. “We have to be ready to address any issue that comes our way.”
The small but mighty team is agnostic by design and supported, when needed, by outside advisory expertise. Instead of focusing on any specific area, they work with finance, information technology, accounts receivable, clinical services, research, and all other departments to leverage opportunities and identify risks. They also perform an annual assessment that outlines the highest risks to the entire organization. Once either process pinpoints a risk to mitigate or an opportunity to leverage, Cullen’s team develops an action plan and initiatives to help facilitate the change.
As hospitals, clinics, and health systems implement new technologies to drive innovation, IT security is always on Cullen’s mind. Since financial margins are tight, the industry was notoriously slow to adopt some of the same security measures that are common in banking and other sectors that gather sensitive personally identifiable information.
Medical records contain names, insurance information, diagnoses, social security numbers, addresses, phone numbers, and all the information bad actors need to commit identity theft or medical fraud. “Hospitals are more vulnerable than other institutions to cyberattacks because we’ve put a target on our backs. Hacking a hospital is simply easier than hacking a bank,” Cullen says.
The stark reality forces him to respond accordingly. His team at Roswell Park has performed reviews to ensure each user who needs to access data has the appropriate level of access. They assess the design and effectiveness of information technology security controls including employee access controls, training and education, preparedness for ransomware attacks, effectiveness of computer backups, and data recovery systems to keep important patient records secure from threats and natural disasters.
Leaders at Roswell Park Comprehensive Cancer Center are vocal about the organization’s purpose. They want all employees to understand why the organization exists. Its stated mission is “to eliminate cancer’s grip on humanity by unlocking its secrets through personalized approaches and unleashing the healing power of hope.”
Cullen says his team does what it does so their colleagues can focus on fulfilling that mission. “An IT security event or a regulatory blow would distract people here from doing important, life-saving work,” he explains. “I prevent those distractions so our doctors can do research, perform surgeries, and treat cancer patients.”
Cullen has both hard data and anecdotal evidence that demonstrate the impact of his work. His team has contributed to improved patient throughput, increased physician satisfaction, lowered wait times, prevented online threats, identified opportunities to reduce expenses and improve revenue, and improved electronic medical record documentation.
At a place like Roswell Park, those results matter. The organization has roughly 3,700 employees, 350 faculty members, 800 nurses, and hundreds of funded research projects. Each year, they treat nearly 5,000 admitted patients and 270,000 outpatient visitors. At any one time, the group has about 43,000 active patients. Because of Cullen’s work, organizational risk is mitigated, and patients can access the best possible care from first diagnosis to the end of their cancer treatment.
“Innovative leaders like Eugene Cullen are key to transforming healthcare. His commitment to improving the lives of patients, as well as the physicians and nurses who care for them, is a driving force behind Roswell Park’s success as both a leading, compassionate care provider as well as a thriving business.”
–Christine Blanchard, Managing Director, Client Partnerships
Congratulations Eugene Cullen for the well-deserved recognition you are receiving as a leader and innovator in health care. Phillips Lytle is proud of its long-standing relationship with Roswell Park Comprehensive Cancer Center. Our attorneys are privileged to support an organization that has had such a profound impact on the lives of so many patients and families.