by Darin Brannan
Co-founder and CEO
This is the second post in a series on Trends in Healthcare by Darin Brannan. See the first post on the trend toward consumerism in healthcare here.
Healthcare continues to embrace transformation – both proactively and as a result of industry and global factors. As a result, we are seeing a flurry of healthcare mergers and acquisitions, with more predicted for the second half of this year. It’s worth noting these are strategic and corporate in nature, rather than financial. They’re reflective of healthcare organizations using the current economic climate to combine with companies that play well into their product or services road map.
Earlier this year, I read this article in Healthcare Finance News, where Anu Singh, managing director of Kaufman Hall, speaks to an “unprecedented trend of activity” in which healthcare organizations look to merge with others that have strengths they don’t, in an attempt to be more competitive. Little did we know last January what lay ahead. While the future of the healthcare industry is still uncertain, we do know this: it is a fiercely competitive landscape and consumers - be they patients or members - are more demanding than ever.
In the more recent Q2 report from Kaufman Hall they report “the pandemic has demonstrated advantages of scale, coordination, and innovation that are likely to strengthen the strategic rationale for future partnerships. On the other end of the spectrum, we expect an increasing number of restructuring, distressed, and bankrupt hospitals. As a result, we do anticipate a significant uptick in M&A activity to be just ahead of us, as the industry recommences its transformation.”
Earlier this month, this story hit the media – a massive $18.5B Livongo – Teladoc merger! This is a good indicator that the digital transformation in healthcare is coming of age.
Here at ClearDATA, I’m speaking to more and more C-suite healthcare leaders inquiring about this topic. Regardless of which side of the merger or acquisition they’re on, there’s a need for an IT rationalization that explores the affected organizations’ various data centers; their cloud use - whether it’s private, public or hybrid; an investigation of their data security policies and procedures, and how those overlap tightly - or don’t. Organizations need to deeply understand the whole threat matrix to clearly see where they are over or under-invested. They’re coming to ClearDATA for help.
For some, they are already existing ClearDATA customers. So, we know their architecture and continuous state of compliance. When they merge, we can make it easier to integrate that on-premise acquisition right into the cloud for cost synergy. They can do the cost synergy rationalizations in advance, deciding what data centers to collapse into the cloud for a percentage of savings. After they close the deal, they can use us to help migrate the acquired organization from legacy with less effective and potentially less secure environments – giving them access to the extensive benefits of the public cloud. Additionally, they often engage us to quickly run a third-party Security Risk Assessment (SRA) – a critical step to do a deeper dive to identify gaps in HIPAA-required physical, technical, and administrative safeguards.
This part is really important. Every organization wants to go into a merger or acquisition with eyes wide open, not just billfolds wide open. For that reason, the due diligence needs to be as thorough and accurate as possible. We’ve added a new feature to our SaaS product, ClearDATA Comply™ - that efficiently runs a self-service dashboard view, identifying which aspects of an organization’s cloud environment are in compliance with HIPAA and which workloads are not (and to what extent). To not investigate this aspect prior to any M&A activity is akin to buying a house without an inspection… You could, but why would you?
Healthcare’s expanded attack surface (virtual care, expanding IoT, remote monitoring devices, shadow IT SaaS employees download and use, etc.) has given hackers endless ways to break in and access valuable, sensitive personal and healthcare data (PHI and PII). No one wants to spend the money on M&A just to have a breach hit the headlines a month later. The financial damages from the breach are substantial - think millions of dollars - but are just the tip of the disastrous financial iceberg. How do you even begin to value the loss to reputation and trust?
Do both parties have a valid, recent SRA on file? It’s a wise move to execute an expert third-party SRA early in the process for a smoother corporate integration. It’s a small investment of time - done start-to-finish in a couple weeks. Post-merger, you’re able to focus on scaling securely instead of increasing your liabilities and risks. We use ClearDATA Assess® to conduct our SRA, and then hand the newly-merged IT team access to a dashboard with an actionable view into liabilities and gaps. The interface facilitates accountability and project management, so responsible parties can track progress and stalls against remediating identified risks. This view builds a shared culture of compliance during those critical first months of both cultural and infrastructural integration - building efficiency for the road ahead.
So, do your due diligence and include PHI/PII inventories, compliance scans, and security risk assessments on your M&A must-do list.
Finally, many healthcare IT departments have been under-resourced and under-invested, especially under the strain of COVID-19. Looking to make yourself more attractive for an acquisition? We can help drop in technology agents, get heat maps of your current environments, and even bring in our solution architects to quickly show you not only what you can do to quickly close security and compliance gaps, but also how you can make the most of the cloud’s emerging technology for reliability, scalability, and affordability.
So much of the M&A activity I’m hearing about makes me excited for the future as our industry makes the none too early move to modernization. Let’s just make sure we look where we’re going by assessing risk along the way and addressing it quickly in order to build a stronger, more secure future for our industry.