More and more, healthcare as providers are merging together or acquiring other hospitals to increase their footprint, provide higher levels of patient care, and enable strategic synergies.
Modern identity and access management (IAM) solutions are a crucial, but often overlooked facilitator of IT integration. Having the right IAM solution in place not only reduces time, costs, and integration conflicts, but also ensures a smoother transition for both clinicians and patients.
In part one of our healthcare M&A series, we looked at how modern IAM ensures users have immediate access to the resources they need and simplifies directory management. Now, we’ll take a look at two more M&A challenges IAM solutions can help healthcare providers overcome: disruptions to clinical workflows and ensuring security throughout integration.
Disruption to Clinician Workflows
Between 10-15 percent of cost savings from an M&A tie directly back to successful IT integration. These savings largely come from consolidating overlapping systems in order to simplify administration and receive discounts for scale.
The quicker integration occurs, the quicker cost-saving synergies can be achieved. There is immense pressure on IT to makes this happen. However, completing integration without disrupting clinician workflows or productivity is easier said than done.
Healthcare providers tend to have very complex IT infrastructures. This is further complicated by the fact that the providers involved likely have different technologies in place. If integration and consolidation aren’t carefully handled, it leads to delayed access and system downtime.
Disrupting clinician workflows negatively impacts patient care levels and reduces the number of patients clinicians can see, which in turn, can reduce revenue, cause reputational damage, and threaten patient safety. All of this increases clinician frustration, increasing the likelihood they’ll seek work elsewhere.
How IAM Enables a Planned Approach to Integration
Modern IAM ensures critical patient systems, such as EHR, are maintained without disruption throughout the integration process. From day one, you can bring the acquired provider’s systems and users under IT control. Centralizing and automating identity management across both organizations, eliminates time-consuming manual processes that open the organization up to security risks, compliance issues, and mistakes.
Once the acquired company’s users and systems are under IT control, full integration and consolidation move forward in a careful, well-planned manner. This is where choosing the right IAM solution is key. You need a solution that offers flexibility and the ability to quickly adapt during a period of constant change.
This starts with a solution that offers a toolkit for quickly configuring new connections to applications. By not requiring any deep programming or hard-coding to integrate them with your existing systems and data, not only are time and money saved, but adjustments can easily be made as you move forward with consolidating duplicate systems.
Since healthcare providers have notoriously complex IT infrastructures, it’s also important to choose an IAM solution that will allow you to connect all systems—including on-premises, cloud-based, and legacy systems—through a variety of methods, such as API connections, direct database connections, or integrate through text-based files.
Maintaining Cyber Security
Eighty-nine percent of all healthcare organizations have experienced a data breach—a risk that only increases during an M&A when everyone’s preoccupied with completing integration as quickly as possible. And while due diligence is done before completing a deal to minimize this risk, security vulnerabilities are easily overlooked.
One study that evaluated healthcare M&As found that 49% of respondents were dissatisfied with cybersecurity due diligence after-the-fact. Furthermore, 58% of the respondents said they had discovered a cybersecurity problem after the deal was done.
When one provider acquires another, they also acquire that organization’s security problems. The study also found that when it comes to the acquired provider, the top three cyber security concerns during an M&A are a lack of robust cybersecurity infrastructure (30%), vulnerability to insider breaches (26%) and a lack of personnel with deep knowledge of cyber security issues (24%). As soon as the deal goes through, the acquiring provider is responsible for these issues—whether they are aware of them or not—and must be equipped and ready to deal with them.
Add to this the challenges of consolidating the organizations’ differing cybersecurity policies and ensuring organizational and HIPAA compliance, and it’s easy to see why maintaining cyber security throughout M&A integration is so difficult.
Security is especially an issue with provider “roll-ups,” where multiple smaller practices merge, according to Brad Haller, a director in West Monroe Partners’ M&A practice, That’s because smaller providers are more likely to be behind the curve when it comes to security and compliance. “All these clinics have some ability to accept payment for copays, but they don’t all have a good sense of what they’re supposed to be doing to protect both [PHI and credit card] data.” states Haller.
Instantly Step-Up Security with IAM
While single sign-on solutions and identity tools that optimize clinical workflows are common in healthcare, many are behind the curve when it comes to putting complete IAM solution at the core of organizational security. However, a merger is a good time to extend your IAM capabilities or onboard a more complete solution that enhances security for both companies.
The right IAM solution can instantly step up the security level and minimize security risks throughout integration. With a modern IAM solution, identity governance policies to monitor and control access can be immediately and quickly put in place. Policy-driven configurations are centrally implemented and managed, ensuring they are consistently applied and enforced across the entire organization—including the newly acquired organization’s systems.
Policies can also be put in place to lock down privileged accounts throughout integration, which is crucial because they’re involved in an estimated 80 percent of breaches. This is particularly important during M&A integration when administrator access is being more freely granted, so IT can get things done as quickly as possible.
Furthermore, access entitlements can be time-bound, so that when the dust settles, you don’t have to worry about going back to clean this access up.
When users leave the organization, they’re accounts can automatically be deprovisioned with IAM. This eliminates the risk of orphaned accounts being left vulnerable to security breaches or former users re-accessing them for malicious purposes.
Modern IAM solutions also give IT much-needed visibility into both organizations’ activities by providing a complete compliance audit trail with comprehensive logging, pre-built reporting, and integration with security analytic systems.
Simplify and Streamline M&A Integration with Modern IAM
While M&As have proven to be a beneficial move for both providers and patients in the healthcare industry, integration is a delicate process that needs to be handled carefully in order to minimize disruptions and ensure patient care levels aren’t affected.
Having modern IAM in place before starting the process makes this possible. That’s because the right solution streamlines and simplifies IT integration by quickly and securely enabling change every step of the way. This translates to reduced time, cost, and conflict associated with the integration process, as well as a smoother transition for both clinicians and patients.