In the past decade, healthcare has become one of the most dynamic industries for M&A deals, with global transactions valued at over $200 billion every year since 2014. M&A activity has ranged from mega-mergers brokered by private equity to independent hospitals trying to seize economies of scale by joining a local hospital system.
The healthcare merger and acquisition market is expected to remain robust in the coming year. In a 2019 Merrill Insights survey of global M&A professionals, 52% believed that the healthcare M&A market is headed in a positive direction in 2020, driven by the healthcare IT sector. Yet 40% of respondents said that data connectivity is the single greatest obstacle to harnessing opportunities in healthcare M&A.
So why is data the sticking point? Because while data should be an asset in healthcare mergers and acquisitions, trying to integrate IT in the wake of a deal can be a frustrating, resource-draining process that remains uncompleted even years after a merger has taken place.
Healthcare companies that want to position themselves for successful M&A deals need to make data integration a primary consideration, but in vast systems riddled with legacy applications in which HIPAA compliance is always a concern, it can be difficult to know where to start. The answer is Identity and Access Management (IAM): the central nervous system running through a healthcare company's operations.
IT Integration Can Make or Break Healthcare M&As
Margins for healthcare companies, especially hospitals, are often razor-thin, so the success of an M&A transaction depends on being able to quickly capitalize on cost-saving synergies. But when data remains siloed, then integration never fully occurs, and that’s a missed opportunity for improved revenues and patient outcomes.
According to Deloitte: “IT is typically the largest investment cost in the broader integration of health care systems. And it also accounts for roughly 70 percent of all synergies in the process.” Yet often, IT integration is treated as an afterthought, with no clear chain of command for overseeing it and a shortage of qualified developer talent to manage it.
For example, an analysis of American hospital data by Health Affairs found that at hospital mergers and acquisitions, only a third of acquired hospitals switched to the electronic health record (EHR) provider of their acquirer, and 44% continued using a separate EHR system.
Broadly, healthcare companies have two options for dealing with IT integration during a merger or acquisition: the so-called “rip and replace” approach, where one entity scraps their existing software and adopts the software of the other health system, or interfacing, in which the two companies attempt to share data over separate systems. The former option can be extremely costly, and the latter can be extremely time-consuming, especially for healthcare companies using legacy or in-house software that is challenging to integrate.
The Right IAM Solution Saves Time and Money
Using a modern IAM platform to approach the data integration challenge in healthcare M&As lets companies start sharing data across different systems immediately, creating a unified view of patients and staff. By treating identity (of patients, clinicians, and administrators) as the crucial element, rather than trying to align each individual application, a sophisticated IAM platform provides a clear path through the data jungle.
Auth0’s platform offers turnkey enterprise federation that can integrate with Active Directory, PingFederate, LDAP, or custom SAML-P providers. This enables healthcare providers to connect multiple directories, combining the data from each to create a single source of truth about patients. This gives clinicians across a healthcare system a holistic look at a patient’s history, which lets them make more informed care choices, faster. An IAM platform can also enrich the patient experience during a merger by creating a user-friendly patient portal they can navigate easily to look at their health plans, health insurance issues, and seek care within the medical system.
By implementing an extensible IAM solution like Auth0, you can make your healthcare organization much more attractive for M&As because you won’t waste precious developer time trying to integrate systems. Instead, you can put the right data in the hands of clinicians, administrators, and patients without forcing anyone to adapt to new software.
Use IAM to Keep Data Secure During M&As
Personal Health Information (PHI) is a valuable asset for healthcare companies, but its intensely personal nature means that it can also be a liability, if not carefully protected. Increasingly, M&A dealmakers are making data security a part of due diligence to ensure they’re not acquiring a security nightmare. A successful M&A strategy requires an acquired company to prove from the outset that their data is in order and ensure that it remains secure during the integration process.
Any IAM platform that handles PHI should be HIPAA-compliant, but Auth0 goes even further in protecting PHI from breaches that can lead to costly fines and lawsuits. That’s more vital than ever with the rise of cyberattacks and global privacy legislation like GDPR in the EU and CCPA in the United States. In particular, medical identity theft is a growing concern, with 87,765 reported cases in 2018. And in July 2019, Quest Diagnostics revealed that the personal information of 11.9 million patients had been compromised by an unauthorized user.
"Medical identity theft raises real threats during a healthcare M&A. Learn why IAM can be the right prescription."
These sorts of breaches are the result of poorly managed access to data: insufficient login requirements, unencrypted records stored in the wrong place, and inappropriate permissions assigned to staff members and third parties. The risk of these policies leading to a breach is exacerbated during an M&A when staff turnover is high and data is in transit. But with the right IAM platform, you can manage access to PHI throughout the transition period. With a user dashboard, you can see who has access to data and implement increased security protocols wherever you choose.
Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Security and application teams rely on Auth0's simplicity, extensibility, and expertise to make identity work for everyone. Safeguarding more than 4.5 billion login transactions each month, Auth0 secures identities so innovators can innovate, and empowers global enterprises to deliver trusted, superior digital experiences to their customers around the world.
If a clinician attempts to log in from a new device, you can employ multifactor authentication (MFA) to ensure they’re who they claim to be. And if a staff member exits the company, you can revoke their access with the flip of a switch.
Healthcare M&As Need IAM Solutions
Healthcare M&A deals have the potential to deliver value for stakeholders and improved outcomes for patients, and that potential is precisely why the healthcare industry has seen such a high deal volume in recent years. But delivering on this promise requires healthcare companies to treat data as a core asset in any deal and be equipped with the right tools to put that data to work.
Deloitte’s 2018 report on healthcare M&A concluded that “If IT is not baked into the earliest stages of M&A, carefully considered in due diligence, [and] planned for in integration strategies...provider organizations can find themselves...with spiraling IT costs and mounting frustration for lack of efficiencies gained, putting the future in serious doubt.”
If you’re in the healthcare M&A market, and you’d like to address any doubts you have about your data governance, reach out to the experts at Auth0.