May 11 2021

Roundtable: Navigating Mergers and Acquisitions in Healthcare

For healthcare IT teams, M&A deals represent an enormous challenge — and a valuable opportunity.

Healthcare organizations pursue merger and acquisition (M&A) deals for many reasons, including increased capacity, economies of scale and improved productivity. But the process is more complex than ever, and IT integration often proves to be a significant hurdle.

With today’s sprawling technology environments, it’s hard enough for IT and business leaders to get a thorough accounting of assets owned by the organization that’s being acquired, much less map out a course for seamlessly combining technology and personnel from multiple organizations. But these steps are critical to the overall success of any M&A deal.

HealthTech brought together a panel of IT leaders to discuss how they’ve navigated the often winding, low-visibility paths that lead to M&A success. The roundtable included Geoffrey Brown, CIO at Piedmont Healthcare; Christopher Frenz, assistant vice president of IT security at Mount Sinai South Nassau; and Sherry Slick, CIO at Marathon Health.

HEALTHTECH: What is a healthcare IT ­leader’s main role during the M&A process?

BROWN: The first role of IT is to make sure you complete assessments around the current environment of the acquired organization, aligning it with compatibilities or incompatibilities in your environment. The second thing you do is look at the infrastructure and come back with an understanding of the current landscape, determining what things need to be absorbed. And the third piece is the integration of talent management.

FRENZ: One of the fundamental roles of a person in an information security position is to raise awareness that, when organizations merge, there’s not just the chance for taking on business and financial risks, but there is also the potential for information security risks.

SLICK: You have to think about your role in phases. To start, it’s important for a CIO to be involved early in the M&A discussion. This will enable proper planning, the ability to ask a lot of questions and document the current state of your technology landscape as much as possible, and it will help set the stage for operations integration and application rationalization along with understanding the costs and synergies potential. It will also help avoid “gotchas” later. During the M&A process, the role of a CIO is about more than the IT team — it’s about being a leader across the entire organization and being a business partner. You have to recognize that M&A is stressful for everyone. Then last, it’s all about execution. The list of projects is long, and it can seem like you’re never going to get through it, but if everybody’s on the same page, you’re going to have success.

HEALTHTECH: What are the greatest ­challenges to ensuring strong and uniform ­services for care ­delivery across newly ­merged facilities?

BROWN: You have to respect what the incoming organization is already doing well. I like to get on the ground as soon as permission is granted to learn about the organization and its leadership. Then I work toward developing guidelines that I establish with their IT leadership on the process and plan to go forward. I believe what makes or breaks success is how transparently you treat the process and work through it in the beginning. It’s important to lay the groundwork for trust.

Sherry Slick quote

FRENZ: The major challenge is that you have different organizations, often using different platforms. So even if two organizations support the same service, they may be using different software and different hardware to actually implement that service. Integrating and getting those unified is where one of the major challenges comes in, because you want to provide the same level of care throughout the new organization as you had previously at the separate entities.

SLICK: As we’ve moved through our ­integration, we bumped up against operational questions we needed to get answered. This is not uncommon. Technology can often be the function that forces change in other areas of an organization, and that can be challenging. One thing we did early on was establish an integration structure and internal management office to tackle these questions and raise awareness of risks.

HEALTHTECH: How do you evaluate what technologies are most critical or in need of updating?

BROWN: We go in and get a list of all the applications and infrastructure that the organization has. We develop a spreadsheet of things such as contracts, when they expire and version levels. We try to land on what will help us get the organization more integrated into Piedmont. For example, how are we scheduling patients? How are we processing payroll? We work to line that up as soon as we can, and get everybody starting out with the same playbook.

FRENZ: Anything that’s going to affect patient safety and patient care is definitely more critical. On the security side, a merger also provides a good opportunity to get rid of legacy systems and bring on a new system — or upgrade an existing system — to bring the organizations together on one platform.

SLICK: We have to be able to operate the business. We took a look at all of the operational systems, things like making sure people can get paid, making sure we can communicate with each other, making sure patient records are accessible. We prioritize those first.

READ MORE: How to pave a smoother path toward IT success in M&As.

HEALTHTECH: What are the biggest ­cybersecurity risks that arise during M&A efforts?

FRENZ: It varies depending on the company you’re merging with. I’m a huge advocate for doing a security assessment on the organization that you intend to merge with. That will help you actually go through and identify what those risks are, because different organizations have different risk profiles.

SLICK: The unknowns. When you have two sets of information security policies and procedures, it introduces risk. One of the first things we did was pull together our information security policies and develop one governance, risk and compliance process, so we could all sing from the same sheet of music.

Source: White & Case, “Against all odds: US M&A 2020,” Jan. 29, 2021

HEALTHTECH: What do you consider the ­benchmark for success?

BROWN: We capture where the organization is currently, and my goal is to make sure that we do not impact their current level of performance in a negative way. In addition, we have the goal to enhance performance during this period of integration. We establish goals and review them with their senior administration team and we measure those goals, providing monthly comparisons and metrics along the way. Then, at the end, we reconcile all metrics against those baseline indicators.

FRENZ: I’m very big on repeating the risk assessment process and testing to ensure that the security measures actually work to improve security. I’m very big on taking an evidence-based approach, where I want to actually test and see that the “after” picture is quantifiably better than the “before” picture.

SLICK: A critical indicator is whether our customers are happy. Are we keeping things stable during the integration? Are we making sure we’re answering the help desk calls? The goal is for them to experience little to no downtime while we’re changing this engine in midflight. And then, longer term, are we putting ourselves in a position to scale, and will we see an increase in our velocity of innovation? Ultimately, that is what we’re after.

LEARN MORE: What small hospitals need to know about mergers and acquisitions.

HEALTHTECH: What patient-driven and ­institutional needs shape the healthcare IT merger process?

FRENZ: In terms of patient care, I think the major thing is efficiency. You see more and more healthcare organizations pursuing mergers because they allow for efficiencies in how care is delivered. A larger system often has more resources and is able to provide better patient care because of that.

SLICK: The biggest need is standardizing our operational care delivery system. Getting everybody to the same platform really drives how we deliver care, and is critical. When you’re in two worlds, you’re running two processes. It’s very inefficient from an operations perspective, and it can be a bit challenging for patients. Moving our patient base to the same patient-facing technology not only improves efficiencies but changes how we market our services and how we communicate and engage with them.

Christopher Frenz
I’m a huge ­advocate for doing a security assessment on the organization that you intend to merge with.”

Christopher Frenz Assistant Vice President of IT Security, Mount Sinai South Nassau

HEALTHTECH: How have you seen mergers improve ­operations in healthcare?

BROWN: On the clinical and operational side, you’ve got a larger data set locally that you can perform analytics on. You can look at all types of conditions and outcomes, leveraging a larger data set by which to benchmark best performance. I’ve seen our teams, without having to wait months, analyze trends enabling capabilities to improve quality, safety and service results. The improvements through standardized practice can be rolled out faster to scale, enhancing the customer experience and operational outcomes.   

FRENZ: I’ve seen the process be very successful on the security side. In a previous role, we were able to achieve security improvements and add functionality for all three organizations that were coming together as we went through that process.

LEARN MORE: How executives can chart a path to IT success after an M&A.

HEALTHTECH: What other advice would you offer healthcare IT leaders navigating a merger?

FRENZ: It’s critical to get other people in the organization — other executives, other leaders involved in the merger process — to understand that security risk is something that can also be taken on as you begin to merge with an organization. The more buy-in you get from the other executives, the more support you’ll gain for your own initiatives.

SLICK: Do your homework. It can be tedious, but it’s important to understand everything that is at play and make swift decisions with enough information, so you can put together a target operating model quickly and begin to execute. The longer you’re in limbo, the harder it’s going to be.

I also want to stress the importance of having the proper structure in place to support all of this. When you think about all of the various verticals, all of them running simultaneous projects, it’s super important to have good project management and a really solid program manager at the top.

And then, the organizational readiness piece is huge. It’s absolutely critical, because we could have all of the IT systems ready to go, but if the organization isn’t ready to receive change, projects can fail.

Keith Negley/Theispot

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.