Growth Through Health IT Integration Takes Planning
Luminis Health’s newly combined IT department spent 2½ years integrating resources between AAMC and DCMC.
First, the team integrated the hospitals’ data centers and networks. DCMC had older servers that needed an upgrade, so the IT staff expanded AAMC’s Nutanix footprint and added more storage to AAMC’s IBM Power8 servers to support DCMC.
The team installed new Cisco routers and Meraki software-defined WAN equipment to create redundant network connections between the two data centers. DCMC’s LAN received an upgrade with new switches and Wi-Fi equipment, eliminating IP address conflicts.
“This allowed us to become one integrated network, which opened the door for us to standardize on one EMR, share services with key applications and standardize the endpoint experience for users,” Rodriguez says.
After integrating the IT infrastructure, the team looked at each hospital’s software case by case and chose a new standard based on features, value and whether it positioned the company for growth, says Ron Nolte, Luminis Health’s vice president of information services applications.
EXPLORE: Why planning is key to managing health IT integration during an M&A.
IT staff mostly chose AAMC’s enterprise-class applications, such as on-premises Epic EMR implementation and PeopleSoft’s ERP and HR applications in the Oracle Cloud, Nolte says. Standardization on some DCMC software included a food service application.
“AAMC had already invested in enterprise-level applications in preparation for our next growth phase. Many of DCMC’s applications were appropriate for its revenue levels but could not scale to the levels necessary for Luminis Health,” Nolte says.
The IT security team used Rapid7 security monitoring software to run vulnerability scans across DCMC’s network and data center, says Luminis Health CISO Mike Widerman. Then DCMC adopted AAMC’s enterprise security solutions, including mobile device management software.
“Our priority was to make sure we have the same security protections and the same set of eyes and ears,” Widerman says.
More recently, Luminis Health upgraded its endpoint security to a Palo Alto Networks solution and has hired a managed service provider to run a security operations center for 24/7 IT infrastructure monitoring. “They are a dedicated extension of our team and will alert us if we need to take action on something,” Widerman adds.
Cybersecurity Scrutiny Is Key in Healthcare Mergers and Acquisitions
A healthcare acquisition is not just adding one organization to another; it could also mean inheriting security flaws and vulnerabilities.
When an M&A deal closes, Lehigh Valley Health Network CIO Mike Minear brings in a third-party cybersecurity vendor to independently evaluate a new acquisition’s security posture.
Once, the Allentown, Pa.-based organization discovered that a newly purchased company had not patched its IT infrastructure for years. Another time, it found active hackers on the network of the acquired organization.
“We do a cybersecurity review, assess everything and fix concerns before we connect the acquired network to ours,” Minear says.
DISCOVER: Tips from CIOs on navigating mergers and acquisitions in healthcare.
The health network, which has 13 hospital campuses, has grown through M&As in recent years, including the purchase of the Coordinated Health system in 2019 and the physician group Delta Medix in 2021.
LVHN brings new acquisitions up to speed on security with new firewalls, data loss prevention tools and implementing Imprivata’s single sign-on technology, Minear says. The organization operates two data centers in colocation facilities and typically has enough capacity to absorb providers into its infrastructure.
Over the years, the health network has archived patient data from more than 40 EMRs as acquired organizations migrated to LVHN’s Epic implementation. Old patient data has been harmonized into a common format. If physicians need to see older records, they can click a button on Epic and access the archived data, Minear says.
“It sounds easy, but it takes years and a lot of work to get that done right,” he adds.
Click the banner below to learn IT integration best practices during a merger or acquisition.