Mergers and acquisitions: Health system considers information security pre- and post-merger
HIM-HIPAA Insider, May 4, 2015
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Mergers and acquisitions in the healthcare industry are often decided upon and negotiated by C-suite staff with involvement from security and IT professionals. However, both parties must consider significant security implications prior to, during, and after a merger or acquisition. Security officers are often best suited to dig deep into the information security standards of a facility to identify risks and develop a plan for streamlining security programs between the acquirer and the organization being acquired.
"Security needs to be there at the table," says Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP, manager of Wipfli, LLP, in Eau Claire, Wisconsin. "They may not have to be there with the rest of the C-level organization, but they need to be one of the partners that are brought in at the appropriate times."
That said, security officers should be mindful that a merger or acquisition is a business decision, and security is just one of many factors both organizations must consider, says Ensenbach.
Aspirus Healthcare, a nonprofit health system based in Wausau, Wisconsin, has been actively acquiring or merging with a new facility in its area approximately every 12–18 months for several years, according to Wayne Pierce, information security officer at Aspirus. He has refined a checklist that outlines information security tasks and considerations before, after, and during a merger or acquisition.
Because each facility acquired by Aspirus is unique, the required information security actions will vary. "Have a plan for when things don't go according to plan," Pierce says.
Continue reading "Mergers and acquisitions: Health system considers information security pre- and post-merger" on the HCPro website. Subscribers to Briefings on HIPAA have free access to this article in the May issue.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- CDC alert: Screen for international travel as Ebola cases increase
- Note similarities and differences between HCPCS, CPT® codes
- Q&A: Primary, principal, and secondary diagnoses
- Complications from immobility by body system
- Differentiate between types of wound debridement
- OB services: Coding inside and outside of the package
- Nursing responsibilities for managing pain
- Practice the six rights of medication administration
- The consequences of an incomplete medical record
- E-mailed
-
- CDC alert: Screen for international travel as Ebola cases increase
- Capturing start and stop times for infusions
- Differentiate between types of wound debridement
- Q&A: A second look at encephalopathy as integral to seizures/CVA
- Performing a SWOT analysis
- Life Safety Code Q&A: Ambulatory care soiled utility room
- Leadership training for charge nurses
- Helping Charge Nurses understand their leadership role (Part 2 of 3)
- Five ways to safeguard your patients' valuables
- Developing a Fall-Prevention Program
- Searched