Health Information Management

Mergers and acquisitions: Health system considers information security pre- and post-merger

HIM-HIPAA Insider, May 4, 2015

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Mergers and acquisitions in the healthcare industry are often decided upon and negotiated by C-suite staff with involvement from security and IT professionals. However, both parties must consider significant security implications prior to, during, and after a merger or acquisition. Security officers are often best suited to dig deep into the information security standards of a facility to identify risks and develop a plan for streamlining security programs between the acquirer and the organization being acquired.

"Security needs to be there at the table," says Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP, manager of Wipfli, LLP, in Eau Claire, Wisconsin. "They may not have to be there with the rest of the C-level organization, but they need to be one of the partners that are brought in at the appropriate times."
 
That said, security officers should be mindful that a merger or acquisition is a business decision, and security is just one of many factors both organizations must consider, says Ensenbach.
 
Aspirus Healthcare, a nonprofit health system based in Wausau, Wisconsin, has been actively acquiring or merging with a new facility in its area approximately every 12–18 months for several years, according to Wayne Pierce, information security officer at Aspirus. He has refined a checklist that outlines information security tasks and considerations before, after, and during a merger or acquisition.
 
Because each facility acquired by Aspirus is unique, the required information security actions will vary. "Have a plan for when things don't go according to plan," Pierce says.
 
Continue reading "Mergers and acquisitions: Health system considers information security pre- and post-merger" on the HCPro website. Subscribers to Briefings on HIPAA have free access to this article in the May issue.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs

  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular