Mergers and acquisitions: Health system considers information security pre- and post-merger
HIM-HIPAA Insider, May 4, 2015
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Mergers and acquisitions in the healthcare industry are often decided upon and negotiated by C-suite staff with involvement from security and IT professionals. However, both parties must consider significant security implications prior to, during, and after a merger or acquisition. Security officers are often best suited to dig deep into the information security standards of a facility to identify risks and develop a plan for streamlining security programs between the acquirer and the organization being acquired.
"Security needs to be there at the table," says Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP, manager of Wipfli, LLP, in Eau Claire, Wisconsin. "They may not have to be there with the rest of the C-level organization, but they need to be one of the partners that are brought in at the appropriate times."
That said, security officers should be mindful that a merger or acquisition is a business decision, and security is just one of many factors both organizations must consider, says Ensenbach.
Aspirus Healthcare, a nonprofit health system based in Wausau, Wisconsin, has been actively acquiring or merging with a new facility in its area approximately every 12–18 months for several years, according to Wayne Pierce, information security officer at Aspirus. He has refined a checklist that outlines information security tasks and considerations before, after, and during a merger or acquisition.
Because each facility acquired by Aspirus is unique, the required information security actions will vary. "Have a plan for when things don't go according to plan," Pierce says.
Continue reading "Mergers and acquisitions: Health system considers information security pre- and post-merger" on the HCPro website. Subscribers to Briefings on HIPAA have free access to this article in the May issue.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- The consequences of an incomplete medical record
- Practice the six rights of medication administration
- Nursing responsibilities for managing pain
- Note similarities and differences between HCPCS, CPT® codes
- Complications from immobility by body system
- Q&A: Primary, principal, and secondary diagnoses
- Skills of effective case managers
- Prevent dehydration with nursing interventions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Correctly bill ancillary bedside procedures in addition to the room rate
- The Cincinnati Pre-Hospital Stroke Scale
- Q: Will Medicare cover homecare services to residents of assisted living facilities (ALFs)?
- Q/A: Coding infusions to correct low potassium levels
- Q&A: Utilization Review Committee Membership
- OB services: Coding inside and outside of the package
- Know the medical gas cylinder storage requirements
- Intravenous therapy guidelines
- ICD-10-CM coma, stroke codes require more specific documentation
- Eight tips to improve MRI throughput
- Searched
-
- cold weather preparedness in hospital
- 99285 and 99285 with modifier 25
- Nursing home administrator
- 72 hour supervised fasting
- 5.If the ICD10CM replaces ICD9CM Volumes 1 and
- anesthesia code for 45331
- Dynaper
- evidencebased competency management INVALIDem
- How to prevent hospitalacquired pressure ulcersinj
- INFECTION CONTROL