Impact Insights

Week in Review 10/30/15: Cybersecurity Bill; New Study on IT Benchmarking

SIGNIFICANT CYBERSECURITY BILL PASSED BY THE SENATE… Earlier this week, the Senate passed the Cybersecurity Information Sharing Act (CISA), which encourages private entities to exchange data on cyber threats with the federal government.  For example, under the bill, a hospital (or a bank, retail chain, software vendor, etc.) that voluntarily shares cyber threat information would be granted certain liability protections.  Although the bill applies to all industries, Politico reports there are also a “handful” of healthcare-specific provisions included, such as language that would “create a HHS cybersecurity task force that would create a plan for the free sharing of actionable intelligence within the industry.”  The bill passed by the Senate still needs to be reconciled with the version passed by the House in April 2015 before it can be signed into law by the President.

Impact Advisors’ Thoughts:  Like any bill (particularly one that applies to all industries), the Cybersecurity Information Sharing Act has its share of critics.  However, it is important to note that reactions from healthcare IT stakeholders have been largely positive thus far.  For example, CHIME (which represents the interests of healthcare CIOs) expressed strong support for the bill in a joint statement with the Association for Executives in Health Information Security.

A UNIQUE APPROACH TO BENCHMARKING… An article published in the Journal of Healthcare Information Management looks at the experience of participants in the Scottsdale Institute Health IT Benchmarking Program and the ways those provider organizations are using the benchmarking data.  Perhaps the biggest takeaway from the study was that overall, a full 100% of survey respondents said their organization finds value participating in the program.  For context, the Health IT Benchmarking Program was established by the not-for-profit Scottsdale Institute (SI) in 2006.  Rather than focusing on industry-wide averages like many current approaches to IT benchmarking, the SI program instead focuses on normalized, one-to-one comparisons of IT cost data between similar organizations.  [Note: Impact Advisors assisted SI with the study and was one of the co-authors of the article.]

Impact Advisors’ Thoughts:  Interest in IT benchmarking remains very high among provider organizations, and SI’s approach definitely represents a departure from traditional benchmarking databases.  The article is highly recommended reading for anyone who wants to learn more about the SI Health IT Benchmarking Program.  (Note there is no charge for hospitals and health systems to access the SI database – and SI membership is not required.)

WHAT DO HOSPITAL EXECUTIVES SEE AS THEIR BIGGEST CHALLENGES?… One of the findings of a new Peer60 survey of hospital executives raises questions about information security priorities in some organizations.  When asked about the top challenges facing their hospital, the most common response was “managing the switch to value-based reimbursement models” (cited by 64% of hospital executives), followed by “coordinating care” (56%) and “managing patient populations” (54%).  However, as the authors point out, “improving information security” was much lower on the list, mentioned by only 30% of hospital executives.  [Note: the full report also includes survey results about M&A plans and hospital executives’ opinions on which providers, vendors, and technology companies are “most innovative.”]

Impact Advisors’ Thoughts:  Despite being mentioned by less than a third of all hospitals executives, “improving information security” was actually the most frequently cited challenge among responding CIOs.  The relative lack of concern about information security among all other types of executives underscores the fact that in many hospitals, there is often limited awareness of information security-related issues across the organization as a whole.

BIG M&A NEWS… Earlier this week, news broke that Walgreens agreed to buy Rite Aid for $9.4 billion.  According to the Wall Street Journal, the combined companies would have roughly 13,000 stores and own 46.5% of overall market share.  However, the WSJ also notes that the deal, “which would unite two of the country’s three biggest drugstore owners, would be likely to draw scrutiny from antitrust regulators.”

Impact Advisors’ Thoughts:  We think this merger is important for providers given 1) the sheer size of the deal and 2) the fact that Walgreens’ primary competitor (CVS) has increasingly been trying to make inroads in health delivery (most notably through its walk-in MinuteClinics).  It is impossible to say what impact the potential merger will have on CVS’ plans, but it is worth noting that the company Walgreens agreed to buy (i.e., Rite Aid) has almost 1,860 wellness stores and, according to the WSJ, recently expanded their walk-in “RediClinics.”