The Impact Advisor Q4 2021

The Impact Advisor Q4 2021

The Impact Advisor - Impact Advisors' Quarterly eNewsletter

The Impact Advisor newsletter is focused on healthcare IT news topics, trends, and disruptors. Subscribe now so we can continue to share our industry insights and thought leadership with you.


View Back Issues

November 2021


A recent survey of health delivery organizations conducted by the Ponemon Institute underscores the tangible clinical consequences associated with a ransomware attack. Overall, 43% of respondents said their organization has experienced a ransomware attack at some point, and 60% of those indicated that they paid the ransom. According to the authors, “respondents report that ransomware attacks had a significant impact on patient care, reporting longer length of stay (71% of respondents), delays in procedures and tests (70% of respondents), increase in patient transfers or facility diversions (65% of respondents) and an increase in complications from medical procedures (36%) and mortality rates (22%).”

Image source: “The Impact of Ransomware on Healthcare During COVID-19 and Beyond,” Ponemon Institute, September 2021

Although medical devices represent a significant area of vulnerability for hospitals and health systems (especially in the wake of the pandemic), a surprisingly limited number of respondents expressed high confidence that their organization is “effective” in knowing the location or age of all its medical devices.

Image source: Adapted from “The Impact of Ransomware on Healthcare During COVID-19 and Beyond,” Ponemon Institute, September 2021

[Note: callout box added by Impact Advisors for emphasis]

Why It Matters:

There is far more information in the survey than we can cover here in this space, so we highly recommend reading the full report. The connection between a ransomware attack and adverse effects on patient care is obviously not surprising, but the scope of impact reported by hospitals and health systems speaks volumes. The fact that more than one in five respondents said they experienced an increase in mortality rate as a result of a ransomware attack should be a wake-up call for hospitals and health systems everywhere.

We think another alarming finding from the survey is the second chart above. A single hospital typically has thousands (in some cases even tens of thousands) of medical devices in their inventory, with potentially hundreds of different categories and subcategories of equipment – each with its own target refresh cycles, mix of vendors, and patient safety considerations.  Many of those devices – particularly older ones – may not have been originally designed with information security in mind. With the number of network-enabled medical devices rapidly increasing, concerns about the “nightmare scenario” of a cybercriminal hacking into a device directly connected to a patient are at an all-time high. Despite those well-founded fears, the second chart above underscores that there are still basic foundational issues that need to be resolved at many provider organizations. Put bluntly, there is only so much risk that can be mitigated from an information security perspective if a hospital or health system doesn’t know the location or age of all the medical devices it owns.

Effective management of medical devices – whether responding to FDA recalls, accurately forecasting budget needs, or protecting against rapidly evolving cyber threats – requires a comprehensive, real-time enterprise device inventory that can fuel proactive, analytics-driven processes and provide an accurate depiction of overall risk. 

Related Reading
Why Supply Chain Security Matters
Ransomware Protection Best Practices


According to a survey from the Center for Connected Medicine and KLAS, “despite a surge of telehealth services during the COVID-19 pandemic, more than 80% of organizations report doing less than 20% of their appointments via virtual care.” The study adds that “the small handful of respondents currently conducting more than 30% of their appointments virtually often note that their volumes are still inflated by the pandemic and expect their long-term volumes to be lower.”

Image source: “The Intersection of Value and Telehealth,” Center for Connected Medicine and KLAS, August 2021

Why It Matters:

There has been a lot of attention in the industry about the drop in volume of virtual visits (especially as a percentage of overall visits) since the initial phase of the pandemic. However, it is important to remember that the immediate tactics to provide remote care to patients in response to the pandemic was not intended to be a strategic or sustainable model.  A decrease in volume was both inevitable and expected.

We think a more critical factor right now is how organizations can build upon what they’ve learned during the pandemic to be more strategic with virtual care. At many organizations, virtual care solutions continue to be used largely as a substitute for an existing visit as opposed to an agent of change. Forward-thinking health systems today are the ones who see the opportunity for innovation – and who are embracing the strategic aspects of a true telehealth program. For example, in primary care, leading providers are focused on optimizing and standardizing their care delivery model with a “virtual first” approach to ensure a more predictable and sustainable delivery model (e.g., making virtual visits the default for specific appointment types, etc.). Meanwhile, in clinical specialty areas (cardiology, oncology, etc.), leading providers are using telehealth as a strategy to drive growth (e.g., leveraging virtual care to extend their specialty reach into new populations of patients, etc.).


A research brief from CB Insights postulates that “Epic Systems – and the broader electronic health records market – is being disrupted across many of its core functions and revenue streams.”  The authors note that “federal legislators [have enacted legislation]… to require that all EHR vendors adopt APIs that will allow patient records to be passed between hospitals more easily,” adding “these new rules help level the playing field for new entrants.” Specifically, the article looks at “how [the authors believe] healthcare technology startups are responding to this opportunity by ramping up the competition with Epic to win end-user workflow and health IT revenue.”

Image source: “Unbundling Epic: How the Electronic Health Record Market Is Being Disrupted,” CB Insights, August 2021

Note: for a high-res version of the image above, click here

Why It Matters:

There is no question that many of the startups profiled in the article are doing some genuinely innovative things – and the targeted functionality offered by some of the niche solutions above may very well surpass anything currently available from enterprise EHR vendors today. However, we respectfully disagree with the idea that Epic is “being disrupted.” In fact, we think it is highly unlikely that Epic will be disrupted – at least not any time soon.

One major (and obvious) reason is Epic remains so firmly operationally and financially entrenched at its hospital and health system clients, but another key factor that is often overlooked when the topic of enterprise EHR “disruption” comes up is integration. It is true that the new rules around APIs will improve the ability for 3rd party applications to pull data from the EHR, but when it comes to competing capabilities, there is no comparison – at least from an integration and workflow perspective – between a niche 3rd party solution connected to the EHR via an API and native functionality from that EHR vendor built on the same database. Bottom line, we think the chart above is a great list of emerging startups worth keeping a close eye on, but for now, they should probably be viewed as complimenting the enterprise EHR market rather than “disrupting” it.

Related Reading
Achieving ROI from your EHR


A fantastic article co-authored by Impact Advisors’ own Larry Katzovitz in HSS Journal looks at Hospital for Special Surgery’s (HSS) approach to implementing the complex changes required under the 21st Century Cures Act (such as the highly publicized “Information Blocking” requirements). Per the authors: “As health care systems implement the provisions of both the Cures Act and the Interoperability and Patient Access rule, they must also undergo dramatic changes in workflow and culture.  At HSS, implementing these complex regulations has required collaboration among many departments and individuals, including IT and operations teams, clinical staff, health information management, compliance and legal teams, researchers, and physical therapists.” See project organization chart from HSS here. The authors conclude: “As with COVID-19, success meant involving stakeholders from many disciplines, creating a well-defined governance structure, and working as with as much efficiency and agility as possible. As with COVID-19, our experience now will serve us well in the future.”

Why It Matters:

The article is an excellent reminder about the level of commitment, organization, and multidisciplinary stakeholder engagement that is needed to ensure compliance with the provisions of the Cures Act – but we think the article also underscores how leading organizations are taking the critical lessons that were learned during the initial phase of the pandemic (e.g., the importance of governance, agility, etc.) and applying them to a new set of pressures. We think the authors put it perfectly when they state: “This is just the beginning.  Indeed, several multiyear, transformational regulatory requirements have been proposed, including other information blocking rules (which are likely to lead to the entire EHR being available to patients), safe prescribing rules, and revisions to the Health Insurance Portability and Accountability Act. Like the changes made under the Cures Act, implementation of these revisions will require careful analysis, project management, governance, and multidisciplinary approaches.”

Related Reading
Six Key Principles of Successful Change Management


Provider organizations continue to be concerned about the threat posed by a variety of different non-traditional competitors, according to a survey from Kaufman Hall. Per the authors: “Healthcare leaders continue to acknowledge the risk of tech giants, well-resourced healthcare companies including UnitedHealth Group/Optum and CVS/Aetna, and new, innovative providers seeking to disrupt traditional care delivery models. Seventy-six percent of respondents cited UnitedHealth Group/Optum as a strong or extreme threat, up from 67% in the 2019 Kaufman Hall State of Consumerism Survey.”

Image source: “State of Consumerism in Healthcare 2021: Regaining Momentum,” Kaufman Hall, September 2021

Why It Matters:

There continues to be no shortage of attempts to disrupt traditional models and approaches in health delivery, whether from payers, tech giants, national pharmacy and retail chains, large employers, or even providers themselves. More than ever, it is critical for hospitals and health systems to get innovation “right.” This means finding new ways to leverage the health system’s brand, exploring alternative models of care such as the “hospital at home” – and of course, building on existing differentiators such as depth of services, clinical expertise, and the patient-provider relationship. Innovation is not just about responding to perceived threats from new entrants and non-traditional competitors in health delivery though. It is also about capitalizing on any opportunities that emerge to form strategic partnerships with those stakeholders. The dynamics in each market or region will obviously be inherently different, but as the competitive landscape continues to evolve, the health systems who are able to foster a culture of innovation internally and actively participate in disruption will be far better positioned for success than those who do not.

Related Reading
Critical Trends in a Rapidly-Changing Health Delivery Market


Jennifer Martin, Principal

When is the best time to bring a change management team onto a project/implementation?

Many organizations underestimate the power of the change management team and what they bring to the project. They think, “If you build it, HE (they) will come” (Field of Dreams, 1989). This expectation creates a mindset the organization doesn’t want to put the energy into their people to help them understand the “why,” ultimately, creating a culture of resistance and employees not feeling valued.

Here are three top reasons why you need to embed your change team early and often:

1. Be proactive and prepared

  • Organizations may try and keep projects a hush or not want to share details right away, but employees usually find out prior to the announcement. So why not ensure employees receive the correct type of information?
  • The sooner the change team can understand the vision, objectives of expected changes, and culture shift needed, they can be prepared to address the questions employees will ultimately have when they catch wind a change is coming.

2. Create an environment that empowers the voice of the employees

  • Time is of the essence. Having the ability to reach out to the organization to comprehend the needs of their employees, assess the capacity of change in the organization, and identify the right expectations from leadership will show the organization’s commitment to their people.

3. Plan effectively

  • Bringing on the change team at the beginning of the project will align with the overall project team and create a cohesive approach.
  • The change team can assess the organization on their change capacity and culture expectations.
  • Gain commitment from key stakeholders to help drive and be part of the solution.
  • Design a preliminary thought-out change management strategy based on the six key principles.
    • Leadership: Active and visibly engaged
    • Inclusion: Empowering employees
    • Communications: Bridging gaps and sharing knowledge
    • Metrics: Defining expectations
    • Enablement: Knowledge is power
    • Reinforcement: Create sustainability

By starting early, you decrease the risk of employees not embracing the change, create an environment where individuals understand clear expectations, and ultimately save money by not having to spend more time down the road playing catch-up.

Learn how the six key principles will drive successful change in your organization!