Growth through healthcare IT integration requires planning
Luminis Health’s newly merged IT department spent 2½ years integrating resources between AAMC and DCMC.
First, the team integrated the hospitals’ data centers and networks. DCMC had older servers that needed an upgrade, so the IT staff expanded AAMC’s Nutanix footprint and added more storage to AAMC’s IBM Power8 servers to support DCMC.
The team installed new Meraki Cisco routers and software-defined WAN equipment to create redundant network connections between the two data centers. DCMC’s LAN was upgraded with new switches and Wi-Fi devices, eliminating IP address conflicts.
“This allowed us to become an integrated network, which opened the door for us to standardize on an EMR, share services with key applications, and standardize the endpoint experience for users,” says Rodriguez.
After integrating the IT infrastructure, the team reviewed each hospital’s software on a case-by-case basis and chose a new standard based on features, value and whether it positions the business for growth, says Ron Nolte, vice president of Information Services Applications by Luminis Health.
EXPLORE: Why planning is key to managing healthcare IT integration during an M&A.
According to Nolte, the IT staff primarily chose AAMC’s enterprise-class applications, such as the on-premises implementation of Epic EMR and PeopleSoft’s ERP and HR applications on Oracle Cloud. The standardization of some DCMC software included a food service application.
“AAMC had already invested in enterprise-level applications in preparation for our next phase of growth. Many of DCMC’s applications were appropriate for the level of sales, but could not scale to the level required by Luminis Health,” says Nolte.
The IT security team used Rapid7 security monitoring software to conduct vulnerability scans in DCMC’s network and data center, says Mike Widerman, CISO of Luminis Health. Then DCMC took over AAMC’s enterprise security solutions, including mobile device management software.
“Our priority was to make sure we had the same safety precautions and the same eyes and ears,” says Widerman.
Luminis Health recently upgraded its endpoint security to a solution from Palo Alto Networks and hired a managed service provider to run a security operations center for 24/7 monitoring of its IT infrastructure. “They are a dedicated extension of our team and will alert us when we need to take action,” adds Widerman.
Cybersecurity auditing is key in healthcare mergers and acquisitions
A healthcare acquisition is not just adding one organization to another; it could also mean adopting security gaps and vulnerabilities.
When an M&A deal closes, Lehigh Valley Health Network CIO Mike Minear brings in a third-party cybersecurity provider to independently assess the security posture of a new acquisition.
At one point, the Allentown, Pennsylvania-based company found that a newly acquired company hadn’t patched its IT infrastructure in years. Another time, it found active hackers on the acquired organization’s network.
“We conduct a cybersecurity review, assess everything, and resolve concerns before connecting the acquired network to ours,” says Minear.
DISCOVER: Advice from CIOs on navigating healthcare mergers and acquisitions.
The 13-hospital campus healthcare network has grown through mergers and acquisitions in recent years, including buying Coordinated Health Systems in 2019 and physician group Delta Medix in 2021.
LVHN brings new acquisitions up to date with security with new firewalls, data loss prevention tools and the implementation of Imprivata’s single sign-on technology, says Minear. The company operates two data centers in colocation facilities and usually has enough capacity to add providers to its infrastructure.
Over the years, the healthcare network has archived patient data from more than 40 EMRs as acquired organizations migrated to LVHN’s Epic implementation. Old patient data has been harmonized in a common format. If doctors need to look at older records, they can click a button on Epic and access the archived data, Minear says.
“It sounds easy, but it takes years and a lot of work to get it right,” he adds.
Click on the banner below to learn best practices for IT integration during a merger or acquisition.