Is Health Care at a Crossroads? Part 2
January 05, 2017
In the second part of our interview, EisnerAmper's leader of its Health Care Services Group looks at consolidation in the health care sector, concerns about patient information and data security, and how being a business and financial advisor to health care professionals is a specialty unto itself. Check out part 1 of this podcast where we discuss the possible impact of the new administration on health care and the key financial issues for physicians and hospital administrators.
DP: Now, with, you know, when you’re talking about a lot of consolidation, or even if not, even if for just any business, technology plays a big role. Talk to us a little bit about the need to protect patient data, you know, security concerns, safeguards, what some of the bad actors are doing, how we can protect ourselves.
MM: Well, the whole idea of – in health care what we refer to as protected health information for patients – has become a very big compliance issue, and of course a big patient privacy issue. It’s been referred to the last few years the focus has been on the electronic version of that data and a lot of that comes from the regulations going all the way back to ’96 for HIPAA where this data has to be protected and secured, and recently in the last couple of years we’ve seen a lot of things written up about cybersecurity. All of the health systems that we deal with are very concerned about the security of patient data. They have a right to be concerned. We, for example, we attended a security conference recently in the health system – for health systems rather – and what we found out was really surprising to us in that security firms who go into hospitals and for about a ninety day period they put their own equipment in and they monitor how many times the hospital’s been attacked, or an attempt at a hack.
MM: Hospital IT people will typically tell you, according to the security firms, that there are about one thousand attacks per day.
MM: The security firms will tell you that the actual number of attacks on hospitals per day is in excess of fifty thousand attacks per day.
DP: Scary. Scary stuff.
MM: So when you start to hear those types of numbers and the IT folks in the health systems are really in a difficult situation because as any consolidation takes place in industry it’s not unusual that the IT platforms of the different companies are going to be different. And, so, one of the challenges they have as part of the consolidation is standardizing the software that’s being used, make sure the hardware is appropriate, and then also introduce cybersecurity standards across this health system, which again, years ago, a community hospital might be $100 million, $110 million organization. Now most of our clients are multibillion organizations. So we’re talking about certainly fortune 500 level companies or higher, finding themselves in a situation within 5-7 years where they have to deal with all these issues. So that, again, that’s a… certainly another big concern for these folks, is how do they protect this information and one of the reasons that it’s being attacked so much is there’s a lot of information out there about the so called dark web. And on that web, if your social security number is on there, it might go for $1 or $2. If your health care information is on there, the current price is anywhere from $5 to $7.
DP: Higher value target, yeah.
MM: Much higher value and the reason it’s higher value is because if you have that data, in theory, you can bill it to a payer to the federal government for services never rendered, get as much money as you possibly can, close your shop down and go somewhere else, do the same thing over and over again.
MM: So this is the typical fraud issue called false claims that the industry is looking at, but again that’s another reason why people are concerned because there’s a much higher dollar value on this data.
DP: Sure, sure. So I would imagine that you would see a larger portion or an increasing portion of hospital’s budgets going towards IT – IT security.
MM: That is exactly what we’ve seen over the last three to five years. In fact – and the HIPAA, specifically the HIPAA security regs, have been very helpful in doing that, because once they came out and were established, finance committees for hospitals realized that they had to start allocating more funds to IT.
DP: Ok. So I’m curious Michael, in your world, in providing financial and business advice to health care – how is it unique or how is it different providing advice to those clients versus other types of clients?
MM: I think probably the… well a couple of things. First of all, unlike a lot of other industries that are creating products that people use, this particular industry is treating people, so from that standpoint it’s always going to be unique. The second thing though is health care is over regulated and to try to put that in perspective I attended a conference a few years ago where the presenter put up one slide up on a screen and it was the number of regulations in the nuclear industry – and as you can imagine when then slide went up it was extraordinarily busy with all the regulations – then on the screen to the right, put up another slide for health care. The health care slide looked about ten times busier…
MM: … than the nuclear industry. So one of the challenges we have when we go into these settings is not only are we giving people advice on how to be better business people, but we’re also very concerned about how they do that because they could, unintentionally, be creating some regulatory issue for themselves, and if they do then they put themselves in a position at a minimum of some significant fines. So that’s the real challenge we have sometimes and I’ll give you a real simple example that’s different in health care than other industries. It’s just not uncommon in other industries to say to a business person, “if you send me a referral for some business, I’m happy to share 20% of whatever I get from that.”
MM: And you try to create as many referral sources as you can. In health care, if you pay for referrals of patients, it’s a federal crime.
MM: So, again, you know, those are the types of things that we have to be very sensitive to. We do a lot of work with health care attorneys. I’ve gotten involved in a lot of expert witness cases in health care over the years, and having that litigation knowledge about health care has really put a lot of health care counsel in systems at ease with bringing EisnerAmper in to do work.
DP: Sure. Ok. Well Michael, thanks for your expertise and your insight on this.
MM: Well thanks for having me today David. I look forward to speaking with you more in the future.
DP: And thank you for listening to the EisnerAmper podcast series. Check out part one of this podcast where Michael discusses the possible impact of the new administration on health care and the key financial issues for physicians and hospital administrators. Visit EisnerAmper.com for more information on this and a host of other topics. And join us for our next EisnerAmper podcast when we get down to business.