How marrying clinical asset management and cybersecurity strategies can improve healthcare providers' capital planning

Health systems' capital planning strategies focus primarily on finances but should extend to clinical assets and the cyberthreats they are exposed to, as those elements have a large impact on clinical operations, regulatory compliance and financial risk.

During Becker's 10th Annual CEO + CFO Roundtable, in a session sponsored by TRIMEDX, a clinical asset management company, two TRIMEDX leaders — David Stevens, vice president for clinical asset management, and Murphy McGraw, director of product management — led a presentation and answered questions from attendees about optimizing providers' cybersecurity and clinical asset strategies.

Four key insights were:

1. Health systems are navigating concerning macro trends that affect their capital planning strategy. Roundtable participants shared some of their biggest challenges: a shrinking bottom line, cyber risks related to aging infrastructure and technology, a shortage of clinicians and a need for more efficient care models.

Mr. McGraw provided statistics that justify those concerns: negative hospital operating margins, a huge increase in healthcare ransomware attacks, longstanding nursing shortages and 44 percent more care expected to shift to alternative sites in the current decade.

Solutions that providers have deployed to tackle these risks, such as deferring capital investments, cutting costs indiscriminately or investing in disparate cyber technologies that do not provide holistic defense or even complement each other, have been ineffective and even detrimental to long-term growth. This is so because blanket cost-cutting prevents channeling investment into strategic assets, while purchasing cyber technologies in a haphazard manner increases hospitals' operating expenses without necessarily reducing the exposure of medical devices to cyber risk.

2. Clinical assets have a widespread impact on hospital finances and clinical operations. Clinical assets include medical devices and the investments organizations make to acquire, maintain and keep them cybersecure. On average, clinical assets account for about 25 percent of health systems' capital expenses and between 1 and 2 percent of their annual operational expenses. (As a practical example, this means that adding $1 million worth of capital expense translates into an additional $50,000-$100,000 worth of annual operational expense.) Against this backdrop, with shifting sites of care and patient volumes that may require investments in additional units, the astute management of clinical assets across the care continuum, including those used in lower-acuity settings, takes on critical importance. 

Yet, financial decision-makers do not necessarily have the full picture to allocate investments into the right clinical assets. "Decisions are potentially being made at the department level," one participant said. However, clinical asset purchase decisions made at the department level tend to be made in a silo, increasing the likelihood of the organization ending up with duplicative or excess equipment and, therefore, an inefficient use of capital budgets and excess spend across the entire health system.

3. Providers' capital planning strategies should encompass cybersecurity and clinical asset management. With cyberthreats in healthcare having more than doubled in the past year and the average data breach costing more than $10 million, hospitals and health systems have an economic and moral imperative to strengthen their cyber defenses. Yet, many organizations do not have a fully thought-out strategy on how to incorporate medical device risk reduction into their capital planning strategies and instead leave it up to their IT departments to figure out and "clean up."

Compounding this reality is the fact that cyber insurance premiums have skyrocketed and organizations are finding it increasingly difficult to take out or renew insurance policies. "Deductibles have gone up by tenfold and premiums have gone up by double this year, so we're looking at an additional 20-30 percent spend — it's unsustainable," one roundtable participant said. "And even after paying the increased premium, [insurers] have reduced coverage by 50 percent."

To put their capital planning strategies on the right track, organizations need to view cyber risk as a key parameter when evaluating what equipment to buy and how to maintain that equipment, and need to think about what impact cyber risk has on device lifecycle management. That includes assessing the level of risk they are willing to accept, determining appropriate risk monitoring activities and remediation actions (e.g., applying patches and compensating controls) and thinking about whether a device can be easily replaced or updated to preserve clinical functionality in order to extend its life and defer capital expenditure.

4. A comprehensive clinical asset management framework can provide a scalable solution to support long-term growth strategies. The utilization of different clinical assets may be impacted by resource constraints, supply chain shortages, cyberthreats and changes in consumer behavior, technology or reimbursement rates. "While you want to maximize the life of an asset, you need to be taking into consideration what current cybersecurity threats may persist on some of these devices," Mr. McGraw said. He also noted the importance of meticulous asset inventory and preventative maintenance.

To get a handle on this and minimize risks, organizations need a comprehensive, system-driven approach to clinical asset management that centralizes data, enables full visibility of all clinical assets and integrates clinical engineering, cybersecurity training and preparedness. Organizations also need capital planning to keep devices safe and functional for patients while optimizing inventory levels to reduce expenses. This collaborative and integrated approach needs to start at the top with executive leadership.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars