Healthcare IT As An Opportunity for Private Equity

Healthcare IT as an Opportunity for Private Equity
With Mark Harris of Jenner & Block

Mike Straka, Privcap:  Welcome to Privcap. We’re joined now by Mark Harris, leader of Jenner & Block’s private equity group. Welcome.

Mark Harris, Jenner & Block:  Thank you. Nice to be here.

Straka: We’ve had a busy year, particularly in healthcare IT. There’s been a lot of mergers and acquisitions going on. Currently, you’re working on a big one with Merge Healthcare and IBM. What do you think is driving some of that M&A activity?

Harris: I’d say, for the most part, it’s data. The companies have accumulated a tremendous amount of data over the last couple of years. They’re now trying to figure out new and better ways to use that data—to store it, to transmit it, and to allow clinicians to develop strategies and care strategies based on the data they have.

Straka: Right. Back in the day, it was Sarbanes-Oxley that created all of the data. And now you’ve got the Affordable Healthcare Act. How has that changed the way healthcare is treating data?

Harris: It’s important. First of all, the government incentivized people to have their data become electronically stored—to collect it that way so it could be maintained universally—so that patients and care providers would have access to it. Now, it’s a function of having that data—how do we secure it? There’ve been some major data breaches this year. Then, the next step is how do we use it? How do we use it effectively to guide treatment plans and to help organizations be more efficient in the care they provide based on the results that other patients have had over the years under similar circumstances?

Straka: What does one do with healthcare data if it’s stolen, for instance?

Harris: It’s the most personal data anybody has. Their health records are most important to them. Having that data could embarrass people; it could be used for a lot of different reasons. For the most part, though, I think it’s a matter of making sure that people’s personal information has been properly protected. The HIPAA rules and other electronic data rules are designed to maintain the confidentiality of that patient-doctor information, and it’s just a matter of basic privacy rather than commercial privacy, for the most part, I think.

Straka: What do you think these days is the biggest disrupter in the healthcare industry?

Harris: I actually think it’s data, and I think it’s being able to do something more with what you have by scheduling better—particularly, the use of equipment, use of beds in a hospital, or the physicians’ time. By using that data, they can be more efficient along those lines and keep the cost of healthcare down. I think it’s sharing that data among different care providers so that if someone is seeing multiple specialists as well as a general practitioner, all those people are looking at the same records and getting the same information so that the pharmacy drugs provided are not in conflict, that [they know about] the treatment that has happened already, so they’re not being re–x-rayed for the same item multiple times. Being able to share that information is incredibly important.

For the most part, it’s trying to identify how the Affordable Care Act is going to change the practice of medicine and the use of medical services going forward, whether that’s data (which I do a lot of) or that’s different types of care providers. I see a lot of investment in hospice-type care and other kinds of outpatient clinics, where they’re taking people that might otherwise have been in a major hospital and having them be treated in a more local or more concentrated or specialized environment. And those are the kinds of capital-intensive opportunities that I think private equity is really interested in and can find interesting opportunities to deploy their capital.

Straka: How has the SEC been involved with what you have to do and the regulations of people having to now register as RIAs and things like that?

Harris: I don’t think it’s had a tremendous direct impact on the healthcare community other than so many companies are public and they’re dealing with that. I think where it really has affected is the ability for smaller companies to go public. The cost of being public is quite high because of Sarbanes-Oxley and other rules. And I think that’s created opportunities for private equity to identify investments in the middle–market space. Companies that might have gone public in the past are now having either growth equity investments from private equity or being sold to private equity. Companies are being brought together through bolt-on and add-on acquisitions, and then being sold to the larger groups as they get bigger, rather than going public as a prelude to a potential transaction.

Straka: When you’re talking about IT, when those buy–and–builds happen and you have add-on acquisitions, it becomes a challenge integrating everything, doesn’t it?

Harris: Absolutely. And that’s one of the principal questions that a customer of a company that’s being acquired has: what’s going to happen to the software I have installed? Will it continue to be supported for the long term, or will there be some migration to a different platform now that you’re being acquired? It’s certainly part of the diligence process in executing those transactions to understand how those pieces of software and different systems can integrate or whether one needs to migrate over the other. And some transactions are really challenged by the technology issues that go along with that.

Straka: Right. You have an Oracle database or a SQL database, and they don’t play very well together.

Harris: Yes. And it’s really been essential as part of trying to use that data effectively—it’s important that all those systems be able to talk to one another. There are lots of healthcare IT plays that are really the translation of one set of data into another format for use by somebody else on their systems. And those companies have been very successful by playing that intermediary role and exchanging that data in an effective way.

Straka: Right. So, do you have to get involved in middle-ware, middle-entity transactions when you’re merging two different healthcare industries?

Harris: Absolutely. It’s part of the diligence process for us to understand what the data rights are, what the ownership rights with respect to IP might be, and what IP challenges the target might have. It’s also important to understand what the rights are to use the data you’ve collected and those transactions are all separately negotiated and not necessarily uniform. So, it’s important that the lawyers get in there and understand at what point you will be able to use the data going forward and at what point you will not.

Straka: When it comes to that data and putting it on a network, is it typically a virtual private network or EPN, or do you see things going up on a cloud through internet protocol?

Harris: Certainly, the cloud is the way that’s headed. It obviously brings along with it some very significant additional security risks and challenges. There are companies out there that provide the data storage capabilities in a very secure manner that addresses that. But it also provides a certain level of disaster recovery and availability that you wouldn’t have with the paper records stored in some basement somewhere. So, you pay a certain price for having much greater access and a much easier method to transmit that data; the flip side of that is making sure you’ve got the security right.

Straka: When you’re advising clients on that exact scenario, are there other requirements for redundancy and for that disaster recovery and that security? Where does the buck stop when something bad happens?

Harris: I think the buck stops in a lot of places when something bad happens because it’s usually not a breakdown of a single system. It’s usually a number of vulnerabilities that are being targeted in order to gain the unauthorized access that creates that. So, there’s a whole forensic aspect of how did it happen? Then there’s a matter of, once it’s out there, how do you notify the people who’ve had the data compromised and how do you help them get through that? It obviously is more important, depending on the type of information that’s been breached. If you have credit–card information, you have a whole financial aspect to it. If you have health records that are unrelated to credit cards and financial records, you still have a significant privacy issue. So, you have to address each of them as the situation occurs.