As cyberattacks become more frequent and the pace of regulatory change accelerates, investing in strong compliance programs is critical for ambulatory surgery centers (ASCs).
But that’s easier said than done. ASCs are often forced to do more with less, as reimbursement cuts, wage increases, inflation and other financial pressures strain surgery centers’ bottom lines.
This dilemma – investing in compliance when financial resources are scarce – is a commonality that many health care organizations share, a recently released report from legal firm Barnes & Thornburg LLP suggests.
“Health care compliance professionals are dealing with expanding areas of risk, even as many report resource constraints that could limit their ability to meet challenges,” John E. Kelly, partner and chair of Barnes & Thornburg’s health care department and health care industry practice, said in a press release. “These pressures underscore the need for organizations to adopt a robust compliance strategy to stay ahead of the curve.”
To better understand compliance trends and health care organizations’ ability to respond to threats, Barnes & Thornburg surveyed 120 compliance, risk and legal leaders across the sector. Respondents came from hospital systems, physician groups, pharmaceutical companies, medical device manufacturers and other provider types.
Organizations that participated in the survey came in all shapes and sizes, with annual revenues ranging from $1 million or less to those generating billions of dollars each year.
One of the biggest takeaways from the report: Only 31% of the surveyed health care leaders said they felt “very prepared” in their ability to meet future compliance and risk challenges.
Additionally, less than half of the respondents – just 42% of them – said they felt “very confident” about maintaining high quality of care in light of compliance and risk issues.
To mitigate some of the challenges, a majority of respondents said they planned to leverage AI-powered tools, both generative and predictive, in their internal compliance programs. Common application examples include data analysis, risk assessments and administrative tasks, according to the Barnes & Thornburg report.
“The rapid expansion of AI and digital health offers ample opportunities to enhance patient care and access,” Brian J. McGinnis, partner and co-chair of the firm’s data security and privacy practice, said in a statement. “But organizations must establish guardrails to protect against associated risks, including cybersecurity and data threats, and ensure secure and ethical use of this powerful technology.”
There are multiple instances of ASCs experiencing cyber-security incidents in 2024.
In June 2024, the Ambulatory Surgery Center of Westchester, in Mount Kisco, New York, announced a data security incident that may have impacted data belonging to certain employees and patients.
In August 2024, Kootenai Health and its subsidiaries – Kootenai Clinic, Kootenai Outpatient Surgery and Kootenai Outpatient Imaging – reported experiencing a data security incident as well.
Of course, the most prominent example of compliance and cyberattack challenges from this year was the Change Healthcare incident, when hackers forced the company to take its systems offline, creating serious cash-flow problems across the health care landscape.
“Sufficient defense against cyberattacks is casting a particularly long shadow over the industry amid fallout from recent incidents like the Change Healthcare data breach,” the Barnes & Thornburg report notes.
Amid rising compliance challenges and continued financial squeezes, more health care organizations are considering private equity investment.
Nearly a quarter of the respondents from Barnes & Thornburg’s survey said their organizations had already accepted PE backing. Another 28% said they were either actively seeking it or were in the process of negotiating to receive it.
