Although the future of the Affordable Care Act (ACA) is still cloudy, there is such a thing as a “sure bet” for healthcare consultants and their clients. Regardless of when and how the Trump Administration proceeds with “repeal and replace” legislation, or Executive Orders that tweak the ACA, advisory for the Internet of Things (IoT) and the resultant demand for cybersecurity consulting will continue to surge.
The shift toward consumerism in the healthcare industry is not going away, nor is the drive for better and higher quality medical outcomes. Both of these necessitate healthcare players to have better insights about their customers (for both better customer service/patient experience, and for population health analytics). IoT is a necessary tool to drive these data insights. As such, the healthcare industry is one of the fastest growing industries for IoT devices from EHRs to health apps, to remote monitoring devices, and everything in between. In addition to the devices themselves, there is a new push to share data among partners in the healthcare ecosystem including payers, providers, pharmas, and other new market entrants (technology companies for example) for better collaboration and insights. All of these new data connections and inputs create great promise but also inherent risks.
Consultants will be called upon to work with their clients to create effective IoT integration strategies with sound design, and implementation. There will also be a special focus on embedding security layers into the devices, and technology infrastructure to ensure that new cybersecurity risks are managed proactively.
Traditionally, regulations and compliance dictate consulting demand to some extent, but now compliance is not enough. In the Trump era, some regulation may even be lifted but the threat of cyberattacks continues to increase in the world of IoT.
As many buy-side clients have told us, their “Boards” are now taking notice of this issue. We are hearing that consultants are becoming a form of “middleware” for them; building relationships within organizations and helping to explain subject matter and bridge gaps between the Board, the IT department and others.
To make matters more complicated, many small and medium-sized providers are not accustomed to dealing with and managing IT and technologies, and they are now responsible for ensuring patient safety (for example when an insulin pump gets hacked). Consultants will be engaged to help to secure assets, and very importantly to provide an “extra set of eyes” – and to provide “air cover” as we’ve heard it described.
Talent gaps are also a serious issue. In many healthcare organizations, (almost all but the largest of them) there is still no Chief Security Officer role and security concerns are left to an understaffed IT department or a CIO. Consultants will continue to work with clients to ensure that the cybersecurity strategy goes across functions from the top down with a governance infrastructure and workforce training to go with it, even providing interim staffing when necessary.
There is an understanding on the buy-side that consulting firms may be increasing their fees here as demand increases. One buy-side client told us that “there is definitely a premium on pricing with not enough talent anywhere.” So even in a murky environment in terms of ACA legislation, there are no signs of consulting demand abating in the areas of IoT and cybersecurity as the digital transformation wave continues to roll through healthcare.