The next in our series of posts sharing key takeaways from panels at the Healthcare & Life Sciences Private Equity and Lending Conference focuses on data privacy and security. It is authored by our colleagues Jamie Levin and Sara Shanti.

***

What Investors Should Understand About Data Privacy & Security Risks & Opportunities – 5 Key Takeaways

By Jamie E. Levin and Sara H. Shanti

As data privacy and security risks increasingly become more of a business and operational concern, there are certain principals investors should consider when seeking new opportunities, according to experts who spoke on a data privacy and security panel at the 15^th Annual Healthcare and Life Sciences Private Equity & Finance Conference held in Chicago on February 21, 2018.

Experts included Jay Schulman, Principal at RSM US LLP and Steven Grant, President of Objective Arts, Inc.

Here are five key points from the panel discussion.

1. Healthcare security incidents are on the rise. The healthcare industry is particularly vulnerable to data breaches, hacking, and ransomware attacks given the sensitive nature of patient data and the lack of practical mechanisms to identify and rectify attacks, like those in the financial industry. In many instances, breach detection does not occur until well after the incident, creating prolonged exposures that result in damaging losses of confidentiality, data integrity, and reputations. The potential impacts of data security risk need to be fully understood in order to be quantified and integrated into the investment decision-making process.

2. Investors should conduct appropriate due diligence on potential investment targets to mitigate risk. Such diligence should include reviewing the infrastructure, systems and databases of a potential target, understanding the culture of compliance within the target and, most importantly, performing an in-depth analysis that follows the personal health information or other critical data throughout its lifecycle to determine what breaches have already occurred and areas where the target may be susceptible to exposure.

3. It is crucial to identify red flags and the costs for developing sufficient remediation. While some investors may view businesses that lack technology advances as a red flag, there is often great value in investing in these companies, so long as investors can extract the data and transfer it to a new platform and build future compliance. Investors should also give pause to those targets that have no historic breaches to report. Given that breaches are bound to occur, investors should consider whether the target is accurately monitoring data breaches or understands the brevity of doing so. Overall, the key is for investors to understand what they are buying into and have a roadmap to mitigate and manage these risks.

4. Data privacy and security can be a potential competitive advantage. As the holders of sensitive and personal health information, healthcare providers are entrusted with protecting this information from a data breach. A healthcare data breach has a devastating impact on a company’s reputation and severely comprises confidence and trust. Individuals are likely to switch applications, providers, or other products following a data breach, thereby impacting a company’s bottom line. Those companies that have a good reputation for implementing appropriate safeguards to protect data and mitigation processes can be in a better position to retain patients.

5. Focusing on analytical data can provide tangible benefits. While all data is important, analytical data allows businesses to project particular outcomes and make more informed decisions and improve patient outcomes. Investors are becoming increasingly focused on analytical data and systems that monitor behavior and track data across different networks and providers. Those investors that can leverage technology and data across hospitals, health systems, insurance companies and other medical providers in a secure manner have an opportunity to differentiate themselves.