EHR installs carry huge financial risks, Moody's says, so manage them wisely

While costs mean hospitals could find themselves walking an even thinner financial margin than they are used to, cybersecurity issues are also causing anxiety.
By Bernie Monegain
12:39 PM
EHR installation

Rolling out new electronic health record systems puts hospitals at a significant risk of financial losses, according to a new report by credit rating firm Moody’s.

“Hospitals run the risk of incurring operating losses, lower patient volumes and receivables write-offs if there are problems with adoption of a new EMR system,” Moody’s said in its Monday report.

Add to that the operational and financial disruptions that typically accompany complex IT projects, and hospitals could find themselves walking an even thinner financial margin than they are used to, Moody’s said.

“In a sample of hospitals that have recently invested in major EMR and revenue cycle system conversions, increased expenses and slower patient volumes contributed to a median 10.1 percent decline in absolute operating cash flow and 6.1 percent reduction in days of cash on hand in the install year,” Moody’s found.

The good news is that many hospitals returned to pre-install levels within a year, owing to strong risk management.

When Epic Systems founder and CEO Judy Faulkner talked with Healthcare IT News at HIMSS17 last February, she said Epic customers had done well financially. True, Epic EHR installations cost millions of dollars. However, from 2004 to 2015, she said Moody’s and Standard & Poor's statistics showed that Epic customers reaped profitability unsurpassed by clients who implemented her competitors’ EHRs.

[Also: Epic CEO Judy Faulkner reveals two new EHR versions are in development]

Despite the risks, hospitals will continue to invest in EHRs, Moody’s said. Hospital executives want to improve patient safety, clinical quality and provide decision support. IT will also continue to be a selling point in physician recruitment and retention, as new data reporting will be required by Medicare for professional reimbursement.

While hospitals may be exposed to a number of risks during massive IT rollouts, the threats that come with cyberattacks make them even more vulnerable, according to Moody’s.

As example, Moody’s points to Hollywood Presbyterian Medical Center in Hollywood, California, which acknowledged paying ransom after an attack in 2016.

[Also: Hollywood Presbyterian gives in to hackers, pays $17,000 ransom to regain control over systems]

Moody’s expects cybersecurity to become an even stronger focus than it already is.

“As IT investments represent a growing portion of hospital budgets, an increasing amount will be allotted to guarding confidential patient data, which make hospitals a prime target for cyberattacks and ransomware events,” according to Moody’s. “We expect cybersecurity to be a primary focus of hospital management teams and their boards, with annual capital and operating budgets allotting appropriate levels of expenditures to protect patient data and testing vulnerabilities.”

Twitter: @Bernie_HITN
Email the writer:

Like Healthcare IT News on Facebook and LinkedIn