Healthcare M&A Best PracticesHow to Restructure and Modernize Active DirectoryDecember 1, 2016
Presenter
Presentation Notes
No migration is as complex or critical as an AD consolidation – especially one following mergers, acquisitions or divestitures in the healthcare sector. Timelines are tight. Downtime or data loss is unacceptable. And patient lives may be at risk. webcast to learn how to: Apply best practices for reducing AD migration risk and avoiding disruption Improve security, ensure HIPAA compliance and simplify your consolidation Carefully manage your project before, during and after the merger
Confidential2
Today’s speakers
Ron RobbinsSr. Product Manager, Microsoft Platform [email protected]
Dan GauntnerSr. Product Marketing Manager, Microsoft Platform [email protected]
Dan to lead – 2 minutes (5 mins total) So to discuss this RIVETING topic, we’ve gathered many experts. This training will be conducted in an interactive, panel discussion format. My co-host could not make it today, he’s getting ready for a busy end of fiscal year. So I will be your moderator today and I’m joined by the following panelists. Dan will introduce each person for context and maybe ask them what products they manage or how they fit into the discussion. (interactive between Dan and each panelist) (Congratulate Shawn on the Ottawa Redblacks thrilling OT victory over Calgary in the Grey Cup last weekend)
• Healthcare market trends and challenges
• Quest M&A integration framework
• Quest solutions overview
• Healthcare customer examples
• Q&A
Agenda
Confidential4
Quest Microsoft Platform Management solutions
have been used to migrate, secure and manage
more than 180M users globally.
But first … a word from our sponsor
Cloud | Hybrid | On-Premises
Presenter
Presentation Notes
Before we dive in, let’s start by talking a bit about who Quest is. We have been in the Microsoft platform management space for really almost two decades, starting back in 2000 when we were first part of Quest Software. We had a cup of coffee with Dell, as part of the Dell Software group. But now we’re fully divested from Dell and back to our own independent software company called Quest. In total, our award-winning solutions have been used to migrate, secure and manage more than 180 million users around the globe – across all the cloud/hybrid/onprem Microsoft platforms you see here.
Healthcare market trends and challenges
Confidential6
Factors driving healthcare M&A activity
What market and regulatory changes are fueling IT modernization and innovation in the healthcare market?
Healthcare M&A activity at record pace
$723.7 billion• Global value of 2015
healthcare M&A deals • 66% increase over 2014
HITECH Act• Stimulate adoption of
EHR systems (i.e. Epic)
Affordable Care Act• Shift to outcome-based care• Rising costs / reduced payouts • Increased competition
Presenter
Presentation Notes
Factors driving healthcare M&A activity Healthcare M&A activity — spread across insurance, providers and vendors in the pharmaceutical, biotechnology and life science sectors — reached record volume in 2015, and the value of global healthcare deals increased 66 percent to $723.7 billion, according to Dealogic. A number of forces are driving this historic period of business consolidation in the healthcare industry. Increased competition, a shift to outcomes-based reimbursement models, and an overall need to widen the scope of care while reducing costs are driving more and bigger deals. In addition, the Affordable Care Act of 2010 has spurred health care providers to merge into large regional health systems that dominate local markets, and insurers in turn are merging to equalize the balance of power from the larger healthcare providers. Various laws that protect dominant hospital systems and limit patient choices are also driving small practices into mergers and acquisitions. A final major driver of M&A activity is the rising cost of healthcare — costs have outpaced inflation every year since 2008. Rising costs not only make it more expensive to run a healthcare facility, but they also cause patients, especially those who can't afford out-of-pocket expenses, to become more selective about the care they receive or to skip follow-up appointments to avoid additional fees, which can further reduce revenues for providers. Healthcare mergers and acquisitions can help bring down the cost of care by enabling providers to eliminate overlapping positions and streamline expenses across facilities, resulting in greater efficiencies and scale. For instance, different healthcare centers might be using a number of different procedures or tools to treat the same condition. But when they consolidate under one umbrella, they can choose one method and apply it across their operations to drive efficiency. The mission of any healthcare organization, whether private, public, for-profit or not-for-profit, is to improve health outcomes for patients. But how that mission is carried out changes over time, as patient needs, care delivery, technology and regulations change. For example, healthcare is in the midst of a radical shift that will move resources away from inpatient care and toward coordinated outpatient and telehealth care. The resulting increased use of mobile access, virtual visits, remote monitoring devices and wearables will create new and unique challenges. At the same time, the Health Information Technology for Economic and Clinical Health (HITECH) Act will stimulate the adoption of electronic health record (EHR) technology such as Epic.
Confidential7
Active Directory consolidation challenges
Business disruption
Operations are dependent on existing infrastructure
Tight timelines
Pressure to meet M&A commitments
Some TSAs have costly penalties if deadline is not met
Budget, resources & expertise
Many customers lack internal expertise or resources
Planning, inventory & assessment
Continuous M&A activity leads to infrastructure sprawl.
Native tools provide limited visibility
Security & compliance risk
Identify existing risks and eliminate them during consolidation
$
Presenter
Presentation Notes
Business disruption Regardless of industry, many of our systems rely on Active Directory; the core risk of consolidation is that our businesses are less effective/efficient after the migration and that our businesses aren’t interrupted while we make the transition. Tight timelines In many acquisition scenarios, we’re dealing with a TSA (Transition Services Agreement) that has a relatively high cost for services and stiff penalties if we don’t finish the cutover within the agreed upon window. In merger scenarios, we don’t have the “penalty” incentive of a TSA, but often some of the benefits the merger business case was based on depend on the technology infrastructure being integrated. Limited budget, resources and expertise No matter where we work, we’ll never have all the time, money or staff we wish we had. In the technology space, we are all very familiar with finding a suitable compromise. The thing that’s unique to M&A scenarios is that most of us will only work on few of these integrations over the course of a career, making it unlikely that we have expertise in house and partners with actual experience can be costly. Planning, inventory and assessment Determining what a combined (or new) Active Directory environment *should be* requires an understanding of what we have today and how that’s working for our business. For many of us, that understanding is not as clear as we would like at the point we’re introducing an environment we know little (or nothing) about. Security and compliance risk As we consolidate AD environments, we’re also combining separate teams who own our security and compliance mechanisms. There is both a risk that some of our measures in the legacy environment is not replicated in our combined environment as well as that those measures are rendered less effective. *** The common challenge is realizing the benefits that led us to merge or acquire… quite often we can create additional value, but it’s a lot of work.
Confidential8
Unique IT challenges in healthcare M&A
• Regulation• Interoperability and/or
rationalization• Clinical staff usage patterns• Impact of disruption
Presenter
Presentation Notes
Regulation While all industries have a set of regulations to comply with, the regulations in healthcare are particularly complex and more dynamic than most other industries. Ensuring that compliance with all these regulations is enforced and reportable can be difficult in a “business as usual” scenario; figuring out how to handle compliance as we merge ups the ante. It’s important to note that these compliance efforts are enabled by technology but rarely driven by the technology. Interoperability and/or rationalization A key to realizing the benefits of many mergers / acquisitions is the ability to work together in new ways. Sometimes this begins with shared use of a new Epic implementation but often the mid-term benefits require a degree of application rationalization. The coexistence we need to establish and the sort of rationalization activities we need to support are rather unique within the healthcare space. Clinical staff usage patterns The way that care providers and support staff interact with technology in a healthcare setting is unique due to the 24/7 nature of our operations as well as the work that we’re doing. In many industries, people and their devices can be correlated and scheduled for migration during a convenient “outage window” but this isn’t possible in a hospital setting (and is often impractical for the rest of the health system). Healthcare organizations typically employ a dynamic group of clinical staff, including short-term volunteers, nurses and doctors who travel between locations, and technicians who rotate around the clock. We have a unique set of challenges before us to complete our work without disruption to patient care. Impact of disruption The most obvious challenge unique to healthcare integration is the fact that disruption can adversely impact patient care and potentially patient outcomes. If we can’t intake patients at the ED or the pharmacists can’t access prescription data or radiology techs can’t take an MRI the effect is dramatically more than missing an SLA metric. We have fallback procedures we can go to, but we can’t pretend the risk of going to those systems isn’t substantial.
IT integration enables better alignment with the mission
Our mission has “changed” over time
How we deliver care has changed over time
Technology infrastructure has changed over time
Presenter
Presentation Notes
Our mission has “changed” over time One of the keys to successful healthcare M&A deals is establishing a “new” unified mission and goals to guide the expanded system. The mission isn’t really new, as we all have the same basic goal of “improving health outcomes” but the way we frame and address that mission can vary greatly. The transaction often offers us a “watershed event” to create a modern technology environment that may not have been otherwise funded. How we deliver care has changed over time Patient needs (expectations), care delivery, technology and regulations change. For example, healthcare is in the midst of a radical shift that will move resources away from inpatient care and toward coordinated outpatient and telehealth care. The resulting increased use of mobile access, virtual visits, remote monitoring devices and wearables will create new and unique challenges. At the same time, the Health Information Technology for Economic and Clinical Health (HITECH) Act will stimulate the adoption of electronic health record (EHR) technology such as Epic. Technology infrastructure has changed over time Over time, many IT architectures have grown complex and convoluted (and we’ve put a lot of band-aids in place that never got changed). They often have developed silos and rigidity that discourage the adoption of new technology and limit the organization’s ability to change. A merger or acquisition deal is an opportunity to change all that and refocus IT systems on the strategic goals of the organization. Take this opportunity to set up an infrastructure that will let us spend less time “keeping the lights on” so we can spend more time focusing on the actual mission
Scope (who and what) Which Users & Groups are we migrating? Because of the way we handle staffing and the way many of us have addressed provisioning / security in the past, it’s often tough to know who should be migrated. We’ve been with several health systems who had over double the number of “enabled users” than what they had “people” in their organizations. Which Workstations & Servers need to be migrated? Due to the way our facilities operate, we often have an incorrect or stale view of our workstation environment – so we need to figure out what we’ve got and how it’s being managed. While we generally have a solid inventory of our server environment, we usually have gaps in our understanding of what those servers are doing… and we have to shine light on our “shadow IT” environments as well. Provisioning & Administration We need to understand how provisioning is being handled in each of our environments today as well as how daily administrative tasks are delegated and managed. In the Architecture Phase, we’ll decide what the “go forward” plans will be, but we need to establish a baseline of who is responsible for what as well as the processes and tools we’re using. Security & Governance Who is responsible, what are we doing and how are we doing it… we’ll compare the environments and define a go-forward strategy Auditing & Reporting Who is responsible, what are we doing and how are we doing it… we’ll compare the environments and define a go-forward strategy User Experiences The way a nurse in the hospital interacts with our technology environment is different from the way our visiting nurses interact with our technology environment which is also different from the way a nurse in our family medicine offices interact with our technology environment. We need to understand what the variations are so that we’re minimizing disruption (and testing thoroughly). Application Portfolio What applications are in our portfolio and what are the dependencies? How will each application be “handled”? File Servers & Application Servers We need to inventory the servers, what their roles are and how they interact with the rest of the environment. Our Meditech environment might have only three servers or it might have eleven… and if we’ve got separate dev and test instances for Meditech, we need to understand that as well. Workstation & Virtual Desktop Environment We’ve already talked about a basic inventory of our desktop environment, but we also need to understand how the environments are managed. This is another area where we will be comparing the environments and determining the best path forward. Networking & Connectivity How do people get to their resources today and is that viable going forward. At least a third of our customers will identify overlapping IP ranges and static mappings are not unheard of in smaller healthcare acquisitions. If discovered early in the program, resolving these sort of issues is fairly easy.
Integration strategy Keep both infrastructures and synchronize them? Many larger mergers initially take some variation of this strategy as the most basic type of integration; generally within 2 to 5 years, we see most customers become dissatisfied with this level of integration as you’re still essentially operating as separate systems. Merge into one of the existing infrastructures? This is likely the best course of action if you have one environment that is clearly better run or substantially larger than the others… or if it is already providing resources to smaller environments Transition everything into a new infrastructure? The “clean slate” approach is often a good idea in true “merger” scenarios or when consolidating multiple similar environments Going through this, we’ve always got to bear in mind the reason for the program and the logic behind the deal… at the end of the day, the technology infrastructure needs to support the operating environment and goals of the new organization. Target design (logical & physical) How many Domain Controllers and where? OU Structure, etc. Physical design guidelines are fairly straight forward; logical design will be guided on what supports the business best Target management (policies, processes, tools, staffing) Provisioning & Administration Security & Governance Auditing & Reporting Server environment Workstation & Virtual Desktop Networking & Connectivity Test Plans User experiences Infrastructure applications Clinical & LOB applications Readiness Requirements Training and support plans Approvals (clinical, hospital administrators, etc.) Program scheduling Program / project dependencies
Quest planning solutions
• Enterprise Reporter
• Change Auditor (AD / AD Queries / Ex)
• UC Analytics
• Migration Manager for PSTs
• Many more!
“We are able to track who ‘touches’ AD accounts – so no more mysteriously disappearing computer or user accounts. Auditing and accountability has improved uptime.”- Andy Hendrian, IT Director, Eisenhower Medical Center
nUtilize reports to identify opportunities for clean-up and to better plan the future environment
Understand what should and should not be migrated with a comprehensive assessment of: Current usage including what users
and files you have and when a user last logged in or resources were accessed
Current environment including active vs inactive users and groups across AD, WS and SQL Server
Continually track and report on access, changes and activities
Assess and validate who has access to what resources across the network
Inventory migrated assets to be sure migration is completed as planned
Multi-platform support Windows Server Active Directory Exchange / Office 365 SQL Server
Enterprise ReporterScalable visibility, auditing and reporting across your environment
Confidential16
Build• Deploy infrastructure• Configure sites &
services• Implement admin tools• Install integration tools• Unit testing
Validation• Take & test backups• Synchronization &
coexistence• Administration process &
tools• Migration process• User acceptance testing
Integration execution
Presenter
Presentation Notes
Build Phase Deploy Infrastructure Domain Controllers Application Servers (LOB and Infrastructure) Configure sites & services Implement admin tools We’re likely making changes to the way you do provisioning, administration, reporting, security or governance… we want to have those in place in the target / consolidated environment early on Install integration tools Whatever tools you’re going to use for synchronization and moving into the new environment so go in and be configured while you’re making changes to the administrative and security processes Unit testing Processes, configuration, scripts, etc. Validation Phase Take & test backups After we finish testing, we’re going to be making massive changes… it might not make sense when we rent a car, but we want the insurance here Synchronization & coexistence Make sure that we’ve got what we want on both sides and that we’re able to work across the “bridges” we’ve built Administration process & tools Ensure that we can take care of our customers during the coexistence and post-integration Migration process Verify that all the steps work as expected User Acceptance Testing We want to bring in testers who can verify minimal disruption
Confidential17
Coexistence• Directory
synchronization• Data synchronization• Update governance &
structure• Update administrative
processes• Application updates
Transition• Migrate AD objects• Migrate desktop
environment(s)• Migrate file servers• Migrate applications• Clean up environment
Integration execution
Presenter
Presentation Notes
Coexistence Directory synchronization Users & Groups Data synchronization Permissions Availability & Mailbox data (if migrating messaging) Update governance & org structure Update administrative processes Application updates Transition Migrate AD Objects And Exchange, if applicable Disable legacy access Migrate desktop environment(s) Domain membership User profiles Migrate file servers Domain membership Update permissions Migrate applications Clean-up environment
Quest migration solutions
• Migration Manager for AD & File Servers
• Exchange Migration
• Recovery Manager (AD/Exchange)
• And many more!
“Can you find tools cheaper than Quest to do an AD migration? Sure – you’ll work more to make it run and it won’t expose the skeletons in the closet that need to be addressed. Quest tools are the defacto migration tools because they work, every time.”- Paul Caron, Supervisor – Platform Services, Maine Medical Center
TVID: 74A-164-B27
A large enterprise healthcare company
successfully consolidated 16 AD forests / domains and migrated up to 5000 AD users with Migration Manager for Active Directory.TVID: A24-3f1-2DF
Migration Manager for AD & File ServersMigration Manager for AD: Users,
computers, servers, permissions and moreSecure Copy: Files, folders, printers, shares,
NTFS security
Confidential20
Migration Manager for Exchange
Confidential21
Migration Manager for PSTs
Confidential22
Migration Manager for Email Archives
Confidential23
Recovery Manager for AD Forest Edition
Confidential24
Roles & responsibilities
Provisioning & administration
Security & governance
Auditing & reporting
Ongoing business
Presenter
Presentation Notes
Roles & Responsibilities It is important that new roles are understood in the integrated environment; accountability and a clear understanding of responsibilities are critical for success. Provisioning & Administration During coexistence we need to handle both environments Security & Governance The new security standards should be documented and understood well in advance of the integration activities. Governance must include clinical and business leaders in addition to IT leaders. This will help ensure that clinical needs are understood by the technical leaders, and that technical capabilities are clearly transmitted to clinical and business staff. A collaborative approach also often results in better use of available technology and better mission support by IT. Auditing & Reporting Processes & Tools It’s essential as we begin to leverage the new environment that our processes and tools enable us to support the new standards we’ve just discussed.
• On-prem and Hybrid AD Security Solutions
IT Security Search & Recovery Manager FE• Investigate AD security Incidents
• Continuously test AD business continuity plan
• Recover from a security incident
• Improve your RTO following a disaster
• Secure access to AD DC data
Enterprise Reporter• Report on elevated permission in AD
• Visibility of open shares across servers
• Understand which servers have vulnerable security settings
Active Roles & GPOADmin• Enforce permission blacklisting /
whitelisting in AD
• Implement AD least-privilege access model
• Prevent unauthorized access to sensitive resources
• Auto-Remediate unauthorized activities
Change Auditor for AD• Detect suspicious privileged AD
activities
• Alert on potential AD insider threats
• Notify in real time of unauthorized intrusions against AD
• Detect and alert on brute-force attacks
Presenter
Presentation Notes
Realize the implied benefits of Office 365 by taking control of security in your onpremises Active Directory. Dell Software’s unique end to end solution helps you assess, detect, mitigate, remediate and recover to stay more productive, more secure and more aligned to your business. Continuously Assess - Understand who has access to what – permissions, privileged groups, sensitive business groups, GPOs and data. Conduct a thorough assessment and know your security configuration baseline to easily identify your surface attack area, vulnerabilities and risk profile. Provides clear visibility and reporting to stay ‘in the know’ of your directory, windows computers and file shares. (Enterprise Reporter, GPOAdmin) Detect and Alert - Know when suspicious/anomalous activities occur. Real-time monitoring will quickly detect and alert you to potential insider attacks. Proactive measures allow you to take immediate action and reduce the risk of exposure caused by insider attacks or data breaches. (InTrust, Change Auditor) Remediate and Mitigate - Remediate unauthorized actions immediately across AD and your Windows environment. Respond to alerts quickly to minimize damage from unsanctioned changes. Automate security policy enforcement across AD to reduce human errors and mitigate the risk of recurrence. Improve operational efficiency and give IT Staff more time to focus on innovation. (ARS, InTrust, Change Auditor, GPOAdmin) Investigate and Recover - Reduce incident response time investigations across your Windows environment. Correlate security baseline information with fine grained auditing. Get a cradle to grave 360-degree contextual view of how a security incident materialized and reveal the most likely path(s) that led to a security breach. Automate your Active Directory BCP (Business Continuity Process) to minimize your RTO (Recovery Time Objective) in the event of a security incident that causes partial or total damage across your Active Directory infrastructure. - (RMAD/RMADFE/IT Search)
Wrap-up & Summary
Confidential27
Customer storyLarge Healthcare System
Challenge• Consolidate 3 Active Directory Forests to enable
EHR roll-out and consolidate Exchange• Limited availability of in-house resources• Extremely customized desktop environment
Results
• Migrated as many as 600 users / workstations per day; no disruption due to migration work
• Office 365 pilot and EHR testing done in parallel to the migration effort
“This is easily the best option for our hospitals and the system overall.”
-Senior Director of Information Technology
Presenter
Presentation Notes
Mt. Sinai Business need Solution Benefits
Confidential28
Customer storyRegional Healthcare System
Challenge• Migrate off Novell to save substantial maintenance
fees• Consolidate 9 Active Directory Forests to facilitate
an EHR roll-out
Results• Migrated 17 Novell volumes (10 TB) and directory
services in 5 months• Migrated 20k Users and 2,300 servers in 12
months• No disruption to patient care and EHR roll-out
began as scheduled
“This is how we’ll be handling our acquisitions and affiliates going forward.”
-Director of Information Technology
Presenter
Presentation Notes
Hartford Healthcare Business need Solution Benefits Migrated 20,000 Users (and their workstations) in 9 months; migrated ~2,300 servers in the 3 months following.
• Next steps
Visit us onlineQuest.com/solutions/microsoft-platform-management
• Videos, case studies, product specs, etc.
Try our software• Free 30-day trials (complimentary SC and Support assistance)
• POC – choose Quest Services or your preferred Partner
Join our communityQuest.com/community
• Product betas, how-to videos, discussions, blogs, tips, etc.
Presenter
Presentation Notes
1 minutes (total: 32 min) Go over slide and wrap up
