By Bob Gill and Alfio DiFranco
We are living in an era of deep ecosystem reliance.
Change Healthcare showed us that our healthcare systems are reliant on an ecosystem and that we have hidden risks throughout. A single point of failure - one virtual workstation compromised for a failure to require multi-factor authentication - stymied our entire healthcare infrastructure in the most significant event of its kind, ever.
There are myriad government efforts to manage the risks of this global ecosystem reliance.
The National Security Memorandum on Critical Infrastructure Security and Resilience (NSM-22) acknowledges reliance on adversaries in our critical infrastructure ecosystem and calls for reduction in that risk on a global scale. The Biosecure Act, a bipartisan bill to curb reliance on a small number of Chinese biotech firms, could have an ecosystem-level impact on drug development. The Department of Health and Human Services (HHS) is focusing on combating drug shortages – a long-standing challenge for patients and the healthcare ecosystem, by calling for increased efforts toward supply chain resilience. And the Food and Drug Administration has been working to shore up failures in the ecosystem for years, from drug supply chain to device shortages and cybersecurity quality.
These measures couldn’t come at a more critical time. The gap between thriving and dying hospitals is widening due to operational costs. At the same time, adversarial relationships with suppliers weigh on operations.
Hospitals are shutting down or merging with large systems because of operational costs and burdens, with some 40% of hospitals citing operations as the cause for losing money. While mergers with large systems are perceived to be the only avenue of survival for small and rural hospitals, too much consolidation poses systemic risk.
Hospitals that continue to rely on group purchasing organizations pay prices above commodity rates, while large systems negotiate lower rates for themselves. The smalls are dying from paying the middleman, but don’t have another option due to lack of acquisition power. It used to be that GPOs lowered the price of supplies. Now, large health systems are large enough to negotiate their own prices, cutting out the middleman.
Health systems have a strong desire to manage supply chain risk, but end up playing supply chain risk whack-a-mole. Health systems that try to keep up with supplier risk by controlling the suppliers, lengthy supplier due diligence at a point-in-time, human-driven processes that are often unpredictable and inconsistent, and suppliers are usually accepted no matter what the risk is, because it’s tolerable and the direct clinical benefits trump the seemingly unpredictable risks hiding in the supply chain. It’s too much to bear, using too much operational labor that is better used elsewhere. However, simply accepting the risk because of lack of labor and lack of transparency is also intolerable. So employees with this Sisyphean task continue to labor up the hill as best they can.
