Getting Healthcare Application Sunsetting Right During M and As

With the increased need to provide value-based care, the healthcare industry has seen a significant increase in Mergers and Acquisitions (M&As). Organizations undergoing M&As must seriously consider a well-defined process to handle legacy data. Archival is the cost-effective strategy that comes to mind to ensure smooth access and exchange of critical information. Something that is also followed to ensure cost efficiency during M&As is the decommissioning or retirement of legacy applications (sunsetting). The main reason for choosing to sunset legacy applications during an M&A is the mere volume of applications; not all of them will be necessary post the integration. The importance of application sunsetting has also led to the consistent growth in Structured Data Archiving (SDA).

In this article, you will discover:

• The M&A Application Sunsetting Process
• Things to Ensure Before M&A Application Retirement
• 314e’s Technical Advisory Services for Smooth Sunsetting

The M&A Application Sunsetting Process

Application sunsetting, also called application retirement or application decommissioning or application neutering, refers to the process followed for terminating a legacy application while retaining its data. The process for application sunsetting during an M&A would proceed as follows:

1. The preparatory stage

This step emphasizes preparing a list of applications that need to be decommissioned to cut down the unnecessary maintenance costs. The data retention regulations and requirements could guide the decision of which application needs to be retired. To make application retirement efficient, you can have your critical stakeholders perform an assessment of existing applications. This step requires a team to take up the retirement responsibility in each functional area of the health system.

2. The lockdown stage

This refers to the stage of placing your healthcare applications in read-only mode. Business users cannot perform any edits or updates to the application’s data in the lockdown phase. Creating a detailed plan to guide the data locking process and making sure to involve key infrastructure teams from the merging and acquiring organizations ensures effective management of this process.

3. The archival stage

In this stage, application-generated data is migrated from the application to be stored to meet the compliance requirements. During this process, the goal is to prevent data integrity issues of the data being migrated and ensure that the data is archived in a format that would facilitate access for business users for regulatory or compliance needs in the future. To ensure smooth archival, you will need to validate the process of building archival systems, the reporting environment, and the duration to retain the data backup.

4. The retirement stage

During M&As, it is crucial to remember that there is a risk of resource shifting, which creates delays in sunsetting systems and applications. It is best to have a clear-cut plan that includes an application inventory, business justification, sequence, criticality, complexity, and risks for applications being sunsetted. One of the important factors to consider is the availability of resources (both business and technology) for the application use. This consideration could help identify the application’s criticality and complexity and provide appropriate business justification. The retiring application would generally be subjected to the following processes:

• Ensuring that no shared server instance is decommissioned
• Stopping the application server
• Shutting down the host machines
• Retiring the host as per the policy

Once these steps are completed, the application inventory must be updated to state the active applications used by the healthcare organization.

3 Things to Ensure Before M&A Application Retirement

1. Determine the need for the application

The efficiency of a healthcare application is determined by the health information it holds and how well it supports the organizational and patient needs. Do your ground-level checks of the specific people accessing the information, the purpose of the application, and the information it holds, the importance of the application and the data, and the application silos and dependencies. Finding answers to all these will help you decide if the application needs to be retired.

2. Recognize the costs, benefits, and risks

Application sunsetting doesn’t mean only decommissioning a legacy application, but there are other aspects that need to be taken into account like data conversion, data archival, data migration, and so on. All of this will involve huge costs if it is performed in-house or with the assistance of a vendor. Hence, evaluating the consequences of shutting down a legacy application becomes essential. The benefits of sunsetting a redundant application and the ways in which it could affect your service delivery are matters of key discussion that require consideration from the whole team.

A few aspects that require consideration are:

A. Product licensing

Take a look at the licensing policy of your healthcare application. Your organization could be overspending when no attention is paid to the application retirement policy involving product licensing. It is possible that the accounts of former employees may still be a part of the active environment. Have a consistent application review to cut down the inactive licensing costs.

B. Data access

Before the legacy applications are retired, institutional knowledge of the legacy systems fades over time; hence it is important to retain legacy application data in secure storage, which could be later used. One of the best practices during application sunsetting is to move the legacy applications into another data repository or an archive store (preferably in the cloud, which offers multiple levels of redundancy) which can be accessed independently using industry-standard reporting or business intelligence tools.

C. Data destruction

Plan for the destruction of data that is no longer necessary. This is of high importance because one of the prime causes of data breaches is the improper disposal of Electronic Protected Health Information (ePHI). Therefore, it is essential to plan and execute proper data destruction, which involves steps like clearing the data, digitally shredding it, degaussing data, and ultimately physically destroying it.

D. System interactions

One other crucial aspect that must be looked into is the system/application interactions. Your healthcare application would certainly maintain interfaces internally and externally. To cut down the costs of maintenance, with application sunsetting, existing data interface to external vendors and internal vendors might be turned off to avoid unnecessary costs.

3. Assess the application retirement plan

Sunsetting is not a minor activity that is done at regular intervals. Application sunsetting has the power to impact the day-to-day operations of the organization both positively and negatively; hence the retirement plan from the data accessibility, to archival, to migration and ultimately shutting down requires a thorough review from the business users.

314e's Technical Advisory Services for Smooth Sunsetting

314e’s expert team has been a part of 20 data conversion projects, where we have converted data from more than 30 different legacy systems. This has provided us with a lot of exposure to Application Rationalization. We have dealt with Application Rationalization for all needs, such as retiring software due to a replacement or sunsetting, a merger or an acquisition, a facility shut-down, or even a provider leaving the system.

We have been helping a number of customers at every stage, right from the preparatory stage, by providing assistance in collecting, reviewing, and assessing compliance, operations, security risks, and also the available documentation to the final sunsetting and have even taken care of meeting the migration and security needs. This has given us a great hold over the process of application sunsetting, especially in the case of a Merger and Acquisition.

As an organization, we have immense experience being part of multiple data conversion efforts, which is often a result of Mergers & Acquisitions involving application sunsetting. Our best practice recommendation is to ensure the application vendor support is evaluated thoroughly and data management and reporting functions are included in the replacement application. Customization efforts are evaluated in the new application, and user interface requirements are met. One of the most important evaluations is to ensure regulatory, compliance, legal requirements, and maintenance costs are considered to ensure risk mitigation.

In case you are going through a Merger & Acquisition and wish to sunset a legacy application, you should definitely get in touch with us.