Hospital data breaches have been shown to disrupt care, incur costs for remediation, and under mine investor confidence. However, less attention has been paid to the causes of these data breaches. This study explores the effects of mergers on hospital data breaches. Drawing upon U.S. hospital merger data over ten years, I empirically show that data breach rates double during merger execution. The results suggest that increases in data breach risk during merger execution are mainly caused by intensified external threats. I present some evidence revealing online visibility and information system integration increase external threats. These findings have managerial implications for predicting and managing the risk of data breaches.

While antitrust concerns often focus on market power arising from the merger of two firms if they both have access to large datasets, our study highlights that data itself can be an impediment to consolidation and realizing benefits from consolidation across firms. We build a panel data set from 2007 to 2019 that deploys hospital information from the American Hospital Association’s annual surveys; cost data from the Healthcare Cost Report Information System; and system compatibility measures from the Healthcare Information and Management Systems Society. Using difference-in-differences estimation, we find that compatible mergers achieve cost synergies consistent with prior literature while incompatible mergers show no significant cost improvements. Compatibility especially benefits geographically local mergers, where data compatibility facilitates efficiency gains from market share expansion and administrative consolidation. Further analysis reveals that this pattern of differential synergy realization is particularly pronounced in administrative costs. Mergers characterized by initially incompatible systems achieve a 5% cost reduction in the first post-merger year when they utilize cloud-based infrastructure, suggesting that cloud technology may serve as a mediating mechanism for overcoming data system incompatibilities.

It is unclear how privacy policies shape the development of AI technologies. On the one hand, when a state passes a privacy policy, compliance costs and legal risks increase. On the other hand, an established set of privacy regulations may give consumers and firms confidence about how training data sets will be used in the development of AI. We explore these questions empirically in the setting of radiology software, a frontier setting for the use of AI in medicine. In states with stronger privacy protections, companies are less aggressive in marketing AI-powered devices. Using detailing records from the Open Payment project, FDA documents, national demographic data on doctors and clinicians, and the FDA’s list of radiology AI/ML Software as Medical Devices, we explore how current AI and privacy law shape how firms approach marketing payments to physicians. Our analysis reveals that payments from AI medical device manufacturers decrease by 22.6% when the physician’s primary residency state enacts new privacy policies.

The strategic decisions that guide business-to-business marketing are often hard to observe. For example, how does the organizational structure of the potential client affect how the firm markets toward that client? How do firms improve their efficient marketing? We explore this question in the context of detailing decisions towards physicians. We use the sharp discontinuity of when a physician becomes the owner of an ambulatory surgical center, rather than an employee how this changes detailing behavior towards them. We find that the probability of detailing activities in a quarter increases, and most increases are in food and beverage. We find that female physicians, in particular, often receive lower marketing pay, to the point that when they become owners, they receive significantly more from food and beverages.

Healthcare IT has transformed healthcare. However, a challenge has been that often doctors feel burdened by having to interact with their computers consistently. Prescription Drug Monitoring Program (PDMP) were designed as powerful tools to combat prescription drug misuse. These state-wide systems allow physicians to access patients’ controlled substance prescription histories across providers. Using a natural experiment from policy shocks in Washington, we show that Oregon physicians near the Washington border demonstrated significant increases in PDMP usage, both in new user adoption and query frequency among existing users. Despite the increase in patient volume, doctors are using PDMP to deter doctor-shopping.

Cloud services exist under a shared security environment with a dynamic nature; users trade fixed costs for variable costs over time and both cloud service providers (CSP) and users contribute to overall security. We investigate the nature of shared security in a dynamic game where users' security contribution takes into account both their users as well as competition with other CSPs. The Markov Perfect Equilibrium reveals the long-term time patterns of security of the cloud. In particular, we identify a novel form of time-path strategic complementary between usage and a CSP's Markov state of security. This implies cloud security is an unusual form of impure public good whereby individual contributions bolstering a CSP's security endow a selective incentive (private benefit) on others, rather than on the contributor alone. Since this increases usage, CSP vulnerability increases over time. At the same time, CSP competition on security may lead to both welfare improvements for users and lock-in.