Hospital data breaches have been shown to disrupt care, incur costs for remediation, and under mine investor confidence. However, less attention has been paid to the causes of these data breaches. This study explores the effects of mergers on hospital data breaches. Drawing upon U.S. hospital merger data over ten years, I empirically show that data breach rates double during merger execution. The results suggest that increases in data breach risk during merger execution are mainly caused by intensified external threats. I present some evidence revealing online visibility and information system integration increase external threats. These findings have managerial implications for predicting and managing the risk of data breaches.

Antitrust concerns often arise when firms that possess stores of customer data combine, because of the data agglomeration potential to increase market power and foreclose competition. However, this depends on the combined firm being able to seamlessly pool the customer data. In practice, merging firms often deploy IT systems that are not compatible with one another, which can raise the costs of data integration. This study empirically examines how compatibility between data systems affects merger outcomes, by comparing outcomes before and after mergers and acquisitions among U.S. hospitals, using data from 2008-2019. We find that only mergers with compatible digital medical record systems achieve cost savings, while incompatible mergers display no significant cost savings. We provide some evidence showing that the cost savings are likely to be from patient-facing cost centers, but no evidence on quality reduction. We also find that health information exchange participation could help incompatible mergers reduce costs, while cloud does not provide similar moderating effects. These findings highlight that the specific technology used to process data itself can be an impediment to realizing benefits from consolidation across firms, and show that mergers involving data can differ substantially in their efficiency, and by implication, competitive effects.

It is unclear how privacy policies shape the development of AI technologies. On the one hand, when a state passes a privacy policy, compliance costs and legal risks increase. On the other hand, an established set of privacy regulations may give consumers and firms confidence about how training data sets will be used in the development of AI. We explore these questions empirically in the setting of radiology software, a frontier setting for the use of AI in medicine. In states with stronger privacy protections, companies are less aggressive in marketing AI-powered devices. Using detailing records from the Open Payment project, FDA documents, national demographic data on doctors and clinicians, and the FDA’s list of radiology AI/ML Software as Medical Devices, we explore how current AI and privacy law shape how firms approach marketing payments to physicians. Our analysis reveals that payments from AI medical device manufacturers decrease by 22.6% when the physician’s primary residency state enacts new privacy policies.

Many marketing activities in business-to-business focus on individuals within an organization; however, little is known about how these activities shift as an individual’s organizational role changes. We explore drivers of this using a novel dataset linking physician ownership of ambulatory surgical centers (ASCs) to open payment records from 2013 to 2019 to examine how ownership status influences industry marketing behavior to that individual. Using differences-in-differences, we find that ownership status significantly increases the likelihood, frequency, and dollar value of marketing payments to that individual. However, only male physician-owners are more likely to receive these marketing payments. The increase is driven by large pharmaceutical firms, suggesting that resource-rich firms crowd out smaller competitors by dominating physician-owners’ limited time. Larger firms fail to increase attention to new female owners while smaller firms disproportionately reduce female engagement. The largest marketing response is directed to physicians with little prior industry engagement, indicating that firms expand their network of contacts rather than deepening existing relationships. Our findings highlight the strategic importance of a client individual’s role within an organization in determining marketing practices and shed light on the adaptation of business-to-business marketing efforts in response to organizational changes.

The U.S. opioid crisis has led states to enact Prescription Drug Monitoring Programs (PDMPs), which use information systems to improve prescribing safety and measurement of controlled substance prescriptions. However, their efficacy depends on both uptake rates and availability of appropriate data. This study exploits a natural experiment created by stricter PDMP mandates in California, where data is not shared with Oregon, and Washington, where data is shared with Oregon, to examine physician and patient behavior in Oregon, where PDMP use is discretionary. Using comprehensive physician-level data from the Oregon Health Authority, we show that mandates in neighboring states drive substantial patient inflows into Oregon. In response, Oregon physicians significantly increase voluntary PDMP engagement, especially in regions with access to interoperable, cross-state data. Increased PDMP use is associated with safer prescribing patterns, including reduced opioid prescribing and less doctor shopping. These findings demonstrate that the efficacy of PDMPs, especially when their use is not required, depends on interoperability.

This study examines information system vendors’ competitive reactions when competitors secure new contracts. We do this in the context of radiology information systems (RIS) using a unique dataset on US hospitals from 2017–2024. When vendors observe competitors successfully installing their technology, they could interpret the event in two ways. On the one hand, vendors might see such an adoption as a sign that the client is off the market and move on to redirect their attention to alternative hospitals or untapped markets. On the other hand, a successful installation may be informative about the potential customer’s technological readiness, managerial priorities, and budget availability. We explore these competing effects using a difference-in-difference empirical approach where we compare outcomes for hospitals that recently installed an RIS system relative to those that didn’t. We look particularly at vendor detailing activity (that is paid marketing activities) to potential champions at each hospital. The results indicate a significant increase in outreach following competitor installations. This is important because the fact that competition occurs even after installation helps inform the competitive landscape and the extent of perceived lock-in within healthcare IT.

Cloud services exist under a shared security environment with a dynamic nature; users trade fixed costs for variable costs over time and both cloud service providers (CSP) and users contribute to overall security. We investigate the nature of shared security in a dynamic game where users' security contribution takes into account both their users as well as competition with other CSPs. The Markov Perfect Equilibrium reveals the long-term time patterns of security of the cloud. In particular, we identify a novel form of time-path strategic complementary between usage and a CSP's Markov state of security. This implies cloud security is an unusual form of impure public good whereby individual contributions bolstering a CSP's security endow a selective incentive (private benefit) on others, rather than on the contributor alone. Since this increases usage, CSP vulnerability increases over time. At the same time, CSP competition on security may lead to both welfare improvements for users and lock-in.