Skip to Main Content

insightsArticles

Gain perspectivesThought leadership

Professionals

Read this if your organization is subject to HIPAA regulations.

For over two decades, the HIPAA Security Rule has remained largely unchanged, aside from extending its scope beyond covered entities to include business associates. During this time, cybersecurity threats in the healthcare sector have grown significantly, and the US Department of Health and Human Services Office for Civil Rights (OCR) has gained extensive enforcement experience.

To address evolving threats and regulatory challenges, OCR has issued proposed modifications to the Security Rule, introducing stricter security controls, mandatory encryption requirements, and a shift away from “addressable” implementation specifications. While these changes aim to improve data security, they also introduce new compliance burdens that could be challenging for many regulated entities.

Key proposed changes to the HIPAA security rule

1. Greater specificity in security requirements

Historically, the HIPAA Security Rule provided flexibility by outlining broad security categories without mandating specific implementation measures. While this adaptability allowed organizations to tailor their security programs, it also created compliance ambiguities and enforcement challenges. The newly proposed rule introduces more detailed and prescriptive requirements, including:

  • Asset inventory and network mapping
    • Organizations must maintain a comprehensive inventory of technology assets, including identification, version, accountability, and location.
    • A network map illustrating the movement of ePHI across systems is required.
  • Risk analysis and patch management
    • Annual review and update of risk analysis and risk management plans.
    • Mandatory patching of critical risks within 15 days and high risks within 30 days.
  • Access control and workforce security
    • Termination of workforce access to ePHI within one hour of employment cessation.
    • 24-hour notification requirement when a workforce member loses access at another regulated entity.
    • New employees must complete security training within 30 days of system access.
  • Network security and monitoring
    • Mandatory network segmentation to prevent lateral movement in case of a breach.
    • Real-time system monitoring to detect unauthorized activity and alert workforce members.
  • Authentication and identity management
    • Mandatory multifactor authentication for system access and privilege changes.
    • Implementation of strong password policies aligned with industry standards.
  • Security testing and incident response
    • Annual penetration testing and biannual vulnerability scanning to identify risks.
    • Establishment of a security incident response plan with annual testing.
  • Backup and disaster recovery enhancements
    • ePHI backups must occur at least every 48 hours, with a 72-hour recovery time for critical systems.
    • Monthly testing of data restoration processes.

2. Elimination of “addressable” implementation specifications

Under the current rule, certain security measures are designated as “addressable,” meaning that organizations can implement them based on reasonableness and appropriateness, or document why an alternative measure was chosen. The proposed rule eliminates this flexibility, making previously addressable requirements mandatory.

Encryption of ePHI at rest and in transit will be required in nearly all cases.

Limited exceptions apply only when:

  • A technology asset does not support encryption and the organization has a migration plan.
  • A patient explicitly requests unencrypted communication and acknowledges the risks.
  • Encryption is unavailable in an emergency situation.
  • The system is FDA-regulated and certain conditions apply.

This raises concerns about operational feasibility, as the rule does not explicitly allow common unencrypted communications such as text-based appointment reminders or patient notifications.

3. Expanded documentation and compliance verification

The proposal significantly expands compliance documentation, verification, and reporting obligations. Regulated entities would be required to:

  • Conduct annual security audits to verify compliance.
  • Obtain written security attestations from business associates every 12 months, including:
    • A cybersecurity expert’s written analysis confirming technical safeguards.
    • A certification verifying the accuracy of the analysis.
  • Review and test policies and procedures annually, including:
    • Patch management
    • Risk analysis updates
    • Workforce sanctions
    • Media disposal and reuse
    • Contingency plans

4. Stricter enforcement and compliance obligations

OCR is shifting toward greater enforcement accountability, making it clear that merely having a policy in place is no longer sufficient. The proposed rule would require regulated entities to:

  • Demonstrate that security measures are actively deployed and operational.
  • Ensure that implemented controls are continuously monitored and updated.
  • Regularly test compliance through internal audits and external verification.

This change was prompted in part by a court ruling (University of Texas M.D. Anderson Cancer Center v. HHS), which found that OCR’s enforcement authority was limited when entities had encryption mechanisms in place but were not consistently using them. The new rule seeks to close that gap by requiring proof of actual implementation and functionality.

Implementation timeline and potential regulatory outlook for proposed HIPAA Security Rule changes

Public comments were due by March 7, 2025. If finalized, organizations will have 240 days to comply (60 days after the final rule is published, plus an additional 180 days). Business associate agreements must be updated within one year of the final rule’s effective date.

With the recent change in administration, there is uncertainty about whether the rule will be finalized under the new administration. However bipartisan consensus exists on the need for stronger healthcare cybersecurity. The Trump administration previously enforced the HIPAA Security Rule similarly to Democratic administrations. While Trump’s general approach is deregulatory, this proposal may still advance due to the ongoing threat of healthcare data breaches.

Key areas for stakeholder feedback

With the March 7, 2025, deadline approaching, regulated entities should evaluate the potential impact of the proposed changes and consider submitting comments to OCR on:

  • Operational feasibility of annual policy reviews, audits, and compliance testing.
  • Burden of obtaining written security attestations from all business associates.
  • Additional exceptions for encryption mandates, particularly for patient-initiated communications.
  • Clarification on shared security responsibilities in cloud computing environments.
  • Refinement of the definition of “security incidents” to exclude unsuccessful breach attempts.

Next steps for regulated entities

Given the likelihood of increased enforcement, organizations should begin preparing now by:

  • Assessing current security practices against the proposed requirements.
  • Identifying gaps in encryption, risk analysis, and workforce training policies.
  • Reviewing business associate agreements for necessary updates.
  • Preparing for increased audit and verification obligations.
  • Engaging in industry advocacy to ensure feasible and practical implementation standards.

By proactively addressing these upcoming changes, regulated entities can position themselves for compliance while minimizing operational disruptions.

BerryDunn’s healthcare consulting team has the expertise your organization needs to ensure compliance with HIPAA. Learn more about our team and services.

Article
Proposed HIPAA Security Rule changes: Key considerations for regulated entities

In late 2024, the Centers for Medicare and Medicaid Services (CMS) launched a sweeping off-cycle mandate requiring all skilled nursing facilities (SNFs) in the United States to revalidate their Medicare provider enrollment record. Facilities of all types–including for-profit and not-for-profit–are affected.

This revalidation, which is required to maintain your Medicare participation, is due by May 1, 2025. For SNFs grappling with this fast-approaching application deadline, here are five things to know about the changes, process, and new information that will keep your billing privileges current.

1. What has changed, and why? 

The CMS mandate introduced new disclosure requirements that are far more extensive than previous reporting requirements. The intent is to promote transparency by collecting more comprehensive data on:

  • Skilled nursing facility ownership and control structures.

  • Information on designated parties, including organizational and ownership structures, associated with SNFs. Notably, SNFs must identify and report all Additional Disclosable Parties (ADPs).

  • A final rule regarding Disclosures of Ownership and Additional Disclosable Parties Information for Skilled Nursing Facilities and Nursing Facilities was published by CMS in 2023. Read the final rule.

As part of this effort, CMS updated the Form CMS-855A application and developed a 20-page SNF-specific attachment that is required for SNF reporting. Additionally, CMS published and subsequently updated new Guidance on the CMS-855A Form with SNF Attachment, which outlines the changes, process, forms, and required information and supporting documents. 

Tip: Given the complexity of the new requirements, SNFs are encouraged to consult with legal counsel to ensure compliance. Working with outside credentialing and enrollment professionals can also be helpful in guiding SNFs through the revalidation process.

2.  Who must be disclosed?

The CMS requires detailed information to be collected on ownership, management, and related parties, including these individuals and entities:

  • Every member of the SNF’s governing body

  • Every person or entity who is an officer, director, member, partner, trustee, or managing employee

  • Every person or entity who is an additional disclosable party (ADP) of the SNF

  • The organizational structure of each ADP and a description of the relationship of each ADP to the SNF and one another

Tip:  Start by making a thorough assessment of your organization’s ownership and management structure. Identify all relevant parties, including organizations and individuals, according to the new, broader definitions contained in the CMS guidance.

3. What are the new ADP disclosure requirements?

The newly updated reporting requirements mandate increased disclosures about additional disclosable parties (ADPs). In general, the definition of an ADP applies to any person or entity who:

  • Exercises operational, financial, or managerial control over the SNF

  • Provides real estate to the SNF

  • Delivers management or administrative services, consulting, or accounting/financial services to the facility

SNFs are also required to provide information on the ADPs' organizational structures and to describe the relationships between ADPs and the facility.

Tip: Refer to the guidance provided by CMS to fully understand the new, broader definition of ADPs. Begin by identifying all ADPs associated with your facility and thoroughly document all existing service relationships.

4.  What else might trigger reporting?

The new regulations include expanded definitions of parties with operational, financial, or managerial control that are now subject to a SNF’s reporting requirements. For example:

  • Managerial control now includes “managing organizations” or “managing employees” such as a general manager, business manager, administrator, director, or consultant, who directly or indirectly managers, advises, or supervises any element of the practices, finances of operations of the SNF

  • Operational control refers to the oversight and responsibility for the SNF’s daily activities and transactions and is not limited to those in supervisory roles. Any degree of responsibility for operations, even informal, may trigger the disclosure requirements

  • Financial control can include monitoring or managing the SNF’s finances, authority to approve the expenditure of SNF funds, an owning organization that funds part of the SNF’s operations, or banks that have given the SNF a line of credit

Tip: The new regulations have broadened the scope of these areas of influence with SNFs. As previously mentioned, it’s important to thoroughly review the definitions provided in the CMS guidance to be sure you’re in compliance.

5.  What type of data gets collected and disclosed?

The new regulations require SNFs to disclose detailed information about both organizations and individuals with ownership interests and/or managing control. For organizations, this includes but is not limited to:

  • Legal business name (LBN)
  • Doing business as name (DBA)
  • Whether or not they have less than 5% ownership interest, or are an ADP without ownership or managing control of the SNF
  • Tax Identification Number (TIN) – not required if the ADP has less than 5% ownership interest
  • National Provider Identifier (NPI) of the organization with ownership interest/managing control
  • IRS Proprietary/Non-Profit Status (proprietary, non-profit, disregarded entity)

SNFs must also report data on individuals with ownership interest and/or managing control. Information disclosing their relationship with the facility includes but is not limited to whether they have:

  • 5% or greater direct ownership interest
  • 5% or greater indirect ownership interest
  • 5% or greater mortgage interest
  • 5% or greater security interest
  • General partnership interest in the SNF
  • Limited partnership interest in the SNF
  • Managing control, such as corporate officers, corporate directors, and W-2 managing employees

Tip: The new revalidation process requires SNFs to collect and keep track of more detailed information than ever before. A best practice is to develop internal processes for collecting, maintaining, and reporting ownership and control information.

As you prepare your CMS-885A application, remember you have the choice of filing it through the mail, or using the preferred secure online format via the PECOS portal.  

We're here to help

With the May 1, 2025, deadline approaching, it can be helpful to work with an experienced team of credentialing professionals who will help you navigate the complex process of meeting the new revalidation requirements. For example, BerryDunn’s Credentialing and Enrollment Team has developed a valuable, proprietary tool to help client organizations collect, organize, and track ownership, control, and ADP information, and to guide them through the CMS revalidation process. Additional CMS resources are available, including PECOS support, via the External User Services (EUS) Help Desk. The Help Desk can also be reached by phone at 1.866.484.8049 or email at EUS_Support@cms.hms.gov.

Article
Tips and takeaways: What SNFs should know about CMS mandated enrollment revalidation

For foster teens, the path to adulthood is uniquely challenging. As thousands of young adults age out of the foster care system each year, many child welfare agencies are searching for ways to better support them through this transition. According to Dr. Elizabeth Wynter, child welfare advocate and author of Follow the Love: Permanent Connections Scaffolding, the key is to build strong youth-adult partnerships. In a recent episode of BerryDunn’s Fresh Perspectives in Social Work podcast, Dr. Wynter and I discussed the need for a “connection scaffold” and offered insights on improving outcomes for foster youth. Here are five take-aways from our conversation.

Fostering relationships with youth 

The most important element in a young person’s life is having a supportive adult connection. This “connection scaffolding” is essential if we want young people to be able to form long-term, healthy attachments and make a successful transition to adulthood. Every interaction with a young person is an opportunity to build trust—too often, we make decisions based on liability, rather than the best interests of our youth. So, as child welfare people, we have to ask ourselves: Are we just being transactional or are we being relational in our interactions? Well-being is built on relationships.

Integrate youth voice in the child welfare system

Child welfare advocates recognize the importance of actively involving and empowering young people in the system to ensure their voices are heard and considered when making decisions that impact their lives. But integrating youth voices can be a challenge that requires a change in attitudes, values, and beliefs. We need to be ready to have young people at the table, but we haven’t yet changed our training or approach. This requires a shift in thinking: to perceive youth not as service recipients but as organizational assets. By creating youth-adult partnerships, we can learn from young people what leads to success.

Value all existing connections with foster children

There’s no greater loss for a young person than losing their primary caregiver. Being pulled away from one’s family to live with strangers is very frightening. They are dealing with loss and grief, and often we don’t give them enough time to process the loss before they can open up to a new relationship. Research shows that more than half of youth will end up living with a relative when they age out of care. So, instead of severing those family connections, we can work to scaffold them. We can teach young people about healthy boundaries so when they re-enter those connections, they will be better prepared. All connections can be of value.

Focus on social-emotional needs

Becoming an adult is a challenging transition for all young people, but foster youth have a steeper climb than their peers because they lack adequate support and guidance. During COVID, foster youth fell even further behind academically, emotionally, and socially. If our goal is to help young people become interdependent, as opposed to independent, it’s important to teach them interpersonal communication, socialization, and help-seeking skills. Focusing on social-emotional needs is essential if we are to prepare our young people for the journey ahead.

Follow the data for improved child welfare outcomes

What is success? Unless we begin tracking the outcomes for youth in the foster care system, we don’t know what works. How many of our young people at any given time have graduated college? How many have jobs? When we cut off their stipends, are they going to be homeless? By doing a self-sufficiency matrix that identifies how youth are moving toward self-sufficiency, child welfare agencies can begin to deliver more targeted, need-based services rather than one-size-fits-all. It takes time, but we need numbers to really understand whether or not our services are of value.

BerryDunn’s child welfare consulting team works with agencies to develop sustainable programs that support the safety and well-being of your children and families while supporting child welfare professionals. We work with agencies to leverage data and drive effective decision-making for interested parties to create more stable environments that support the reduction in child vulnerability. Learn more about our child welfare team and services.

Article
Youth engagement in child welfare: Supporting the transition to adulthood

In today's data-driven world, the ability to share information between Medicaid and Public Health Agencies (PHAs) is crucial for efficiently using limited resources to serve both individual patient and population health goals and priorities. Often, states already have the needed technology, but they don’t have the partnerships or workforce infrastructure to leverage existing investments across different agencies.

At BerryDunn, we bring together experts from different disciplines to take on current challenges. Our experience offers states and territories realistic and proven strategies that maximize existing investments to make the broadest impact on a population’s health and well-being.

The following are some planning considerations for uniting Medicaid and public health in accomplishing unique goals with shared resources, and bringing much-needed, sustainable resources to modernize public health systems.

Understand existing data systems

It is essential to understand the context of Medicaid and public health data systems and build solutions based on current realities. For instance, the Medicaid Enterprise System (MES) is a portfolio of systems that support various functions such as beneficiary eligibility, care management, provider enrollment, and often, data analytics to enable value-based care models. In many places, Medicaid is also funding, or has a great stake in, the Health Information Exchange (HIE) system(s), which centralizes clinical health information for access across disparate care settings. Alternatively, PHAs have information systems to support their responsibility to be the source of truth for tracking birth/death records, surveillance, prevention, disease prevalence, and outbreaks. This information collectively informs prevention efforts and helps to monitor and respond to public health threats.

Understand the funding drivers

Medicaid IT systems are funded through a combination of federal and state resources; the federal government provides matching funds from the Centers for Medicare & Medicaid Services (CMS). Federal investments vary by state, but CMS often invests in systems that enable effective Medicaid operations. Some of these CMS-supported systems are typical to Medicaid, such as claims management systems, while others are typical to public health departments, such as immunization registries. Public health information systems receive funding from various federal sources to support efforts like vital records reporting, disease registries, and syndromic surveillance. After decades of underfunding, the Centers for Disease Control and Prevention (CDC) released the Public Health Infrastructure Grant (PHIG), which allocates funding to health departments to support upgrades to technology, training, and staffing for modernized disease detection, prevention, and response. The PHIG-supported infrastructure may include some of the same systems in the Medicaid Enterprise.

Promote data interoperability

One of the main challenges in health information sharing is ensuring that different data systems can communicate with each other. This means adopting standardized data formats and protocols that enable different systems to share and interpret data accurately. Both clinical and public health data sets are defined by clear data standards; however, that does not mean the healthcare community is adhering to these standards consistently. Matters of equity, technical and workforce enhancements, and policy enforcements and incentives all require local collaboration, expert support, and partnerships with leaders aiming for interoperability.

Establish clear governance and policies

Effective health information sharing requires clear governance structures and policies that outline how data will be shared, who will have access, and how privacy will be maintained. Developing a framework that addresses these aspects can help build trust between Medicaid and PHAs, ensuring that data is used responsibly, ethically, and in line with federal and state law.

Draw on proven case studies

Look for proven examples that information sharing can provide valuable insights. Across the nation, MES and PHAs are working together to leverage IT infrastructure to support wide-reaching population health goals. Whether it's ensuring that health records contain accurate death data or public health has real-time laboratory results on disease outbreaks, there is a lot to learn from what is working in the field.

The COVID-19 pandemic proved that health information system infrastructure was not sufficient, and that existing systems were not being used to their capacity. One prevalent example is the lack of use of HIEs to support both Medicaid and PHA data aggregation and sharing needs. HIEs can serve as a clearing house for real-time clinical data directly from the sources of Electronic Health Records (EHRs), laboratory information systems (LIMs), and other community information systems. By identifying shared data needs, Medicaid and PHAs can analyze current information for a variety of foundational use cases that align directly with their strategic goals. Many states and territories have made progress in this area.

Take the first step

Building strong relationships between Medicaid and PHAs is essential if states/territories want to leverage existing IT investments to bolster programs focused on improving health and well-being. Start with finding a champion who is willing to understand the mutual benefits of working together and is a trusted voice with agency leadership. Meet your partners where they are, beginning with what drives them (e.g., environmental pressure, funding sources, existing IT, the mission of their organization). Be consistent and expect that building partnerships that catalyze such transformative impact will take time and energy.

By leveraging existing data systems and fostering a collaborative environment, states/territories can achieve broad information-sharing goals that enhance health outcomes. What do you think about these strategies? Do you have any specific goals or challenges that your state/territory needs help with? Let’s connect!

At BerryDunn, we have hands-on experience working with both Medicaid and PHAs. We can help with strategic planning and coordinating efforts to draft and submit funding requests like APDs, launching projects that benefit both agencies through shared goals and activities. Learn more about our services and contact the Public Health team.

Article
Bridging the gap: Information sharing for Medicaid and public health agencies

Public health is at a crossroads. With the lessons learned from COVID-19 and a workforce on the brink of burnout, now is the time for transformative action. By reimagining operations, infrastructure, and health equity, we can shape a system that’s responsive to future challenges.

Applying lessons learned during the COVID-19 response, our post-pandemic world requires public health to embrace a culture of change and discover new ways to offer services and improve health outcomes. Fostering an educated and resilient workforce, operationalizing health equity, strengthening partnerships and funding, enhancing organizational change management, and improving data collection and sharing efforts are key considerations for public health leaders navigating the transformation process. 

Through transformation, public health agencies can build a system that is more engaged with partners and responsive to future community health challenges. When agencies are more capable of meeting the needs of communities, they essentially increase their abilities to enhance health outcomes across the country. 

Since 2014, the Public Health Workforce Interest and Needs Survey (PH WINS) has assessed the governmental public health workforce in the United States. The survey, conducted by the de Beaumont Foundation and the Association of State and Territorial Health Officials (ASTHO), identifies the public health workforce’s opportunities and challenges including demographics, job characteristics, employee engagement, and training needs within public health agencies. The 2021 survey was conducted during the COVID-19 response and provided meaningful insights that public health leaders could use to make decisions about the current workforce and set priorities for the future workforce with the goals of improving the employee experience and increasing the effectiveness of public health efforts across communities.  

Key survey findings 

The 2021 PH WINS identified a diverse public health workforce in terms of age, educational background, and experience but also recognized challenges posed by an aging workforce. The survey found a significant proportion of public health professionals nearing retirement, which presents a potential problem for sustainability and a critical need for succession planning within public health agencies. 

Taking a deeper look into the demographic gaps identified by survey respondents, most public health professionals identified as white (54%), female (79%), and aged 40 or older (63%). Nearly half of the nation’s public health workforce reported being between the ages of 31 and 50 years, and nearly half of the professionals had served in public health agencies for five years or less while 13% had served for 21 or more years.  

To safeguard communities, promote health equity, and prevent disease, public health professionals are essential. Understanding the workforce’s reasons for leaving the field is crucial for succession planning, recruitment, and retention. The top reasons identified by survey respondents for leaving include work overload, burnout, and stress. More than 25% of public health staff stated they are considering leaving their organization within the next year, and 24% reported that the COVID-19 pandemic had an impact on the decision.  

According to the survey, job satisfaction and morale should be areas of concern for public health leaders even though many public health professionals reported they are dedicated to their work. Over 50% of the respondents reported feeling burnt out, with the COVID-19 pandemic increasing these feelings. The results also acknowledge the importance of addressing and offering mental health services for public health professionals to work toward improving employee morale. 

The PH WINS highlights several important opportunities and challenges required to strengthen the public health workforce. Public health agencies must begin addressing burnout, offering mental health support, and guaranteeing access to professional development opportunities. The survey revealed a substantial proportion of the workforce identified gaps in professional growth and training with public health professionals saying they need more training in areas such as leadership, health equity, and data analysis.  

According to the 2021 survey, the top five areas for training identified nationally by public health professionals across all supervisory levels include: 

  • Budget and financial management   
  • Systems and strategic thinking   
  • Community engagement   
  • Change management   
  • Policy engagement  

Opportunities for improvement through public health transformation

By addressing and closing gaps, the public health system will be more responsive, skilled, and versatile. Opportunities for improvement through public health transformation include identifying and addressing concerns within communities served by infusing a health equity lens throughout all areas of public health programs and implementing a data modernization strategy. The results of the PH WINS emphasize how important it is to plan and invest in the public health workforce to achieve goals to help ensure the safety and well-being of communities across the country.  

The 2024 PH WINS, set to be released this summer, will give us a timelier temperature check on how the public health workforce is faring and if the opportunities and challenges identified in 2021 remain relevant, have changed, or have been adequately addressed. As the public health landscape evolves, leaders must act decisively to strengthen the workforce, embed health equity into programs, and modernize data systems. By doing so, we can safeguard communities and ensure lasting positive health outcomes. 

This is the first in a series of articles delving into opportunities for public health transformation. Learn more about our public health team and services. 

Article
Public health transformation: Addressing workforce challenges

Most nonprofits rely on federal and state government funds to fulfill their missions. With a federal funding freeze in the headlines, many clients are asking us how they can best prepare for a freeze and protect their organizations if funding is cut. Here are three steps you can take today to stay ahead. 

Analyze cash flow and reserves 

The first step an organization should do is understand their cash flow situation and how dependent the organization is on its funding streams. Consider upcoming planned expenditures that could strain cash flow and be sure to track key metrics such as days cash on hand, current ratio, and accounts payable turnover.  

Understand your grant agreements 

Review your organization’s existing grant agreements. Consider whether there are any stop-work clauses and stay in close contact with the grant officers who handle the funds. These factors may give you advanced notice of a possible shutdown, giving your organization more time to plan.  

Develop contingency plans 

Having a contingency plan to implement quickly after a funding freeze is announced is crucial. Maintaining sufficient short-term cash reserves in the face of a funding freeze will allow your organization to adopt a long-term plan. Understand your options to cover short-term cash needs, such as lines of credit and private foundations. Also, prioritize essential services and temporarily scale back the non-essential services as needed. Analyze your variable costs associated with the services and be ready to discontinue them if they are no longer necessary. Lastly, understand the workforce implications that a funding freeze would have. Funding freezes may result in hiring freezes or temporary furloughs. 

Being prepared and staying prepared is step one. If you do lose access to your federal funding, stay calm and implement your contingency plan. If you continue to run a program through alternative funding sources or utilize your cash reserves, make sure that you are maintaining the level of compliance necessary so there will not be issues when funding is restored. If your control structure changes due to a funding freeze, make sure you are adjusting it appropriately to maintain compliance and proper segregation of duties. Continue to stay in contact with your granting agencies so you can stay abreast of the changing landscape of federal and state funding.  

BerryDunn’s nonprofit team brings a clear understanding of nonprofit funding, in-depth knowledge of complex compliance requirements, and the industry-specific knowledge necessary for accurate, complete financial reporting. That knowledge informs our work—and enhances your performance by addressing your most important operational challenges. Learn more about our team and services. 

Article
Surviving a funding freeze: Essential strategies for nonprofits

Read this if your organization is considering replacing or implementing a new EHR system. 

Have you ever been on a vacation with a group of friends or relatives, whether it was a camp outing at the nearest lake, a trip to an amusement park, or a visit to another country? There's one thing that can make or break a trip: communication. If you had good sound communication with your travel companions, it probably enhanced the enjoyment of the vacation. Nonexistent, poor communication more than likely contributed to an experience you won't want to repeat. The same dynamic is present in any workplace project involving other humans.  

According to research by Salesforce, which included employees, corporate executives, and educators, 86% felt that ineffective communication was the underlying reason for workplace failure. A study performed by the Economist Intelligence Unit identified that poor communication results in 25% of missed goals and 44% of failure to complete projects. By contrast a poll by Expert Market showed that when employees are offered better communication, productivity can increase by up to 30%.  

If your organization is in the process of a large-scale project, such as replacing or implementing an electronic health record (EHR) system in the near future, success will depend on having a sound communication plan in effect before, during, and after the implementation. Fortunately, effective communication is not a difficult task to achieve. Based on our experience helping organizations implement EHR systems nationwide, our team has developed five simple communication steps for successful implementations. 

 1. Reach the right audience 

Determine who will be affected by an EHR system. Remember, it is not just providers and caregivers. Make certain that all affected staff (e.g., IT, schedulers, administrative) and providers are discovered, and determine how the daily workflow will be changed.  

2. Develop a thoughtful communication plan

A communication plan is essentially a well-thought-out guidebook for the implementation team to follow, to spread the message of change. A proper communication plan sets forth the process of updating and educating on the coming changes, requests for needs, reporting of issues, training, and delivering the right messages to the masses that change is happening. (e.g., A provider would not need to know the billing and accounts receivable data, nor would a scheduler need to know the nursing data). 

3. Have a dedicated resource for communication

It is essential to know who will be communicating the change and how that communication should be spread throughout your organization. An organization may have a dedicated change manager who orchestrates the progression of all communications, or this task could be dedicated to a group with shared duties. Regardless, the task remains the same: effectively communicate the changes coming.  

4. Frequently re-evaluate and restructure the communications 

Not all communications work the same. Know your staff and their preferences for receiving their communications. Providers may need a messaging system of notification, nurses may prefer an email, but finance may need a memo. It is also important to re-evaluate frequently how well the communications are getting to the target audience. What may have worked before may not be working now, and the organization needs to consistently re-invent their communications to make sure the message of change is being heard and understood.  

5. Hold periodic implementation discussions 

The dedicated change manager(s) should be given an opportunity to briefly discuss changes coming with members of the organization who may be impacted by the change. This may mean one-on-one discussions, group meetings, or during an operations or full staff meeting. A two-way approach to communication will help to disseminate important information and ensure transparency by inviting feedback and questions.  

BerryDunn’s team of consultants is happy to assist you with creating a Request for Proposal, selecting the right EHR vendor for your organization, and developing communication, change management, and project management for system implementation projects. Learn more about our team and services.  

Article
EHR implementations: Communication strategies for a smoother launch

The end of 4Q 2024 marks the start of a new year. In the Valuation Group, the end of the calendar year brings us to one of our busiest times of year: “ESOP season.” During the first few months of the year, we perform annual valuations for 30+ ESOP clients.

Meanwhile, other members of the valuation team have been focusing on assisting business owners with exit planning through our value acceleration service. The value acceleration exit planning framework is designed to help business owners identify and address value constraints and transferability limitations, but like turning a ship, it takes time. We recommend that business owners understand their strengths, limitations, and value at least five years before planning to exit. This proactive approach allows for a smoother transition and maximizes the business’ value.

Often, business owners like to wait until year-end results come out to make decisions. That way, they can compare performance year-over-year to aid in decision-making. Now that 2024 has concluded, we can assist business owners with decision-making by determining the value of the business based on year-end results. The end of the year is a busy time, with fiscal years wrapping up and holidays in full swing. As we move into 2025, it's an opportune moment to make strategic decisions for the future.

Speaking of busy, M&A activity often peaks in the fourth quarter. In 2024, this trend was again observable. After a strong year in 2024, our transaction advisory team is looking to help more clients sell or buy companies in 2025.

Another exciting opportunity for BerryDunn’s valuations team is the merger of BerryDunn and Burzenski & Company on December 1, 2024. Burzenski is well known for its work with veterinary practices and the construction industry. The merger will enable BerryDunn to expand into the veterinary practice market and add to its existing construction practice.

We track trends in several databases of private company transactions, among them GF Data, Capital IQ, DealStats, and BIZCOMPS. As presented below, we saw a slight downturn in multiples in the third quarter of 2024. We also saw the number of transactions increase in the fourth quarter compared to the third quarter of 2024 and in line with the first and second quarter.

Don’t get too fixated on the multiples in this chart as an indicator of value for your company. Look at the trends. Multiples vary dramatically from industry to industry and business to business. If you are interested in exploring value drivers for your company, read this recent article.  

The value of privately held companies often isn’t as volatile as share prices for public companies. However, activity in the stock market provides general guidance that is often much more timely than data available for private companies.

There are a few indexes we keep an eye on. The S&P 500 is generally considered the go-to benchmark for stock market performance, although it is dominated by a handful of large tech stocks. The Russell Midcap Index cuts out the largest 200 companies in the Russell 1000 Index, keeping 800 US companies with market capitalizations between $2 billion and $10 billion. The Dow Jones Industrial Average is comprised of 30 “blue chip” US stocks that may be similar to many private companies.

Stock prices have followed a generally upward trend throughout 2024 but have started to trend downward toward the end of Q4.

Many drivers of business value can be influenced or controlled by the decisions of the business’s management team, including product diversification, brand recognition, and employee retention. Other drivers are outside of management’s control, such as inflation and unemployment rates. As summarized below, key drivers of the US economy generally remained near similar levels in 4Q as in 3Q.1

1 Source: Federal Reserve Economic Data, available at https://fred.stlouisfed.org/.

2 Indicates the likely effect on business value for most businesses. Depending on the business model, certain businesses may demonstrate an inverse relationship to economic variables compared to the market as a whole.

As many of our clients are located in New England, we’ve included a summary below of some of the key economic drivers that affect businesses in the Northeast3. If your business is headquartered outside of New England, reach out to us for an economic analysis specific to your market area. 

Economic activity  

Economic activity increased slightly overall. Prices and employment levels were roughly unchanged, and wages rose at a modest pace. Air travel was a relative bright spot, as domestic air passenger traffic through Boston finally surpassed 2019 levels, and passenger traffic through the Worcester airport increased substantially in the past year. Tourism activity overall increased only modestly, however, and restaurants in some areas reported softer-than-expected sales. Retail revenues rose slightly, and consumers remained highly price-conscious. Manufacturing sales were mixed, while software and IT services firms experienced stable and healthy demand. Residential real estate sales increased modestly, helped by improved inventories in some areas, while commercial real estate activity was flat. The outlook was modestly optimistic on balance, although some contacts had concerns for 2025 related to how national economic policies might change and where long-term interest rates would land.

Labor markets  

Employment was roughly steady, and wages increased modestly on average. Contacts in the retail, tourism, and software and IT services sectors all reported stable headcounts. Among manufacturing contacts, headcounts increased slightly at selected firms, decreased modestly at one in response to slower sales, and were reportedly unchanged otherwise. Labor supply to retail and tourism jobs improved modestly, with contacts noting greater ease of hiring and reduced attrition. Wages increased modestly on average, and contacts reported no elevated wage pressures. However, one manufacturing contact experienced a significant increase in health insurance costs that they partly passed on to employees, while offering a slight wage increase as an incomplete offset. No contacts mentioned plans for major changes in hiring or wages in 2025. Cape Cod contacts, whose businesses rely heavily on seasonal worker visas, expressed concerns that potential changes to visa programs could restrict their labor supply in 2025 or beyond.

Prices 

Prices were about flat on balance. An online retailer reported only modest pricing pressures and remained keenly aware of consumers’ heightened price sensitivity. The same contact was cautiously optimistic that any tariffs would not have a major impact on their prices, owing to changes made to their supply chain in recent years. Hotel room rates in the Greater Boston area decreased modestly on a year-over-year basis, but contacts pointed out that the change was in relation to the record-high room prices of November 2023. Manufacturers held output prices steady, even though most experienced slight to modest increases in input prices. Software and IT services firms posted modest price increases on average. Contacts did not foresee major changes in pricing pressures for their businesses moving forward.

Retail and tourism 

First District4 retail contacts reported slight increases in revenues in recent months, while tourism activity experienced modest growth on average. An online retailer described fourth-quarter revenues as stable overall but said that promotions had been critical to those results and that demand for lower-end goods remained weak. On Cape Cod in the fourth quarter, hotel occupancy rates and retail sales met expectations and were roughly on par with the fourth quarter of 2023, but restaurants experienced weaker-than-expected sales. Airline passenger traffic through Boston increased moderately in the fourth quarter from one year earlier, with domestic travel finally surpassing 2019 levels. Worcester air passenger counts grew 18 percent from the previous year. Like the change in hotel room prices, hotel occupancy rates in greater Boston were down slightly in November from one year earlier, when occupancy rates had been at all-time highs. Contacts expected robust tourism and convention activity for Boston for 2025. The outlook for retail and restaurant activity was more cautious, as contacts in those businesses expected roughly flat activity going forward.

Manufacturing and related services 

Manufacturing sales were flat on average since the last report. Most firms reported no change in revenues in the fourth quarter from the third, but sales were unexpectedly soft for one manufacturer and unexpectedly strong for another. The strong sales pertained to a frozen fish producer who speculated that retailers were accumulating inventories in anticipation of tariffs. A semiconductor maker with flat sales said that demand for their products was softening and that they would adjust employment downward moving forward. Capital expenditures largely stayed within forecast ranges. The outlook for 2025 was modestly positive on balance, as most firms expected sales to increase at least slightly in the new year, but one semiconductor manufacturer expected moderate declines in sales relative to 2024.

IT and software services 

First District IT and software services contacts described demand as stable at healthy levels, and one firm’s total revenues for 2024 exceeded expectations. Capital spending was constant, and physical investments were described as minimal given firms’ reliance on cloud computing services. Contacts expected revenues to increase strongly in the first quarter of 2025, based on a combination of organic growth in demand and, in one case, the recent acquisition of another company. Considering the longer-term outlook, most contacts expressed confidence that demand for their products would continue to rise, even in an environment of heightened political and macroeconomic uncertainty. Nonetheless, one firm said that increased competition from China affecting its clients could either boost its business, as client firms invested in new technologies to keep up, or hurt demand if clients were pushed out of the market altogether by such competition.

Commercial real estate 

Commercial real estate activity was mostly flat in the First District. Contacts reported uniformly that elevated long-term interest rates continued to limit transactions. One contact said that borrowers, hoping that long-term rates would decline, continued to favor extensions for maturing loans. However, several contacts downgraded the chances of significant rate declines in 2025. Office leasing activity remained slow, but prime Boston properties continued to experience relatively healthy activity. Contacts described industrial and retail leasing activity as stable. Rents and occupancy rates were unchanged across all asset classes. One contact said that a recent Massachusetts law intended to promote multifamily construction was yielding tangible results in some areas of the state. Around half of contacts were cautiously optimistic that the first quarter of 2025 would bring more robust commercial real estate activity, while others expected current activity levels to persist or, more pessimistically, that interest rates would stay higher for longer than previously expected and exert negative impacts on the market.

Residential real estate 

Home sales in the First District rose modestly on a year-over-year basis in November 2024, the most recent month for which data was available. Supporting the increase in sales, home inventories were up moderately from a year ago overall, with very large increases in Maine and Vermont, although inventories declined moderately in Massachusetts from a year earlier. However, the typical number of days homes spent on the market increased, as multiple contacts mentioned that some buyers were waiting until after the presidential election to make purchasing decisions. Considering changes since November 2023, prices of single-family homes increased at a brisk pace, while condo prices increased moderately on average in Massachusetts and Rhode Island but decreased modestly in the northern New England states. Multiple contacts expressed optimism that more sellers would put their homes on the market in early 2025 and that this would lead to increased sales activity.

3 Quoted from the Beige Book – January 2025 from the Board of Governors of the Federal Reserve System.

4 The Federal Reserve System’s First District includes Connecticut (excluding Fairfield County), Massachusetts, Maine, New Hampshire, Rhode Island, and Vermont.

Where to find us

Casey Karlsen and Seth Webber are leading a four-part workshop series for business owners about increasing business value and liquidity. We previously summarized this content in a couple of blog posts (Session 1, Session 2, Session 3). Take a look if you missed us! 

Interested in meeting the team? Please reach out to us. We would love to connect. 

Article
State of the industry: BerryDunn's 4Q 2024 business valuation quarterly report

For manufacturers in New England, the global trade environment has always played a significant role in shaping supply chain strategies and cost structures. With the current tariff landscape marked by rapid changes and adjustments due to ongoing trade negotiations and economic strategies, businesses must be ready to quickly reevaluate their pricing models and material cost standards to maintain profitability. 

Tariffs and the rising cost of materials for manufacturers 

Tariffs on imported raw materials—especially steel, aluminum, and electronic components—have significantly impacted manufacturing costs for many New England manufacturers. Impacts include:  

  • Higher material costs: Price increases in metals and components force businesses to either absorb higher costs or pass them along to customers, potentially affecting competitiveness. 
  • Supply chain disruptions: Many businesses that previously relied on international suppliers must reconsider domestic sourcing, which may not be as cost-effective. 
  • Increased production costs: With raw materials costing more, the overall cost of goods sold increases, tightening profit margins. 

What manufacturers can do now to be ready for tariffs 

For CFOs, controllers, cost accountants, and business owners, it is imperative to assess how these tariffs affect cost margins and whether existing standard costs remain valid. Key considerations include: 

  • Reassessing bill of materials pricing: Companies should review and update material costs in their enterprise resource planning (ERP) systems to reflect current market prices. 
  • Revising standard costs: Many manufacturers set cost standards based on historical pricing. With tariffs inflating costs, businesses should update these figures to avoid inaccurate pricing models and profitability projections. 
  • Scenario planning for future tariffs: The tariff landscape remains uncertain. Running cost simulations under different tariff conditions can help businesses prepare for potential future changes. 
  • Vendor and supply chain analysis: Evaluating domestic versus international sourcing and considering supplier renegotiations could mitigate tariff impacts. 

How BerryDunn can help 

Navigating the complexities of tariff-induced cost increases requires a strategic approach. At BerryDunn, we assist manufacturers with: 

  • Costing analysis and standard updates: We help businesses reassess standard costs and implement updated costing models to maintain accuracy in financial reporting. 
  • Profit margin impact assessments: Our team can analyze the direct and indirect effects of tariffs on your bottom line, identifying opportunities for cost recovery. 
  • Supply chain cost modeling: We provide financial modeling to compare sourcing alternatives and develop cost-efficient strategies. 
  • Budgeting and forecasting support: Our expertise in financial planning ensures your business remains resilient despite tariff fluctuations. 

The tariff landscape continues to evolve, and manufacturers must remain proactive. By reassessing costs and adapting pricing strategies, businesses can sustain profitability and competitive positioning. If you need assistance understanding how tariffs impact your financials, BerryDunn is here to help. Reach out to our team today to help your business stay ahead of the curve. 

Article
The impact of tariffs on New England manufacturers: How to prepare and protect your profit margin