Professional Services

Healthcare Mergers Don’t Fail Because of Culture

Picture of Allen Firouz

Allen Firouz

They Fail Because IT Leadership Lies to Itself. 

Let’s stop using culture as a cover story. 

When healthcare mergers fail, leadership almost always reaches for the same explanation: 
misaligned culture, resistance to change, people issues. 

It sounds reasonable. It sounds empathetic. 
It is also a lie of convenience. 

Healthcare mergers fail because leaders knowingly defer the hardest technical decisions and convince themselves they can be solved later. Culture becomes the scapegoat when architecture becomes indefensible. 

The Lie That Kills Most Healthcare Mergers

The most dangerous sentence in healthcare M&A is not spoken by clinicians or regulators. It comes from leadership: 

“We’ll deal with IT integration after close.” 

That statement feels pragmatic. It keeps the deal moving. It avoids conflict. 

It is also the moment the merger starts to break. 

In healthcare, IT is not a back-office function. Identity and access determine who can deliver care, who can see patient data, and whether operations continue safely. You cannot “Phase 2” the systems that control clinical access without accepting real operational risk. 

That is not optimism. 
That is willful blindness.

Why Culture Is the Perfect Excuse

Culture is blamed because it cannot be diagrammed. 

You cannot inventory culture. 
You cannot dependency-map culture. 
You cannot put culture in a diligence report and say, “Here is where it breaks.” 

Identity systems, on the other hand, are brutally specific. 

Multiple Active Directory forests. 
Decades of unmanaged access policies. 
Clinical systems hard-wired to legacy domains. 
Service accounts no one owns anymore. 

Calling the failure “cultural” avoids a harder admission: 

Leadership approved a merger without knowing whether the combined organization could function as a single enterprise. 

Healthcare Is Not Like Other M&A

Healthcare executives continue to apply generic M&A playbooks to one of the most unforgiving environments in business. 

Healthcare has: 

  • Zero tolerance for downtime 
  • Clinical workflows that depend on flawless identity access 
  • Regulatory exposure that punishes shortcuts 
  • Infrastructure that is older and more brittle than almost any other industry 

And yet, the same mistakes repeat: 

  • IT diligence reduced to application lists 
  • Identity treated as plumbing 
  • Security told to “not slow the deal down” 
  • Integration plans built on timelines instead of architecture 

Day One arrives. Email works. Payroll runs. Leadership declares success. 

Behind the scenes, IT teams start improvising just to keep care moving. 

That is not integration. 
That is controlled instability. 

Active Directory: The Risk Everyone Hopes Will Stay Invisible

No system causes more post-merger damage in healthcare than Active Directory, and no system receives less executive scrutiny. 

It is old. 
It is complex. 
It is deeply embedded in clinical operations. 

Most healthcare mergers inherit: 

  • Multiple domains run by different teams 
  • Inconsistent security policies 
  • No authoritative identity source 
  • Excessive access granted “temporarily” 

These are not technical nuisances. They are enterprise risks. 

AD sprawl drives: 

  • Clinical access failures 
  • Audit findings and compliance exposure 
  • Security blind spots 
  • Provider frustration and burnout 

Pretending this is a “future cleanup task” is not a strategy. It is avoidance.

When IT Leadership Softens the Truth 

Here is the uncomfortable part. 

Most healthcare IT leaders see these risks early. 
They just do not state them forcefully enough. 

Why? 

Because pushing back too hard makes you “not deal-friendly.” 
Because demanding real diligence slows momentum. 
Because optimism is often rewarded more than accuracy. 

So language gets softened: 
“We think it’s manageable.” 
“It should be straightforward.” 
“We’ve done similar integrations before.” 

Translation: 
“We do not yet understand how bad this is, and we are afraid to say so.” 

That is how leadership failure masquerades as alignment. 

What Successful Healthcare Mergers Do Differently

The healthcare mergers that work share one trait: 

They treat identity, access, and infrastructure as first-order deal risks, not downstream IT tasks. 

They: 

  • Map identity dependencies before close 
  • Design coexistence deliberately, not reactively 
  • Consolidate access with clinical safety in mind 
  • Enforce least privilege even under pressure 

This requires executive courage. 
It requires accepting short-term friction to avoid long-term failure. 

Most organizations do not fail because this is impossible. 
They fail because it is inconvenient. 

The Truth Boards Rarely Hear

Here is what boards are almost never told directly: 

If identity and access are fragmented, you do not have one organization. 
You have multiple entities pretending to be one. 

No amount of cultural alignment fixes that.

Why This Keeps Repeating 

Healthcare mergers keep failing for the same reason the same aviation accidents used to repeat: 

Everyone knows the risks.
No one wants to ground the flight. 

Until something breaks publicly. 

That is why firms like Hekima are often brought in after mergers start to unravel. Not because the risks were unknowable, but because internal teams were disincentivized from confronting them early. 

The Provocation to Sit With

If your healthcare merger struggled, ask the hard question: 

Did it fail because people resisted change? 

Or did it fail because leadership chose speed over rigor and optimism over architecture? 

Culture did not break your merger. 

Your identity systems did. 

Legacy systems. Talent gaps. Security blind spots. Hekima fixes what others tolerate, with modern tech and mission-ready people.

Linkedin-in X-twitter Envelope Youtube

Quick Links

Stay updated with our latest news and job postings.

Contact Us

@ 2026 Hekima, LLC. All rights reserved.

Privacy Policy | Terms of Service