Live Webinar | Operations and Other Technology
Live Webinar | Patient Financial Communications
Live Webinar | Costing and Managerial Accounting
Blog | Compliance

The ROI of HIPAA Compliance

Blog | Compliance

The ROI of HIPAA Compliance

Marty Puranik describes the financial benefits of compliance.

What will a business get back for protecting its staff from injuries? While asking this question may seem callous, it is strategic, because the answer is in favor of investing substantially in safety— injuries are expensive. To look at the most extreme example of a workplace injury that results in death, the Centers for Disease Control estimates the total hospital costs per fatal injury at $991,027 . However, there are additional costs as well, with the National Safety Council placing the average total cost to society at $1.42 million

The Savings of Security Compliance

Like ensuring workplace safety, safeguarding confidential data such as electronic protected health information through security compliance and healthcare hosting is clearly a worthwhile investment, according to a recent study . The analysis, which reviewed 46 organizations from healthcare, finance, retail, and government, found that compliance with security standards would result in savings over time. Payment Card Industry Data Security Standard compliance was the greatest point of focus in the analysis; however, additional standards were also assessed, including those of the Federal Privacy Act, Sarbanes-Oxley, and HIPAA.

According to the study, the cost of compliance was $3.5 million, while the cost of problems arising from non-compliance was $9.4 million. 

Steps to Build Better Compliance ROI

Since compliance can lead to savings, it is worth considering how you can improve ROI and ensure more consistent compliance. Lynn Haaland, PepsiCo's global chief compliance and ethics officer, discussed this issue in a March 2018 article , suggesting steps forward. Below are some recommendations, combining her ideas with some others that are important to healthcare compliance:

Promote a compliance culture. Haaland noted that it can be particularly effective to transform organizational culture rather than simply coming up with rules. One way to do that in health care is by introducing real-life scenarios during HIPAA training so that people develop a more lived experience of what is involved in meeting compliance.

Pore over metrics. Measuring ROI is challenging, but accurate estimates can help tremendously. Organizations should work to get the best metrics to evaluate compliance programs in order to better determine their value. 

Build real programs. Programs can improve compliance as well. After all, the return on compliance is reliant on it functioning throughout your ecosystem. A compliance program could be powerful in health care, since having a strong vetting process to select business associates is so critical, as is ensuring that a strong business associate agreement is signed with each provider that handles the organization’s electronic protected health information (ePHI).

Prioritize security. Healthcare leaders should never forget the critical importance of the Security Rule within Title II of HIPAA, which contains the instructions and standards required to protect digital environments and ePHI.  

Focus on training. Because social engineering and other forms of human error are so common , training becomes essential to maintaining a compliant and secure environment.

Getting the Most Out of Compliance Investment

It is sometimes easier to argue for the ROI of offensive strategies (such as sales) rather than defensive maneuvers (such as security). However, clearly, the ROI is there in money saved, on average, by organizations that achieve compliance. Security is important, but organizations also should invest substantially in the people factor, both in strengthening their internal stance and in vetting HIPAA-compliant hosting providers and your other business associates.

Marty Puranik is CEO and president of Atlantic.Net, Orlando, Fla. 

About the Author

Marty Puranik

Sign up for a free guest account and get access to five free articles every month.


Related Articles | Compliance

Blog | Enterprise Risk Management

Healthcare News of Note: More Office for Civil Rights funding could boost HIPAA enforcement

Healthcare News of Note for healthcare finance professionals is a roundup of recent news articles: Cybercrime against healthcare organizations overwhelms the federal Office for Civil Rights, the cost of health inequities could reach $1 trillion, and primary care physicians need more hours in the day to provide recommended care.

Blog | Patient Experience

Healthcare News of Note: Mayo Clinic in Minnesota earns top spot in Best Hospitals ranking

Healthcare News of Note for healthcare finance professionals is a roundup of recent news articles: 20 hospitals named to the Best Hospitals Honor Roll, HHS declares monkeypox a public health emergency, and a look at maternal mortality rates among high-income countries.

Blog | Healthcare Legal

CMS says EMTALA covers situations in which terminating a pregnancy is medically necessary

Even in situations that don’t qualify as life-threatening, the Biden administration says patients have the legal right to receive any type of stabilization measure at the discretion of their physician.

Blog | Compliance

CMS looks to tweak Medicare conditions of participation for critical access hospitals

A recently issued proposed rule includes a few new conditions of participation for critical access hospitals.