Live Webinar | Medicare Payment and Reimbursement
Live Webinar | Innovation and Disruption
Live Webinar | Patient Financial Communications
Live Webinar | Operations and Other Technology
Blog | Compliance

The ROI of HIPAA Compliance

Blog | Compliance

The ROI of HIPAA Compliance

Marty Puranik describes the financial benefits of compliance.

What will a business get back for protecting its staff from injuries? While asking this question may seem callous, it is strategic, because the answer is in favor of investing substantially in safety— injuries are expensive. To look at the most extreme example of a workplace injury that results in death, the Centers for Disease Control estimates the total hospital costs per fatal injury at $991,027 . However, there are additional costs as well, with the National Safety Council placing the average total cost to society at $1.42 million

The Savings of Security Compliance

Like ensuring workplace safety, safeguarding confidential data such as electronic protected health information through security compliance and healthcare hosting is clearly a worthwhile investment, according to a recent study . The analysis, which reviewed 46 organizations from healthcare, finance, retail, and government, found that compliance with security standards would result in savings over time. Payment Card Industry Data Security Standard compliance was the greatest point of focus in the analysis; however, additional standards were also assessed, including those of the Federal Privacy Act, Sarbanes-Oxley, and HIPAA.

According to the study, the cost of compliance was $3.5 million, while the cost of problems arising from non-compliance was $9.4 million. 

Steps to Build Better Compliance ROI

Since compliance can lead to savings, it is worth considering how you can improve ROI and ensure more consistent compliance. Lynn Haaland, PepsiCo's global chief compliance and ethics officer, discussed this issue in a March 2018 article , suggesting steps forward. Below are some recommendations, combining her ideas with some others that are important to healthcare compliance:

Promote a compliance culture. Haaland noted that it can be particularly effective to transform organizational culture rather than simply coming up with rules. One way to do that in health care is by introducing real-life scenarios during HIPAA training so that people develop a more lived experience of what is involved in meeting compliance.

Pore over metrics. Measuring ROI is challenging, but accurate estimates can help tremendously. Organizations should work to get the best metrics to evaluate compliance programs in order to better determine their value. 

Build real programs. Programs can improve compliance as well. After all, the return on compliance is reliant on it functioning throughout your ecosystem. A compliance program could be powerful in health care, since having a strong vetting process to select business associates is so critical, as is ensuring that a strong business associate agreement is signed with each provider that handles the organization’s electronic protected health information (ePHI).

Prioritize security. Healthcare leaders should never forget the critical importance of the Security Rule within Title II of HIPAA, which contains the instructions and standards required to protect digital environments and ePHI.  

Focus on training. Because social engineering and other forms of human error are so common , training becomes essential to maintaining a compliant and secure environment.

Getting the Most Out of Compliance Investment

It is sometimes easier to argue for the ROI of offensive strategies (such as sales) rather than defensive maneuvers (such as security). However, clearly, the ROI is there in money saved, on average, by organizations that achieve compliance. Security is important, but organizations also should invest substantially in the people factor, both in strengthening their internal stance and in vetting HIPAA-compliant hosting providers and your other business associates.

Marty Puranik is CEO and president of Atlantic.Net, Orlando, Fla. 

About the Author

Marty Puranik

Sign up for a free guest account and get access to five free articles every month.


Related Articles | Compliance

Blog | Coronavirus

HHS policy update: Recent developments include an extension of the public health emergency and notable progress in reducing the Medicare appeals backlog

HHS Secretary Xavier Becerra signed a 90-day extension of the COVID-19 public health emergency, ensuring the PHE will last until at least mid-July.

News | Coronavirus

News Briefs: Report finds unwillingness to get the COVID-19 vaccine drove healthcare job cuts in January

A roundup of top news for healthcare finance professionals.

Blog | Coronavirus

As COVID-19 vaccination deadlines arrive for healthcare providers, CMS offers explanatory resources

As the deadlines arrive for providers to comply with the COVID-19 vaccine mandate, CMS has made various resources available to help healthcare entities determine whether and when the regulations apply to them.

Blog | Coronavirus

HHS's Office of Inspector General announces audit of providers’ COVID-19 billing practices

OIG has announced an audit of Provider Relief Fund recipients to ensure they did not balance-bill presumptive or actual COVID-19 patients.