The Business Case for HIPAA Security

/
iStock_IdeaPlanActionXSmall.jpg

I hear HIPAA Security Rule compliance often referred to with groans and even references to preferring bodily harm than having to deal with it. No doubt, being required to comply with any government regulation is a burden that brings a cost in time, energy and dollars.  That cost can be a hard sell to the business owners if they can't see a return (and if they think they can get away with non-compliance).  But when you step back and look at what is really required, there are some very positive benefits your business can realize if compliance is done properly.  

HIPAA Security - Not Just Security

There are really three main outcomes that HIPAA Security compliance brings about for your Electronic Protected Health Information (ePHI).  Security, of course, Integrity and Availability. ePHI is really just data.  Nothing more, nothing less.  It's data that Uncle Sam has said you'd better protect, you'd better make sure is kept correct and that you are able to get to when it's needed.  These are all things that your business also needs your data to be…secure, correct and available.

Data Systems

If we are going about securing our ePHI from prying eyes, ensuring that it is accurate and that it is available when needed, then we're not really just addressing the data.  We're talking about the design of and access to the data systems that serve the data.  Including things like switches, servers, wireless networks, firewalls, and iPads.  It's the setup of these systems coupled with your company's policies that ultimately determines the security, integrity and availability of your ePHI.  So, by complying with the HIPAA Security standards, your overall network environment will benefit.

All In The Same Boat

I have been in the IT business for over 20 years.  Rarely have I seen a small business that has its IT systems completely separated by function.  Usually, the same networks and servers that support finance, also support HR and CRM and other line of business apps like…well, like EHR and practice management. Do you have a separate internal network for your EHR than you do for your finance systems?  Probably not.  Do you have an internet connection and firewall for every department?  Not likely.  So, by protecting one (your ePHI), a side benefit is that all of your data is protected.

The Return for Compliance

So, when you create or enhance compliance policies & procedures, processes and your IT systems, you're really improving the underpinning of your business as a whole.  The expense of HIPAA Security Rule compliance should be looked at as an investment in your most critical business asset…your data. All you data, including your accounting, contact management, documents AND ePHI.

To look at this from a 'What does it cost me' perspective, think about the expense to your business if your systems are down for a few hours? A few days?  What does it do for your customer service when your schedulers apologize to the patients calling for an appointment that the "computers are slow today". How disruptive is it when payroll systems are unavailable?  

Then, think about how much does it help your business to have smoother running systems?  To have speedy check-ins?  To have employees who are happy and focused on your customers instead of frustrated and focused on slow computers?  To have contingency plans that actually work to keep your operations running smooth even in the face of an unforeseen event? Would that give you a competitive edge in the marketplace? I'm betting it would.

In a way, HIPAA Security Rule compliance is an opportunity to address areas of your business that may have gone neglected for years, or shore them up for even better performance and protection.  For every hour and every dollar spent addressing HIPAA Security, at least a portion can be considered an investment rather than an expense.

If you found this article helpful, use the links located at the top and bottom of this page to follow us on LinkedIn, Facebook and Twitter. 

Phil Cooper is the co-founder of Skysail Software, makers of affordable HIPAA Security Rule compliance management software solutions.  HIPAA FLIGHTPLAN is web-based software that provides centralized documentation of your HIPAA Security Rule compliance program.  HIPAA TIPS is web-based software that delivers Security Awareness training to your entire staff, every month, without impacting your daily operations.

/ / Comment

Phil Cooper

Phil Cooper is a serial entrepreneur and co-founder of Skysail Software. He co-founded NetTech, an IT services company in 1995 which he and partner Jeff Franks sold to MapleTronics Computers in 2009. He currently serves as CIO for MapleTronics and is the Chief Software Architect for Skysail Software. His years in the IT services field have provided ample opportunity to work with physicians and administrators in the medical community. This first hand experience has helped him understand the struggles that many independent practices face complying with HIPAA, especially the Security Rule. Along with Franks, Cooper decided it was time for the right tools to be built to assist the medical community with making HIPAA compliance manageable. So, Skysail Software was born. He has also served seven years on the board of Riverside Christian Academy, five as Board Chair, and has noted that it has been "one of the most significant and rewarding experiences of my life". He is an avid aviation buff and once had a rock band called Gantry...yes, along with Franks. Phil and his wife Debbie have two boys, Tyler and Ben, and reside in Fayetteville, TN.