John DiMaggio

There are three top reasons why protecting health information is important in long term and post-acute care:

  1. It’s the law
  2. Compliance  protects and enhances your reputation
  3. Non-compliance can be costly

Reason 1:  It’s the law

In very basic terms, unless your organization is 100% private pay, you are required to comply with HIPAA (Health Insurance Portability and Accountability Act and HITECH (Health Information Technology for Economic and Clinical Health) laws. HIPAA includes rules which dictate documentation, processes and controls that must be implemented to protect privacy and security of health information. Multiple government agencies are actively enforcing these laws, including the Office for Civil Rights, the Department of Justice, State Attorney Generals, and CMS.    

In addition to HIPAA and HITECH, many states have privacy, security and breach laws which are also enforced and in many cases are even more stringent. Bottom line – enforcement is becoming more widespread and reaching beyond acute care.

Reason 2: Compliance protects and enhances your reputation

Your company’s reputation is one of your most valuable assets, and your residents and their families trust your organization is taking steps to protect their information. If your organization is involved in a breach, audit or complaint triggering an investigation, the negative publicity can tarnish your reputation and create a damaged market perception that can be nearly irreversible. By the same token, a demonstrated commitment to protecting health information can be a marketing tool to position your organization with a competitive advantage and actually enhance your reputation as a quality healthcare provider.

Reason 3: Non-compliance can be costly

In addition to reputational damage, non-compliance can result in hefty fines, negative publicity, legal fees and lengthy government corrective action plans. OCR investigations are a viable possibility, and can be triggered by a breach, complaint, or through the upcoming HITECH random audit program. Breaches can bring additional costs including credit monitoring fees for affected residents. The extent of these costs can be driven or mitigated, based on the demonstrated compliance of your organization.  

Protecting your resident’s health information is becoming increasingly more urgent. Enforcement by multiple government agencies, audits, breaches and the increasing practice of sharing electronic health information across providers are all factors working to escalate the importance of privacy and security compliance in long-term care. It’s simply good business practice to protect the information of your residents, comply with federal law, avoid costly fines, and preserve your reputation. Privacy and security compliance is always “good enough” until it isn’t.

John DiMaggio is the CEO of Blue Orange Compliance.