Real-World ROI in HIPAA Compliance
How Alabama Cancer Centers reduced costs, saved time, and limited their liability
With 13 locations across the state, Alabama Cancer Centers provides cutting-edge care and treatments to patients throughout the “Heart of Dixie.” During our conversation with Alabama Cancer Centers’ Compliance Officer Clive Wilby, he addressed several important ways that Alabama Cancer Centers realized a return on investment (ROI) in becoming HIPAA compliant with Compliancy Group and its web-based automated solution, “The Guard.”
Real-World ROI in HIPAA Compliance – Saving Time
Policies and Procedures
The expression “time is money” is true in many ways. One of the first benefits Wilby realized was the time savings presented by using The Guard’s customizable library of policies and procedures.
“After viewing the demonstration, I made the decision to buy the product. I get access to The Guard, and I go through the Security Risk Analysis, and now I fully see the mess we’re in. But then I look at the remediation and documentation that’s in the file system.
“There’s a privacy policy and procedure manual – let me read it. And I did, and I went, “This is exactly the answer to everything that’s gonna save me at least three years of work and then likewise with the security policy and procedures.”
Writing effective policies and procedures for your organization that meet the standards required by the HIPAA Privacy Rule and HIPAA Security Rule is arduous for anyone who doesn’t speak fluent legalese. Even if Wilby overestimated the time needed to write policies and procedures, it’s safe to say that many hours were saved by not having to do so.
Scheduling Training
Wilby also pointed out the time-saving and convenience of The Guard’s ability to streamline the cumbersome but essential task of scheduling required training for current employees and new hires.
“We had an email list of all the users from our Active Directory, but at that point in time, we were doing a lot of recruiting, so I ended up with some people registered in The Guard, and others not.
I’m thinking, ‘Oh my goodness, this is going to be a nightmare. Every time a new person comes in, I’ve got to make sure that they get the same training as the existing people.’
Lo and behold, you guys have got that covered. If I register a new user, they will get assigned to them automatically, with all the information and training that everybody else has.
Keeping tabs on the moving landscape and being able to make sure that everybody is assigned what they’re supposed to do–that is a big thing.”
Real-World ROI in HIPAA Compliance – Reducing Costs
Reduced Need for Staffing
Before using The Guard, Wilby planned to use a combination of Excel spreadsheets, saved emails, and Word documents to reach HIPAA compliance.
“And then, of course, if the regulations changed, I’d have to be able to identify what regs needed changing. I would have to go and note exceptions to those, obviously. I think to do it manually would have been impossible, to be really honest.
“In terms of writing those procedures and then managing that? I would have had to have at least two other people working with me to just look after it from an administrative point of view.”
The average salary for a compliance assistant in Alabama is just over $32,000 annually, rising to $43,000 in other states. This number does not include the cost of other benefits.
It’s reasonable to think that Alabama Cancer Center saved nearly $100,000 annually by using The Guard to achieve HIPAA compliance.
HIPAA Training Included in The Guard
HIPAA training is one requirement of the HIPAA law. Many people try to find a free option in the marketplace, but it’s wise to remember that “you get what you pay for.”
Based on listed online prices, paid HIPAA training ranges from $10-50 per person and even higher. But are you getting the proof of training and attestations required by HIPAA from a one-off option?
The Guard includes all required HIPAA training and tracks employee training progress.
Compliance Coaches, not Consultants
HIPAA compliance can be intimidating, and some organizations hire consultants to help with the process. Consultants come at a high price, ranging from $4,000 for single location practices to $80,000-plus for a large multi-location practice.
But Wilby says he got the assistance he needed from The Guard and his Compliance Coach.
“(If you have The Guard)…You basically have a resident HIPAA expert on the other side helping you. I don’t need a consultant group to come in and help me unravel HIPAA because it is really difficult to interpret. When you’re struggling, you can actually go back to him (your Compliance Coach), and you know, his response times were excellent.”
Real-World ROI in HIPAA Compliance – Limiting Liability
Companies with effective compliance programs are far less likely to receive severe fines due to HIPAA violations or audits. These fines can spiral into thousands or millions of dollars in extreme cases.
But more financial exposure is created by the class-action lawsuit filings that seem to come with every breach. Plaintiff attorneys seek judgments that can grow into millions of dollars.
Wilby says that The Guard makes building a culture of compliance easier and adds peace of mind.
“I think it helps all the department managers who actually now enforce those policies and procedures in the sense that they’ve got them. We know if people are reading them and attesting to them, or not.
The big thing is, ‘hey, do you want to get on the wrong side of HIPAA?’ or can you have a system that interjects? So you, as Mr. CEO or Mr. Financial Manager, you can sleep a little better knowing that there’s something in place.”
Real-World ROI in HIPAA Compliance – How Much?
In August 2022, Alabama Cancer Centers completed all the necessary steps for HIPAA compliance within The Guard. After verification of their efforts, they earned their Seal of Compliance to recognize the accomplishment.
When the total ROI for HIPAA compliance with The Guard is calculated, Wilby has no doubts that it will pay off for the organization.
“All ‘round, there’s money to be saved. And also, I think the main thing is, the shield against HIPAA coming in and crucifying you.”
