Managing a Responsible and Resilient Enterprise

Integrated into our Enterprise Risk Management program, we are building a more robust data privacy and security program and upholding our commitment to best practices in corporate governance, compliance and business ethics to promote the long-term interests of our stakeholders.

Data Privacy & Security. As a healthcare company, protecting sensitive personal health information (PHI) and other sensitive patient information is vital to maintaining the trust and confidence of our patients, partners, employees and shareholders. We take this responsibility seriously.

Our Chief Compliance & Privacy Officer and Chief Information Security Officer lead data privacy and security for the organization, with oversight provided by management and the Quality and Compliance Committee of the Board. Our Chief Information Officer and Chief Information Security Officer brief the Board of Directors twice a year on information security matters. In addition, we provide annual cybersecurity training to the Board of Directors on an annual basis.

Our Information Security program is built on a foundation provided by the NIST Cybersecurity Framework and complies with HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act. We focus on the strengthening of governance, people, processes and technology and hold a SOC 2 attestation.

Central to protecting against threats and building a strong cyber resilient organization is our multilayered security approach:

  • An extensive education and training program that includes simulated phishing of our team members on a monthly basis as well as an ambassador program
  • Annual business continuity and disaster recovery exercises
  • Audits of critical vendors and partners as part of third-party risk management program
  • Regular vulnerability scanning, annual penetration tests, quarterly risk reviews and annual maturity assessments

 

Zero information security breach incidents in the last three years (as of October 2022)

We recognize that our team members, including contingent workers, are our best first line of defense against threats. Privacy and security awareness, education and training are therefore key components of our multi-layered security approach. Our goal is to embed a privacy and security mindset into our day-to-day operations.

Privacy and security training, including on HIPAA compliance, begins at the time of hire and is refreshed annually as required training. Additional ongoing training is integrated into role and job function training. Ongoing communication on safeguarding PHI and policy standards keep important topics front and center.

Corporate Governance & Business Ethics. ESG initiatives are aligned with our corporate strategy and material ESG risks are incorporated into our Enterprise Risk Management framework. 

Our business depends on our leaders fostering a culture of compliance and integrity, as well as each team member making good decisions, building trust and acting with integrity. Led by our Chief Compliance Officer, who reports to our CEO and Quality and Compliance Committee of the Board of Directors, our Compliance & Privacy Program is designed around the U.S. Health and Human Services’ “Seven Elements of an Effective Compliance Program” guidance. Refreshed annually, the program supports and promotes ethical conduct throughout the company and includes:

  • Methods to report concerns, including anonymously through a third-party hotline and website
  • Protection against retaliation for good-faith reporting
  • Investigation, resolution and responsive corrective actions
  • Risk-based auditing and monitoring
  • Ongoing communications and refresher training to reinforce standards and expectations

Our Code of Business Conduct outlines expectations for team members to demonstrate a commitment to our values through their actions and promotes an environment where compliance is expected. We promote open communication including candid discussions of concerns about compliance and ethical violations through our Compliance & Privacy Program. All team members, including those who are part-time, temporary, contractors and contingent workers, are required to complete our annual Compliance & Privacy training. This includes training on HIPAA and privacy standards; conflicts of interest; and fraud, waste and abuse prevention as well as our Code of Business Conduct.

 

100% completion rate of Compliance and Privacy training in 2021

Patient Safety & Quality. Quality is at the core of our mission to provide cost-effective care that improves outcomes and delivers hope to patients. Our national accreditations demonstrate our commitment to continuous quality improvement:

  • Accreditation Commission for Health Care (ACHC)
  • Pharmacy Compounding Accreditation Board (PCAB)
  • American Society of Health-System Pharmacists (ASHP)
  • Utilization Review Accreditation Commission (URAC)

Industry voice through advocacy. Through our direct efforts and as members of the National Home Infusion Association (NHIA) and the Moving Health Home (MHH) coalitions, we advocate on issues of importance to our industry and our patients, including efforts to ensure patient access to critical infusion therapies in the home and other ambulatory infusion settings.