Managing a Responsible and Resilient Enterprise
Integrated into our Enterprise Risk Management program, we are building a more robust data privacy and security program and upholding our commitment to best practices in corporate governance, compliance and business ethics to promote the long-term interests of our stakeholders.
Data Privacy & Security. As a healthcare company, protecting sensitive personal health information (PHI) and other sensitive patient information is vital to maintaining the trust and confidence of our patients, partners, employees and shareholders. We take this responsibility seriously. Our Chief Compliance & Privacy Officer and Chief Information Security Officer lead data privacy and security for the organization, with oversight provided by management and the Quality and Compliance Committee of the Board. Our Chief Information Officer and Chief Information Security Officer brief the Board of Directors twice a year on information security matters. In addition, we provide annual cybersecurity training to the Board of Directors on an annual basis. Our Information Security program is built on a foundation provided by the NIST Cybersecurity Framework and complies with HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act. We focus on the strengthening of governance, people, processes and technology and hold a SOC 2 attestation. |
||||
Central to protecting against threats and building a strong cyber resilient organization is our multilayered security approach:
|
|
|
||
We recognize that our team members, including contingent workers, are our best first line of defense against threats. Privacy and security awareness, education and training are therefore key components of our multi-layered security approach. Our goal is to embed a privacy and security mindset into our day-to-day operations. Privacy and security training, including on HIPAA compliance, begins at the time of hire and is refreshed annually as required training. Additional ongoing training is integrated into role and job function training. Ongoing communication on safeguarding PHI and policy standards keep important topics front and center. |
||||
Corporate Governance & Business Ethics. ESG initiatives are aligned with our corporate strategy and material ESG risks are incorporated into our Enterprise Risk Management framework. Our business depends on our leaders fostering a culture of compliance and integrity, as well as each team member making good decisions, building trust and acting with integrity. Led by our Chief Compliance Officer, who reports to our CEO and Quality and Compliance Committee of the Board of Directors, our Compliance & Privacy Program is designed around the U.S. Health and Human Services’ “Seven Elements of an Effective Compliance Program” guidance. Refreshed annually, the program supports and promotes ethical conduct throughout the company and includes:
|
||||
Our Code of Business Conduct outlines expectations for team members to demonstrate a commitment to our values through their actions and promotes an environment where compliance is expected. We promote open communication including candid discussions of concerns about compliance and ethical violations through our Compliance & Privacy Program. All team members, including those who are part-time, temporary, contractors and contingent workers, are required to complete our annual Compliance & Privacy training. This includes training on HIPAA and privacy standards; conflicts of interest; and fraud, waste and abuse prevention as well as our Code of Business Conduct. |
|
|
||
Patient Safety & Quality. Quality is at the core of our mission to provide cost-effective care that improves outcomes and delivers hope to patients. Our national accreditations demonstrate our commitment to continuous quality improvement:
|
||||
Industry voice through advocacy. Through our direct efforts and as members of the National Home Infusion Association (NHIA) and the Moving Health Home (MHH) coalitions, we advocate on issues of importance to our industry and our patients, including efforts to ensure patient access to critical infusion therapies in the home and other ambulatory infusion settings. |