We have a cross-functional executive steering committee, which includes member of senior management, that meets quarterly to discuss our environment, social and governance (ESG) initiatives. The committee is composed of executive pillar leaders on each of the three ESG pillars, with oversight from our Board of Directors.
Ethics and Integrity
As a healthcare provider, we know our success is indivisibly linked to our reputation and integrity. We are guided by our Code of Conduct and Code of Ethics for Senior Financial Officers in order to improve the lives we touch every day. All employees receive annual training on the Code of Conduct and safety and compliance and must also accept and sign acknowledgement to our Code of Conduct.
To ensure we operate at the highest ethical standard, our executive Compliance Committee and the Compliance Committee of the Board of Directors meets quarterly to review our policies and performance. We also perform an enterprise risk-management assessment periodically that includes compliance risks and is overseen by the Board of Directors.
Bribery and Corruption
The Chief Compliance Officer oversees our Bribery & Corruption Policy and Program and reports any concerns to the CEO and Compliance Committee of the Board. We also include Bribery and Corruption guidelines in our Code of Conduct, and it is part of our annual compliance training.
Data Privacy and Security
The safety and security of our patients, including patient data, is paramount. We are committed to ensuring the privacy and security of their medical records and personal information. Our data privacy and security programs are overseen by our Senior Director of Information Security, who reports to our Vice President of Information Technology, and our Chief Privacy Officer, who reports to the Chief Compliance Officer. We also have a Cybersecurity Infrastructure Committee that meets monthly. The Audit and Risk Committee of the Board of Directors oversees our data security programs and reviews the Company’s security program on a quarterly basis.
All employees and contractors with access to our systems receive data privacy and security training upon hire and annually. We have implemented monthly email blasts with information on how to keep information safe, as well as frequent phishing exercises, with high-risk individuals receiving extra, targeted exercises. Any failure will result in the employee receiving additional ad-hoc dynamic training on the topic. In addition to internal phishing practices, we also employ independent phishing campaigns as a measure to ensure adequate performance of our employees. All employees also receive specific training in compliance with HIPAA requirements. The structural integrity of our data privacy and security program is subject to regular internal and external security audits in the form of annual penetration tests and risk assessments.