The Cover Compliance Work Approach

To better serve potential clients who may contact me regarding your compliance projects in order to figure out whether I am the right person to work with you, I just posted a high-level compliance program overview diagram to our site's new Resources page.

The diagram will show you the approach I normally take to the compliance consulting work I do, whether that is creating documentation, helping define governance processes, or dealing with awareness training needs for staff and other stakeholders.

The diagram illustrates the high-level lifecycle for creation of a complete, new compliance program. Existing compliance programs must incorporate feedback and changes in business and integrate changes to the compliance program. This diagram does not address that aspect of ongoing compliance, as I rarely get to do work on individual pieces of mature compliance programs, especially for the startups and smaller organizations that I'm most interested in working with.

Covers Compliance Drivers Across Regulations & Industries

The diagram also applies to work done to fulfill a variety of compliance drivers, whether they are in privacy or security or financial and other business operations. The same basic process is also undertaken in efforts to comply with HIPAA, regulations across all kinds of financial services that currently fall under the CFPB, and US-based cross-border data protection compliance (such as driven by the GDPR).

Helps You See Where Your Intended Project Fits in with Your Overall Compliance Needs

This diagram can help those who are considering hiring Cover Compliance to understand where we're coming from when I look at a project and have to tell them that their project is not as simple as they'd initially hoped. As a perfect example, I often hear from potential clients who want "to update their privacy policy to comply with" whatever. Lately that "whatever" often means GDPR-related projects or questions from app developers that are serving HIPAA-regulated healthcare entities and learning that their customers have "HIPAA business associate" requirements of some kind. Nearly always, when someone is asking for very limited help, on a "one-time project" such as "revising a web-site privacy policy" or "writing HIPAA policies/procedures", they really need much, much more than that, and many times that additional work needs to be completed before undertaking their stated project. In such cases, those potential clients would be completely wasting their money if they pay someone to do this one small piece of work, especially if they hire an attorney and pay legal counsel rates, and even if they pay someone a "tech writing" rate to hammer something out from a template or "examples" found on the Web.

Helps You Understand Cover Compliance Project Proposals

I know all too well that there are plenty of people you who will hear what you have to say about the work you want done and say, "Sure, I can do that." And those people may even find a way to set a price and deliver the limited document that you asked for in a few hours. This diagram is a way for me to show my wholistic view of compliance, and quickly explain why I'm not the best person to help you create one piece of a compliance program when all the others do not exist yet.

It should also help potential clients see why in many instances we are both better off if you hire me under an hourly rate rather than having me give you a fixed cost. I can accomplish a lot for my clients and quickly, whether you want me to do much of the work or you go with my preferred approach of having me do the most important and time-critical work while also enabling your own internal resource that will manage your program going forward. For example, HIPAA compliance is not accomplished by stand-alone "one-time projects", even for app developers who are only business associates of HIPAA covered entities. And anyone who has found me here or through Upwork or LinkedIn as a potential project match can use this diagram as a way to decide if they want to spend their money paying someone (even someone who is not me and charges much less than I do), to write down policy statements where nothing else exists yet to help you make those policy statements ring true when people come calling to ask you for proof that you have a working compliance program for your business or healthcare practice.

If you want to quickly share a link to the document, just direct people to the Cover Compliance blog or this post specifically. The link to the Resources page is here, and it's a good idea to refer back to this info in conjunction with the diagram.

Please connect with us and share: