We have been decoding technical and business jargon for attorneys and translating “legalese” for non-attorneys for a long time. And we help our clients maximize efficiency in their legal advice spending by carrying out work that you don’t need an attorney to do and making any legal review you do need become more efficient.
Call us for more information.
Saving You Time and Money When You Work with Attorneys
Though a lot of compliance work is perceived as “legal” work, there is nothing in regulatory requirements that says you must hire an attorney to create your program or advise you. And the error many people make is thinking that an attorney is the best source of reference for compliance with "a law" such as HIPAA because attorneys know and practice “the law”.
The Law v. Compliance Rules and RegulationsAs used above, the word “law” means two different things and neither of them help you figure out your compliance requirements.
Most of what happens in defining and meeting your compliance obligations has nothing to do with "the law" as attorneys practice it. Case law and what the courts say may impact a compliance program, but usually not directly and usually not with the same clarity that prior case outcomes may have on a current case in court. Case law’s relationship to the specifics of your compliance requirements is more like that of the underlying specific “law” passed by legislators: Both are indirect and neither are enough to be of much help to you. Even “a law” passed by a legislative body is not the primary reference you’d use to define a compliance program. Though such a law drives the need for a compliance program in the first place, one cannot create a compliance program by going to that law itself.
Using the example of healthcare, the actual HIPAA law (the Health Insurance Portability and Accountability Act of 1996) itself is also not what a healthcare provider works from to define a compliance program for their practice. Neither is the significant set of amendments to such a law that may follow years after (such as the HITECH Act revisions to HIPAA). A law such as this original law and its later updates directs some regulatory body (in this case the US Department of Health and Human Services) to define rules and regulations that are intended to fulfill the HIPAA/HITECH law’s intent.
We could look at parallel examples for any other type of business, too. Consider how the Bank Secrecy Act and USA PATRIOT Act drive anti-money-laundering compliance programs but don’t provide all the specifics needed to create a compliance program for a money services business. Or how the CAN-SPAM Act drives email marketing compliance but won’t get a small business doing email marketing very far in creating a complete way to comply. Instead, the email marketer must consult the Federal Trade Commission rules that exist to fulfill the CAN-SPAM Act.
With your compliance program, the thing at hand isn't about requirements of "the law" or even of all “the laws” that apply to you. From laws, yes—but in reality from the rules and regulations that eventually come out of laws that are passed and applicable to your business. And of course, all this gets applied across all of “the laws” that apply to your business and that sometimes come into conflict with each other.
We Are Not Attorneys. And That’s a Good Thing.There are definitely times when you will need an attorney. We are not attorneys. But why should you pay an attorney to do work that does not require “admission to the bar” to practice law before the courts?
For example, a basic part of what you need in a formal compliance program is a compliance policies and procedures manual—some kind of document that describes what you do and hits on addressing all the things operationally that applicable regulations require for you to be compliant. If you need help in the writing of your compliance manual, you need practical help with each procedure and how to describe it while also keeping in mind the goals of the regulations that are related to it to avoid specific gaps and minimize risks of noncompliance. Most attorneys do not work at such a concrete operational level and ones that do have deeper knowledge in specific industries command even higher fees. And with specialist firms, you may pay premium rates for work that is mostly done by a junior staff attorney or paralegal.
You do not need to pay attorney-level fees for help with operations policies and procedures. And you do not need an attorney throughout all the time that it might take to get all your policies and procedures ironed out. Cover Compliance applies real operations experience in financial services, healthcare, technology, and data protection to maintain focus on your business and the applicable compliance requirements throughout the compliance program work at a much lower cost.
When You Do Need an Attorney, We Can HelpThat being said, there are definitely times when you will need or want an attorney. As you’ll see below, we have no hesitation to tell our clients when they should consult an attorney. Using the example above, you will probably want to have your legal counsel review the completed manual.
But we can help then, too. We actually work to make sure that the legal review goes quickly and smoothly by anticipating many of the kinds of questions that your attorney may ask. We take this perspective throughout all the work we do with our clients, well before you would present anything to your counsel for review. And then we can be available to participate directly in your work with your attorneys to help that process proceed efficiently, too.
Data Breach Response "Legal Disclaimer"We prefer to work on the proactive parts of compliance programs, and hopefully help you put into place the policies and procedures that allow you to avoid many of the most common risks of inappropriate data exposure. But if you experience a data or security incident that you fear may rise to the level of a data breach, we may still be of assistance. Just call your attorney first.
Any time you have some out of the ordinary incident occur in your business, especially related to any element of your compliance program or the areas of your operations that deal with sensitive information or business processes, by all means, start with your attorney and have them direct any involvement of others like Cover Compliance. This approach is the best way to protect your rights to confidential attorney-client privileged communications.
Attorney-client privilege is very often misunderstood and people can easily lose protection by their misunderstanding. Attorney-client privilege applies only to keeping communications between an attorney and their client about legal matters secret. Although the facts of what happened in the incident are not going to be privileged information, they may be protected in some ways. But your response and your investigation process may be protected—and that is why it’s important to engage your counsel and have them engage service providers for your investigation.
There are several ways we can help in breach response—such as acting as a sort of "general contractor" to help make sure you're getting what you're paying for with other vendors (such as call centers and forensics services, which we can also help retain) and such as helping your law firm (especially if they are not data breach specialists) have what information they need, in forms they can best understand, to give you the best legal counsel. And if there are services you can use beyond breach response, your attorney can advise the best way to use Cover Compliance to help.
Some of Our Best Friends Are AttorneysWe have decades of experience translating “technobabble” and “cybersecurity-speak” for non-technical operations areas and for business leaders (including for attorneys). We also commonly translate operations vocabulary into terms that IT and legal advisors can use to effectively support and serve business operations teams.
We can say the same for our work with attorneys. We've worked with attorneys for decades, in every possible configuration of inside and outside counsel. And in addition to translating their “legalese” for business leaders, we've often been in the role of regulatory compliance translator for attorneys, helping them understand the difference between the laws that our legislative bodies pass and the actual rules and regulations that are created to put those laws to work in the real world where businesses and people have to figure out how to comply.
We know how to effectively and efficiently communicate with attorneys. And with our help, you may spend less on legal counsel, while making sure you do get the full legal advice you need.