When & why must a private companies have a Whistleblower Hotline?

Today the business landscape involves more small business (less than 100 employees) providing the latest technology  solutions to   publically traded companies. The March 2014  US Supreme court decision has influenced the large business to require these technology solution partner to have a robust SOX Whistleblower Hotline.  This has created a requirement for private companies to take on the task of being compliant with SOX Whistleblower requirements.  It is also true that a private company seeking to do business with public companies will need to have the structure in place as part of their effort to seek those clients.   

The Dept. of Justice has stated that part of an effective compliance program within an organization includes having a method for employees to report abuse, fraud and issues within the company. This factor is used in the culpability score used as part of the US Sentencing Commission guidelines when determining fines for fraud and abuse.   

The important factor is having an effective method for employees to report issues. This involve not just executing a method but building trust that employee will report. Building trust comes from the executive team/owners in communication, walk the talk, incenting people to report, and taking action when reports occur. All these factors are part of the meaning of effectiveness.  

What's involved with fulfilling the requirement of a Whistleblower hotline? 

1. Policies that speak to the companies ethics & culture and support federal and state regulations on misuse of assets, retaliation and  human resource issues on discrimination. 
2. Executive management and middle management  training of how to incent employees to report without fear of retaliation 
3. A trust method for employees and management to anonymously submit concerns and issues. 
4. Commitment from company to investigate reported issues. 

All these steps take time, resources and experience. So what are the options for small private companies? Don't have a knee jerk reaction just spend 30 minutes on the June 10th webinar hosted by   Superior Compliance Solutions to help organizations learn more about an approach to these requirements. 

To register go to:   http://portal.superiorcompliancesolutions.com/resources 

June is Immigrant Heritage Month..

June is Immigrant Heritage Month..  Today immigration reform efforts are so badly needed.  The US is still the land of opportunity yet our current immigration structure is modeled for the years my great grandparents migrated to this country.   

My father is a second generation immigrant from Germany and Holland.  My great grandparents who came America  with a dream and worked hard to benefit from the land of opportunity. I look back at my great grandfather who own the general store in the 1940's (see photo attached) and my  grandmother who ran her business in the 1950's.(See photo attached)  Many of my family members have their own businesses today.   Being raised in a community of small businesses rather than big companies and department store chains  gives me an appreciation of the passion and investment that is put into building a dream.  This requires endless hours of dedication  to keep it going to support many families in a community. 

I continue the legacy of my family after spending many years in corporate America.  My inner passion is  to help  small business owner achieve their dreams.   I have a great appreciation for the efforts of my forefathers and the communities they built.  Today my family continues as a  small business providing services to their community and working hard to build for next generations.  Technology has changed the small business landscape that could be weight in columns of pros and cons. In addition  government regulations have multiplied adding to the list of cost for small business.  Stocking the shelves and turning over the OPEN sign on the store door has been long gone in the steps of starting a business like my great grandparents.

My great grandparents were able to open the store after working in their homeland to fund the trip to the America AND  then passing the medical exam. Being  turned away meant going back, working hard to raise the funds and making the voyage again. Today many of the  future forefathers  come for an education then they develop  an opportunity to make next Big Fruit technology, … but the current immigration structure doesn't  enable  this new concept to gain traction so the concept is sent packing.

As an beneficiary of immigrants I have built Superior Compliance Solutions LLC  to help and support the efforts of small businesses..  We desire to see startups and small businesses grow by balancing so many of the government regulations.. It is fulfilling to serve those like my great grandparents, grandparents, and parents that dedicate hard work to building a dream. 

Did your family immigrant to America and become a small business owner.. Tell us your story 

info@superiorcompliancesolutions.com

Or on Facebook at https://www.facebook.com/superiorcompliancesolutions

Jane and Martha are friends having lunch when Martha in general conversation says to Jane, "I hope your mom's lab test come back ok"  Martha is the contracted bookkeeper  at Jane's mom Dr office. The assumption is Martha meant no harm in the statement during the conversation yet this is a breach of  Jane's mom privacy. In addition Martha doesn't know the type of blood work and didn't see the record but rather the billing transactions.  After finishing lunch Jane calls her mom being curious about the blood work she had done. Now Jane's mother feels uncomfortable because she didn't share with her daughter since she didn't want to worry her. This situation could spiral out of control with Jane's mom calling the Dr office upset about her daughter being aware of her medical treatment.  How should this situation be handled?  

HIPAA  privacy rule was violated. Martha is considered a Business Associate to the Covered Entity, the Dr. Office. According to HIPAA changes in 2013 Martha and the doctor should have signed  Business Associate Agreement terms ensuring both parties understand HIPAA privacy obligation and liabilities. In this situation with Jane's mother  a factor of harm has to be weighted and the appropriate action taken which must include  mitigating potential of future cases.  In situations when more than one individuals information is breached the cost to administer a breach process which includes reporting to HHS and state agencies along with  penalties can grow for both the Covered Entity and Business Associate.

Key to keeping the cost down is ensuring the signed terms of agreement are clear between parties, periodic evaluations of business practices and open communication relative to gray area/situations. 

The trend of moving from paper to digital  has moved from the large medical practices to smaller organizations. Dentist, chiropractors, holistic doctors, and acupuncturist are gaining significant return on investment that allows them to downsize their office space and/or expand their practice.  While organization are doing research on what digital solutions to use like BOX with the Snap-File solution there are still requirements to ensure daily practices and employees are meeting  HIPAA/HITECH security requirements. These organizations are establishing policy and practices for HIPAA HITECH safeguards and working to schedule risk assessments. A question we've been asked is "In an operation of one or two people, who is the Security Officer?"   What's more important than that who holds the position is are the necessary controls  to be in place and being managed to ensure  PHI (personal health information) data is protected.