Good Practices for Following Regulatory Changes

In my experience, one of the hardest aspects of compliance is keeping up with changes to requirements. Laws change, frameworks change, the political landscape changes, and small to medium businesses struggle to follow along with the latest news. Many official sources may not announce changes in obvious places, so missing a change carries some risk.

Caveat: these tips are narrowly focused and are only meant to augment your existing compliance practices, not to serve as a comprehensive compliance program. If you want a something more comprehensive, there are government provided resources, such as the OIG’s recommendations for hospitals I’ll link here: https://oig.hhs.gov/compliance/compliance-guidance/

Here are my 5 essential tips every organization should follow to reduce the odds of a surprise (again, this is not all-inclusive):

1.      Identify your compliance officer, and ensure the responsible party is documented in the organization chart.

Admittedly, one could consider my first tip as two individual tips, however, every organization that has governance enforced by 3rd parties should have an organization chart. The compliance officer is not simply somebody who enforces compliance and holds others for violations, but they must also direct compliance programs and determine policies.

2.      Establish committees that meet regularly.

Multiple people should meet regularly with meeting agendas and track meeting minutes. This helps with accountability and motivates parties to perform their diligence in researching.

3.      Identify resources such as websites, organizations, and social media accounts, and review updates to pages and accounts.

Information gathering is an active practice, not a passive one. Staff should document known sources like governing agencies, web pages, and known social media accounts, and then review those sources regularly for updates.

4.      Sign up for webinars, conferences, and newsletters.

We can be totally confident in our own systems, but we all miss things. This is where peers can help. Keep an eye on industry webinars and conferences. Never assume you know everything required for compliance in your industry… and stay for the questions!

5.      Whitelist government agencies, and be sure to review your spam

This is tough. Spam can be overwhelming, but organizations must keep an eye on their email and mail. Make sure your organization’s spam filters allow emails from relevant federal and state agencies.

 

Keeping up on changes can be very tough so commit some time to review your sources and watch out for opportunities to learn. Although some changes may catch you off guard, hopefully good practices can keep you ahead of the changes.

Also, there are a lot of organizations that provide good resources. Check to see if your state has associations or organizations that offer information, or if you find this all overwhelming, reach out to info@keepcompliance.com for assistance!

Previous
Previous

What Is Risk Analysis

Next
Next

Security Frameworks