Skip to content

What The FBI And Federal Prosecutors Say About Compliance


In July of 2019, Jim was one of 50 compliance officers out of over 500 officers from around the country to be selected to attend a two-day Compliance Symposium sponsored by the FBI and the Society of Corporate Compliance and Ethics.  The symposium was held at the FBI headquarters in Washington D.C. and FBI academy in Quantico, Virginia covering different aspects of corporate compliance. The Compliance officers were from various businesses and institutions such as AAA Motor Club, Best Buy Stores, American Red Cross, banks, and medical fields.

The FBI views compliance as being so essential and important to an organization  that they have their own internal compliance unit as well as the investigative compliance unit for outside entities.  This was the 7th year for the symposium as the FBI is attempting to build relationships with private sector entities regarding the importance of corporate compliance.

During one session at the symposium, a former FBI agent from the Compliance Unit and a federal prosecutor were presenting when they were asked which of the 7 Elements of a (OIG) Compliance Program was the most important.  The prosecutor stated all 7 elements were important and none of them should be overlooked.  He went on to say when an entity is being audited or investigated the only thing which can help the entity is if a good faith effort is being made to have an effective compliance program.  The compliance program is the only mitigating factor which can be taken into consideration to determine if any discovered violations are to be considered fraud or abuse under the Federal Sentencing Guidelines.

The prosecutor also commented on the importance of having a baseline audit conducted by a non-biased entity who is trained and knowledgeable in compliance matters in order to determine where an organization’s compliance program stands regarding problem areas or issues.  Internal monitoring is fine but without the appropriate baseline audit, an organization is not truly able to build an effective compliance program. 

The prosecutor’s comments re-enforce the importance and need for having proper compliance programs for your practice or business.

HIPAA Compliance Program Requirements

The Office of Civil Rights requires entities to have a properly developed HIPAA Compliance Program which is focused on protecting the privacy of patients and their Protected Healthcare Information.  Some of the requirements of a HIPAA Compliance Program are;

  1. Designate the following Compliance Officers
    1. Privacy
    2. Security
    3. Complaint
    4. Compliance
  2. Conduct a Security Risk Analysis of practice or organization
  3. Have HIPAA Compliance manual which is separate from the OIG
  4. Compliance manual
  5. Have written policies and procedures
  6. Have computer security measures in place
  7. Notice of Privacy Statements
  8. Compliant procedure notice
  9. Training and education for employees and staff

Note: The above list is not inclusive of all the requirements necessary for an effective and compliant compliance program.

Do you have questions regarding your HIPAA Compliance Program?

 Call 708-922-3911