Agile Compliance Dictionary

Key Definitions

Track: means a set of related Chunks. Tracks are indefinite (meaning the work in a Track is continuous over time). There is technically no end to a Track.

Note: Tracks may be comprised of different Chunks depending on what makes the most business sense for your organization. That said, we provide a pre-defined set of Tracks/Chunks so that you can quickly start executing.

Chunk: means a set of related compliance Tasks and the smallest unit of visible, demonstrable, evidence (“VDE”) of compliance.

Note: Chunks are estimated based on the amount of effort necessary to complete the individual Tasks that make up the Chunk, including any documentation required for the Chunk. The outcome of each Chunk should be reflected in the H2 Scorecard (Privacy Rule Scorecard, Security Rule Scorecard, etc).

Task: the most atomic verb based action of compliance activity—a Task is something that “gets done” and contributes to the completion of a Chunk.

Note: Tasks are estimated as the number of person hours that the compliance team (often it will be team of one) thinks it will take to complete the Task. Ideally, a team member should have no more than two active tasks at a time.

Requirement: means a “must perform” action or set of actions that are mandated by a statute or regulation.

Note: A Requirement may have one or more Chunks associated with it but generally (almost always) will be be contained within one Track. The H2 Scorecard(s) should be used to reflect the completion status of Requirements.

Compliance Continuum: starts with an organization : (1) that does “not have any compliance narrative at all” vis-à-vis the HITECH Act and the Omnibus Rule (“willful neglect”); (2) slowly moving to a “Good Compliance Narrative” over time through implementations and refinement of various Tracks; (3) finally matures into an organization approaching, but never actually reaching, full compliance.

Note: Our predefined set of Tracks & Chunks are designed to move you quickly from “No Story” to the start of your “Good Compliance Narrative” or “GCN”—remember that your GCN is metaphor for where your organization is on the Compliance Continuum and something that you will continue to improve upon over time.

Compliance Equation: Policies + Processes + Results = VDE

Policy: purposeful set of decisions or actions usually in response to a Requirement or set of Requirements.
Process: repeatable series of steps that are accomplished over time and the mechanism by which a Policy is implemented.

Result: the electronic manifestation that a Process has been executed over time.

Note: an example of a Result is your Organization’s training log—which should indicate who was trained on what and when. Results are clearly the most critical component of the VDE equation.

Run: means the amount of time in person days that it takes to complete one or more Chunks. Usually this ranges from 2-3 weeks (i.e. 10-15) person days but can be as little as 3 days and as much as 20. Remember that the completion time of a Chunk is estimated by the aggregate of the amount of time it takes to complete each Task in the Chunk.

Note: because the duration of a Run is relatively short, don’t get hung up on “perfecting your ability to estimate Runs” but rather your focus should be on completing the Run.