Compliance Manifesto® Second Edition







We have educated thousands of stakeholders on the HIPAA Rules ("Rules") through our monthly webinars and newsletters during the past seven years. We intend to educate many thousands more in the years to come. During that time our own understanding of the Rules has also increased dramatically from our interaction with the marketplace.

Through this collaborative effort a great many insights have been added to the HIPAA compliance lexicon. These insights and lessons learned apply not only to HIPAA, but to any compliance regime you can think of. Therefore, the manifesto (“Manifesto”) provided herein has wide applicability across industries and subject matter domains. For example, both the Compliance Equation ®  and the Compliance Stack® have been derived as a result of this interaction.

Compliance stack graphicOur Subscription Plan, in addition to Expresso® and a host of products, comes with a comprehensive methodology based on NIST's Cybersecurity Framework and our Agile Methodology. Our Compliance Manifesto ® reflects our compliance thought leadership providing overarching first principles that help our customers formulate and implement a culture of compliance.

Our Manifesto ® provides a framework for how organizations should think about their compliance initiative with the objective of changing their organization's compliance DNA. The necessity for rethinking compliance across all subject matter domains is fast becoming a national security imperative.

The discipline of regulatory compliance must transform itself from the current perception of being a necessary evil, to being a critical component of how value is delivered to the customer.  

What follows is an excerpt from the Conclusion of the Second Edition. The latter maintains the basic tenets of the First Edition but otherwise represents a significant rewrite.

This Manifesto ® suggests a way forward for transforming the compliance function. It does so by postulating axioms and best practices for transforming your compliance DNA in a manner that allows you and your organization to cope with the 24/7 365 online world that we all now inhabit. That future is upon us although the compliance industry, writ large, remains mostly in the dark as to the inflection point that has occurred. The waves from the compliance tsunami have already started hitting the shore, but the largest ones are still in the visible distance. Analogous to the perfect storm there will be considerable destruction before the rebuilding can begin. To quote Hugo: “There is one thing stronger than all the armies in the world, and that is an idea whose time has come.” Compliance or anarchy; you choose.


Compliance equation

Going forward we anticipate the need for many more compliance professionals across a wide array of disciplines. This remains true despite any administration's desire to reduce regulations. The Compliance Equation® (depicted by the graphic to the left) is found in many of our products as an example of three things that a stakeholder needs to have for each compliance requirement, to wit: (1) a Policy; (2) a Process that underpins the Policy; and (3) the ability to track Process Results. If you have all 3 things for a respective requirement, then you have visible, demonstrable evidence ("VDE") for that requirement. If you have VDE for all requirements in a given compliance regime, then  you are, by definition, compliant with that regime. There is simply no way that cybersecurity compliance regimes (e.g. similar to HIPAA and GDPR) are going to disappear any time soon. In fact, they are likely to grow in importance as we  continue to embrace the 24/7 online world that we all now inhabit.

Regulations are how we apply normative principles to the intractable problems that we confront (e.g. on Wall Street, the environment, in healthcare, the law, government, etc.). Show me a Nation, State, City and/or Community that does not self-regulate and I will show a body politic that is drifting into chaos.

It is not a question of having more or less regulations but rather smarter and more just regulations.  It should go without saying that people of good conscious everywhere do not want to leave a world ruled by anarchy for their children and grandchildren.

The little anarchy that we have experienced in the past fifty years pales in comparison to what may ensue if we do not find a way to regulate the unsustainable paths that we are now embarked upon vis-a-vis lack of cybersecurity protection.



As a Healthcare Technology vendor we found ourselves with little direction attempting to learn and comply with HIPAA and HITECH regulations. The overhead of learning and implementing needed policies and procedures was so detrimental to our internal efficiency and service delivery that we had to discontinue service for a major share of our client base just to concentrate on HIPAA regulations. We have since found the HIPAA Survival Guide and signed up for their Subscription Plan. With the help and guidance provided by HSG, we have now returned our focus to what we do best. In the past 6 months our company has increased knowledge, literature, and direction as well as record revenue by 421%. Thank You HSG, we couldn’t have done it without you!” -Wiles Tech    See More Testimonials...