1. Field of the Invention
The present invention pertains to the field of rule-base compliance, certification, and risk mitigation and loss prevention, as it relates to rules of authoritative bodies to which one or more entities are, may be, are believed to be or have agreed to be subject.
2. Discussion of the Prior Art
Society is governed by rules of its governmental and non-governmental authoritative bodies to which its people, businesses, institutions and other entities are subject. Given the rudiments of society, that will not change.
Examples of governmental and non-governmental authoritative bodies include, but are not limited to the entities to which one or more of society's entities are, may be, are believed to be or have agreed, such as their federal/national, state/commonwealth/territorial, local and governments, departments, agencies, commissions, divisions, courts, tribunals, offices and other entities; international unions, tribunals and other international entities; professional and other associations; joint and other commissions; certification and accreditation bodies; quasi-governmental bodies and entities; standards boards and other related entities; their insurers, re-insurers, financial institutions and related entities; for- and non-profit corporation compliance, rule-making, risk mitigation and loss prevention departments, divisions, offices, officials and bodies; and so forth.
Examples of rules promulgated, enforced, by or otherwise of such governmental and non-governmental authoritative bodies include, but are not limited to, the many different types of rules to which one or more entities are, may be, believe are or have agreed to be subject, such as statutes, regulations, common, civil and other laws; conditions of participation; survey, certification and enforcement requirements; accreditation standards and requirements; legal and other professional ethical rules and disciplinary requirements; rules of criminal, civil, and administrative procedure; evidence-base medicine and other evidence-base protocols in other/related disciplines; sentencing guidelines; rules relating to malpractice rate increases, adjustments and other related determinations; rules of financial, educational and other institutions; requirements contained in contracts, agreements, memoranda of understanding, engagement and other documents involving two or more entities; internal policies, procedures, protocols and other rules and requirements; requirements and provisions of bylaws, operating agreements; rules, requirements and requested information to complete applications, forms, filing and other documents; and so forth.
However, what has changed, and continues to change, is the manner in which rules of society rules are, and continue to be, defined, applied and enforced. Notably, significantly, and increasingly, society, its governmental and non-governmental authoritative bodies and its entities are seemingly becoming less reliant upon rules whose existence, foundation and credibility are inextricably linked or entwined with the ability and resources of their respective governmental or non-governmental authoritative bodies to find, prosecute and punish violators based on specific instances of volitional acts.
Society, instead, appears to be placing, and continues to place, increased reliance upon governmental and non-governmental authoritative bodies and their rules that assess, evaluate monitor or otherwise determine the status of entities based on the entities' initial and continued pattern of adherence, compliance, certification, mitigation against risk or loss prevention in a particular area. As such, greater responsibilities are being placed on entities to police, regulate, assess and monitor themselves relative to a particular area or topic.
In the United States, alone, recent examples of this rule-base evolution abound. With respect to governmental authoritative bodies, they include, but are not limited to: Sarbanes-Oxley compliance requirements on publicly-traded companies; compliance standards and implementation specifications of the Health Insurance Portability and Accountability Act (“HIPAA”); the recent efforts of the United States Office of Inspector General (“OIG”) for the United States Department of Health and Human Services (“HHS”) relative to compliance guidance on health care institutions, providers and other entities; HHS Centers for Medicare and Medicaid Services survey, certification and enforcement efforts relative to skilled nursing facilities (“SNFs”) and nursing facilities (“NFs”); other federal Medicare and federal and State Medicaid conditions of participation, compliance and other rules and requirements; rule-base provisions and requirements for Medicare-related prescription drug coverage and benefits; United States Department of Labor (“DOL”) compliance program requirements, dictates and efforts relating to employers, health and welfare benefits sponsors and other entities; United States Department of Defense (“DOD”) activities that continue to impose corporate integrity and compliance program requirements on contractors and other entities affiliated or associated with DOD functions; previous and most recent federal regulations by the HHS relative to physician anti-referral regulations (Stark I and, recently, final regulations on Stark II); other federal government corporate integrity agreement and compliance program initiatives; and so forth.
With respect to non-governmental authoritative bodies, the trend continues relative to such organizations, practices and approaches, such as Six Sigma; accreditation standards, requirements, certification, efforts and activities of such entities as the Joint Commission on the Accreditation of Health Care Organizations, the National Committee for Quality Assurance, the American Accreditation Healthcare Commission, the Accreditation Association for Ambulatory Health Care, ISO 9000, the Capability Maturity Model for software development/information technology, Underwriters Laboratory, Inc., and others; medical, health care, and other professional best practices, guidance and evidence-based protocols; and so forth.
Consequently, ever-increasing demands are being placed on entities to assess, monitor, structure, organize, document, track, show, prove, establish or otherwise take action relative to its comprehension, commitment, adherence, compliance, risk mitigation and loss prevention with respect to numerous rules in numerous areas and relating to numerous topics. So, too, the governmental and non-governmental authoritative bodies increasingly are finding the need for a uniform, cohesive, structured and user-friendly system and method to facilitate and carry out their enforcement, oversight and compliance-related activities and efforts relative to the rules under their respective jurisdictions.
Looking, alone, at American businesses relative to federal regulations, the costs to entities meeting their federal rule-base compliance demands are staggering. According to a recent United States Small Business Association (“SBA”) study, “[t]o comply with federal regulations, Americans spent $843,000,000,000.00 ($843 billion) in 2000.” This is equivalent to eight percent (8%) of the gross domestic product (“GDP”); roughly $5,000 per each American employee; and $8,164 per each American household. In terms of burden to the America's workforce, the federal regulatory compliance paperwork burden is estimated at 6,600,000,000 (6.6 billion) hours per year.
Perhaps, what is more telling is the monies, resources and time that the above statistical accounting for American businesses does not include—namely, the other hundreds of billions, indeed trillions, of other dollars, hours and other resources spent each year in the United States and other nations and countries relative to rule-base compliance, certification, risk mitigation and/or loss prevention. Hereinafter, the use of the term or phrase, “rule-base compliance, certification, risk mitigation and/or loss prevention” shall be referred to as “rule-base compliance” or, simply, “compliance”.
In many respects, this society's expenditures of time, monies and resources for rule-base compliance appear to be substantially driven by current inefficiencies that exist in the fields for which this within invention applies.
Currently, entities may enter into a time- or product/deliverable-limited contracts or engagements with outside professional law or other firms, services, individuals or other resources to address a particular segment, fragment or portion of their respective rule-base compliance environment. A typical example of such arrangements include, but is not limited to, when entities engage outside resources to draft or complete a particular standard, policy, procedure, protocol, agreement, form, application or other document. Once that task is done, the contract or engagement is concluded. What is more, such an engagement often times is extremely costly or, in some cases, prohibitively expensive to prevent entities from comprehensively or taking a more macrocosmic approach to dealing with other rules to which they are subject.
Alternatively, entities may contract or otherwise engage outside resources on a retainer or other continued basis. However, unless such retained outside resources are periodically/regularly on-site, at the entities' respective locations, such outside resources generally are “on call” to address a particular segment, fragment or portion of the respective entities' rule-base compliance. Again, such engagements are often-times costly and, in some cases, prohibitively expensive.
In either case, entities may also require significant time expenditures on their part, and often must do so at the convenience of the outside firms, services or individuals. Such working relationships are thus often not performed as efficiently as possible, especially if the outside firms, professionals or individuals are not in-house. So, too, such engagements may result in the actual or perceived loss of certain business independence on the part of the respective entities, potentially causing them to give over ownership of their rule-base compliance efforts, including even as to minute changes or alterations to or relative to such efforts at any given time.
In other cases, entities may budget or otherwise expend monies and resources to employ or otherwise delegate individuals, “in-house”, to address their rule-base compliance efforts. Typical examples of such arrangements include, but are not limited to, internal legal departments or in-house counsel; when entities appoint internal individuals to handle matters relating to compliance; training and education specialists or departments; and/or other subject matter experts/individuals to address the entities' rule-base compliance environment. Still, without the employment and utilization of a standardized compliance system and method, such in-house persons are unable to continually ensure that its rule-base compliance needs are being met or continually managed.
At other times, entities may hold, attend, participate, carry out or otherwise become involved in training and education seminars, workgroups, roundtables, workshops, presentations, conferences, conference calls, internet/webcasts or other forums to learn about what they must or may need to do to become and stay compliant with various rule-bases.
In any event, and with respect to all cases cited above, it is often difficult for entities—or, for that matter, firms, services or individuals hired or otherwise engaged by the entities—to appropriately organize, track, retain, maintain or otherwise manage the compliance efforts of the entities, whether on paper or electronically, or in a manner consistent with the rule-bases to which they are subject.
Today, also, entities may budget or otherwise expend monies and resources to purchase certain computer/software products, packages, tools or other technology resources. Notwithstanding, such technology currently being budgeted or purchased by entities does not provide the same functionality to such entities as the system and method, as outlined, described, summarized and detailed as this invention, to facilitate, carry out, oversee or otherwise manage their compliance efforts or status. Among other things, current technology tends to require that entities already know the basic constructs of their rule-base compliance identity, for such technology to be of any utility to the entities. In addition, current technology only allows entities to profile and ascertain their rule-base compliance identity one rule at a time, as opposed to allowing entities to profile themselves relative to one or more rules at a time.
Further, technology currently used by entities does not allow the entities to conduct initial and ongoing compliance that takes into account their respective rule-base identity at any given time. In addition, even based on that rule-base identity, often the entities are not provided an assessment as to whether and, if so, how and/or to what extent a particular rule-base applies or does not apply. Because the entities are not provided an adequate assessment, the entities often may not have the complete and proper compliance documents and other resources, such as, for example, tools and resources to audit and monitor or otherwise assess their rule-base compliance status; tools and resources to address their compliance needs or desires relative to particular and specific parties, instances, events or circumstances; training and education materials specifically generated; and a means to store and archive compliance documents, records and related materials on an ongoing basis. Similar issues arise when the entity is an outside firm engaged to facilitate another entity's compliance efforts, and/or when the entity is an authoritative body examining the compliance efforts of another entity with regard to the authoritative body's rule-base.
For example, current technology may only permit entities to address disjunctive portions or parts of their rule-base needs—for example, the development of policies and procedures, but not training and education and assessment or monitoring.
In the meantime, while entities struggle with their rule-base compliance efforts and status, so, too, are governmental and non-governmental authoritative bodies whose charge or jurisdiction it is to enforce or otherwise oversee or monitor compliance with such rules. Currently, for examples, such bodies may use generic survey, certification, enforcement, compliance detection, auditing, monitoring, assessment inspection, quality assurance, quality improvement, performance improvement or other tools or resources to evaluate the level, degree and/or extent of rule-base compliance or non-compliance with a particular rule-base or set of rule-bases. So, too, they might offer certain technical assistance summaries, information, briefs, reports, guides, answers to “frequently asked questions”, documents, tools and other resources to assist entities to address its rule-base compliance environment.
Thus, what is desired is a system and method for ensuring compliance, whether the entity examining compliance with a rule-base is one that is subject to the rule-base, one that is assisting rule-base compliance for another that is subject to a rule-base, and/or an authoritative body over-seeing compliance of its own rule-base by those subject to the rule-base.