Need a SWOT Analysis$$ for this policy.

Policy:

C$.$ Non$-$Retaliation. Staff should report concerns to the compliance program without fear

of retaliation.

D$.$ Glossary of Defined Terms. All capitalized terms have the meanings defined in these

policies & procedures or in the Glossary attached as Appendix A$.$

IV$.$ Corporate Compliance Requirements

A$.$ Code of Conduct. The Code of Conduct can be found on the company$$s intranet.

B$.$ No Gifts to or Influence Over Government Officials. All staff are prohibited from

offering or giving any Gift to an employee or agent of a Federal, State, or local

government agency because of that individual$$s position with the government.

C$.$ Use and Disclosure of Protected Health Information. The Health Insurance Portability

and Accountability Act of $1996($HIPAA$)$ is a federal law that was enacted to protect the

privacy and security of an individual's Protected Health Information $($PHI$).$ Under

HIPAA, the company is obligated as a Business Associate and Researcher to maintain

the security and confidentiality of the PHI it maintains in its operations.

V$.$ Compliance Officer

A$.$ Responsibilities of the Compliance Officer. The Compliance Officer is responsible for

responsible for:

$1.$ Serving as the Chair of the Internal Compliance Committee.

$1.$ Monitoring the Reporting Hotline.

$2.$ Report suspected violations.

VI$.$ Employee Education and Training

A$.$ Training Program. The company will train all members of its Workforce in their

obligations under these policies & procedures as part of the Corporate Compliance

Program. Attendance at compliance training sessions and$/$or completion of compliance

education courses are mandatory for all members of the Workforce and are considered a

condition of employment. Compliance training shall include at minimum topics to be

defined by the training manager.

B$.$ Training Methods. The training program may include both general corporate

compliance training and training that is designed to be role$-$specific for certain segments

of the company$$s Workforce. Training activities may include, but not be limited to$,$

participation in in$-$house training programs offered by staff, viewing educational videos,

participation in online educational programs, and attendance at department meetings.

VII. Reporting Complaints and Suspected Violations

A$.$ Confidentiality. THE COMPANY is committed to maintaining the confidentiality of all

individuals who report a suspected violation to the maximum extent possible. The

identity of the reporting individual will be limited to the extent possible to those who need to know as part of a thorough and objective investigation of the report. THE

COMPANY will also protect the identity of any individual alleged to have committed a

violation to the extent possible as part of a thorough and objective investigation of the

allegation against the individual.

B$.$ Good Faith by Individuals. The Compliance Officer will use best efforts to protect the

rights and reputation of all individuals, including those persons alleged to have

committed a violation and those who have made the allegation or provided information

regarding the allegation in good faith. Following Federal regulations, $$good

faith$$ means having a belief in the truth of one$$s allegation or testimony that a

a reasonable person in the individual$$s position could have based on the information

known to that individual at that time. An allegation is not in good faith if made with

knowing or reckless disregard for information that would negate the allegation or

testimony.

VIII. Investigations and Prevention

A$.$ Internal Investigations. The Compliance Officer shall investigate all reports of

suspected violations and shall determine the disposition, including any reporting

obligations to third parties, including a law enforcement authority, or other funding

agency.

B$.$ Investigation Plan. The Compliance Officer shall develop an investigation plan based

on the nature of the suspected violation. The investigation plan shall identify the affected

areas, operations, and activities identify relevant persons to be interviewed, and

develop a process for reporting findings and recommendations for the course of action

by those assisting in the investigation.

C$.$ Investigation Reports. The Compliance Officer shall prepare a summary report of the

investigation, including the facts of the reported activity, a summary of all interviews and

documents reviewed, and all mitigation steps taken upon discovery of the suspected

violation, if applicable. The compliance officer shall also report updates on ongoing

investigations to the Corporate Compliance Committee of the Board of Directors on not

less than a monthly basis, or more frequently if needed based on the nature of the

investigation. The Board of Directors will be updated every quarter on the status

of any investigations, or more frequently if needed based on the nature of the

investigation