Compliance and Privacy

Compliance with regulations applicable to our industry is paramount at Hodges, Avrutis & Foeller.

As such, our compliance management system (CMS) addresses the requirements stated in the seven regulations applicable to our industry as well as allows flexibility for revisions based on recent legislation or case law interpretations. Our CMS,

  • Ensures regulatory requirements are incorporated into our business policies, processes, and procedures
  • Prescribes the necessary training for our employees to ensure they understand their responsibilities for compliance with the regulations
  • Incorporates internal audits of policies, procedures, and processes
  • Tracks consumer complaints, responses, and follow-up actions
  • Includes corrective actions for internal and external audit findings

Our Firm attorneys

provide the leadership of the CMS with clear expectations for employees and third-party vendors regarding compliance, audit findings, and corrective actions. The Firm uses both an internal compliance officer and outsourced compliance officer to administer and report on the CMS. The internal compliance officer provides the “finger on the pulse” perspective while the outsourced compliance officer provides the “industry standard and best practices” perspective. The team of compliance officers,

  • Develop and maintain compliance policies, procedures, and processes
  • Administers and tracks employee training
  • Assesses emerging issues or potential liabilities
  • Reports compliance activities and audit review findings to Firm attorneys
  • Ensures corrective action measures are completed and documented

Our CMS program incorporates more than 50 written policies, procedures and processes managed in an electronic controlled document repository. Additionally, CMS monitoring and trending activities are maintained electronically. Our CMS will prevent regulatory violations, provide cost efficiencies and reduce business risk for all our clients.


Equal to the CMS, the Firm is diligent about managing data security and privacy for our clients. Our system encompasses a combination of physical, electronic, and administrative controls to prevent any loss of privacy in our client data.

Physical Controls

  • Secure access on all ingress/egress points
  • Secure access between public waiting areas and non-public Firm offices
  • Secure access to file rooms and server rooms
  • Use of closed circuit monitoring throughout office

Electronic Controls

  • Use of secure data transers (e.g. Syncplicity, YGC, etc.)
  • Use of secure offsite back-up for encrypted data
  • Use of firewalls
  • Continuous scanning for viruses and malware
  • Employee and third-party internet site access restrictions
  • Frequent security integrity scans
  • Maintenance of security patch updates
  • All incoming claims data is managed electronically, only (no new hardcopy files)

Administrative Controls

  • Prohibition of cell phones in the office (except attorneys)
  • Attorney approvals for any use of removable media by employees and third-party vendors
  • New user security policy
  • Security integrity policy
  • Clean desk policy Security policy (including visitor policy)
  • Document retention and purging policy