Compliance Perspectives

By Adam Turteltaub Regina Gurvich, Chief Compliance & Risk Officer for Omni Opthalmic Management Consultants knows from first-hand experience that it’s not always easy for compliance officers to stay motivated. There is often a strong headwind, and sometimes a brick wall. To stay motivated she advises focusing on getting your voice heard, staying true to yourself and finding enjoyment in what you to do a daily basis. For her, that begins with clinging to her idealism and the belief that few people wake up in the morning looking to do the wrong thing. Focus, she advises, on the fact that for many people the right thing just isn’t clear enough.  Think about ways to educate them and look to do so on a continuous basis. Encourage them not to just know what the law is but understand what it means and how to operationalize it. Also, grab onto your natural curiosity. Take the time to learn as much as you can about the business and how people go about doing their jobs. Understand where the money comes from and wh

By Adam Turteltaub ChatGPT is, like the movie title, seemingly everywhere, all the time, and all at once. Individuals and corporations have rushed to embrace it, sometimes with great results, other times, not so much. For better or worse, ChatGPT and other AI-driven solutions are here to stay, and with it comes a host of new risks to manage. In this podcast, Lauren Kornutick, Director Analyst, Legal and Compliance at Gartner shares the findings of recent research the firm conducted on ChatGPT. They found several risks for compliance teams to focus on: Fabricated and inaccurate answers. As with the case of the lawyer linked to above, ChatGPT sometimes make things up because it was trained on inaccurate material of it was unable to understand the context of the question. IP Risks. Employees may not understand that once data is put into an open source tool it becomes part of the public domain. That means more training on how to protect IP in the new AI era. Often the data set used to train the AI relie

By Adam Turteltaub For the cynical, business ethics, itself, is a myth. For those of us in the profession, we know it is not. Still, that doesn’t mean that certain urban myths don’t arise. Matej Drascek (LinkedIn), in this provocative podcast, and in an article from Compliance and Ethics Professional® (CEP) magazine, argues that there are, in fact, a number of them. They are: Myth 1: The code of conduct supports ethical behavior. Myth 2: The compliance program helps the organization become more ethical. Myth 3: Whistleblowing tools reduce the risk of unethical behavior. Myth 4: More training in ethics is better. Myth 5: Individual “unethical” characters can be curbed with the right controls. Myth 6: Goals related to ethics or compliance help people behave more ethically. Sound more like truths than myths? As you will hear, his comments are more warnings about the complacency traps that can arise. For example, we may think a code of conduct is helpful, but if it’s read once and then forgotten,

By Adam Turteltaub The excitement over Artificial Intelligence (AI) is often met with concerns about its negative potential. That’s especially true in healthcare where the potential gains are met by the principled and practical requirements of protecting patient data. Anitha Vittal, Head, Risk and Compliance, Providence Global Center in India tackles the topic head on in this podcast. She sees AI as having great potential to revolutionize research, diagnosis and treatment, if we can successfully create guardrails for its responsible use. To do so, she recommends focusing on the risks. The big ones are: Data protection and security. AI requires huge amounts of data, which raises potential privacy concerns. If the data is biased, then the output will be as well. Transparency and Accountability. It can be very difficult to understand AI systems. That’s why it’s essential to bring transparency and accountability into the process. Compliance teams also need to be educators, helping the AI team and busin

By Adam Turteltaub Stephen Paskoff, the President and CEO of ELI, believes that we need to think about compliance training differently.  Instead of it being about communicating information, it needs to be about cultivating a culture of compliance and activating organizational values. So how do we get there? He recommends focusing on education designed to be retained and applied by the learner. To do that you need to be clear not on just what the standards are but also why they are important. As importantly, the training can’t stand alone. It has to be linked to broader initiatives and relevant to employees. Even if employees don’t get every nuance of the law or regulation, they have to have a sense of what is right and wrong and be reassured that they will be welcomed if they speak up and raise a concern. Getting to that point requires making compliance as normal a part of the dialog as discussing sales, manufacturing and other issues. Organizations need to stop treating compliance as something separate a

By Adam Turteltaub Our colleagues expect to be treated like adults, and that should include the compliance training we assign them. CJ Wolf, a professor at Brigham Young University-Idaho and founder of Codermedschool.com, explains we need to embrace adult learning theory, which recognizes that adults learn differently than children. Making mistakes, for example, is particularly powerful. Good compliance training, consequently, should be less about telling them what they need to know and more about providing them with an opportunity to work through scenarios and make their errors in a safe classroom setting rather than out in the real world. He shares a host of similar good advice in this podcast and in the SCCE Creating Effective Compliance Training Workshop. Click below to hear other do’s and don’ts to make your training more relevant: Do assess the effectiveness of the training. Be sure to include testing. Don’t assess the effectiveness just once. See what employees remember several months later.

By Adam Turteltaub Contract lifecycle management has grown to be an increasingly critical issue for healthcare providers. Staffing issues, shrinking margins and changing regulatory requirements are all adding to the challenge, report David Paschall, CEO, and Stephanie Haywood, SVP of Sales and Client Engagement at Ntracts. Pursuing a contract lifecycle management strategy, they report, can help alleviate these issues by reducing the number of days a contract spends being reviewed, increase transparency and help the organization adopt standardized language and processes to ensure greater adherence to internal policies. It can also reduce the number of contracts that get auto renewed by mistake, are not renewed when they should be or overlap needlessly with other agreements. Listen in to learn more about how adopting a contract lifecycle management strategy can bring greater efficiency and a host of other benefits to your organization.

By Adam Turteltaub For years Caremark has set the standard for expectations for board members. The notable Delaware case made clear that boards should exercise reasonable care in overseeing an organization. In practice that includes obtaining information about the organization’s compliance efforts and responding when signs of potential violations are found. As Jay Cohen, of counsel at the law firm Giordano, Halleran & Ciesla, PC explains, now a new decision (In re McDonald’s Corporation Stockholder Derivative Litigation) extends that same duty of oversight to corporate officers within their area of expertise. This significantly raises the bar for executives when it comes to ensuring the organization is operating in a compliant manner. Perhaps even more significantly, only two executives at a corporation – the CEO and Chief Compliance Officer – are expected to exercise oversight throughout the entire organization. This, he argues, has the impact of increasing both the scope and importance of the compliance

By Adam Turteltaub You really should listen to this podcast. That’s my advice. If you do you’ll hear Scott Garland, Managing Director, Sanctions, Cyber, Fraud and Ethics Compliance & Monitoring at Affiliated Monitors give better advice on giving advice. He begins by advising a bit of humility: remember that having a quick and ready answer is not always best. You are likely the newest person to learn about the problem and least familiar with it. As a result, you need to take the time to learn and determine not just what the immediate problem is but also what the situation as a whole is. Don’t be afraid to ask others to slow down to ensure you understand things completely. Then, make sure you get the facts and context right. Be sure, too, to identify assumptions being made by the advice seekers to ensure that they are correct. They may not be. Once you have that information and the goal that the advice seekers have in mind, as well as what they see as the ideal outcome, then it is time to give advice. Whe

By Adam Turteltaub Jay Mumford is a long-time compliance veteran and Senior Global Compliance Manager at Bio-Rad Laboratories. There he developed an approach he calls MTR, which stands for Metrics, Targets and Response Plans. It’s an approach, he explains, based on ideas from the quality movement. At its heart, MTR recognizes that whatever the compliance process may be, there is a need to manage at scale. To do so, you need standards and measurements, targets, and response plans in case you miss those targets. An MTR approach, because it is disciplined and focused on goals, helps avoid a whack-a-mole approach to compliance. It enables building your program in repeatable ways, whether that’s training or, as was the case for him with document retention, ensuring that all the documents are both accounted for an not retained unnecessarily. In this podcast he explains how MTR has worked in practice and the technology tools available to compliance teams, typically at no cost, to help them take an MTR approach.

By Adam Turteltaub Over the last decade private equity has discovered healthcare, and with that discovery has come a rush of money and compliance nightmares.  Valerie Rock (LinkedIn), Principal, and Kristen Lilly-Davidson (LinkedIn), Consulting Senior Manager, at PYA explain that there has also come a growing awareness of the importance of compliance due diligence. Five to seven years ago, they explain, private equity (PE) firms were focused on business valuations and financial reviews.  Over the years, though, they have learned to appreciate the importance of compliance and coding reviews, including clinical compliance.  The shift was the result of too many instances of finding significant non-compliance issues post-acquisition.  These, of course, can be very expensive. Firms today need to take the time to do site reviews to examine everything from the culture to the business practices to the condition of the building to the devices used.  Often paperwork doesn’t match what actual practices are, and a dys

By Adam Turteltaub Non-compete agreements may soon be going the way of the dodo. The FTC just concluded its public comment period for its plan to eliminate them in most cases, and new rules are expected to be released later this year. Already, though, many states have restricted these agreements. In this podcast, and in his article in Compliance & Ethics Professional, John Gardiner of Bodman explains that the new FTC rule was designed to counter agreements that many felt were overly broad and restricted the ability of employees to find gainful employment elsewhere. The agreements also raised antitrust concerns since they could stifle competition; the FTC saw behavior among employers that appeared to them to keep employees from finding work elsewhere. The new rule could change that, greatly narrowing when a non-compete agreement could be enforced. It also means that non-disparagement and non-disclosure agreements that could have the same chilling effect on employment changes will likely fall on the wrong si

By Adam Turteltaub The U.S. Department of Justice (DOJ) Criminal Division Evaluation of Corporate Compliance Programs document was updated in March 2023. Since then compliance teams and the broader compliance community have examined it closely, searching to better understand the government’s expectations. Gaurav Kapoor, co-CEO and co-founder of MetricStream, sees an overarching key message to the update: The DOJ expects organizations to have a well-designed compliance, ethics and risk program and, with it, the ability to closely evaluate and monitor its effectiveness. The bar has definitely been raised. So what should the compliance team do? First, to his reading, the DOJ is encouraging organizations to follow connected, holistic approaches to compliance programs. Second, how you train and communicate must be well organized and integrated into business processes. Third, third-party risk must be scrutinized and the interconnectedness with the business must be made more visible. As for boards, they need to

By Adam Turteltaub These days, the term “blockchain” is no longer novel. Yet, many still struggle to understand what exactly it is and what implications, if any, it may have for a compliance program. Segev Shani (LinkedIn), Chief Compliance & Regulatory Officer at Neopharm explains that it is more than the tool underlying cryptocurrency. Blockchain is a technology in which data is stored in blocks, and once that block is full, another one is formed, creating a chain. This data is not held in one place but is distributed on multiple servers, which ensures that it cannot be improperly manipulated. When it comes to privacy, though, there is a privacy-blockchain paradox. While the security of the data is protected via blockchain, the data, itself, cannot be deleted. So, should compliance teams simply say “no” to using blockchain with personal data? According to Segev, not necessarily. A growing number of tools have been developed to manage this issue, including the ability for a data subject to turn their dat

By Adam Turteltaub Ah, social media. The cause of so much joy and pain, both for individuals and organizations. For compliance teams it can be a breeding ground for breaches, particularly in healthcare where HIPAA violations and social media tend to go hand in hand. Pinnacle Healthcare Consulting’s Sheila Limmorth tackled the issue of social media and compliance in the latest edition of the Complete Healthcare Compliance Manual and does so in this podcast. Some issues, such as a worker posting a photo with a patient, persist. Often innocent, these breaches are nonetheless serious. It’s the reason why ongoing training is necessary. A new worker coming, for example, out of fast food probably is unaware of the restrictions of HIPAA. Even veteran staff may lose track of the rules, and the marketing team may not realize that the testimonial they want to run still requires a signed consent form from the patient. In addition, the rapid turnover in healthcare workers means that if you have training on an annual c

By Adam Turteltaub For all the talk of tone at the top, the reality is that few employees report to the top. Virtually all report to a manager somewhere in the middle, and it’s the tone that leader sets that is often most important. Susan Du Becker, Director Risk & Compliance at Microsoft believes that compliance teams need to focus on managing from the middle and getting this important level of the organization on board. So how do you get these managers to work with you? How do you earn their commitment to help, especially in risk areas like privacy and anticorruption? For her, it’s about being inventive and thinking about how you can get them to drive compliance rather than you. To do that, she looks for the key influencers who can serve as champions for the program. They can go upstream or downstream and will help carry the message. Gaining the support of these people requires some effort, she reports. You have to sell them on your vision and let them know that it is to their benefit to further it. If,

By Adam Turteltaub Most of the time people look at the termination of a problematic employee as solving a problem. Bob Woolverton of Top Tier Leadership Training believes that thinking is a mistake. As he points out in this podcast, it’s not an end point. Instead, it’s the time to start, if you haven’t already, assessing how the organization got to this point. The employee’s supervisor was responsible for ensuring the worker’s success and safeguarding his or her welfare. The termination begs several questions the manager should be asking: What should or could I have done to prevent this from happening? What is my culpability? If it’s a policy violation, am I certain the employee understood the policy, or did we just have him/her sign off? Did the policy not make sense in this environment? Was there an opportunity for misapprehension or misapplication? The bottom line it is the time to start a reassessment process. On an ongoing basis he recommends organizations’ managers take a “rudder tap” app

By Adam Turteltaub With the proliferation of sanctions in the wake of the war in Ukraine and more focus on responsible sourcing, trade compliance has grown exponentially in complexity. It has also become less of a compliance silo and become more integrated with other compliance efforts. To understand the state of trade compliance we sat down with Lindsay Bernsen Wardlaw (LinkedIn), Director, Trade Advisory Services, Amalie Trade Compliance, who outlined the four areas of trade compliance: sanctions, export controls, antiboycott and customs. Each has great complexity, and there’s much more than Russian sanctions to worry about. Restrictions on importing goods manufactured by forced labor have increased dramatically with the passage of the Uyghur Forced Labor Prevention Act that presumes good sourced from the Xinjiang region of China were made with forced labor. The law has real teeth, she explains. Of the approximately 3,000 shipments stopped under the law, none have been released because they were able to

By Adam Turteltaub Compliance teams have long advocated for building more trust in the workplace. That is good idea for the corporate culture, but, counsels Sese Bennett, a virtual CISO for CereCore Advisory Services, going the exact opposite way may be better for your IT security. There he advocates organization never trust and always verify. So, what is a zero trust approach? It assumes that just because someone has logged in to your system doesn’t mean that person is who he says he is or that she can access the entire system. In practice that means carefully controlling access both into the network and within it. It means preventing people from accessing a low value part of the network and giving that person access to higher value servers. It means having a system that knows an individual doesn’t, say, normally login from Pakistan at 4:00 in the morning. It monitors sudden changes of usage. Importantly, he explains, a zero trust approach is not necessarily intrusive. Users won’t be forced to login repea

By Adam Turteltaub When discussing AI around compliance professionals these days you can instantly feel the tension. AI, for all its promise, has proven to be a bit of a compliance and ethics nightmare. Stories abound of AI embracing redlining and other discriminatory practices. Anthony “Ant” Stevens, CEO and Founder of Melbourne, Australia-based 6Clicks sees opportunities, though, for putting AI to work for your compliance program. It has the potential, he believes, to streamline activities, better tie policies to the underlying legal requirements and enable compliance teams to better understand the overlap of similar laws around the world. In this podcast he explains how the technology can help compliance operations, particularly ChatGPT. He also makes clear that there are limits to AI. A human element remains important for ensuring that what AI says makes sense, both on its face and for your workplace. Listen in to learn more about how AI can stop being the stuff of a compliance professional’s nightma