Compliance Perspectives

By Adam Turteltaub Business transformations can be times both of risk and opportunity for compliance programs. Employees, struggling to understand the changes around them and feeling stressed, may opt to do the wrong or at least ill-advised things. By the same token, transformations provide an opportunity for compliance teams to change their roles within the organization and redefine the value that they bring. Jill Swain, Global Ethics Manager and Dawn Wood, Engagement, Training and Programme Manager at Rolls-Royce went through a major business transformation and will be sharing their insights from that experience in a session at the 2025 SCCE European Compliance & Ethics Institute. In this podcast they share an abbreviated version of the journey and lessons taken from it. Rolls-Royce, as it transformed itself, wanted employees to understand that ethics and compliance are a part of “winning right” and helping the companies achieve its goals. The compliance teams met the challenge by embarking on several initiatives, both broad and narrow. They: Conducted a Win Right Week Identified the need for ensuring that conflicts of interest were reviewed when reporting lines changed Helped employees understand common dilemmas and how to resolve them Became an integral part of the employee hub to make it easier to access information and ask questions Rolled out a new third party risk management platform In sum, it was a transformation both of the organization and the compliance program within it. Listen in to learn more about what they did and learned through a period of corporate transformation.  Then, join them at the 2025 SCCE European Compliance & Ethics Institute. Listen now Sponsored by Bluesight, providing industry-leading privacy monitoring with fast, reliable patient data violation detection.

By Adam Turteltaub Oh, Artificial Intelligence. So much promise, and so much risk. What’s a compliance and ethics professional to do? Start by listening to this podcast about the chapter “Managing the Ethics and Compliance Risks of Artificial Intelligence” in the 2025 edition of The Complete Compliance & Ethics Manual. We spoke with the article’s co-authors, Gwen Hassan (chief compliance officer at Unisys), Dr. Anthony J. Rhem (CEO and principal consultant at A.J. Rhem & Associates), and Patrick Henz (special advisor for compliance, Latin America, for Mitsubishi Heavy Industries Americas). They explain that when we speak of AI we aren’t talking about one technology but a wide range of them. Generative Ai may be getting the most attention but there is also natural language processing, neural networks, expert systems, machine learning and many more. As a result, compliance teams need to understand what form of AI is being used at their organization. When it comes to legal and regulatory frameworks to serve as guidance, it is probably best to look to Europe, which has taken a much more active approach than the US. The United States has just a patchwork of state laws. On the federal level, an executive order from the previous administration has been rescinded by the current one, leaving no national guidance. Despite the legal vacuum, there ae still risks such as bias to manage. As a result organizations need to have clear guidance on what AI can and cannot be used for. There should also be a risk assessment framework that includes: Assessing the data risk Understanding the model Assessing cybersecurity and compliance risk Evaluating ethical risk Continuous monitoring and updating Listen in to learn more about how to manage the possibilities and risks of AI. Then be sure to check out the 2025 edition of The Complete Compliance & Ethics Manual. Listen now Sponsored by Bluesight, providing industry-leading privacy monitoring with fast, reliable patient data violation detection.

By Adam Turteltaub Sometimes you make a few technical changes to a compliance program  because a law or regulation has changed. Autoliv didn’t want to do that and just meet technical requirement of the EU Whistleblower Directive. They wanted to use it as an opportunity to assess what they were doing to encourage employee reporting, whether it was working, and to improve support for people speaking up. Erica Wikman, Vice President, Corporate Compliance, Autoliv and David Barr (LinkedIn), co-founder of Campbell Barr, tells us in this podcast that they shared a vision of moving away from just whistleblowing. Research showed it can have negative connotations.  In addition, whistleblowing tended to be interpreted narrowly, with tremendous variations by region. They also found a fear of either retaliation or that nothing would be done. So, the Autoliv compliance team began to think more broadly and encourage people not just to speak up when they saw a potential compliance issue but also when they saw something positive in the organization or just wanted to express gratitude. Along with that change of scope, they decided to open the lines of communication and encourage employees to bring their concerns and praise wherever they were most comfortable. To make it work they reached out to HR, manufacturing, quality and the health and safety team. Together these groups identified similar needs and dialogue and a willingness of leadership in those areas to come up with a common, welcoming approach to speaking up. By making speaking up more natural and a part of the business dialogue, they were able to lower the barrier to raising issues and turn perceptions around. A potential negative had become a positive. Listen in to learn more about what they did and how you could change the entire atmosphere around speaking up. Listen now Sponsored by Bluesight, providing industry-leading privacy monitoring with fast, reliable patient data violation detection.

By Adam Turteltaub So the IT folk can’t wait for your business people to delete those old documents, meantime, the business people want to hold onto them because they never know when they might need that info again. Then, all of a sudden there’s a legal issue and a hold is in place. Instantly the game changes. Chris Kruse, Executive Vice President & Advisor at CasePoint explains that when a legal hold is placed several things need to happen: Employees with relevant need to be identified They need to be placed on notice of the obligation to preserve any relevant information. They need to be instructed on how to proceed going forward The custodians of the data need to acknowledge that they have been notified and understand their obligations Individuals with the data need to be reminded that if they create new data it also needs to be retained Securing all the documents and data can be difficult for several reasons. These range from the simple, such as an employee who doesn’t read the email with the instructions to preserve data, to the complex, such as identifying all the different kinds of documents and where they may be stored. Get it wrong, and things can go south pretty quickly. Listen in to learn more about how to ensure that your document hold doesn’t cause more problems than it solves. Listen now

By Adam Turteltaub You do all that work but how do you know you’re being successful? It’s not like people come running in the door and say, “Hey, guess what bad thing I almost did.” The compliance team at the National Security Agency (NSA) had that same challenge. In this podcast, Natalie Knowles, Director of Compliance, and Zack Conyne, Manager, first provide an overview of the NSA. As they explain it has two primary missions:  cybersecurity and signals intelligence. Every employee there annually takes an oath to defend the Constitution, which is, of course, a great reminder of the organization’s values. The compliance team is there to ensure that NSA activities are consistent with the law, including policies and procedures designed to protect privacy and civil liberties. The team measures the success of the program both using quantitative and qualitative metrics. Along the way they have learned a great deal, including the importance of telling a story, managing the complexity of data, and the importance of looking to trends. Listen in to learn more and to benefit from the insights they have gained in measuring the success of their compliance program. Listen now

By Adam Turteltaub When we last spoke with Tyler Shultz back in 2020, he discussed his experience at Theranos as both an employee and a whistleblower. Four years later, the case is in the rearview mirror, the former CEO is in prison, he founded two startups of his own, and he now speaks to corporations about cultivating courageous work cultures With the benefit of some time and distance, he shares in this podcast his experiences and what he has learned, particularly about corporate culture. The behaviors he saw at Theranos provided for him a lesson in what not to do. There, he felt the dysfunctional culture was created intentionally. Management, he believed, wanted employees to fear them and reinforced that through locked doors, barricades and firing people who disagreed with leadership.  here were even NDAs that restricted the ability of employees to speak with each other. To create a good culture, he argues, companies need to do the opposite of what he saw at Theranos. First, start by defining what the core values of the organization are to give employees a common language with which to discuss potential issues. Next, create a culture that reinforces those values.  That includes: Ensuring that the policies match the values Not having overly restrictive NDAs Preventing the formation of silos Encouraging collaboration Watching out for high levels of turnover Being transparent with regulators and investors Listen in to learn more about how to create the right culture and avoid becoming the next Theranos. Listen now

By Adam Turteltaub Few things hold more promise, or cause more stress for compliance professionals, than AI. What is it?  How does it work? And does anyone know how to keep it from showing so much bias? David Silva, Chief Compliance Officer at Collaborative Imaging, will be addressing the topic of “Healthcare, Artificial Intelligence, and Compliance” at the 2025 HCCA Compliance Institute, which will takes place April 28-May 1 in Las Vegas. To get some of his insights now, we sat down  for this podcast. David explains that part of the challenge is that AI is so fast changing that it’s hard to keep up. We don’t yet know what we don’t know about it. At the same time, though, the technology is showing great promise in healthcare in areas such as coding, simple reports and helping with third-party vetting. Compliance teams have an important role to play in the implementation of AI in healthcare, he explains. Ideally, they should be a part of the AI governance team, working with a broad range of departments and helping to ensure that programs are monitored to avoid issues with privacy or the False Claims Act, for example. So how should compliance professionals become a valued and effective part of AI efforts? He advocates for staying engaged and pushing to be invited to meetings. When there, keep your ear to the ground, learn more about operational workflows, and try to make sure that AI does what it is supposed to do, without crossing legal and regulatory lines. Listen in to learn more, then join us for even more at the 2025 HCCA Compliance Institute. Listen now

By Adam Turteltaub Chart auditing may not be the sexiest part of healthcare compliance, but it plays an important role in discouraging Medicare fraud and catching problems early. Madhavi Perumpalath, Director-Physician Practice Compliance at Northeast Georgia Health System and Alka Kumar, Compliance Director and Privacy Officer at Resolve Pain Solutions, explain that CMS provides good guidance to healthcare providers, such as diagnosis and procedure codes that are appropriate to bill for. Take advantage of it. Embrace proactive auditing, they advise, to help identify issues and ensure the quality of the claim before it goes out the door.  It can also prevent both over and under billing. How frequently should you audit? It depends on several factors, including the size of your organization, regulatory requirements, resources available and the overall risk environment. And, remember, you can’t audit everything. Instead, they recommend developing an annual audit plan focusing on the high-risk areas, but also doing some random samples of other areas as well. This dual approach maximizes efficiency and minimizes overlooked issues. Listen in to learn more about how to conduct the audits and what to look for. Listen now

By Adam Turteltaub With value-based care growing, what role does compliance play?  To find out we spoke with Carolyn Barton, Vice President, West Regional Compliance Officer at Kaiser Permanente. She explains that at Kaiser they define value-based care as a healthcare delivery and financing model that improves health outcome and increases access to affordable care in the community through evidence-based care, a commitment to equity and simplicity and aligned incentives. Doctors and health plans, she reports, work in an integrated system focused on the patient and delivering the right care at the right time and place. To make that work their electronic health record (EHR) system is the foundation not just for collecting patient data but also for sharing protocols for treating patients. By implementing systematic, evidence-based approaches through these protocols, they help mitigate racial and ethnic inequities. The results she shares are impressive. Kaiser patients are 20% less likely to die prematurely from cancer compared with others in their community, and they are 33% less likely to have a premature death from heart disease. The compliance team plays a key role by helping, for example, physicians identify the scope of their practice risk such as ensuring that, as patients are moved to a lower level of care, there is proper staffing in place to treat them. To ensure your compliance team succeeds in the values-based care world, she recommends being agile, supporting the organization’s efforts at risk mitigation, building trust, making yourself accessible when there are questions, and thinking creatively. Listen in to learn more about how your compliance team can thrive in this environment, and also what mistakes to avoid. Listen now

By Adam Turteltaub No one would dispute that stress and compliance go hand in hand, but Scot Eibel (LinkedIn), a former chief compliance officer and currently leading Eibel Coaching and Compliance Consulting, warns that doesn’t mean it has to get out of control. There are steps we can all take to manage our stress levels. One stressor to watch for is over vigilance.  While we all need to be vigilant, assessing risk and watching out for threats, it needs to be tempered. Resist the temptation, he warns, to engage in worst case scenario thinking, which increases stress and makes it difficult to focus on any positives. Catastrophic thinking isn’t healthy for you or for the organization. Another stressor for compliance professionals can be feelings of isolation. In some ways it is inherent to the job, but that doesn’t mean it needs to be absolute. Look to others in the compliance community for connections and build cohesiveness on your compliance team. Stress is much more manageable when you have support. When it comes to those problems that seem too difficult to solve, take a breath, he recommends, and focus on what you can do. Don’t seek perfection but seek progress and remember that excellence doesn’t happen overnight. Finally, don’t be afraid to set limits.  Compliance professionals can be, as he put it, “sacrificial people” who are willing to put others and the organization first. It’s noble, but sometimes you need to to say “no” or “no” and offer some advice. Listen in to learn more about how better to manage your stress. Listen now