This interview with Debra Muscio (email@example.com) was conducted by Margaret Hambleton (Margaret@hambletoncompliance.com), President of Hambleton Compliance, LLC. Margaret is also Immediate Past President of SCCE & HCCA.
Debra A. Muscio, MBA, CHC, CCE, CFE, CHP, Senior Vice President, Chief Audit, ERM, Privacy, Security, Ethics and Compliance Officer, Community Medical Centers, Clovis, CA
MH: You and I had a chance to talk a bit about your current position while at the 2019 Compliance Institute, and I love your title as Senior Vice President, Chief Audit, ERM, Privacy, Security, Ethics and Compliance Officer. Can you tell our readers about your current position and how all these elements came together?
DM: My current position has five areas—audit, enterprise risk management, privacy, information security, and compliance—which all relate to keeping the pulse on integrity and risk. I began my career in the finance world and quickly learned I needed to know more, so I moved into internal audit. When I started in the healthcare internal audit arena, I knew I found my home. Healthcare has a mission (helping others) and is ever changing (to be better) and I believe in both. My passion for being the best I could be, helping my community and employer be the same, and utilizing my high level of integrity, it was a given that when Compliance came to healthcare, it was meant to be an additional area for my focus.
Back in the 1990s, I went to the chair of the audit and compliance committee and CEO and volunteered to be the compliance officer, noting that I would take on the role and make it successful (and I did just that). I was in my element—training, mentoring, and advocating a change for doing the right thing. I was the lifeguard striving for the just right culture. While leading audit and compliance, I was very close to the CIO [chief information officer], because I had an information systems audit background with additional training from Simi Valley in hacking and cyber security. This knowledge led me to be a member of steering committees for disaster recovery and information security.
I also was very close to the leader of HIM [health information management], due to all the compliance initiatives and external audits. As privacy concerns came to my attention, we started a privacy committee. Then I moved from Connecticut to California, taking the chief audit and compliance officer position. Privacy and security have compliance as the key focus, and the CEO as well as the audit and compliance committee and I felt that under the compliance office, I could build the privacy and security compliance programs. I welcomed the opportunity. My vision was compliance with privacy and security would be the reviewers, the eyes on these operational areas, to ensure compliance and be or support the trainers when changes need to happen. Compliance would work with internal audit when a violation was noted to utilize their skill set to quantify and remediate. What a full circle team to address risks and concerns!