Senior Vice President and Chief Compliance Officer, Fresenius Medical Care North America, Waltham, Massachusetts
This interview with Lisa A. Estrada (Lisa.Estrada@fmc-na.com) was conducted by Adam Turteltaub, SCCE & HCCA Vice President of Strategic Initiatives & International Programs (firstname.lastname@example.org).
AT: You spent more than 16 years in private practice before going in-house for Fresenius Medical Care, originally as Vice President and Deputy Chief Compliance Officer. How did all that experience help you prepare for the in-house job?
LE: As a health care regulatory and enforcement lawyer, I often found myself sitting across the table from the DOJ or interfacing with the OIG about compliance failures. This helped me to develop both perspective and the judgement necessary to formulate a risk-based approach to compliance—to wade through scores of risks that arise in our businesses every day and focus in on what really matters. In a company that is as large and diversified as Fresenius Medical Care, the task of keeping folks within the guardrails can seem overwhelming, especially when many of our business partners need to drive at high speeds and explore new territory. A deep understanding of compliance risk drivers and an ability to prioritize and manage the key risks are survival skills for a chief compliance officer. Fortunately, my private practice experience armed me with those skills.
AT: When you started, did you find out that there were things about compliance programs that you thought you knew but didn’t?
LE: Absolutely. From the outside, I was very focused on the importance of a strong compliance function and didn’t really understand how the compliance program fits into a company’s broader assurance framework. I have come to really appreciate the importance of the “Three Lines of Defense” model. For our company, much of the heavy lifting around regulatory compliance (i.e., quality systems, reimbursement integrity, licensure and certification) is owned by our businesses with compliance testing and monitoring those systems. We work closely with our financial controls and audit teams to round out the second line of defense. And, of course, as a publicly traded company, our outside auditors provide our third line of defense. The value of this overall risk management framework, as well as the benefits of aligning these separate but sometimes overlapping functions, was something that only came into clear view to me from inside the company.
AT: You’ve had more than three years’ experience in-house at Fresenius Medical Care, and are now the Chief Compliance Officer for Fresenius Medical Care North America. What would you tell your former outside counsel self that would have made you a more valuable resource?
LE: I’d probably give myself a big speech about the importance of finding the right balance between defense and transparency. Lawyers often focus on the value of protecting the company through confidential guidance and privileged investigations. There are certainly circumstances where that approach is the best way to protect the company. However, in many cases, it can also be extremely beneficial to be able to show that the company identifies and addresses compliance failures in the normal course of business. An effective compliance program is not one that prevents all compliance failures. It’s one that identifies failures, investigates them fully, and corrects them going forward. In many cases, undertaking these steps in a transparent fashion can turn out to be the best way to protect the company.