Printer Friendly, PDF & Email

Meet R. Brett Short

This interview with R. Brett Short ( was conducted in May by Adam Turteltaub (, Vice President of Strategic Initiatives & International Programs, Society of Corporate Compliance and Ethics & Health Care Compliance Association.

AT: How did you first get into the world of Compliance?

RS: It kinda just happened and followed me my whole career — providence perhaps. One of my first jobs out of college was recreating patient accounts that were erased by someone who deleted them and took some money. Another was a practice where the providers were divorcing, and I was tasked with figuring out who took what and unlocking the security installed by a rogue employee. I had a lot of forensics experience, without asking for it, in my first few years out of college. This became the theme with each job I took, trying to get to the bottom of what really happened by doing investigations. Officially, I got into Compliance like a lot folks did, “volun-told.”

Prior to joining the University of Kentucky (UK), I was a consultant, and we were talking a lot about HIPAA in the early days. When I arrived at UK, I began to ask a lot of questions like, “What are we doing about HIPAA?” and “Who’s on point?” I guess I asked too many questions. I met the group that was addressing it, and they did some phenomenal work prior to my arrival. I became Privacy Officer a few weeks before the effective date. It was like jumping into a race car after the race had started. It was a wild ride.

AT: Privacy was still a relatively new area back in 1998. What was the state of Privacy back then?

RS: I was doing EMR [electronic medical record] implementation back in the early days of that industry, and we were talking a lot about impact to the delivery of care in different settings like the hospital and clinics. When I arrived in academic medicine, we simply couldn’t reconcile the early expectations with current practice. College athletics, student dental clinics are mostly open-operatory model, and they presented some real questions with the initial guidelines. Luckily for many of us, the comment period yielded some good results and workable solutions to patient privacy.