AT: I’ve enjoyed teaching the Healthcare Compliance Essentials Workshop with you and joining you in the networking events that are a part of it. It’s good seeing so many people who are new to compliance. I’m curious, what do you find that new people struggle with the most when entering the profession?
SC: Yes, the Healthcare Compliance Essentials Workshops have been great. I think this course and format have really filled an educational need and seem to be continually well-received by attendees. And I’ve been so impressed with the expertise and humility of the faculty and the way they come alongside attendees.
When entering the compliance profession, an early struggle is truly understanding what compliance is and how it is different from operations. Most of those we are meeting through the Healthcare Compliance Essentials Workshops are coming from other roles in healthcare organizations, primarily operational roles; it can take time to understand the role and purpose of compliance—especially the independence from operations—and that compliance doesn’t “do” or fix operations. It can be quite a shift!
Another challenge is knowing where to start. Attending a Healthcare Compliance Essentials Workshop or a Healthcare Compliance Academy can be like drinking from a firehose: what do you do with the enormous amount of information you heard? Instead of rushing full steam ahead, those who are new to compliance should take time to process what they’ve just learned and make a thoughtful plan for how to best move forward. Getting to know the organization and considering how the compliance program should be implemented to be most effective is a good place to start. This means prioritizing building relationships with leaders and managers to help gain insights and learn how the organization works. Then start building the foundation for the compliance program infrastructure and an understanding of the risk profile.
AT: Looking to your start in the profession after years in nursing, what do you remember of those first few months?
SC: The first thing I remember— a story that my friends from those days don’t let me forget—is the first question I asked as a compliance professional. I was told that I’d be helping with the compliance program’s response to the U.S. Department of Health & Human Services Office of Inspector General (OIG) Work Plan (which at that time came out annually). I asked, “What’s the OIG?”
It’s funny now to think about, but the learning curve moving from clinical to compliance is not insignificant. It’s a whole new world, angle, and vocabulary. As a new compliance professional, and certainly still figuring out what compliance was, as we were just discussing, I found compliance was very natural for my skills and personality. Collaboration with operations’ personnel and strategic problem-solving for the common good (patients, departments, the institution) was a winning combination. I was the first hire in the compliance program at that academic medical center to have a clinical background, which proved to be beneficial from a knowledge and expertise perspective as well as a rapport perspective with clinical departments that may not have been as cooperative with administrative departments in the past. If you have heard my Healthcare Compliance Essentials Workshop session on compliance program governance and administration, you’ve heard me share my perspective and examples of how a compliance program staff with diverse professional experiences, from clinical to legal to auditing to operations, etc., best positions a compliance program for success.
AT: What led you to make the leap?
SC: Honestly, it was not intentional, but from my perspective it was providential. My husband was in a transition phase career-wise, and I needed a temporary work solution. One of the board members from the faith-based, free clinic, where in the past I had been the clinical manager, was a local chief compliance officer (CCO). I needed what I thought was a temporary job, and he was looking for what he thought was a temporary deputy compliance officer. The rest is history. In less than a month, it was clear to him and me that I had found my career. I love this story. It’s also exciting to hear the origin stories of other compliance professionals; many of us fell into compliance accidentally but found our careers!
AT: You have been a consultant for Aegis, then Ankura, since 2015. That’s given you the opportunity to see a lot of different institutions and their challenges. Let’s spend some time on where you have seen struggles, starting with the underlying infrastructure. From your work building infrastructures for new programs and strengthening them in existing ones, what have you found to be the key foundational elements for a program that truly works?
SC: I love that no two compliance programs are ever the same. While we all have the seven elements in common, the way that compliance programs structure the seven elements should be tailored to the size, complexity, culture, and risk profile of the organization. I see so much pragmatic creativity in the compliance programs with which I work. This is really one of my favorite things about compliance—the ability to craft a pragmatic solution designed for effectiveness on a common foundation of the elements. This is the key to developing a program that really works. You can develop a paper program that may technically have the elements documented, and it sits on a shelf in your office in a binder—minimal impact. Or you can develop a dynamic, custom, engaging program oriented around your organization’s risks and in alignment with the fabric and heartbeat of your organization. This is the kind of compliance program that will actually have an impact and be effective.
AT: One aspect of having a program that works is being able to measure its effectiveness. What makes for a reliable effectiveness assessment?
SC: Know that there is no magic checklist out there. Even the OIG–HCCA [Health Care Compliance Association] Measuring Compliance Program Effectiveness: A Resource Guide advises it should not be used as a checklist.[1] Just like the compliance program should be tailored to the specifics of the organization, so should the approach to measuring effectiveness. I recommend that each compliance program develop a flexible, pragmatic custom approach to regularly (and documented at least annually) evaluating its own effectiveness that includes prioritization of an outside assessment every few years to provide an objective perspective on its effectiveness and areas of opportunity. There are multiple tools and resources available to build from, from external resources such as guidance documents and published benchmarks to internal resources such as survey and audit results. May I recommend a Compliance Today April 2022 article I co-authored with Debbie Troklus?[2] The article discusses the why and how of pursuing compliance program effectiveness and provides more context on the customized approach. The biggest issue in pursuing and evaluating your effectiveness is likely not how you do it but that you actually prioritize assessment and then make necessary changes to continue pursuing effectiveness.
AT: Are there things you find compliance teams measuring that really don’t give an accurate sense of effectiveness?
SC: Yes, measuring effort without a sense of risk prioritization. A compliance program can be very busy, but that does not mean it is busy with the most important things. Merely measuring activity without ensuring it’s the right activity is not the best way to evaluate effectiveness. Which leads us to risk assessment!
AT: Exactly. We know risk assessment and prioritization are key to compliance program effectiveness. Where do organizations get it wrong and right when assessing compliance risk?
SC: Just like effectiveness, the biggest issue I see related to risk assessment is not taking the time to prioritize and develop a healthy approach to risk assessment. And just like effectiveness, there is not a one-size-fits-all or checklist approach. The approach to compliance risk assessment should also be tailored and dynamic to ensure the risk assessment stays updated as the organization and regulatory landscape changes. Keys here are ensuring the right inputs—both external and internal—collaborating with operational risk area leaders and managers, and keeping it current. When the risk assessment is not functioning properly, it can quickly lead to compliance programs devoting resources to risks that are unlikely to cause a major impact on the organization while other high-impact or high-likely risks are overlooked. One more article suggestion, if I may: a nice 101 on risk assessment I co-authored with Chris Tonellato (yes, I enjoy writing on these foundational program concepts!). It is in the September 2022 Compliance Today.[3]
AT: Let me shift gears from program structure to risk areas, starting with conflicts of interest (COI). They have become an enormous issue lately, with attention paid to everything from speaker programs to research. What can you share about how to identify and manage conflicts effectively?
SC: I think it’s very possible for a compliance program to develop a great infrastructure to manage COI but forget to engage the stakeholders who are most likely to have the COI. You definitely need a robust organizational approach to COI to ensure timely disclosure, a risk-based review of what is disclosed, and effective ways of managing COI, but your efforts may fall flat or, at minimum, not be as effective if you don’t find the right way to effectively engage your audience. Ensure that you include relevant leaders, managers, and providers when developing the process, as this helps with buy-in and compliance over time. Don’t think that one-time communication and initial education on the process and requirements are sufficient. Establish ongoing communication with stakeholders and let them know your team is an available resource and partner for COI management. Also, ensure that the tools in place, including disclosure forms, policies and procedures, education and training, etc., are easily accessible and easy to use.
AT: Healthcare has been turned upside down during the pandemic. Not all the changes have been bad, though. Telehealth has proven to be a great vehicle for treating patients. What do you see compliance teams needing to focus on to navigate the changing seas?
SC: Yes, totally agree. Those drawn to the compliance profession tend not to be status quo kind of people—we like action and movement and are comfortable with change. Whether in-house or in consulting, we all flexed quickly at the start of the pandemic and pivoted as needed throughout. Risk assessment and prioritization, being intentional to keep current, and staying connected to a knowledgeable and helpful network of peers are keys to navigating the changing seas. You can’t navigate what you don’t know about, and navigating anything is easier when you are not alone.
AT: Speaking of change, you have stepped into many organizations going through a change. You have served as an interim CCO several times. For someone asked to step into such a role, what’s the best way to be effective as soon as possible?
SC: The first focus of an interim should be on the people. Whether or not you are entering a challenging situation, you are at least entering a situation that is in flux, and the people on the compliance team need to feel that they are heard and supported. Focusing on getting to know the compliance team and their strengths and concerns, essentially building rapport, will go far in an interim’s effectiveness. Interims must also have an open mind and open eyes—be a listener and a learner in the new organization. Understanding the people and the needs of the organization will inform the foundation of the interim strategy.
AT: How do you walk the line between needing to lead and recognizing that you don’t want to upset things too much to meet your vision, given that you aren’t going to be there long?
SC: That is a good question! You don’t know how long you will be in the role, yet for the good of the organization and compliance team, you want to make progress, continue forward motion, and not let things stagnate. One of the lines to toe is what is actually reasonable to do while you are there—don’t take on more work than the resources that are available to you (or consider asking for more resources if the work is essential). Continue the work of the program, and make progress and changes if needed, reasonable, and/or if requested by leadership.
AT: Looking to the future, how do you see compliance programs evolving?
SC: Because the regulatory landscape, our culture, our organizations, and healthcare will continue evolving, compliance programs have no choice but to evolve. The recent pandemic is proof of this! The waivers came and went, but many flexibilities proved valuable and effective, so that they will stay around in new permanent forms. And in March, the U.S. Department of Justice released updates to its Evaluation of Corporate Compliance Programs guidance. The updates focus on areas where further development may be needed (like discipline, enforcement, and incentives) and on newer areas (practices and policies around personal devices and messaging and preservation of business communications). The updates, changes, and new areas of focus won’t ever end. The compliance officer’s job is never done, and the risk assessment will keep evolving!
AT: How should compliance professionals start preparing themselves now for that future?
SC: Stay current and stay educated. Do what it takes to stay on the front end of the healthcare regulatory landscape—read the news, get on listservs, attend webinars and conferences, network, and be part of a vibrant professional circle. Don’t get behind. If we, as compliance professionals, stay on the front of the curve, then make sure our risk assessments and, consequently, our compliance programs are aligned with the ever-evolving changes in healthcare compliance, we will stay ready!
AT: I know you are passionate about mentoring. Where does this come from, and what advice would you give regarding career development?
SC: My passion comes from my past. So many amazing people along the way have intentionally or unintentionally poured into me, contributing to my professional growth in ways I didn’t know I needed, yet I could not have done without them. Throughout our lives and careers, we need to be open to both learning from others and also investing in others for their benefit as well as the good of the profession. And honestly, I also learn so much from those coming up after me, not just those who have gone before me.
I do have advice for those wanting to develop in their compliance careers. First, know that you’ll have to operate outside your comfort zone. Early in my consulting career, a mentor told me that if I wanted to grow, I needed to be ready for each next project to stretch me. Second, seek out mentors, and be a mentor. Always be open and seek opportunities to learn from others, and also take time to invest in others. Third, stay informed. The regulatory landscape is everchanging. Be intentional about staying up to date. This provides the edge we need to stay vital. Finally, get out there. Network, write, speak. Get involved in HCCA and be part of things. Compliance is a collaborative profession; we need each other.
AT: You are also a married mother of four children. What does work–life balance look like?
SC: I am learning that balance looks different as we go in each season of life. I likely haven’t always done it “right,” but have tried to have my eyes open and figure out priorities at each time and stage. As the kids go through phases and get older, the balance changes. I try to be flexible about who they are and what they need at the time and balance the excitement and demands of my career with it. Having a supportive partner is also key; my husband and I do life and parenting in a good partnership that flexes and allows for give and take. Balance isn’t easy and isn’t always natural, but it needs to stay a priority. This is something that the mentors I mentioned have influenced as well.
AT: Thank you, Sarah.