GZ: Since you were interviewed for the Health Care Compliance Association (HCCA) member magazine, Compliance Today, in 2016, much has changed. You’ve had compliance roles with healthcare and nonhealthcare organizations in your career, and since 2019 your focus has been on privacy in a healthcare organization. What was it about privacy that you found attractive over taking on another broad compliance role?

WJ: Privacy is evolving at a rapid pace. When I joined Inova Health System (Inova), it was a year after the California Consumer Privacy Act had been signed into law and the General Data Protection Regulation became effective. Since that time, Virginia, Colorado, Connecticut, and Utah have joined California with state privacy laws; additional states have introduced or reintroduced proposed state privacy laws in the past year. Additionally, the data protection authorities in the European Union have imposed fines and penalties to more than 1,300 controllers/processors. Consumers desire more control of their data, while organizations are requesting more data to improve their products or services. As artificial intelligence and the Internet of Things continue to expand, the demand for compliance professionals in this area is only going to increase.

GZ: Going back to the beginning of your career, you’ve been in compliance roles for almost your entire career, yet your undergraduate and graduate school education was in business and international administration. What was it that drew you to compliance so quickly after finishing your education?

WJ: Like many that started in compliance during this era, a compliance career was not on my radar. At an early age, my career aspirations were to work in the automotive industry for an extensive period and, eventually, transition to higher education as a business professor. Many of my graduate courses were in the evenings at Andrews Air Force Base in Maryland. I enjoyed the environment, so I was considering enlisting into the United States Air Force in hopes of joining the Judge Advocate General’s program.

When I started my compliance career, many corporate compliance programs were in their infancy. Some organizations were required to implement a compliance program under a corporate integrity agreement. For the organizations that voluntarily implemented a program, the duties were being defined mostly by the individual appointed to establish the program. At the time, I worked in the Underwriting and Actuarial Services (UAS) Department for Kaiser Foundation Health Plan of the Mid-Atlantic Region. The department’s vice president recognized that the organization was increasing resources in compliance initiatives and decided to create a position specifically for our department. At the time, that was uncommon, but he was commended for having the foresight and acting on it. He announced the creation of the position and described some of the duties in a staff meeting. I knew instantly that I was an ideal candidate because the duties involved many tasks that I naturally enjoy, such as program development and management. I led the UAS compliance program activities for three regions; this included onsite risk assessments and quarterly reporting to senior management for each region.