Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
headphones
Compliance Perspectives

Compliance Perspectives

SCCE

An SCCE Podcast
Share icon

All episodes

Best episodes

Top 10 Compliance Perspectives Episodes

Goodpods has curated a list of the 10 best Compliance Perspectives episodes, ranked by the number of listens and likes each episode have garnered from our listeners. If you are listening to Compliance Perspectives for the first time, there's no better place to start than with one of these standout episodes. If you are a fan of the show, vote for your favorite Compliance Perspectives episode by adding your comments to the episode page.

Post By: Adam Turteltaub False Claims Act cases often begin with a whistleblower, and worse, one who had reported the issue to management and nothing was done about it, at least not that the whistleblower knew. David Schumacher (LinkedIn), a partner at the law firm Hooper, Lundy & Bookman and author of the Chapter “Government Investigations” in the new HCCA book False Claims in Healthcare is not surprised. As he explains in this podcast, compliance teams are often completely overwhelmed, making it difficult to determine what call is routine and what possibly raises a real and substantial issue. Another complicating factor: many calls get triaged and sent to teams outside of compliance. These teams may not follow up adequately, or at all. To reduce these risks he recommends remembering that whistleblowers very much want to be heard. As a result, it’s important to respond, document responses to them and ensure that the issues that they raised are followed up on. Once the investigation begins it’s important, he points out, that compliance stay deeply involved, even if legal is running point. The compliance team can assist the investigation, likely has a strong grip on the facts and will play a driving role in any subsequent remedial actions. Once the government gets involved it’s important to realize the potential for disruption, and even paralysis, within then organization. As a result, an aura of calm needs to be projected. Also essential: gathering the documentation and data to demonstrate to the government the effectiveness of the compliance program. That includes information such as the size of the compliance program, its scope of responsibilities, how many audits have been completed, what is on the workplan for next year, how many complaints have been fielded in the last several months (or years), and the number of educational events conducts, just to name a few. And don’t wait to pull these documents together only once an investigation starts. Documenting as you go is much more advisable. Listen in to learn more about how to manage False Claims Act investigations, including what the current focus of the government is.
bookmark
plus icon
share episode
Post By: Adam Turteltaub On Tuesday, April 20th at the 2021 Compliance Institute the HCCA will be offering the session  Work Smarter Not Harder:  Effective Annual Work & Audit Plan Development Strategies.  Joining us for this podcast are two of the speakers from that session: Kristin L. Meador (LinkedIn), Director Compliance Audit & Operations Organization Integrity & Compliance, and Brenda Manning (LinkedIn), Privacy Director and Privacy Officer, both at the Carilion Clinic. When designing a workplan, they recommend taking a fluid approach that recognizes that risks change and plans must as well.  Start by gathering information from internal and external sources, look at what’s on the radar of CMS and OCR and where your organization is having a pattern of incidents.  Internal Audit can be a particularly valuable ally, especially if they have surveyed leadership and have identified the risks on management’s mind. In planning, one thing to avoid is setting goals too high and putting too much on the team’s plate.  It’s important to ensure that there are sufficient manhours available when things come up, as they inevitably do.  Also, leave time for new and emerging risks.  We have all seen how those can and have arisen over the last year. The key, they have found, is to have a SMART plan:  Specific Measurable Achievable, Relevant and Time-based. When it comes to auditing, they remind us that you can’t audit everything.  Instead, turn to the risk assessment and focus on the key areas.  Also be prepared to adjust your thinking.  Some areas may prove to have less risk than initially anticipated, others to have more. When it’s time to remediate, they make an interesting suggestion on training:  Instead of testing right away, give time for the education to sink it, and then audit once again. Listen in to learn more, and then plan on attending their session at the 2021 Compliance Institute.
bookmark
plus icon
share episode
Compliance Perspectives - Seth Whitelaw on the History of Compliance [Podcast]
play

04/15/21 • 11 min

Post By: Adam Turteltaub As we move ever forward in compliance, sometimes it’s good to stop, look back, and understand the history of compliance programs. Seth Whitelaw, President and CEO of Whitelaw Compliance Group knows the roots of compliance programs well.  He covers them in this podcast an in the chapter “Healthcare Compliance Programs: From Murky Beginnings to Established Expectation” in the new HCCA Complete Healthcare Compliance Manual. In our conversation, we start at the beginning for compliance with the birth of the Defense Industry Initiative (DII), which was formed in the wake of the procurement scandals of the 1980s. Today’s commonplace tools such as codes of conducts and helplines can all trace their lineage back to the DII. Compliance has evolved considerably over the years, and yet resistance remains. As Seth points out some resist because compliance is perceived as being too expensive to do well.  Others resist because they think they are compliant and ethical. Anyone in the profession knows that even the best companies still face challenges sooner or later. So, too, does the government. Through the years the government has helped make that point and strengthened the case for investing in compliance. The Sentencing Guidelines laid out an outline for compliance that does not have to be expensive to be effective. The Office of Inspector General at Health and Human Services has fleshed out the Guidelines for healthcare compliance programs, giving much needed direction for this industry. The evaluation criteria from the US Department of Justice has pushed compliance teams to ask fundamental questions of compliance programs and to see if they truly work. Looking to the future, provocatively Seth sees two potential trends. First is the shift of compliance to a more independent function, potentially one that is outside of the company. The second will be increased used of data, combined with Artificial Intelligence, to automate many of the manual compliance tasks. Listen in to learn more about where compliance was, where it is now, and where it may be going.  And be sure to check out the new Complete Healthcare Compliance Manual.
bookmark
plus icon
share episode
Post By: Adam Turteltaub On July 1, 2021 the US National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), FBI, and UK National Cyber Security Centre (NCSC) released an advisory reporting on “malicious cyber activities by Russian military intelligence against U.S. and global organizations…” The advisory shared that “brute force” is being used to “penetrate government and private sector victim networks.” To understand what this means for organizations and what they should do we talked with Mark Lanterman (LinkedIn), Chief Technology Officer at ComputerForensic Services. He explains in this podcast that it’s not just the brute force attacks that should cause concerns. It is these efforts combined with the use of “known vulnerabilities” to access data undetected. What should organizations do to protect themselves? He advises following the recommendations in the advisory. For one adopt multi-factor authentication along with time out and lockout features. Other steps to take include network segmentation and closely monitoring access controls. He also suggests that organizations review existing protocols to ensure that they are actually being followed. Just because a policy is documented, he warns, doesn’t mean it is being applied. If your organization is using a cloud provider, he recommends take the time to revisit its value as a tool, what protections are in place, what data is stored and where it is stored. Ask your cloud provider about the infrastructure it uses, how it is protected, and what are the backup and protection policies. Trusting any third party with your data, including a cloud provider, is not something that should be done lightly. Inside your organization, he argues for rethinking the approach to data security, changing it from something you train on once a year to an entire culture. There can’t be a set it and forget it mentality. A much more dynamic approach is required. Listen in to learn more about how you can better protect your organization against brute force and more subtle attacks.
bookmark
plus icon
share episode
Compliance Perspectives - Bridget Group on Legacy Data [Podcast]
play

07/20/21 • 11 min

Post By: Adam Turteltaub Legacy data is any data that your organization has lying around in obsolete formats that isn’t accessed regularly but is, instead, held for regulatory purposes. While that may sound innocuous enough, it can be an enormous problem for healthcare providers, says Bridget Group (LinkedIn), Corporate Counsel of Harmony Healthcare IT. Typically the data is held in systems which are long out of date and lack the security features that are prudent for the current environment. The hardware is equally problematic, tending to be unstable with long downtimes and high maintenance costs. That can make it hard to meet the requirements of HIPAA and the 21st Century Cures Act. So what should healthcare providers do to manage this challenge? First, she recommends setting up a registry of all the systems across the enterprise to get a handle on what data is available and where it is. The IT department and health information management team can both be helpful. Take the time to understand the retention requirements for the data under both Federal and State laws, the latter of which can be the more restrictive. Then, if you don’t have one already, set up a data governance board, with the charge to identify health information captured across the organization, understand the purpose of the data, who can access it and how long it must be kept for. The board can and should create policies for retention, destruction and access. Be sure also to train the workforce so it understands its obligations. Finally, she advises moving data into an archiving solution, the cloud or a data warehouse and off of those legacy systems. Listen in to learn more about how to keep legacy data from damaging your organization’s legacy.
bookmark
plus icon
share episode
Compliance Perspectives - Brooke Nelson on Reporting and Investigations [Podcast]
play

07/08/21 • 12 min

Post By: Adam Turteltaub Brooke Nelson (LinkedIn), Executive Director, Worldwide Compliance and Business Ethics at Amgen had a unique and broad perspective on managing compliance during the pandemic. In this podcast she shares what she has seen, including a drop in incidents in many areas.  Part of that, she believes, is likely due to the fact that people were disconnected.  With sales reps less able to make calls on medical practices there were less interactions and less opportunities for things to go awry. When it comes to investigations the adjustment to the pandemic has gone better than might be expected.  As she notes, global organizations have always had to rely on some remote methods in the past when conducting investigations since you didn’t necessarily have compliance staff in every location.  During this era, though effective investigation practices in distant locations have likely grown more effective. However, there remains a strong case for conducting at least some aspects of the investigation in person.  An in-person meeting can give a clearer read of the individual.  In addition, the presence of an investigation team may lead other individuals on site to share information that they might not have.  An investigations team physically present also offers another benefit:  it demonstrates the company takes investigations seriously. With the US and other regions hopefully soon reopening, she does warn that compliance teams should be prepared, if they aren’t already, for change.  It is time, for example, to reiterate the need for the workforce to reach out and report their concerns through the helpline and other channels. Compliance should also look out across the organization to better understand what is happening on a country-by-country basis, both for the business units and for the compliance team, itself.  There are likely significant disparities and a need to adjust efforts and expectations accordingly. And, of course, the way we all work has changed, perhaps permanently. Listen in to learn more about our recent past and what to consider moving forward.
bookmark
plus icon
share episode
Compliance Perspectives - Jim Passey on Making it to the Top [Podcast]
play

06/29/21 • 11 min

Post By: Adam Turteltaub Jim Passey, Vice President, Chief Audit & Compliance Officer at Honor Health sat down with us to record three podcasts focused on compliance career development: Setting Career Goals Moving Your Career Forward Making it to the Top It isn’t enough just to set your eyes on the goal of chief compliance officer. Nor is it probably advisable to walk into the CEO’s office and make your pitch should the job become open. In this podcast Jim Passey, who has been a Chief Compliance Officer for six years and at two organizations, share his advice for crossing the threshold from staff to leadership. He advises that you start the process long before the job opens up. Be visible and make yourself known in meetings and on key projects as an active participant, not just another body in the room. Let people see you as an agent for positive change and a key voice at the table. That will both help your career, and help others take the compliance program more seriously. Let your supervisor know you are eager to advance. Couch it in terms such as “I want to take on more responsibility” or “I’m eager to add value.” An emotionally intelligent manager shouldn’t take that as a threat, but instead take it as an opportunity to help you grow. Plus, if you don’t make your intentions clear, you may be passed up for someone else who has. When the top job does open up, it’s important to remember that the CEO, board, or whoever else is doing the actual hiring probably has never worked in compliance and lacks a full understanding of the job. You will need to bridge that knowledge gap. You will also need to remember that, at the top level, technical skills, such as expertise in specialized areas of law, are likely to be less important than personality characteristics and fit. Leadership wants someone who is going to be able to partner with them. It’s also important to remember that the interview is a two-way street. Be prepared to ask questions that will you determine if the job (especially at an unfamiliar company) is right for you. Consider questions in your head such as: Does this conform to my perception of an environment I want to work with? What kind of support will I get? Are the leaders a strong, compliant type of a group, or are they just trying to fill the role? Listen in to learn more about how you can improve your chances of making it to the top of the compliance profession.
bookmark
plus icon
share episode
Compliance Perspectives - Cheryl Curbeam on Creating a Compliance App [Podcast]
play

05/27/21 • 11 min

Post By: Adam Turteltaub Cheryl Curbeam (LinkedIn), Vice President, Chief Risk and Compliance Officer at Corteva Agriscience has had a very interesting and unusual path to the compliance professional. She studied and began her career in mechanical engineering before moving into operations leadership. It turned out to be a great background for compliance, teaching her how to think about what is and isn’t in scope and how to solve tough problems. From there she went into sales, spending about 80% of her time on the road. It gave her great insight into the mind of salespeople, including the fact that their focus is on customers. Corporate work, including compliance training, is squeezed in when they can find time. As a result, sales teams want compliance to deliver clear and easy-to-find guidance. That experience helped her when she went to develop an app to support the compliance program for this new company, which was created in June 2019 after Dow and DuPont merged and spun Corteva off. Despite the long compliance history of both of the original organizations, the new enterprise needed to create a compliance program of its own. It launched, not too long before the pandemic and all the changes that came with it, including having even more of its workforce operating remotely. As she explains in this podcast and will also address at the SCCE Technology and Compliance Conference on June 24th, the company needed to train employees remotely and enable them to report concerns. An app turned out to be an ideal tool. The mobile solution housed training, the code of conduct and other assets such as quick learning topics.  It also provided a vehicle for accessing the helpline. What’s her advice to others considering developing an app? First, find a vendor that can support all phases of app development. Second, be sure to have a strong project manager internally to deal with the complexity inside your company. Third, know what content you need to deliver. Fourth, gain the support of your IT department. And finally, have a strong communications plan to ensure that the workforce understands the value the app provides. Listen in to learn more and be sure to join us June 24th for the SCCE Technology and Compliance Conference.
bookmark
plus icon
share episode
Post By: Adam Turteltaub When a data breach occurs, one step is often overlooked in the rush to remediate:  preserving as much of the data logs and backups as possible  That’s a mistake, say Debra Geroux, Shareholder at Butzel Long and Scott Wrobel, Co-Owner, N1 Discovery, because that data illuminates what happened, how it happened, and what data was taken. In this podcast they also advise hiring cyber counsel immediately to obtain guidance through the legal and regulatory issues.  They may also be able to help you conduct the subsequent investigation under privilege.  Counsel can also help identify outside resources, deal with law enforcement, and help healthcare organizations determine if the breach is a reportable one. In addition to outside counsel, Geroux and Wrobel argue strongly for leveraging the organization’s communication team.  Managing messaging is critical.  The communication targets—victims, employees, the board, public, media -- have to be identified and given the information they need.  But, be judicious.  Limit your communications to essential information to reduce the opportunity to spin the story. Most importantly, they advise, make the effort to understand what the root cause of the incident was.  Often, that’s not as evident as it may seem.  Sometimes the first suspected point of breach is not the actual one. To reduce the risk of future incidents, they recommend adopting two-factor authentication.  Workforce training is also essential since so often employee errors (and vulnerability to sophisticated phishing efforts) are a factor. Hiring a third-party security company to conduct an internal and external vulnerability assessment can also be helpful.  It should identify every device and piece of software on or connected to your network, their vulnerabilities and how to remediate them. That assessment should also address any cloud-based solutions your organization is using.  While, generally speaking. those solutions are secure, if your organization leaves the default settings in place, it could leave you exposed to bad actors. Listen in to learn more about how to protect your organization, including the need to take a second look at your cyber insurance policy.
bookmark
plus icon
share episode
Compliance Perspectives - Matt Kelly on the Top Compliance Stories from 2023 [Podcast]
play

01/16/24 • 17 min

By Adam Turteltaub Matt Kelly (LinkedIn), Editor and CEO at Radical Compliance is a close watcher of all things compliance, and in this podcast he shares his take on both the top stories of 2023 and what he sees in the cards for 2024. FCPA On the Foreign Corrupt Practices Act front, he noted a change in enforcement. While the volume of resolutions declined on the DOJ side, the SEC has remained very active. Perhaps most notably, the Albermarle case had an interesting twist. The way the company did business was changed dramatically as a part of the settlement, he reports, with a restructuring of its overseas sales and the end of the use of third parties. He speculates this may be the start of a new trend in which monetary penalties are accompanied by required changes to the way companies do business. Also of note in FCPA was the announcement by Lisa Monaco at the SCCE Compliance & Ethics Institute of a leniency policy in mergers and acquisitions. Because of the relatively short timeline for finding and disclosing problems, there is a strong incentive for organizations to involve the compliance team early and deeply in these transactions. SEC Cybersecurity Rules The July SEC rules on disclosures of cyber incidents require firms to disclose an incident within four days. Companies will need to describe the nature, timing and material consequences. That will increase the importance of thorough and prompt cyber materiality assessments, as well as both quantitative and qualitative impacts. Greenhouse Gas Disclosures The SEC’s proposed rule on greenhouse gas disclosures is now the longest and most commented rule in history. It also has not been finalized while, in the meantime, both California and Europe have passed their own laws. The rule is likely to be very complex and impose a significant burden on companies. Healthcare The biggest news he saw in 2023 was the new General Compliance Program Guidance issued by the Office of Inspector General at HHS. The document makes it clear that it expects a fully independent compliance program. As the document states: The compliance officer should: report either to the CEO with direct and independent access to the board or to the board directly; have sufficient stature within the entity to interact as an equal of other senior leaders of the entity; demonstrate unimpeachable integrity, good judgment, assertiveness, an approachable demeanor, and the ability to elicit the respect and trust of entity employees; and have sufficient funding, resources, and staff to operate a compliance program capable of identifying, preventing, mitigating, and remediating the entity’s compliance risks. The Future Looking to the future he asks if others will be as supportive as the OIG at HHS. He also points to other things to watch such as the Foreign Extortion Prevention Act, the PCAOB’s extremely controversial NOCLAR proposal and SEC v. Govil, which could eliminate disgorgement in many cases. Listen in to learn more about what has and may happen in the world of compliance.
bookmark
plus icon
share episode

Show more best episodes

Toggle view more icon

FAQ

How many episodes does Compliance Perspectives have?

Compliance Perspectives currently has 500 episodes available.

What topics does Compliance Perspectives cover?

The podcast is about Non-Profit, Podcasts, Education and Business.

What is the most popular episode on Compliance Perspectives?

The episode title 'Ellen Hunt and Walter Johnson on the Professional Skill Track at the 2020 Compliance & Ethics Institute [Podcast]' is the most popular.

What is the average episode length on Compliance Perspectives?

The average episode length on Compliance Perspectives is 13 minutes.

How often are episodes of Compliance Perspectives released?

Episodes of Compliance Perspectives are typically released every 4 days, 17 hours.

When was the first episode of Compliance Perspectives?

The first episode of Compliance Perspectives was released on Aug 6, 2019.

Show more FAQ

Toggle view more icon

Comments