Compliance Perspectives

By Adam Turteltaub The words “works council” inspires fear and dread in the hearts and minds of many who have never worked with them. They need not, says Lisanne Winde, attorney at law at Wybenga advocaten and Alain Lambert, regional ethics and compliance officer for Central Europe at WSP. In this podcast, they share how the works council can actually help compliance teams. These entities are not unions but are specific to the company. They can be helpful for facilitating communication with employees and giving greater legitimacy to company policies. In practice they collaborate with management and can be more helpful than those unfamiliar with them may think. However, there are times when working with the works council is not just a nice to have but a requirement. Issues relating to whistleblowing and disciplinary policies are two examples. And there may be others, as well.  The laws vary by country. To make the most out of the relationship they recommend taking time to listen to what the works council

By Adam Turteltaub An audit by a Unified Program Integrity Contractor auditor, better known as a UPIC audit, can be a very scary thing. Providers are often shocked and even indignant to receive a letter notifying them of the audit and alleging fraud. Jon Rawlson (LinkedIn), President & Founder of Armory Hill Advocates, reminds us that the audit was likely not triggered by an allegation but by an algorithm catching outlier events such as a provider processing claims outside of their normal daily work, utilizing a DME, a skin substitute or some other expensive item that is outside the norm. Once you have calmed down after reviewing the letter, he advises acting immediately but calmly. Begin reviewing the documents you have been providing the Medicare program and bring in whatever help you need. And, don’t forget you have a five step appeal process that enables you to prove  your innocence. But, be mindful of the timeline the government gives. The consequences can be grave if you miss a deadline. Listen in

By Adam Turteltaub As the sun set, the chief compliance officer stared out the window, wondering how she would communicate with her workforce in a way that they would understand. As much as she looked, the answer wasn’t outside in the skies turning from blue to black. She wasn’t finding it under the white LEDs in the ceiling above her desk, either. Feeling a bit desperate, and a little bit bored, she decided to walk the halls to see if perhaps the answers were there. She got all of ten feet before a colleague stopped her,  eyes open wide and voice a little breathless, to tell her about an incident discovered and resolved. As she listened to him speak, she realized the answer was right there in front of her in the power of storytelling. Janine Fadul, Compliance and Privacy officer at GW Medicine, learned long ago to focus on the story she was trying to tell people, not just the facts. By following the elements of storytelling, she explains, you can grab people’s interest, keep it, and help them understand w

By Adam Turteltaub In addition to releasing its General Compliance Program Guidance, the OIG at HHS announced plans to publish a series of Industry Segment-Specific Compliance Program Guidances (ICPG). The first of these, addressing nursing facilities, was released in November 2024. As CJ Wolf, Professor in healthcare Administration at BYU Idaho explains in this podcast, the first ICPG is instructive both for skilled nursing facilities (SNFs) and those looking to anticipate what will be coming in future ICPGs. Currently, three more are expected to be published in 2025: Medicare Advantage, hospital and clinical laboratories. Two additional ICPGs – pharmaceutical manufacturers and hospice – are also planned, but with a publication date as yet to be determined. There are several notable elements to the SNF ICPG. First, it interlinks compliance, quality of care and quality of life for patients. Second, there is an entire supplement focused on reimbursement, raising the scrutiny level of billing compliance. It

By Adam Turteltaub Sevda Huseynova is the Ethics and Compliance Officer for SOCAR Midstream, a state-owned enterprise (SOE) in Azerbaijan. The company manages the oil and gas export pipelines of the country. If you think working for an SOE means you don’t have to worry about compliance, she warns you to think again. SOEs still faces risk in a wide range of areas including anticorruption, sanctions, third parties and more. Investors want to ensure that the company operates up to global standards, which isn’t always easy since compliance is relatively new in Azerbaijan. SOCAR midstream is up to the task, though, she reports. The company seeks to comply with local laws as well as international standards such as those of the OECD and the UN Convention on Corruption. To meet its goals, the compliance program is based on the seven elements approach found in most compliance programs and has three tiers addressing prevention, detection and corrective actions. She advises others working in SOEs to embrace five k

By Adam Turteltaub KISS takes on a new meaning in this podcast: Keep it Streamlined & Strategic. Keeping it streamlined and strategic is also the topic of a session at the 2025 HCCA Compliance Institute that will be led by Krista Muszak, Senior Manager, Process Optimization at Pfizer and Angela Smart, Senior Compliance and Ethics Partner, Intermountain Healthcare. Specifically. they’ll be applying this new take on KISS to the topic of program effectiveness. So how does it work? How do we keep our programs streamlined and strategic?  First, we avoid scope creep and remain focused. That, they explain, begins with having and continuously referring back to a program charter that keeps you and everyone else involved from pursuing all the tangential issues that could derail your efforts. Second, they advise following the PDCA formula: Plan, Do, Check and Act. Third is conducting a root cause analysis that helps you understand not what happened but why. It will keep  you thinking strategically and not just abou

By Adam Turteltaub Business people are given all kinds of goals for revenues, profitability, efficiency and more. For compliance, though, not so often. Many organizations struggle with how to set compliance goals, or even if they should set them. Madrid-based, Juan Ignacio Paillás, Head of Global Compliance Business Sectors for Merck KGaA, Darmstadt, Germany, explains how it should be done. First, he advises, understand the context in which you are working, particularly about how your organizations manages objectives. For example, some organizations embrace very rigid goals, while others take a more flexible approach. When approaching management and the business unit about setting objectives, he cautions that you should expect pushback. To counter it, remind them this is about taking the company’s values and turning them into concrete, measurable behaviors. It is also an exercise in setting priorities within compliance efforts to have the greatest impact on the organization and its performance. As you go

By Adam Turteltaub Healthcare is often rife with fraud, and organizations struggle to prevent it. To gain a different perspective on how to prevent wrongdoing, we spoke with Alec Burlakoff, a convicted fraudster from Insys Pharmaceuticals who now leads Limitless! Consulting. To prevent fraud, he recommends seriously looking at the incentives program in your organization, especially if there are individuals whose commissions may make up  more than half of their compensation. Such high rates of reward, he warns, provide serious temptation to skirt, or outright disregard, the rules. Look also at the messages that lucrative incentive programs send to others in the organization. Individuals who are inclined to do the right thing may find themselves envying those they see breaking the rules and getting rewarded. It can cause them to emulate the bad behavior that they see. Better, he advises, is to seek ways to reward people who do things the right way and build sales for the long term. When it comes to discipl

By Adam Turteltaub Are your helpline calls being responded to properly? Are the investigations proceeding expeditiously and properly? To find out, it’s good to do an audit periodically. Before you can begin, though, you need to determine if there is enough available data for an audit, cautions Juliette Gust, President of Ethics Suite, and author of the chapter “Auditing the Confidential Reporting Hotline and Case Management Program Effectives” in the new edition of The Complete Compliance and Ethics Manual. Many compliance programs still do not have formal processes in place, and for them, it’s best to start with a gap analysis. If you do have data, look at how you are tracking both the allegations and the work being doing as a result. How quickly are allegations being reviewed? Is someone letting the reporter know that their allegation has been received and is being acted on? How are you safeguarding the data, including being sensitive to the potential need for attorney-client privilege? Spend time, too,

By Adam Turteltaub Think you don’t have to worry about the SEC because you’re at a private company or a non-profit? Think again says, Kevin Muhlendorf, attorney at Wiley Rein. You may still end up in the Commission’s crosshairs. He warns that the SEC’s power of investigations expands far and wide, and just being a supplier to a publicly-traded company may lead them to focus on your business. If a private company is acquired by a public one or makes even a non-public offering, there is risk of fraud and SEC action. Lie to an accounting firm and the SEC may become involved. And don’t forget about the risk of parallel investigations involving multiple enforcement authorities. Another risk area is shadow trading. Let’s say your hospital is a part of a clinical trial, and an employee sees it is going well. If that employee decides to short the stock of the drug’s competitor, that could be an issue that falls under the SEC. So what should you do? Keep an eye out for these risks and pay attention to recent enf

By Adam Turteltaub Business transformations can be times both of risk and opportunity for compliance programs. Employees, struggling to understand the changes around them and feeling stressed, may opt to do the wrong or at least ill-advised things. By the same token, transformations provide an opportunity for compliance teams to change their roles within the organization and redefine the value that they bring. Jill Swain, Global Ethics Manager and Dawn Wood, Engagement, Training and Programme Manager at Rolls-Royce went through a major business transformation and will be sharing their insights from that experience in a session at the 2025 SCCE European Compliance & Ethics Institute. In this podcast they share an abbreviated version of the journey and lessons taken from it. Rolls-Royce, as it transformed itself, wanted employees to understand that ethics and compliance are a part of “winning right” and helping the companies achieve its goals. The compliance teams met the challenge by embarking on several i

By Adam Turteltaub Oh, Artificial Intelligence. So much promise, and so much risk. What’s a compliance and ethics professional to do? Start by listening to this podcast about the chapter “Managing the Ethics and Compliance Risks of Artificial Intelligence” in the 2025 edition of The Complete Compliance & Ethics Manual. We spoke with the article’s co-authors, Gwen Hassan (chief compliance officer at Unisys), Dr. Anthony J. Rhem (CEO and principal consultant at A.J. Rhem & Associates), and Patrick Henz (special advisor for compliance, Latin America, for Mitsubishi Heavy Industries Americas). They explain that when we speak of AI we aren’t talking about one technology but a wide range of them. Generative Ai may be getting the most attention but there is also natural language processing, neural networks, expert systems, machine learning and many more. As a result, compliance teams need to understand what form of AI is being used at their organization. When it comes to legal and regulatory frameworks to serve

By Adam Turteltaub Sometimes you make a few technical changes to a compliance program  because a law or regulation has changed. Autoliv didn’t want to do that and just meet technical requirement of the EU Whistleblower Directive. They wanted to use it as an opportunity to assess what they were doing to encourage employee reporting, whether it was working, and to improve support for people speaking up. Erica Wikman, Vice President, Corporate Compliance, Autoliv and David Barr (LinkedIn), co-founder of Campbell Barr, tells us in this podcast that they shared a vision of moving away from just whistleblowing. Research showed it can have negative connotations.  In addition, whistleblowing tended to be interpreted narrowly, with tremendous variations by region. They also found a fear of either retaliation or that nothing would be done. So, the Autoliv compliance team began to think more broadly and encourage people not just to speak up when they saw a potential compliance issue but also when they saw something p

By Adam Turteltaub So the IT folk can’t wait for your business people to delete those old documents, meantime, the business people want to hold onto them because they never know when they might need that info again. Then, all of a sudden there’s a legal issue and a hold is in place. Instantly the game changes. Chris Kruse, Executive Vice President & Advisor at CasePoint explains that when a legal hold is placed several things need to happen: Employees with relevant need to be identified They need to be placed on notice of the obligation to preserve any relevant information. They need to be instructed on how to proceed going forward The custodians of the data need to acknowledge that they have been notified and understand their obligations Individuals with the data need to be reminded that if they create new data it also needs to be retained Securing all the documents and data can be difficult for several reasons. These range from the simple, such as an employee who doesn’t read the email with th

By Adam Turteltaub You do all that work but how do you know you’re being successful? It’s not like people come running in the door and say, “Hey, guess what bad thing I almost did.” The compliance team at the National Security Agency (NSA) had that same challenge. In this podcast, Natalie Knowles, Director of Compliance, and Zack Conyne, Manager, first provide an overview of the NSA. As they explain it has two primary missions:  cybersecurity and signals intelligence. Every employee there annually takes an oath to defend the Constitution, which is, of course, a great reminder of the organization’s values. The compliance team is there to ensure that NSA activities are consistent with the law, including policies and procedures designed to protect privacy and civil liberties. The team measures the success of the program both using quantitative and qualitative metrics. Along the way they have learned a great deal, including the importance of telling a story, managing the complexity of data, and the importance

By Adam Turteltaub When we last spoke with Tyler Shultz back in 2020, he discussed his experience at Theranos as both an employee and a whistleblower. Four years later, the case is in the rearview mirror, the former CEO is in prison, he founded two startups of his own, and he now speaks to corporations about cultivating courageous work cultures With the benefit of some time and distance, he shares in this podcast his experiences and what he has learned, particularly about corporate culture. The behaviors he saw at Theranos provided for him a lesson in what not to do. There, he felt the dysfunctional culture was created intentionally. Management, he believed, wanted employees to fear them and reinforced that through locked doors, barricades and firing people who disagreed with leadership.  here were even NDAs that restricted the ability of employees to speak with each other. To create a good culture, he argues, companies need to do the opposite of what he saw at Theranos. First, start by defining what the

By Adam Turteltaub Few things hold more promise, or cause more stress for compliance professionals, than AI. What is it?  How does it work? And does anyone know how to keep it from showing so much bias? David Silva, Chief Compliance Officer at Collaborative Imaging, will be addressing the topic of “Healthcare, Artificial Intelligence, and Compliance” at the 2025 HCCA Compliance Institute, which will takes place April 28-May 1 in Las Vegas. To get some of his insights now, we sat down  for this podcast. David explains that part of the challenge is that AI is so fast changing that it’s hard to keep up. We don’t yet know what we don’t know about it. At the same time, though, the technology is showing great promise in healthcare in areas such as coding, simple reports and helping with third-party vetting. Compliance teams have an important role to play in the implementation of AI in healthcare, he explains. Ideally, they should be a part of the AI governance team, working with a broad range of departments an

By Adam Turteltaub Chart auditing may not be the sexiest part of healthcare compliance, but it plays an important role in discouraging Medicare fraud and catching problems early. Madhavi Perumpalath, Director-Physician Practice Compliance at Northeast Georgia Health System and Alka Kumar, Compliance Director and Privacy Officer at Resolve Pain Solutions, explain that CMS provides good guidance to healthcare providers, such as diagnosis and procedure codes that are appropriate to bill for. Take advantage of it. Embrace proactive auditing, they advise, to help identify issues and ensure the quality of the claim before it goes out the door.  It can also prevent both over and under billing. How frequently should you audit? It depends on several factors, including the size of your organization, regulatory requirements, resources available and the overall risk environment. And, remember, you can’t audit everything. Instead, they recommend developing an annual audit plan focusing on the high-risk areas, but also

By Adam Turteltaub With value-based care growing, what role does compliance play?  To find out we spoke with Carolyn Barton, Vice President, West Regional Compliance Officer at Kaiser Permanente. She explains that at Kaiser they define value-based care as a healthcare delivery and financing model that improves health outcome and increases access to affordable care in the community through evidence-based care, a commitment to equity and simplicity and aligned incentives. Doctors and health plans, she reports, work in an integrated system focused on the patient and delivering the right care at the right time and place. To make that work their electronic health record (EHR) system is the foundation not just for collecting patient data but also for sharing protocols for treating patients. By implementing systematic, evidence-based approaches through these protocols, they help mitigate racial and ethnic inequities. The results she shares are impressive. Kaiser patients are 20% less likely to die prematurely fr

By Adam Turteltaub No one would dispute that stress and compliance go hand in hand, but Scot Eibel (LinkedIn), a former chief compliance officer and currently leading Eibel Coaching and Compliance Consulting, warns that doesn’t mean it has to get out of control. There are steps we can all take to manage our stress levels. One stressor to watch for is over vigilance.  While we all need to be vigilant, assessing risk and watching out for threats, it needs to be tempered. Resist the temptation, he warns, to engage in worst case scenario thinking, which increases stress and makes it difficult to focus on any positives. Catastrophic thinking isn’t healthy for you or for the organization. Another stressor for compliance professionals can be feelings of isolation. In some ways it is inherent to the job, but that doesn’t mean it needs to be absolute. Look to others in the compliance community for connections and build cohesiveness on your compliance team. Stress is much more manageable when you have support. Whe