youcompli.com Open in urlscan Pro
2606:4700:20::ac43:4586  Public Scan

Form analysis
2 forms found in the DOM

GET https://youcompli.com/

<form class="raven-search-form raven-search-form-classic" method="get" action="https://youcompli.com/" role="search" data-hs-cf-bound="true">
  <div class="raven-search-form-container">
    <div class="raven-search-form-inner">
      <input class="raven-search-form-input" type="search" name="s" placeholder="Search">
      <button class="raven-search-form-button fas fa-search"></button>
    </div>
  </div>
</form>

GET https://youcompli.com/

<form class="raven-search-form raven-search-form-classic" method="get" action="https://youcompli.com/" role="search" data-hs-cf-bound="true">
  <div class="raven-search-form-container">
    <div class="raven-search-form-inner">
      <input class="raven-search-form-input" type="search" name="s" placeholder="Search">
      <button class="raven-search-form-button fas fa-search"></button>
    </div>
  </div>
</form>

Text Content

Skip to content
 * 412-248-1200

 * 412-248-1200


 * info@youcompli.com

 * info@youcompli.com

 * NEWS
 * BLOG
 * DEMO
 * CONTACT

 * NEWS
 * BLOG
 * DEMO
 * CONTACT


 * 412-248-1200

 * 412-248-1200


 * info@youcompli.com

 * info@youcompli.com

 * NEWS
 * BLOG
 * DEMO
 * CONTACT

 * NEWS
 * BLOG
 * DEMO
 * CONTACT


 * Regulatory Analysis
 * Workflow Software
 * Clients
 * Why YouCompli

Menu
 * Regulatory Analysis
 * Workflow Software
 * Clients
 * Why YouCompli

 * Regulatory Analysis
 * Workflow Software
 * Clients
 * Why YouCompli

Menu
 * Regulatory Analysis
 * Workflow Software
 * Clients
 * Why YouCompli


TRANSFORMING COMPLIANCE TO A DEPARTMENT OF YES 

 * Posted on February 15, 2023
 * By Lisa Herota, RHIA, CHC, CHPS, CCS Compliance & Privacy Officer


FIVE TIPS FOR CREATING CULTURAL CHANGE AND SHOWING HOW HEALTHCARE COMPLIANCE
ADDS VALUE. 

Whether it’s “where good ideas go to die” or “the department of no,” compliance
officers have likely heard negative descriptions of their department. 

I was motivated to change these misconceptions about Compliance in my current
role as compliance and privacy officer. My team and I have worked hard to
transition from the Department of No to the Department of Yes – With
Guardrails. 

Our efforts to create cultural change and show how Compliance adds value include
five key activities:  

 1. Making the most of metrics
 2. Being visible 
 3. Providing education
 4. Serving as a strategic partner
 5. Facilitating Compliance liaisons


WHAT IS A DEPARTMENT OF YES FOR HEALTHCARE COMPLIANCE?

In compliance, the law and regulations are the basis for everything we do. We
must adhere to law and regulations while helping the organization do what it
needs to. The good news is, the laws and regs are not trying to keep us from
doing what we need to do.  

Most healthcare regulations focus on enabling hospital systems to keep patients
safe, provide quality patient care, and reduce risk. So, part of changing the
culture is reevaluating how Compliance approaches the asks from business and
operational leaders.  

There have been very few times when a colleague has come to me and said, “We’d
like to do this,” and I’ve had to say no.  

I start by acknowledging the effort that went into the proposal, and asking
questions: What is the plan or program trying to accomplish? How can we safely
merge it together with the relevant regulation?

Most times, I marry the two – the goal with the rule – and say, “We can do this
in some form or fashion, and here are the guardrails.” When colleagues feel
heard, they’re more willing to adhere to those guardrails because they
understand that you’re partnering with them.  

My collaboration with the Legal department is another reason I have been
successful in establishing a Department of Yes. Whether it’s in-house or
external counsel, they often understand the gray areas better than compliance
officers do.  

Partnering with legal counsel is invaluable for considering different approaches
to program and policy proposals, finding the gray areas, and defining which
guardrails to stick to. 


1. MAKE THE MOST OF HEALTHCARE COMPLIANCE METRICS  

CEOs and CFOs always want to know how Compliance impacts the bottom line. But it
can be hard to show the value of Compliance because it’s tough to quantify in
dollars. 

Even if you can’t show a hard financial impact, you can demonstrate how
Compliance delivers value by prioritizing metrics. This enables leaders to make
data-driven decisions. 

I created dashboards to highlight high-level compliance issues, such as the
number of concerns reported via our hotline. Metrics like this are effective
both in gauging awareness of Compliance among employees and in showing the
impact we make across the organization.

The most compelling measurement is the number of regulations we monitor that
affect our organization. I use YouCompli to generate a report showing we had
touched, in some way or another, over 500 regulatory changes throughout the
year. 

> When I showed that summary to my board at the end of our fiscal year, I saw
> the looks on all of their faces. They had no idea of the extreme
> administrative burden of regulations! The summary clearly demonstrated how
> Compliance manages all the risk associated with regulatory changes across the
> organization.  


2. BE VISIBLE TO HEALTHCARE OPERATIONS AND C-SUITE LEADERS 

When I started as compliance and privacy officer, I scheduled meetings with
C-suite and operational leaders. I asked about their pain points and what keeps
them up at night. And I explained that my team and I want to support them in
accomplishing their day-to-day and strategic goals. 

These conversations raised Compliance’s visibility and had an immediate impact
in changing the culture. Leaders realized Compliance didn’t have to be the
department where ideas go to die anymore. Colleagues started coming to me with
questions and ideas, asking for guidance before making big decisions. 

We also raised our visibility by rounding, and we started each of our roundings
with questions like:

 * Do you know about the compliance and privacy hotline?
 * Do you know how to record an issue?  

We would get deer-in-the-headlights looks, so we pulled out the computer to walk
them through everything. Rounding helps build relationships, and it’s also an
educational opportunity. 


3.PROVIDE ONGOING HEALTHCARE COMPLIANCE EDUCATION 


ROUNDING 

While we’re rounding, we share hot topics on the Office of the Inspector General
(OIG)’s list. We talk about common risks across the organization, and we end
every rounding session by asking: How can Compliance support you? 

There isn’t a cookie-cutter approach to effective education. It requires being
visible and talking with employees to understand their concerns and how
Compliance can help them. 

I develop educational materials that target knowledge gaps. For example, after
we round, my compliance director reaches out to that department leader and says,
“These are the takeaways from our rounding. Can I come to your next department
meeting?” 

Then we tailor a presentation to fill the knowledge gaps identified during the
rounding. We also engage employees via a Privacy & Compliance Corner in our
organization’s weekly Monday Messages newsletter. And we partner with IT
Security to email biweekly tips on keeping the organization safe and protecting
patient information. 


HEALTHCARE POLICY WRITING 

Another educational opportunity comes with policy writing. We emphasize showing
staff how the policies apply to the work they do daily. Most policies are
legalistic and are hard to read. Our job is to make them easier to understand,
so that clinical staff can focus on providing quality patient care rather than
wasting time interpreting policies. 


HEALTHCARE COMPLIANCE EDUCATION IS FUN 

We have fun with education too. Part of our HIPAA educational campaign was
awarding Starbucks gift cards to the first employees who called the compliance
hotline and correctly shared what the acronym stands for. It raised awareness of
HIPAA and our compliance hotline. 


CYBERSECURITY 

Cybersecurity is another hot topic and an educational opportunity. It’s a
never-ending battle in healthcare; it only takes one employee to click a link
and let bad actors into our system, creating a domino effect of chaos. 

When my organization was dealing with a cyber issue, my team worked with the IT
Security team to implement a simulated phishing email platform as an educational
tool. When I presented the platform for approval to executives, it included
increasingly punitive sanctions if employees clicked a link, responded to an
email, or opened an attachment.  

Yet executives asked for more aggressive sanctions, including immediate
termination. They likened it to not allowing an employee to set a fire in the
operating room more than once.  

I pushed back, explaining that employees first need education – whether it’s on
preventing a fire or avoiding a phishing scam. The executive team and I
compromised on starting with a four-step escalation program.  

> After six months of having this policy in place, no employees have made it
> past the second “failure” of clicking a link, responding to an email, or
> opening an attachment. It proves my point that education and training are
> effective. 


4. BE A STRATEGIC PARTNER 

It also underscores how being visible and providing education are integral to
serving as a strategic partner. I take the conversations I have with staff and
leaders to the CEO and offer my guidance on managing the issues identified. 

This positions Compliance as a strategic partner and a problem solver and shows
how we deliver value. As my team and I strengthened relationships across the
organizations, these conversations happened more and more. In turn, the CEO was
regularly asking the executive team and operational leaders, “Have you run this
by Lisa?”  

I saw a trickle-down effect: the more we built relationships and engaged
colleagues, the more they started bringing us into their discussions. Being an
effective strategic partner starts with simply asking questions.


5. ENGAGE LIAISONS  

No Compliance department ever has enough full-time employees to do everything on
our own. For example, we use the OIG work plan as the basis for our risk
assessments and risk matrix. But in a large organization, how do you assess
every item in the OIG workbook?  

I reached out to the executive leadership team and asked to engage someone in
each area to partner with us on monitoring, auditing, and reporting. Once we
identified liaisons, my director met with them and educated them on our
expectations. We shared tools, spreadsheets, and audit plans, and reinforced
that Compliance is a point of contact and resource – someone they can bounce
ideas off of.  

In our compliance meetings, our liaisons get a voice at the table. They report
out and highlight what their teams are doing to drive compliance in their areas.
It’s a way to engage liaisons and celebrate the contributions they make.  


IMPACTFUL, INTERRELATED, AND CRITICAL TACTICS FOR HEALTHCARE COMPLIANCE 

I’ve had great success reinforcing the value of the work Compliance does by
facilitating Compliance liaisons, making the most of metrics, being visible,
serving as a strategic partner to leaders, and providing ongoing education. As
my story about the educational tool for phishing scams showed, these five
tactics are impactful, interrelated, and critical for demonstrating how
Compliance delivers value. If you want to shape your organization’s culture,
focusing on these five areas will put you on the path to success.

Related: Read “Five ways to show how healthcare Compliance delivers value: Build
relationships to win the hearts and minds of operational leaders” to learn how
to employ empathy and intellectual curiosity. It will help remind operational
leaders of their role and the value Compliance delivers.

LISA HEROTA, RHIA, CHC, CHPS, CCS

The opinions expressed in this blog are the author’s and do not represent the
opinions of her employer.  Lisa Herota is the senior director of compliance and
privacy for a Colorado-based nonprofit community health care system. She
discussed her experience creating cultural change as a speaker on the HCCA
webinar “How Compliance Creates Value for the Healthcare Organization” on Nov.
29, 2022. 

Lisa holds a Master of Science in Health/Health Care Administration/Management –
Informatics from Colorado Technical University, a Bachelor of Science in Health
Information Administration from the University of Cincinnati, and Associate of
Science degrees in both Health Information Technology from Santa Barbara City
College and Biology from Yuba College.


“HOW COMPLIANCE CREATES VALUE FOR THE HEALTHCARE ORGANIZATION” – DOWNLOAD THE
WHITE PAPER NOW.




A WORKFLOW FOR EFFECTIVE COMPLIANCE

 1. Do you read an endless stream of regulations?
 2. Are they all relevant to your organization?
 3. When you find one that does matter, can you quickly tell what to do next?
 4. How will you know they picked up the ball if you delegate those
    responsibilities to colleagues?
 5. And how will you confidently report progress to your regulators or the
    Board? 

YouCompli developed a healthcare compliance management system that makes this
work as simple as possible. Our clients are empowered to respond to regulatory
changes quickly and confidently and can easily prove they’ve fulfilled their
obligations.  

GET A STRATEGIC OVERVIEW OF THE YOUCOMPLI SOLUTION

 * Share
 * Share
 * Tweet
 * Mail

compliance education cultural change cybersecurity HCCA healthcare healthcare
compliance Herota How Compliance Creates Value for the Healthcare Organization
Liasons Lisa metrics operations Policy writing rounding strategic partner
transform value Webinar white paper Yes
 * Regulatory Alerts
 * Legal Analysis
 * Policies & Procedures
 * Law Firm Validation
 * Regulatory Workflow Software

 * Know What To Do
 * Decide Relevance
 * Manage Rollout
 * Verify Progress

 * Clients
 * Differentiators
 * Company History
 * Pricing

 * Blog
 * News
 * Contact
 * Schedule Demo

HORTY SPRINGER, YouCompli’s legal counterpart, is the nation’s highly reputed
law firm exclusively dedicated to helping health systems, hospitals, medical
staff and healthcare organizations to succeed.


Linkedin
© 2023 YouCompli. All rights reserved.   |   Privacy   |   Corporate
Responsibility

Suite 300, 643 First Avenue Pittsburgh, PA 15219   |   412-248-1200   | 
 info@youcompli.com

 * Share
 * Share
 * Mail
 * Tweet