This interview with Mary Jo Gray (maryjog@umich.edu) was conducted in late summer by (adam.turteltaub@corporatecompliance.org), Chief Engagement & Strategy Officer, Society of Corporate Compliance and Ethics & Health Care Compliance Association.
AT: Usually when I do an interview, I sort of walk through the person’s career, but I want to start with both your beginning and where you are today. You began your career in healthcare during the AIDS crisis and were right in the middle of it, working at the New York City Health and Hospitals Corporation – Bellevue Hospital Center. And now here you are in another healthcare crisis with a communicable disease. There are a lot of parallels in terms of having to treat a deadly disease while trying to understand it and a healthcare system trying desperately to catch up. First, are you seeing similarities between the two?
MJG: I’m definitely seeing similarities between the AIDS crisis in the ’80s and the current pandemic, but I also see some stark differences. I should start by saying that I had two other jobs at Bellevue before I moved to manage their AIDS program: I worked in human resources and then managed their biomedical engineering program. When I made the move to the AIDS program, my office was going to be on one of the inpatient floors. I was warned by several of my coworkers that I was walking into a “death sentence,” but I had done my research and moved on to the AIDS unit. It was there that I encountered frontline healthcare heroes who, like today’s heroes, experienced the personal impact of providing care during a pandemic/epidemic: being simultaneously worried about your patients, yourself, and your own family; long shifts because there’s a shortage of staff willing to work with the population; death; overall uncertainty caused by a disease about which little was known; and treating wards of patients who are isolated and extremely ill.
Another key similarity for me is the presence of Anthony Fauci. I first became aware of Dr. Fauci because he was being challenged, quite publicly and vocally, by Larry Kramer, the founder of Gay Men’s Health Crisis and AIDS Coalition to Unleash Power.[1] At the time, I, along with just about everyone else, was learning about HIV and AIDS—not just about the diseases, but about the communities most affected by it. It was confusing to me that someone in authority who was, I thought, trying to help was seemingly being vilified by the community he was trying to help. Dr. Fauci has subsequently become the authority for infectious diseases, and is at the forefront of the US response to COVID-19. The compliance lessons for me from watching and reading about those interactions are about the importance of communication: It’s important to understand your audience and the things that are important to them. Gathering that understanding can lead to shared goals and a focused approach to meeting those goals. Try to see past the bluff, bluster, and resistance that we sometimes face as compliance professionals. Once Dr. Fauci was able to get beyond the yelling and name-calling (neither of which do I condone), he was able to understand the negative impact existing policies and structures had on the lives of people living with HIV, and change could be made.
One crucial concern during the AIDS epidemic was that of privacy, the fear of being “outed” on numerous fronts—fear that people would find out about your sexual preferences or activities or substance use. The Health Insurance Portability and Accountability Act (HIPAA) wasn’t in place until 1996, so there were few enforceable privacy protections for patients during the height of the AIDS epidemic. So we saw significant delays in treatment, because the lack of privacy protections, even privacy expectations, meant that patients either ignored or hid symptoms or withheld crucial information from their healthcare providers. I’m not suggesting that HIPAA would have led to fewer AIDS-related deaths, but it did eventually mean that patients came to us earlier in their disease progression, and those expectations of privacy allowed for more complete medical histories and better care. Luckily, we don’t have the same concerns with the COVID-19 pandemic, but imagine if we did. The privacy concerns expressed now seem to be about contact tracing. Contact tracing was also conducted during the AIDS epidemic in the form of “partner notification” and could be done at the discretion of the provider, as there could be serious patient safety concerns. Today’s contact tracing seems to be much less personal (i.e., anyone at XYZ restaurant on XYZ date should self-monitor).
AT: Let’s get into more specifics about you and your role. You’re currently serving as the compliance officer at the University of Michigan School of Dentistry (UMSD), which I understand is the top-rated school in the country.[2] What are some of the legal and regulatory risks that are unique to dental programs?
MJG: We are subject to some of the same regulatory requirements as other healthcare facilities, but we are also subject to the Family Educational Rights and Privacy Act, Commission on Dental Accreditation standards, and the Clinical Laboratory Improvement Amendments.