Tammy Mae Moga (maetammy@aol.com) is IT Global Data Protection and Privacy Program Consultant at Medtronic in Mounds View, MN.
Do you sometimes sense the unspoken, unwritten reaction to you walking the halls, grabbing a coffee, or even sitting at your desk? Is “shh” in the not-so-far distance? As readers of Health Care Compliance Association resources, including blogs, podcasts, Facebook postings, LinkedIn articles, magazine articles, conference programs, Twitter feeds, and so much more know, the importance of influencing through leadership is a repeated theme. Inspiring a culture of compliance can be daunting today as we face the challenges of developing our processes toward the looming complex regulatory environment. Our goals include encouraging acceptance and active participation in our documented compliance programs. Concurrently, we are also competing with the expectations of the blended multiple generations who work in our organizations.
One of the first compliance resources supporting us as professionals, Compliance 101,[1] explains that an effective compliance program must be an ongoing process, a part of the fabric of the organization, a commitment to an ethical way of conducting business, and a system for doing the right thing. Some considerations include:
-
Are we as privacy and compliance professionals approachable?
-
Do employees feel comfortable asking questions?
-
Are we available to answer questions in person, by phone, by instant message, and email?
-
Will an employee, manager, director, contingent worker, or vice president feel judged if you share potential gaps in adherence to regulations?
-
Do we as compliance professionals incorporate both management and leadership strategies to a culture of compliance?
Many organizations combine privacy, security, and compliance, while others operate separate departments. No matter the title or placement within the organization, the compliance professional is a leader responsible for delivering the following recommended seven elements of an effective compliance program outlined in the Federal Sentencing Guidelines for Organizations.[2]
-
Implementing written policies and procedures,
-
Designation of a compliance officer,
-
Conducting effective training and education,
-
Developing effective lines of communication,
-
Conducting internal monitoring and auditing,
-
Enforcement of standards through well-established guidelines, and
-
Prompt response to detected problems through corrective action.