Compliance Perspectives

By Adam Turteltaub Andrew McBride, Founder & Chief Executive Officer at Integrity Bridge, recently wrote an article entitled Generative Artificial Intelligence Use Cases for Ethics & Compliance Programs.  Intrigued by the topic, I sat down with him for this podcast. He shared that many compliance teams are charged with using AI but may not have the  desire or know how to create and implement a use case. He shares that AI is very good at doing a specific role and a specific activity.  Consequently, compliance teams should consider not just the use of AI as a whole but specific needs that they have for it.  He gives five specific use cases: Interpreter. AI can translate documents and training in seconds.  It can also help you distill long documents into pithy, usable summaries both for you and management. Drafter.  It can draft from scratch or improve what you have already put together, even creating interactive scenarios that can be useful in training. Researcher.  You do have to be mindful of halluc

By Adam Turteltaub Why? Why are you asking that? Do you really need to know it? Is it going to tell you something you need to know? Is it a question that anyone could even answer? All of these are questions to ask yourselves and colleagues when they propose adding an item to your due diligence questionnaire. As Kristy Grant-Hart (LinkedIn), author, speaker and Head of Advisory at Spark Compliance, which is now owned by Diligent, explains, too often due diligence questionnaires are filled with questions that are unnecessary at best and counterproductive at worst.  They are born out a desire to cover all the bases not necessarily get you just the information you need. Instead of throwing in everything including the kitchen sink, it’s far better to take, as elsewhere, a risk-based approach.  Work directly with those who own the risk review.  And, if the response doesn’t matter, don’t ask the question. Listen in to learn more about how to create a due diligence questionnaire that gets the answers you nee

By Adam Turteltaub With ever more attention paid to the role of boards in overseeing compliance, the question naturally comes up:  Do boards even understand what makes for an effective compliance program?  To help answer that question we spoke with Vera Cherepanova (LinkedIn), Executive Director of the non-profit Boards of the Future. She shares the unfortunate news that many boards are not where they should be.  They are not fully seeing culture as a risk factor and driver of misconduct.  Nor do many understand their own duty to manage it. That’s dangerous in these times, especially now that governments are paying closer attention to culture. Forces, though, are starting to change the equation and force boards to understand the role they and compliance play together in ensuring both integrity within the company and business success.  Supply chain issues and ESG, for example, have brough compliance in closer contact with the governing authority.  So, too, is regionalization.  As countries take divergent p

By Adam Turteltaub With a rising focus on value-based care, and a new program seeking to make the approach mandatory, we spoke with Ed White (LinkedIn), Partner at Nelson Mullins. Previous efforts to move toward value-based models, such as Accountable Care Organizations (ACOs), faced significant barriers due to regulatory frameworks like the Stark Law and Anti-Kickback Statute. These laws were designed to prevent financial incentives from influencing medical decisions, but they also limited the ability of hospitals and physicians to collaborate in ways necessary for effective value-based care implementation. Recognizing these constraints, CMS and the Office of Inspector General (OIG) collaborated in 2020 to issue new regulations aimed at facilitating the transition to value-based care. The next step in the transition is the new Transforming Episode Accountability Model or TEAM program, which will become mandatory in 2026. This program includes 740 hospitals across the country and targets five specific sur

By Adam Turteltaub Imagine that it’s time to move on from compliance to another role, either by choice or being voluntold.  Does what you learned in compliance help? Absolutely, according to Kortney Nordrum, Vice President and Senior Corporate Counsel at Deluxe.  Amongst other benefits, it taught her how to break down large issues into more manageable pieces, better identify and manage risks and help deals close. That isn’t to say the transition has come without challenges.  She has had to learn to trust others to run compliance and also to be less risk averse. Listen in to learn more about how your compliance skills can help if your career ever takes you to another profession.

By Adam Turteltaub When Garth Jordan learned about the opportunity to lead the SCCE & HCCA, he was excited about the idea of helping to build trustworthy organizations.  And, the more he spoke with the board and talked to his peers, the more convinced he was that this was the role for him. Unlike our previous CEOs he came to the association not from compliance, but from the field of association management.  He has served in leadership roles for the American Animal Hospital Association, Healthcare Financial Management Association and Medical Group Management Association.  As he looked at SCCE & HCCA he saw a great opportunity for growth and greater impact. He tell us in this podcast that he will be focusing on the complete range of things that we do, from publishing to creating events to providing certifications to facilitating networking. Listen in to learn more about him and how he plans on using design thinking to help create a robust future for the SCCE & HCCA.

By Adam Turteltaub What do cupcakes, cookies and compliance training have in common?  More than you might think, reports Barbara-Ann Boehler, Senior Director of the Program on Corporate Compliance and Ethics at Fordham University  School of Law.  She successfully used the act of frosting the treats a part of a compliance learning exercise. It’s a great, if unusual, example of experiential learning, which seeks to teach people by getting the learner to do the thing that they are learning rather than just sitting and listening. A more common example of experiential learning is to create a case study in which the participants play different roles and see how the situation plays out. This interactive approach to learning can be much stickier, figuratively and literally (if you use frosting) with lessons sinking in deeper and discussions lasting long after the session is over. Listen in to learn more but, maybe, eat something healthy first.

By Adam Turteltaub Being a leader is hard.  Being a compliance leader is harder.  Being a compliance leader in fast-changing times takes it up yet another level, but it’s not impossible. Kim Jablonski, Chief Compliance & Ethics Officer at Bristol Myers Squibb shares that with these challenges it’s important for leaders not to think in static terms but to recognize that the landscape is constantly changing.  The transformations include not just new laws and regulations but also new expectations for compliance programs, such as when it comes to taking a more data-driven approach. At the same time, though, some things don’t change.  For example, you need to communicate with the workforce the importance of acting with integrity, even when there is business pressure to deliver.  That same message should come from leadership as well so that employees see integrity as a part of the culture and behavioral expectations. For their part, compliance leaders, and their teams, need to have a deep understanding of the b

By Adam Turteltaub There’s a car pulling up to your facility loaded up with a patient and a trunk full of risk. Non-emergency medical transportation (NEMT) plays an important role in getting elderly and poor patients to their medical appointments and pharmacies.  But, explains Colin May, Professor of Forensic Studies and Criminal Justice at Stevenson University, the amount of fraud is exploding.  There are cases of billing when service was not provided, trips to facilities that are closed, overbilling, upcoding, overcharging for tolls, and more. Enforcement authorities have been doing more to crackdown on this fraud, but providers need to be on the lookout for a host of schemes, including kickbacks. Frontline employees, he argues, should be trained to look out for questionable, unusual situations that may be the sign that something improper is happening.  Technology can also be deployed in areas such as pre-trip screening. Listen in to learn more about this growing problem and what your organization coul

By Adam Turteltaub Things are a bit out of balance when it comes to Business Associates (BAs) in healthcare.  Organizations invest a great deal of time and resources in vetting these third parties to make sure that they will safely handle data from the covered entity.  But, when the relationship ends, those same organizations may overlook the risks to their data post-separation. The problem is complex because different BAs will fall under different regulations and use data differently.  Some may process but not retain data.  Others may have terabytes of your data to return or destroy immediately.  For others, there may be a law or regulation requiring them to hold onto that data for several years. The compliance team, explains Marti Arvin (LinkedIn), Vice President, Chief Compliance and privacy Officer at Erlanger Health System, needs to ensure it is part of the process whenever a BA relationship is coming to an end.    At that point, it’s time to reach out to the BA to ensure there is a plan in place for

By Adam Turteltaub Ahmed Salim wants you to change how you approach change.  An active consultant to the compliance community and Healthcare Compliance & Regulations Adjunct Professor at DePaul University, he is passionate about following a disciplined approach to change management.  Not surprisingly then, he’s the author of a new book from the SCCE & HCCA:  Mastering Compliance Through Change Management. In this podcast he explains that the concepts behind change management are simple.  It contains 8 critical steps: Vision and strategy Building leadership and sponsorship Communications and awareness Training and acceptability building Implementation and reinforcement. Continuous monitoring and improvement Sustaining the change Feedback and adaptation. So what are the keys to success along the way?  First, have a vision and strategy you want.  Second, get leadership and senior management buy in.  Third, effective communication because if people don’t know about the change, what’s the point

By Adam Turteltaub As with so many other areas, communication, or a lack of it, can be a big problem when it comes to eDiscovery.  Legal doesn’t always adequately communicate what it needs.  The business unit doesn’t share information about all the technologies its teams are using to communicate, and compliance may be giving the wrong message as a result. The cure, as Joey Seeber, CEO of Level Legal lays out in this podcast, is making sure that everyone is aware of the issues, the technology and what proper practices look like. That means understanding what platforms are being used for collaboration, and deletion schedules need to be understood and consistent, wherever possible. To understand more about navigating around these problems, and how to find a vendor that will help your efforts, listen in to discover more about eDiscovery.

By Adam Turteltaub On July 10, 2025 the European Commission posted The General-Purpose AI Code of Practice.  Unlike the EU AI Act, this new Code of Practice is not compulsory, at least not yet. Still, it seems prudent to start understanding what it says and what expectations are being laid, as well as what the definition of general-purpose AI (GPAI) is.  To that end, we spoke with  London-based Jonathan Armstrong, Partner at Punter Southall. Jonathan explains that GPAI systems perform generally applicable functions such as image and speech recognition, audio and video generation, pattern recognition, question answering and translation.  It is similar to generative AI but is not the same. He then shares that the Code of Practice contains three sections:  transparency, copyright, and safety and security. Transparency is a hugely important issues for AI.  Organizations need to keep their technical documents related to their AI use current and address topics such as how the AI was designed, the technical mea

By Adam Turteltaub Managing whistleblowers is always a hot topic, and you’ll find it on the agenda at the 2025 SCCE Annual Compliance & Ethics Institute.   To provide a preview of what you will see if you join us in Nashville, we sat down with the speakers for the session “Someone Blew The Whistle: Perspectives from Former Whistleblowers, In-House Compliance, and External Investigators”. The speakers in Nashville, and guests of this podcast, are: Jordan Segall, Senior Counsel, Ethics & Compliance, Xylem John Pease, Partner, Morgan Lewis Andrew Bakaj, Chief Legal Counsel, Whistleblower Aid. In our conversation they share the work Xylem has done to encourage internal whistleblowing.  The compliance team’s efforts include not just having a policy but ensuring that it is clearly accessible as well as explaining confidentiality, anonymity, and even investigative standards and processes. The company offers their employees multiple avenues to speak up, including HR, internal audit, the hotline, compliance

By Adam Turteltaub There’s a lot new going on in healthcare enforcement, and, at the same, there’s a lot that hasn’t changed, reports Greg Demske (LinkedIn), partner at Goodwin Proctor and, formerly, Chief Counsel to the Inspector General at HHS. While the US Department of Justice has changed its priorities in areas such as anticorruption, if you look at what they and the Office of Inspector General (OIG) at Health and Human Services have been doing, he observes, the long-time bipartisan effort to stop fraud in healthcare is continuing. Yet, there are some significant changes.  At CMS a major shift has occurred when it comes to Medicare Advantage.  In the past there were audits of fifty plans a year, but now the goal is to audit all six hundred or so annually.  Backing that up is an expansion in the number of coders from 40 to 2000.  This has huge implications both for the plans and providers. Meantime the Department of Justice and HHS have created a False Claims Act Working group to further their efforts

By Adam Turteltaub I live in Los Angeles and was fortunate enough to get through the fires unscathed.  Around me, though, were others who were not so fortunate.  A cousin and several friends lost everything. After the fires came a cleanup of epic proportions.  For Glenn Sweatt, Vice President at ECC, the company charged with remediation at all those burned out lots in Altadena and the Palisades, that’s when the work began. The workforce had to be assembled, contractors brought in, and everyone needed to be trained and trained well, since the company is a federal contractor. Making that all happen required flexibility and agility.  The compliance organization, like the company, had to be adaptable to changes in conditions and be responsive to local communities which suddenly, and unhappily, had thousands of trucks running through them. Language had to be considered since Los Angeles is a diverse city.  Spanish translations were expected.  Hindi turned out to be more common than anticipated. Listen in to

By Adam Turteltaub Here’s a little nightmare every compliance officer dreads.  You leave your current job for an exciting new one, only to find out that you just walked into a position where the compliance efforts are token at best because the organization’s leadership doesn’t take compliance seriously. In this podcast Mary Shirley, Vice President, Chief Compliance and Privacy Officer, Scion Health, shares what to look for and how to protect yourself if this bad dream becomes your reality.  And, for the record, she has not run into this disaster at Scion Health. So, what are the signs there is insufficient commitment?  Any or all of the following could be, although generally one or two, she notes, may not be definitive: The title and standing of the top compliance officer is relatively low with little authority The compliance teams is greatly understaffed compared to industry benchmarks (cross-industry, healthcare data), without some compelling reason such as the organization is undergoing financial d

By Adam Turteltaub There is so much hype and drama when it comes to AI, that it’s good to hear the voice of Mujo Vilasevic, Senior Compliance Officer, Raiffeisen Bank  International.  Contrary to most, he makes the case that the problem with AI is overdramatization.  Despite the fears, it’s not going to take over the world or our jobs, as he sees it. So what should be doing when it comes to AI?  Educating ourselves is a very good start.  Also, look at AI both, as he describes it, outside in and inside out:  Look to see where it can be useful for the compliance department and how the business unit is putting it to use. Do so, he advises, recognizing that there is, as of yet, no global regulatory consensus.  While laws are emerging, there is still a patchwork out there. However, there are some principles of responsible AI use that do seem to have global relevance.  The EU law, for example, is based on the principles of integrity, data confidentiality, consumer data protection, personal data protection and t

By Adam Turteltaub It’s time to think bigger when it comes to helpline data.  Yes, it’s still important to look at traditional metrics such as the number of calls and the substantiation rate.  But, there is so much more that can be done. Justin Ross, Vice President, Chief Compliance Officer at Sysco and Carrie Penman, Chief Risk and Compliance Officer at NAVEX will be addressing what you can do with your helpline data during their 2025 SCCE Compliance & Ethics Institute session “Numbers That Matter:  Moving Beyond Hotline Data to Identify and Build an Ethical Workplace.” For one, they encourage compliance officers to think about whom they are sharing the data with.  What the board, management and others will want to see is likely to be different. As a result, it’s important to tailor your reporting accordingly. Second, they argue in this podcast that it’s important to not just look at the data reactively.  Instead, think proactively and use it as a way to identify where there are issues to be addressed, e

By Adam Turteltaub I recently learned that at the US Department of Justice’s law library, one of the most common requests the librarians receive is for vintage dictionaries.  Why?  Because the lawyers often need to find out what the definition of a word was at the time a law was passed. Meanings change over time in the law and in the vernacular.   Remember when describing something as “sick” meant that it was bad?  Now it’s the opposite. Stacey Parks, Ethics Officer, Enterprise Operations and International Ethics at Lockheed Martin will be taking on our evolving language at the 2025 SCCE Compliance & Ethics Institute.  Her session is, appropriately, entitled, “Divided by a Common Language:  No Cap.  Here’s the Tea on How Being a Mom of a Teenager Made Me a Better Communicator.” With five generations in the workplace today, it’s important to understand that each has its own communications style and what works for one may not for another.  Millennials, Gen Z and Gen Alpha are all digital natives and are muc