Compliance Perspectives SCCE

By Adam Turteltaub



ISO 27001 is the leading standard for information security management systems. As Mel Blackmore, CEO of UK-based Blackmores explains, it is a framework that applies and is of value regardless of an organization’s size, sector or country.



Organizations seek ISO 27001 certification to ensure that their IT security reflects best practices. It also brings to organizations a systematic approach to work in this area. In addition, potential business partners will have greater confidence that your organization has robust data defenses.



Most organizations have a head start when it comes to becoming ISO 27001 certified. Many existing IT security practices are likely to be consistent standards. To get the rest of the way to certification, she outlines several steps including:



* Determine where your organization is already compliant

* Conduct a gap analysis

* Performing a risk assessment

* Creating policies and procedures



Listen in to learn more about meeting this important ISO standard and what it will take to maintain certification.

By Adam Turteltaub



What do we do with ESG? Is it a part of compliance? Something different? How do we handle it?



Renee Murphy, Distinguished Evangelist at Diligent argues in this podcast that while there are compliance aspects to ESG, it is best to quickly make it a part of operations and under the general risk management structure.



Of the three elements of ESG, it is the environmental sustainability side, she believes, that will be the most challenging. With new requirements for organizations to report on their fossil footprint, companies are being forced to march into unexplored territory. As a result, they will need to evolve their process, which, she believes, will become easier as management comes to understand the balance sheet implications.



Listen in to learn more about what is happening with ESG, and what compliance teams need to know.

By Adam Turteltaub



Healthcare enforcement is never quiet. There’s always something, or many things, going on, and compliance teams need to stay on top of the trends to ensure that their programs are staying ahead of the risks.



To find out where things are today, we spoke with Ronald Chapman II, author of the book Unraveling Federal Investigations, defense attorney with Chapman Law Group and president of Chapman Consulting Group.



In this podcast he identifies several areas of intense enforcement activity:



* Drug testing labs are under scrutiny, particularly around the number of panels and reflex testing

* Telemedicine continues to be a hot area as well

* Venture capital firms are entering healthcare and/or deepening their investment, often with complex payment arrangements and without sufficient antikickback review

* Aggressive telemarking in the durable medical equipment space persists

* Credentialing issues, especially for smaller entities, are resulting in non-payments and fraud allegations



On the criminal side, he notes that controlled substance prescribing is in prosecutors’ eyes, often coupling these cases with fraud charges, leading to a one-two punch.



Listen in to learn more about what healthcare enforcement authorities are doing and how to strengthen your compliance efforts.

By Adam Turteltaub



Creating the right corporate culture is an idea that’s sacrosanct in the field of compliance and ethics. The folks at Gartner, though, are challenging that belief.



In this podcast Chris Audet, Vice President and Chief of Research for General Counsels and Chief Compliance Officers, tells us that their newly released report finds that focusing on key quality measures in the compliance program may be more important.



The firm reached the conclusion after surveying over 1000 employees about the situations that lead to employee noncompliance. To quote from the press release, “In the survey, 87% of respondents said they faced situations where they didn’t know how to comply in the last 12 months, followed by 77% of respondents who experienced situations of rationalization and 40% experiencing situations of malice.”



Improved quality standards – the design and accessibility of policies, training and so forth – had much more of an effect on reducing uncertainty than culture did. As he notes, when employees are faced with uncertainty, the key thing is to have easily accessible policies and a workforce that knows where to find them.



Most troubling, of course, is the reportedly high temptation, not always acted on, to be noncompliant for malicious reasons. Listen in to learn more about the challenges of malice and rationalization and how quality standards may help there as well.

By Adam Turteltaub



There’s no General Data Protection Regulation (GDPR) in the US. Absent a comprehensive, national privacy law, states have stepped in to fill the gap.



As Adam Greene (LinkedIn), Partner at Davis Wright Tremaine explains in this podcast, that’s creating some complications. The California Consumer Privacy Act (CCPA) already differs from subsequent laws in several states which use language reminiscent of the GDPR. And while there are many similarities, some differences are substantial. For example, some state laws are targeted at businesses, not non-profits. That’s an important distinction for healthcare with so many non-profit institutions.



Perhaps the greatest challenge for organizations is figuring out which standard to follow, if any. Do they take a state-by-state approach, or one national approach based on the toughest state laws? Whatever the choice, it’s important to determine what data you have since there may be limits on collection and a requirement to share that data with consumers who want to see it.



Listen in to learn more about what the states are requiring and what you need to do to meet their expectations.

By Adam Turteltaub



For as much as there is talk about the force of the US Foreign Corrupt Practices Act (FCPA), the impact of the OECD’s anticorruption efforts deserves a great deal of credit. By encouraging laws against foreign bribery, anticorruption compliance efforts, and grading the work of the countries who are parties to their Antibribery Convention, the OECD continue to raise the bar.



In Australia, the OECD’s push for more resources for small and medium enterprises (SMEs) seeking to avoid corruption led to the creation of the Bribery Prevention Network, explains Dan Wilcock (contact), Head of Sustainability Governance for the UN Global Compact Network Australia and Manager of the Bribery Prevention Network. This public-private partnership was born out of the work of more than thirty organizations working collaboratively.



The end product is a robust online hub filled with practical resources on topics such as anticorruption programs and conducting risk assessments. The Network also facilitates sharing of expertise from larger organizations to the SMEs in their supply chain.



Listen in to learn more about what they are doing and lessons for others seeking to start similar endeavors.