Blog Post

Becoming a HIPAA Compliance Officer in 2024: 14 Steps to Take

Richard P. Kusserow | January 2023

Key Points:

  • “Look before you leap” and know what you are inheriting from your predecessor
  • Ask upfront for what is in effect a compliance program due diligence review

Under the best of circumstances and regardless of prior experience, it is a major challenge to assume the responsibility of Compliance Officer and meet the expectations of the leadership, board, and staff. Accepting the position is a risky decision without fully understanding the existing situation or what will be needed to succeed.

Often new compliance officers inherit a host of pre-existing problems, many of which had been hidden, however in a very short time, they will own them. This is especially true after the impact of the COVID-19 Pandemic on all management operations, including compliance offices.

It is a sound practice to immediately engage experts to conduct a compliance program effectiveness evaluation as an inventory of the status of the existing program, pending issues/problems to be addressed, and gaps or weaknesses needing attention. This would be, in effect, a due diligence review of what the Compliance Officer is inheriting. This would identify existing flaws, weaknesses, and risks while providing a road map of what needs to be done to ensure the program is on the right track.

Doing this is consistent with OIG Compliance Program guidance that states “…[A]n effective compliance program should … incorporate periodic reviews of whether the program’s compliance elements have been satisfied.” In addition, both the OIG and DOJ have stated their expectation that organizations review and evaluate their compliance programs to ensure they accommodate the standard principles of an effective compliance program.

It is far better for outside experts to evidence the status of the compliance program, at the time of hire, and leave the incoming Compliance Officer to focus on solutions. The best move, if possible, is negotiating such a review as a condition of accepting the position. There are many benefits to taking this step:

  1. The external review can evidence program status/progress, as called for by OIG and DOJ
  2. Results will have a higher level of credibility than if done internally
  3. Can “flag” past mistakes, problems, and issues
  4. Identifies gaps and weaknesses warranting attention
  5. Warns of potential “land mines” of hot issues with management
  6. Cites past mistakes and their consequences
  7. Provides recommendations/suggestions as an action “road map”
  8. Gives added force and authority for actions to be taken
  9. Can address the adequacy of budgetary resources
  10. Helps evaluate compliance staff competence
  11. Provides feedback on compliance attitudes/perceptions of leaders, managers, and staff
  12. Can assess the level of past support by leadership
  13. Defines relationships with other functions (e.g., legal, HR, finance, etc.)
  14. Results in providing solid information in reports to oversight committees

Keep up-to-date with Strategic Management Services by following us on LinkedIn.

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 2,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog