Blog Post

General Overview of Compliance Culture

Richard P. Kusserow | November 2023

Key Points on Compliance Culture:

  • Cannot achieve Compliance without knowing what Compliance means.
  • Compliance should be the foundation for driving mission, vision and values.
  • Challenging to evidence that Compliance exists.

When the Department of Justice (DOJ) emphasized a “culture of compliance” in their 2020 “Compliance Program Effectiveness Evaluation Guidelines,” the Compliance Officer community took it seriously. Organizations confronted by the DOJ for violating laws that cannot evidence a culture of compliance run the risk of added regulatory and legal penalties and harm to the organization’s reputation with the public and patient community. Though widely accepted as important, it is often unclear what compliance culture means and how it can be evidenced. Culture is complex in that it evolves over time and results from how well the organization’s mission, vision, core values, and beliefs are put into practice. In general, culture can be defined as the fundamental and distinctive characteristics or qualities that define an organization and how everyone in the workplace interacts with one another and those being served. More specifically, for compliance program purposes, it can be described as the system of beliefs and processes that create an environment where everyone adheres to shared values, goals, and practices of doing the right thing in day-to-day decision-making management.

Embedding Compliance within the Organization

For Compliance Officers, the challenge is finding ways to embed compliance across all levels and activities in the workplace, from what is expected in individual behavior to creating an environment in which employees feel comfortable to express their opinions and, crucially, are listened to when they do.  It must begin at the top with board and executive leadership levels by setting the correct tone for all business activities and openly and enthusiastically conveying how important compliance is and how seriously it is taken by the people at the top. To do this, they need to understand and embrace the rules, what is expected of them and others in the workplace, and the interactions in attitude and actions with others in the day-to-day operation and decision-making. To be fully effective in translating these principles into action requires first and second-line management buy-in and support. The fact is that staff are more influenced by the people they report to than by the leadership that is remote from them.

Going Above and Beyond

Another challenge is that the message in the workplace must go beyond just avoiding violating laws, regulations, policies, and the Code of Conduct. It must also extend to establishing a reputation of reliability, honesty, and ethical conduct. All this requires continuous reinforcement through tailored training for all employees on the importance of compliance in their role, and the risks they are likely to face for failing to comply.  When all is said and done, being able to evidence success in establishing a culture of compliance can be difficult. The best and most convincing way to do this is through a professionally developed and administered compliance culture survey that not only provides metrics for each question and overall results but is anchored in a larger database of other healthcare organizations using the same survey to permit comparative analysis.   

Strategic Management Services, in partnership with SAI360, has opened its annual HIPAA Compliance Survey to hear from healthcare industry compliance and privacy professionals.  Interested in participating?  Take the survey and share your thoughts.

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog