Skip to content
English - United States
Submit a Ticket Go To Customer Portal
  • There are no suggestions because the search field is empty.

Where do I start? Advice for Guard customers from a compliance professional

What is the question you get most often as an experienced Compliance professional from someone new to a compliance role or new to their current role?

Where do I start?

Compliance in general, but healthcare compliance in particular can seem overwhelming.  So many regulations, so many pieces and parts of an organization touched, limited resources in terms of money, focus and time.  

There is really no bad place to start.  But I usually take two concurrent paths.  I start with reviewing an area of compliance that I think is likely an area of opportunity and also an area of success.  Gather information from people around you or from materials around you, like a policy portal.  

Using the resources and functionality in The Guard makes the process easier and provides you efficiencies and tools that help you achieve, maintain and evidence compliance.  You can start with a playbook on HIPAA for example.  Follow the steps like a work plan to get you through assessing using programs, placing safeguards using training, screenings and policies, and remediating using program tasks.  Or maybe you have an urgent need for a revised Privacy policy, to get security awareness refreshers running or to run an OSHA risk assessment.  Any of these places are a good place to start.  

Getting people to see compliance teams in a positive light can be challenging. I think the most successful I have been in getting people to open up early in my compliance efforts is to let them know I was trying to get a handle on where my resources and focus can benefit the organization most and maybe mentioning something that illustrates no one internally suggested to me that I start with them or their process.  

The best advice I can give to any compliance team, even a team of one, is give yourself some grace.  You cannot review every risk, revise every policy, address every issue on an annual basis except in a truly mature compliance environment.  Compliance is everyone’s job – you are the leader that drives it, but if all compliance tasks are left to only a small part of an organization, it likely won’t  succeed in meeting its obligations – that is not your failure.  Engage as many people as you can outside of your own team to help assess and mitigate risks in the organization. Assign them tasks, have cross departmental workgroups that tackle a particular program.

Do your best to assess high risks, put your effort into devising remediations and safeguards around those risks and documenting and evidencing the work and effort that goes on every day to meet obligations and requirements.  Most organizations are doing more than they get credit for, be the person to gather evidence beyond the expected.  For example, thinking of training as only formal LMS training leaves out the most important part of most people’s training, like shadowing strong performers.  Efforts to provide the best tools and environment where people can do the right thing and feel proud of their accomplishments are some of the best ways to encourage and evidence compliance.  Make sure that your documentation reflects them, they are easily added as evidence in the Guard.   

Celebrate the people who model compliant practices.  Remember every effort you make leaves the organization better off than if they did nothing.  Celebrate your wins and remember that great compliance starts with incremental change.