Heritage Health

Building Compliance Leadership on Trust and Relationships

Over the course of my career, I’ve held a variety of administrative roles in healthcare, including credentialing and privileging oversight, outpatient operations, physician recruitment, change management and strategic growth initiatives. Each of these experiences contributed to my perspective— but not in the way one might expect.

My transition into compliance leadership was not driven by deep regulatory expertise. It grew out of something more foundational: the relationships I had built with physician and executive leaders along the way.

I recall a conversation with our Chief Operating Officer during a period of rapid growth of a new division. He asked me to consider building and leading the new division’s compliance program. My initial response was hesitation. I told him candidly, “I understand healthcare compliance like most people working in healthcare do, but I’m not an expert.”

His response changed my perspective.

“You can learn the rules,” he said. “What I cannot hire is the trust and relationships you’ve already built.”

That insight has shaped my approach ever since. Regulations can be studied (and I did!), policies can be written and programs can be designed—but compliance only becomes effective when it is built on trust.

When compliance leaders invest in relationships, conversations about risk and accountability become more productive. Instead of resistance, there is engagement. Instead of enforcement alone, there is shared ownership.

Ultimately, compliance leadership is not just about interpreting rules—it is about creating an environment where honesty, transparency and continuous improvement can thrive.

In the risk management arena, candidly speaking up about patient safety concerns ultimately lead to my appointment as head of the risk management program. That candor remains my North Star today. Whether in risk or compliance, the mission is identical: keep patient safety at the heart of every decision.

Navigating Cybersecurity Risks and Rapid AI Adoption

There are many critical risk areas, and that in itself is part of the challenge—managing multiple high-risk areas simultaneously. Two stand out: cybersecurity/data privacy and the rapid adoption of artificial intelligence (AI).

Cyberattacks are increasing in both frequency and sophistication and the financial and reputational costs can be significant. Strong partnerships with information security leaders are essential. Understanding risks through their lens helps strengthen organizational risk assessments. Equally important is preparation— having a well-developed incident response plan in place before an event occurs.

At the same time, AI adoption is accelerating faster than regulatory guidance. Organizations must ask critical questions:

• Are patients aware when AI tools (such as ambient documentation) are being used?

• Has appropriate consent been obtained?

• How are vendors handling and retaining patient data?

• Are outputs being validated and is bias being considered?

Balancing innovation with responsible governance is one of the most pressing challenges today.

Aligning Regulatory Requirements with Operational Realities

It comes down to partnership. Compliance and risk management cannot operate in isolation. It requires time in clinics and care settings—observing workflows, talking with staff and understanding operational realities. The goal is not to simply enforce rules, but to align regulatory requirements with how care is actually delivered. Adopt the mindset of the “Department of How,” not the “Department of No.” Our approach should always be: “Tell me your objective and I will help you find a compliant solution.”

When compliance and risk management leaders take the time to understand what teams are trying to accomplish, the conversation shifts from “no” to “how.” That shift builds trust and leads to more practical, sustainable solutions.

AI, Regulatory Agility and the Future of Compliance

Artificial intelligence is one of the most significant trends—not only in clinical care, but in how compliance teams themselves operate. Organizations must ensure AI is used in a compliant, ethical and transparent manner across all roles.

In addition, regulatory agility is no longer optional. With programs like 340B under constant scrutiny, organizations must navigate shifting state and federal landscapes with proactive documentation and a ‘compliance-first’ operational model.

What It Really Takes to Succeed in Compliance Leadership

Start by learning—then teach. While education is one of the seven elements of an effective compliance program, it’s important not to begin teaching before you truly understand your audience.

In compliance and risk management, take time to learn how care is delivered, listen to frontline staff and build relationships across the organization. When you understand the environment and the people within it, your education and guidance will be far more relevant, practical and impactful. Compliance and risk management are not just about rules; it is about influencing behavior and shaping culture. Those who are most effective in the compliance and risk management fields recognize that success depends not only on technical knowledge, but on the ability to foster trust, encourage transparency and support continuous improvement.