Why Managing Compliance Risk Is Like Eating Spinach
The overwhelming pace and complexity of healthcare regulatory change have become so routine that the constant grind now poses a distinct compliance risk to the organization it’s intended to protect.
Yet, many hospitals still treat regulatory change as a routine monitoring activity, failing to adopt the systems thinking and discipline necessary to truly mitigate the risk.
This article by a top healthcare compliance expert explains what it takes to make that transformation. (She also explains what spinach has in common with compliance risk assessment.)
Beyond Spinach: A Systems Thinking View of Regulatory Change
’Tis the season! Compliance risk assessment season, that is.
Many healthcare organizations are in the middle of this annual “eat your spinach” preventative exercise, with compliance folks wandering the halls asking executives what keeps them up at night.
This year, a CFO for one of my hospital clients raised a significant risk that is so ever-present it’s often treated as a constant rather than a risk. The pace and complexity of regulatory change in healthcare are so familiar that they’re easy to overlook as a distinct risk.
Regulatory Change Complexity as Permanent Risk
For those who do recognize and record risk, this one almost certainly hits near the top of the scoring index. Regulatory change in healthcare isn’t an occasional disruption. It’s a permanent condition of the operating environment.
Despite recognizing it as a top risk year after year, many organizations still manage regulatory change as a monitoring activity rather than applying systems thinking. Updates are tracked. Summaries are circulated.
But when change actually occurs, the organization is left to work out (often manually and inconsistently) what the change means and what to do next.
Systems Thinking Brings Structure to Reducing Compliance Risk
From a systems-thinking perspective, this is a structural failure, not an execution problem.
A persistent, high-scoring risk should not rely on individual effort, institutional memory, or ad hoc judgment calls to be managed effectively. It should be supported by infrastructure that reliably converts inputs into outputs.
In this case, the input is regulatory change. The needed outputs are:
- Applicability analysis
- Operational decisions
- Documented rationale
- Accountable follow-through
Failing to Operationalize Compliance Leaves You Open to Risk
That’s where many regulatory compliance programs feel the strain. The risk isn’t failing to notice regulatory change. The risk is failing to operationalize it in a consistent, defensible way, especially across multiple departments, leaders, and decision points.
From Effort-Based Compliance to System-Based Compliance
Coming out of risk assessment season, this creates an opportunity to ask a more fundamental question: Do we actually have a system for managing regulatory change, or do we just know it’s a problem?
Tools like YouCompli are designed to function as part of that system, not simply by surfacing regulatory developments, but by structuring the downstream work to help organizations:
- Assess relevance
- Identify impacts
- Assign ownership
- Document decisions
Seen this way, the value isn’t the technology itself. It’s the shift from effort-based compliance to system-based compliance. And with systems and technology, you can do all this in a way that is repeatable and reviewable.
In short, “eating your spinach” and doing annual assessments is good discipline. Relying on systems is how you stay healthy the rest of the time.
About the Author
As principal for AlloImpact LLC, Lisa Estrada provides Strategic Interim Compliance Leadership to hospitals, health systems, health industry vendors, and other healthcare organizations when a leadership vacancy or transition creates an inflection point—turning the moment into an opportunity to pivot, strengthen, and systematize.
Whether bridging a CCO gap, stabilizing during mergers or growth, responding to heightened regulatory scrutiny, or modernizing a program that’s outgrown its practices, she helps teams build frameworks and cultures that endure.
Lisa’s work centers on building systems that make compliance durable. By designing and helping teams implement repeatable, resilient processes that scale and stand under scrutiny, Lisa helps organizations move beyond heroics, so compliance keeps working even when key people change.
Download our Latest Whitepaper
Sign-up for our Weekly Newsletter
Schedule a quick overview
