Beyond the Penalty: What Metrics Should Healthcare Compliance Officers Track? 

This Q&A with compliance expert, Lisa Herota, RHIA, CHC, CHIAP, CHPS, CCS covers best practices for a data-savvy compliance leader. Learn about realistic compliance metrics and how to share them effectively. Read more about Lisa’s background and experience at the end of this blog. 

Question 1 – How do you define value in the context of healthcare compliance? What kinds of value can compliance create? 

Lisa Herota – Compliance has a positive impact on financial, clinical and operational outcomes when we manage compliance well overall, not just by avoiding penalties.  

We help the organization safeguard the mission and reputation by: 

  • Protecting revenue  
  • Enabling ethical growth 
  • Maintaining patient safety 

We do this all while also making our leaders feel more confident. They can make informed decisions through a compliance mindset, versus just worrying about how we’re going to avoid a penalty. 

Q 2 – Can you share examples of how you’ve created value or seen others do it? 

LH – One approach I’m proud of is strengthening organizational trust and reputation by developing a culture of compliance. This happens through:  

  • Rounding and being present in the organization 
  • Doing trainings  
  • Partnering with leaders, medical staff, employees and even patients 

I’ve taken compliance teams from being the department where ideas go to die or the “Department of No” to being seen as a function that engages and supports. We became a resource that leaders want to bring to the table at the beginning of projects and discussions as a support versus just somebody to call when things go wrong. 

compliance value

Q 3 – How do you measure and quantify compliance value?  

LH – I love data. I preach data, data, data to all compliance leaders. There are lots of different metrics we don’t think about, but many times, we just look at how we avoid fines. 

Actually, compliance has a lot of data for leaders to study. We can:  

  • Look at percent of applicable regulations implemented on time.  
  • Look at number and severity of audit findings or corrective action plans implemented.  
  • Trend reported issues and how quickly those issues were resolved.  

Compliance Metric: Tracking the Near Misses 

Something that compliance leaders don’t think about often enough are the near misses. We usually think about these situations in patient safety and quality. But many times, compliance can help with close calls, and we should track those.  

Compliance Metric: Financial Value from Correct Regulation Implementation 

Common examples of financial value derived from correctly implementing new regulations include: 

  • Reductions in external legal expenses 
  • Decrease in denials and claw backs or repayments 
  • Additional revenue capture  

Compliance Metric: Operations Staff Hours Saved 

You can talk to your operational leaders about how their team workloads benefit, especially if you have good regulatory change management tools with reporting and dashboards. Many times, I’ve tracked the number of hours saved that operational leaders don’t have to spend reading through regulations to decipher and interpret them.  

Department heads save valuable time when we provide them with tools like policy templates, implementation information, and the interpretation of the regulation itself. So, the hours compliance saves other department leaders is a good metric, too. 

Hard for Compliance to Quantify: Harm Avoidance  

It’s difficult for compliance professionals to quantify how they help the organization avoid harm. It’s definitely easier for revenue-generating departments to show their value, because they can measure the revenue they drive.  

But compliance often concentrates on how we avoid fines, and it’s hard to prove we’ve truly avoided something when the attitude is “Maybe we wouldn’t have gotten that fine anyway, regardless of what we do or don’t do.” That’s why I focus on other metrics

Q 4 – Who needs to know about the value that compliance creates, and how do you communicate that? 

LH – That’s a great question. There are various levels across any health system or organization that need to know the value that compliance has created, but the way you report it is going to look different based on whom you’re talking to.  

Talking to the Board 

When I’m presenting to my board or board committees, I target risk mitigation trends, assuring them we’ve got this. I use heat maps that show risk rankings, prioritization and key regulatory risk areas. I use implementation rates or key issues identified and resolved. When I’m talking to my board, I highlight how compliance work aligns with the strategic priorities of the organization.  

Talking to the Executive Team 

But when I’m talking to my executive team, I might get a little more granular with how many reduced denials or repayments or how many claw backs we avoided. Also, that metric about saving frontline leaders’ time, because that affects their operational teams as well as alignment with patient safety, quality and patient experience goals. A key metric is showing executive leaders how compliance ties into all the other objectives that the organization is trying to accomplish.  

Talking to Operational Leaders and Frontline Teams 

It’s a very different story when I’m talking to operational leaders or frontline staff.  With them, I focus on how I’m helping them succeed:  

  • Fewer surprises related to regulations that apply to them 
  • Reduced fire drills from reactive implementations versus steady, methodical implementation of regulatory change. 
  • With good policies, procedures and training 

With frontline staff, it’s all about what compliance does. Proving compliance value is about showing them how we:  

  • Impact their day-to-day reality. 
  • Make changes to protect them and their patients. 
  • Help make their work easier and safer. 

Really, it’s all about how we help support them and affect their day-to-day work. 

Tie Compliance Work to Strategic Goals for Value Recognition 

To overcome compliance reporting roadblocks, I go back to tying compliance’s work directly to the organization’s strategic goals. Just connect what we do to what the organization is focused on. Show how what we do impacts quality, CMS, star ratings, financial stability, the growth of new service lines and innovation.  

We need to connect what we do to optimizing and streamlining those goals and processes. 

Q 5 – What feedback have you had about compliance metrics and value? 

LH – One of the stories I love to share is about the day I was presenting a regulatory change management dashboard to my board. The very first time, I showed them that over the course of a year, the compliance team had touched over 535 regulations. It was the height of Covid, and when I presented that dashboard, board members just sit back in their chairs almost with a collective sigh.  

And they said, with the data you present, we can see what’s happened to the organization. We’re not just hoping we’re compliant. Now we can prove it. We can show that the organization truly is operating in a compliant manner. That was one of my biggest takeaways from frontline leaders.  

Other feedback I’ve received includes: 

  • “I feel like compliance is supporting and partnering with me, not just telling me no or being a barrier.” 
  • “When we streamlined compliance tools, that really helped support compliance functions.” 
  • “Compliance saves us time and work by not having to review, interpret and decipher complicated regulations.” 

Leaders feel confident knowing we’re not missing anything and that they’re being supported. 

Be a Confident, Data-Driven Compliance Leader 

Wouldn’t you like to feel the same way about your compliance program? Reach out and we’ll show you some of the compliance management tools mentioned in this blog. 

About the Author 

Lisa Herota is a seasoned healthcare executive with over two decades of experience leading high-impact initiatives in compliance, privacy and health information management (HIM). She brings a strategic, data-driven approach to safeguarding organizational integrity. 

Throughout her career, Lisa has held pivotal leadership roles at several medical systems. Her expertise spans the full spectrum of healthcare operations, from managing complex ICD-9 and CPT coding systems, to overseeing departmental budgets and navigating rigorous accreditation standards. 

Lisa is a recognized expert in regulatory change management and is passionate about transforming compliance from a “policing” function into a proactive business partner. She holds an impressive array of professional certifications that underscore her deep technical knowledge, including: 

  • RHIA: Registered Health Information Administrator 
  • CHC: Certified in Healthcare Compliance 
  • CHIAP: Certified Healthcare Internal Audit Professional 
  • CHPS: Certified in Healthcare Privacy and Security 
  • CCS: Certified Coding Specialist 

Beyond her technical skills, Lisa is a dedicated advocate for building a culture of compliance. She leverages her background in research and data compilation to provide executive leadership with insights to make informed, ethical and growth-oriented decisions.

Video Resources

Dive deeper into compliance best practices with our video library, including clips from Lisa. Explore expert explainers and actionable insights designed for healthcare leaders.

View Full Video Library

Download our Latest Whitepaper

Sign-up for our Weekly Newsletter

Qualified compliance professionals do the heavy lifting for you, simplifying regulatory change management