Home » News

Q&A with Nancy Dean, Vice President for Compliance, Privacy, and Internal Audit

05/04/11 - Life at NYULMC

nancy-deanNancy Dean, JD, MPA, CHC, CHRC, is the designated compliance officer for the Medical Center. She is also our HIPAA privacy officer. She is responsible for the daily monitoring and implementation of our compliance plan and our HIPAA compliance initiatives.  

What do we mean when we say "compliance"? 

Compliance is all about doing the right things for the right reasons. The Office of Compliance, Privacy & Internal Audit is here to help the organization uphold our continued commitment to making proper and ethical decisions. There are various facets to compliance—such as research ethics and laws, to patient privacy, to proper billing practices—but what they all have in common is following the law. 

Why is compliance such an area of concern for NYU Langone Medical Center? 

Being non-compliant with the law can subject the organization and even individual employees or faculty members to fines and penalties and even possible criminal liability. There are an ever-increasing number of complicated laws and regulations in all areas of healthcare on both a federal and state level, so maintaining compliance has become very challenging. It’s important to remember that many of these laws are rooted in ethical business practices and the protection of patients’ rights, so as a patient-centered hospital, the spirit of the law is just as important. 

There are so many rules and regulations to know and follow. What resources does the Medical Center offer to help me navigate the compliance maze? 

There are many resources available to the Medical Center community to better understand and comply with compliance requirements including the Compliance Office website compliance.med.nyu.edu where visitors can find policies and procedures, links to government and other resources and regulations, information about required compliance training, and how to contact each of the Compliance Office staff members. In addition, faculty and staff can call the Compliance Helpline or send an email to compliance.help@nyumc.org and of course, everyone should feel free to contact any of the Compliance staff directly via telephone or email. 

What compliance trainings are available? How do I know if I am up-to-date with my requirements? 

There are a number of compliance courses available to faculty and staff today and in the future there will be even more courses available as the Compliance Office migrates to the iDevelop learning management system. Training is provided online as well as in live classroom settings at various locations across the Medical Center. The Compliance Office will also arrange special training sessions for departments with special needs. The "Training" tab on the Compliance website provides details related to the required training, how to access the training online, and how to request training status reports. 

Currently, all members of the Medical Center community are required to take the Code of Conduct, HIPAA Awareness, and HITECH Act classes. Live sessions of the two new mandatory compliance training requirements for 2011 are being offered this week in recognition of National Compliance Week: HIPAA Security and Effective Compliance Programs. They will soon be available on iDevelop and in additional classroom sessions. HIPAA Security and Effective Compliance Programs are mandatory for all faculty and staff. Please look out for a broadcast email announcing the official training term and class schedule in the near future. 

What if I’m concerned about the actions of a colleague or supervisor? 

If any member of the Medical Center community has a concern about anything that they have observed or been asked to do they should always feel comfortable calling the Compliance Helpline (1-866-NYU-1212). The Helpline is available 24 hours/day, 7 days/week and anyone making a report can choose to remain anonymous. 

How does your office relate to the Office of Regulatory Affairs? 

The Office of Compliance, Privacy & Internal Audit and the Office of Regulatory Affairs work closely on many issues. The Office of Regulatory Affairs focuses on Joint Commission, state licensure matters, and medical staff issues for Tisch Hospital, Rusk Institute of Rehabilitation Medicine, and the Hospital for Joint Diseases. 

The Compliance Office is responsible for all HIPAA privacy compliance, research compliance, conducting physician and hospital billing audits, providing training and education on numerous billing, contracting, and privacy issues for all the hospital facilities as well as the School of Medicine. The Internal Audit department conducts audits for internal controls and processes in both financial and operational areas.