Meet Janine S. Fadul: Building strategic compliance structure through relationships an interview by Adam Turteltaub

 

AT: Thanks for taking the time to talk with us. I admit that I feel guilty. You’re already a columnist for the magazine, and now this. Actually, now that I’m thinking of
it, let’s start by talking about your column and writing. There are a lot of people in compliance with a great deal of wisdom to share. Many are hesitant to write because they dread the prospect or fear of saying something that could be problematic in one way or another. What would you tell them? What do you think they need to know about writing for the compliance
community?

JF: I agree, Adam. Many individuals are hesitant. Often, I think another factor is that people may be intimidated. We have so many talented and knowledgeable people in the HCCA community. I know people don’t like talking about it, but there is an expectation at times that compliance should  have all the answers, and the fact of the matter is, sometimes we simply don’t. Then, that familiar imposter syndrome voice creeps up, in a melancholy tone whispering, “I don’t have anything important enough to share, I just know it!” OK, maybe not that dramatic, but let’s face it: there will always be someone smarter, who is more credentialed, or who
holds more degrees. Many of us are our own worst critics. I would tell them that everyone has something to contribute that may help someone in ways that might surprise you. I have had the privilege to gain some amazing friendships and trusted colleagues over the years, especially within HCCA. We have rolled up our  at times to talk through strategy or an approach, where it turned out that everyone was working through a similar issue or trying to figure out that specific thing. What I love about writing specifically for the “Compliance Essentials” column is that it is an opportunity to give back. Helping others is a huge motivator for me. If I know there is a possibility that even one thing I have said or done can help someone in some way, then it is all worthwhile.

AT: Thanks, I really appreciate that. So, let’s focus on you and your career, not on writing for HCCA. You are the executive director of compliance and privacy at the George Washington University Medical Faculty Associates (GW MFA). How big an organization is that, and how long have you been there?

JF: The GW MFA is the largest independent academic physician practice in the Washington, DC, metro region, with more than 500 physicians and 200 advanced practice providers. We provide comprehensive care using cutting edge approaches in more than 50 medical and surgical specialties to patients at multiple locations around Washington, DC, Maryland, and Virginia. I have been at the GW MFA for close to nine years now and currently serve as the compliance and privacy officer. Since having joined, I have had the unique opportunity to be able to support the organization in cultivating an extraordinary compliance team, which I now have the honor of leading.

AT: What attracted you to the organization?

JF: I think it tied into what was next in my compliance journey. The biggest factor for me was the opportunity to have the runway to be a part of building out a sustainable compliance culture in a large physician group. Prior to joining GW MFA, I served as both the compliance and privacy officer for East River Medical Imaging, a private radiology group in New York City. I was with that organization for about seven years, and that is where I started my compliance journey. Prior to that, I came from the operational side of healthcare, and when taking on the new compliance role, I embraced the opportunity to learn about compliance programs
from the ground up. I think having this path into the compliance field helped me to understand the value that compliance can add to an organization, especially operationally. I led the organization through implementing changing regulations, such as the HITECH Act as well as walking through the maze of Meaningful Use
participation and other quality initiatives. When I was offered the role with GW MFA, I was looking to grow further in compliance and explore a larger organizational
structure and a broader approach to compliance. GW MFA was a great opportunity to do just that, as the organization had recently undergone restructuring and was looking to grow its compliance team and invest in its compliance program. I accepted the role and my husband and I packed up shop with our two dogs at the time, and we made the leap to DC.

AT: Can you tell us about the scope of your responsibilities there?

JF: Currently, I am responsible for the general oversight and operations of GW MFA’s compliance and privacy programs, serving as both the compliance officer and the privacy officer. I don’t want to bore you with my resume, so what I will say is that I think the most important but also satisfying part of my job responsibilities has remained the same as when I started at the organization, which is having the opportunity to work with as well as lead a phenomenal
compliance team, and continue to build a culture of compliance that is sustainable for the organization and is a living and breathing part of the organization — apart from just what I do as the compliance officer.

AT: What are some of the challenges for large practice groups?

JF: I personally believe first and foremost, the largest challenge is often communication, which is why I often find myself investing so much of my focus in this area. You cannot get to more specific challenges or risks within the organization if you do not know they exist. Large practice groups can struggle with communicating up and down, which can present their own challenges. However, more commonly, individual business units can be unfortunately siloed and not communicate with one another. This is understandable as many different clinical and administrative needs exist with large groups. We often have to account for different specialties, locations, and state or jurisdictional regulations, all of which can create unique standards that vary. In order to overcome this challenge, everyone must be out there having conversations, truly listening to each other about what is happening and understanding where the challenges and risks lie, not just for the organization at large, but in those individual clinics, offices, and patient interactions. In compliance, we are in a unique position to bring others in the organization together. Often, smaller challenges that individual business units believe are unique to them are actually not so unique. Coming together and working through them on a larger, organization-wide scale can help resolve a problem someone else may have been struggling with, and they didn’t even know it was a common challenge for others in the organization as well.

AT: Operating anywhere in medicine today is challenging, especially in light of all of the changes to regulations and increased focus on waste, fraud, and abuse. How are you keeping up with all the changes?

JF: I look for solid ground, and where there isn’t, I find my footing as best I can. I am also never shy about going back to the basics. They are the solid rock to stand on. I think keeping your head  on a swivel and truly attempting to keep up with all the changes is enough to make any one of us dizzy. In healthcare compliance, we have been given some solid roadmaps from the government for our compliance programs. Regardless of whatever changes to the regulations come next, now more than ever, organizations will need to continue to show a culture of compliance and accountability as to what efforts we are making to be proactive. I think the more recent U.S. Department of Health and Human Services (HHS) Office of Inspector General’s General Compliance Program made it very clear that it isn’t just about the regulations; it is also about what we are doing as an organization to be compliant. For me, it always goes back to the concept of storytelling. What story are we going to be able to tell? Can we answer the questions of how and why we are doing what we are doing. If we have to explain the existence of our compliance program and what we are doing to prevent fraud, waste, and abuse, I always think about what that explanation looks like. Is it an ethical one? What did we do to find the problematic issue, what did we do to correct it, what lessons were learned to prevent it from reoccurring? Regardless of everchanging regulatory landscapes, addressing the basics sets a roadmap that allows you to identify your risks and proactively address  them effectively.

AT: What are you finding is the most successful way to help take what you are learning about the new regs and sharing it with the organization as a whole?

JF: Always be mindful of relationships, and that starts with knowing who your champions are in compliance, as well as knowing your skeptics. Identifying ahead of time where I may need to have additional conversations to engage others and create buy-in has proven very valuable. Implementing new compliance initiatives or adopting new regulations can have operational impacts. Approaching these matters with consideration and letting others know in advance that something is coming (when possible, of course) builds credibility and trust. Also, identify and collaborate with individuals within your organization who can serve as compliance champions. They can help provide perspective and awareness to others outside the compliance department and frame it in a way that may resonate differently than if it came from compliance. We are all here working for the common good. We must keep what I will say is that I think the most important but also satisfying part of my job responsibilities has remained the same as when I started at the organization, which is having the opportunity to work with as well as lead a phenomenal compliance team, and continue to build a culture of compliance that is sustainable for the organization and is a living and breathing part of the organization — apart from just what I do as the compliance officer. 

AT: What are some of the challenges for large practice groups? 

JF: I personally believe first and foremost, the largest challenge is often communication, which is why I often find myself investing so much of my focus in this area. You cannot get to more specific challenges or risks within the organization if you do not know they exist. 
Large practice groups can struggle with communicating up and down, which can present their own challenges. However, more commonly, individual business units can be unfortunately siloed and not communicate with one another. This is understandable as many different clinical and administrative needs exist with large groups. We often have to account for different specialties, locations, and state or jurisdictional regulations, all of which can create unique standards that vary. In order to overcome this challenge, everyone must be out there having conversations, truly listening to each other about what is happening and understanding where the challenges and risks lie, not just for the organization at large, but in those individual clinics, offices, and patient interactions. In compliance, we are in a unique position to bring others in the organization together. Often, smaller challenges that individual business units believe are unique to them are actually not so unique. Coming together and working through them on a larger, organization-wide scale can help resolve a problem someone else may have been struggling with, and they didn’t even know it was a common challenge for others in the organization as well. 

AT: Operating anywhere in medicine today is challenging, especially in light of all of the changes to regulations and increased focus on waste, fraud, and abuse. How are you keeping up with all the changes? 

JF: I look for solid ground, and where there isn’t, I find my footing as best I can. I am also never shy about going back to the basics. They are the solid rock to stand on. I think keeping your head on a swivel and truly attempting to keep up with all the changes is enough to make any one of us dizzy. In healthcare compliance, we have been given some solid roadmaps from the government for our compliance programs. Regardless of whatever changes to the regulations come next, now more than ever, organizations will need to continue to show a culture of compliance and accountability as to what efforts we are making to be proactive. I think the more recent U.S. Department of Health and Human Services (HHS) Office of Inspector General’s General Compliance Program made it very clear that it isn’t just about the regulations; it is also about what we are doing as an organization to be compliant. For me, it always goes back to the concept of storytelling. What story are we going to be able to tell? Can we answer the questions of how and why we are doing what we are doing. If we have to explain the existence of our compliance program and what we are doing to prevent fraud, waste, and abuse, I always think about what that explanation looks like. Is it an ethical one? What did we do to find the problematic issue, what did we do to correct it, what lessons were learned to prevent it from reoccurring? Regardless of ever-changing regulatory landscapes, addressing the basics sets a roadmap that allows you to identify your risks and proactively address them effectively. 

AT: What are you finding is the most successful way to help take what you are learning about the new regs and sharing it with the organization as a whole? 

JF: Always be mindful of relationships, and that starts with knowing who your champions are in compliance, as well as knowing your skeptics. Identifying ahead of time where I may need to have additional conversations to engage others and create buy-in has proven very valuable. Implementing new compliance initiatives or adopting new regulations can have operational impacts. Approaching these matters with consideration and letting others know in advance that something is coming (when possible, of course) builds credibility and trust. 
Also, identify and collaborate with individuals within your organization who can serve as compliance champions. They can help provide perspective and awareness to others outside the compliance department and frame it in a way that may resonate differently than if it came from compliance. We are all here working for the common good. We must keep in mind and even when needed, remind ourselves and others, that we all have an individual and collaborative responsibility to keep our organization operating in a compliant and ethical manner. 

AT: In addition to all these changes, we have an ever-changing threat landscape out there, particularly around privacy and data security. What’s keeping you up at night and should be keeping everyone else awake? 

JF: Certainly, there is a lot to consider in this area. Technology has always moved fast, and so do the ever-increasing threats to healthcare data. The healthcare sector is struggling to keep pace. We need to both protect our data and truly get our heads wrapped around the concept of data governance. On the one hand, we have many regulations that can potentially span from the federal level to state or jurisdictional levels, and depending on your business structure, even international levels.  On the other hand, we have all these exciting technological developments that help us move clinical care forward in innovative ways that we didn’t have long ago. Technologies like electronic health records, interoperability frameworks, and, of course, the one everyone is talking about: AI. Accommodating these technologies and advances in healthcare from a governance and privacy perspective, all while keeping your patients and their data safe, is indeed a challenge and comes with inherent risk. Knowing where your sensitive data lives and what needs to be addressed to keep it private and secure is one of the most difficult tasks. We live in a world today where data privacy and security are a moving target. 

AT: What’s the best approach to mitigating this risk? 

JF: I think considering a shared governance approach is vital. The business functions of privacy and security, which are often separate units or people, all need to work together to address ongoing threats and open risks, especially when adapting new technologies. One of the most apparent areas for risk reduction that comes to mind often for me is data mapping. I truly believe it is a team sport. Knowing where the data lives, where it is moving in and out of, who is accessing it, and what structure is in place to protect it, is all essential. You can then determine which regulations, controls, and safeguards are appropriate and necessary to minimize the risk to an acceptable level. It is next to impossible to accomplish this if we are not working in lockstep on both sides of the house regarding privacy and security. I do not think you can ever truly succeed without this synergy between these two roles. I have found my partnership with our organization’s chief information security officer (CISO) to be invaluable in supporting our mission in patient care and moving clinical innovation forward, along with our clinical counterparts. 

AT: Thanks for sharing that insight. I should probably note here that you share your expertise a lot, and not just with the HCCA. You actively contribute to the Health Sector Coordinating Council Cybersecurity Working Group (HSCC CWG). Can you give us an overview? 

JF: The HSCC CWG is an industry-led critical infrastructure advisory council of almost 500 healthcare organizations that collaborates with government partners like HHS and the Department of Homeland Security to align cybersecurity goals, share threat intelligence, and support regulatory and policy development. The HSCC CWG aims to identify cyber and physical risks to the healthcare sector, protect health data and systems, avoid disruption to patient care from cyber threats, and develop mitigation guidance.  Knowing where the data lives, where it is moving in and out of, who is accessing it, and what structure is in place to protect it, is all essential. 

AT: That’s a great place to inform, but it’s also a terrific way to learn. What strategies are you seeing as being most successful in managing cyber risk? 

JF: I have found that being a member of the HSCC CWG has been very informative as well as a tremendous resource for both information and strategies to consider. I do not think there is ever a one-size-fits-all strategy in managing cyber risk. However, I do believe that a few 
approaches can set you up for success in managing cyber risk. Foremost, stay informed and be involved with what is happening on a larger scale. Healthcare organizations can access the HSCC CWG resources for free at https://healthsectorcouncil.org. The guides are specifically created by the health sector for the sector and are very relevant to the threat landscape we are up against. Consider having an individual from your organization join the working group and participate in one of the many specific task groups. I have found the insight and knowledge this council provides to be very valuable. Actively being involved on the national level is a way to contribute to health-sector-wide resilience and ultimately manage our own risk if we are in it together.  Then, on a smaller scale, understand what is appropriate to assess within your organization in comparison to the current threat landscape. No one organization’s environment, program structure, or risks are ever exactly the same. Be adaptable and know that every organization’s risk profile is going to be different. Consider what your organization’s specific and most mission-critical items are, and act accordingly. 

AT: Can you tell us more about what the HSCC CWG has been addressing and what you have been working on? 

JF: Sure, I am currently co-chairing a specific task group of the HSCC CWG, the Cybersecurity Board Governance Task group (unofficially referenced as “CyBorg”). We are in the process of writing a primer, which I like to think of as a roadmap of sorts for the CISO (especially new ones). The objective is to create a guide to assist CISOs — who may still be figuring out what is or is not relevant to even share with their board of directors, and how to best navigate or build relationships with them. There is a need with today’s cyber threat landscape for CISOs to shift the narrative with their boards away from a sole reporting function toward a strategic partnership. I am excited about contributing to this as I believe there is an opportunity in today’s climate to foster relationships and build strategic alliances across your organization, especially with your board, and the primer encourages individuals to do just that. If you want to know more, you will have much to look forward to once the primer is published! I hope you check it out. 

AT: That’s terrific. As we wind down, let me ask you two questions. First, looking back, what would you tell yourself when you were starting in compliance, if you could go back in time? 

JF: I would tell myself a couple of things. “Janine, don’t take yourself too seriously (even though you take the work that way) and lean into who you are as a person.” There are certain stereotypes that compliance professionals unfortunately carry, and certainly when I started, I think I felt I needed to fit into that stereotype, or at least partially, to be taken seriously and be effective. Instead, I have found much more success over the years in leaning into my own unique strengths and shifting my focus to building relationships by having open communication, being curious, treating others with respect, and being a trusted and credible partner.  There are so many ways to approach compliance; there is no one-size-fits all approach. In order to truly be effective and provide value within our organization, we must constantly stay fluid and be adaptable by thinking on our feet, taking into account our cultures, environments, and ultimately how we can support one another within our organization. 

AT: Finally, looking to the future, how do you see compliance evolving over the next five years? 

JF: I see more than ever that compliance needs to be a strategic partner and a strong multilingual communicator between business functions. We will need to continue to keep pace with changing technologies around us, as well as serve as a liaison and, at times, even an interpreter between functions that may not normally communicate or collaborate on initiatives. In compliance, we are in a unique position to help bring effective and needed changes in healthcare delivery through our programs and governance structures, so long as we can provide appropriate recommendations and guidance that align with our organization’s advances and needs. We are never as effective on our own as we are when we collaborate with others for a common purpose and goal. 

AT: Thank you, Janine! 

 

View all articles              Read the next article

 

Copyright © 2025 Health Care Compliance Association (HCCA). All rights reserved. All information provided through this site, including without limitation all information such as the "look and feel" of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms of Use and Privacy Statement.