Source of Compliance Requirements
"Those requirements for which an individual has a binding obligation"
"Can come from external or interal sources"
"Requirements can be direct (specified) or indirect (second order or fuzzy)"
"If it is a fuzzy, it is not a trainable requirement. There needs to be some measurable way to determine if non-complinace has occurred"
Resolve the fuzziness, or it doesn't get trained - I like this alot. Clarify your request, oh client...not just a request for the user to be 'good' at a certain thing. What is good? What actions constitute good? "Do Good, Avoid Evil is not a training strategy", specifically mentioned in regards to HIPAA regulations...well said. One person's invasion is another person's welcome intrusion...we need concrete/solid examples to avoid ambiguity in compliance. Organizational compliance is just as significant as direct Government compliance.
Corporate Policies specify how employees will adhere to direct regulations, how the company interprets and will adhere to indirect requirements, and internal requirements. Notice that Corporate Policies envelop Federal/Governmental policies.
"Compliance is about completeness." (Nice...)
Start with source regulations or company policies.
Then, parse out the requirements (in three areas): (1) Cognitive "I know this behavior and can do it" (2) Affective "I choose to do the behavior" (3) Psychomotor "Physical 'can-do'"
"Organizations don't care about training folks. They don't care if their people get what they need from 40 hours in a classroom or 25 hours in front of a computer. They care if their people can do what they need to do without fail." While I agree with this, and from a compliance standpoint this makes absolute sense, I don't know how financially reasonable this statement is. I think they care, but assuming it can be done cheaper and faster with the same result, I know what way my management is leaning.
Importance of Integrated Solution Approach
1.)Organization fos not have clearly defined policy on particular compliance requirement.
2.)Organization has more roles than it thought...
3.)No definable criteria for compliance
Perspectives on the Future
There's still fuzziness in regulations (ex: when new laws come out - OSHA, etc.). Is it made that way, however, so that specificity is not wanted so that special cases (both good and bad) can exist. This fuzziness, however, does not help those of us to train. We need specificity, we need granularity, we need clarity.
Tools for enforcement are getting better, and they're allowing us to enforce by proxy more and more. Used to be we'd see ISO violations in the EHR...now, we have more 'backend flags' that fire off.
An increase in the amount of compliance requirements will call for an integrated approach across sets of regulations as time pressure on employees/learners increases. There will be a marked increase in non-governmental compliance requirements. (see: being green...cool/hip thing now, eventually...)
Bottom line - It's not about training, it's about empowering employees to perform appropriately. We get there by training, but it's about compliance. Great, thought-provoking session.