One of the biggest challenges facing healthcare organizations today is navigating the vast and ever-changing regulatory environment governing patient data, physician relationships, billing practices, and cybersecurity. Enforcement actions, delayed transactions, and damage to reputation can occur for a variety of reasons. The reasons for enforcement action and the resulting damage are not always due to misconduct; often, they stem from a company’s inability to comply with changing regulations.
Regulatory pressures affecting healthcare organizations have increased. According to several industry reports, in 2024 and 2025, the healthcare sector was one of the most frequent targets of ransomware attacks. These attacks resulted in the disruption of operations for hundreds of providers and resulted in the breach of millions of patient records. At the same time, there was an increasing amount of regulatory scrutiny regarding HIPAA compliance, cybersecurity preparedness, and physician compensation under new Stark Law and Anti-Kickback statute guidelines.
Consequently, compliance is no longer treated as a post transaction legal activity. Instead, compliance is now a core operational function.
The above rationale reflects the core of the work of Steven Okoye, a New York-based corporate and healthcare attorney, who provides advice to organizations on developing compliance systems that function within the context of actual working environments and not merely as a legal framework.
The following observations reflect Okoye’s experience providing legal advice to healthcare organizations and represent Okoye’s general views as opposed to direct quotes from publicly available interviews.
“Most compliance breakdowns are not because of a misunderstanding of the applicable laws,” Okoye states in discussions with clients. “Breakdowns occur because organizations do not develop an effective system for controlling information, assigning responsibility, and establishing a timeline.”
Compliance Breakdowns Due to Simple Disorganization
Compliance failures can often be traced back to basic organizational problems. For instance, contracts are often stored on different shared drives, email accounts, and legacy systems. Approval authority is often unclear. Renewal deadlines often pass without review. Teams then scramble to gather the information needed to recreate decisions that may have occurred months or even years prior to the request by auditors or regulators for documentation.
For example, one example taken directly from common industry experiences shows a multi-site healthcare organization being scrutinized by regulators due to the auto-renewal of a physician compensation agreement without review. The issue was not the intent to engage in improper conduct. The contract existed in a shared drive with no alerts, no ownership, and no centralized tracking mechanism. By the time the organization was aware of the issue, it had exposed itself to unnecessary regulatory risk and unnecessary legal expenses.
Okoye continually references this pattern when describing compliance failures. When contracts and compliance related information exists in separate locations, accountability is lost.
“You cannot manage what you cannot see,” Okoye states to executives when examining internal systems.
Instead of focusing on resolving each compliance issue separately, Okoye takes a holistic approach and focuses on designing how information flows through the organization. This includes consolidating all contracts, approvals and compliance documentation into a single system with defined owners and auditability capabilities.
Okoye does not intend to introduce additional complexity to the organization. Rather, Okoye aims to remove friction that creates risk.
Technology That Works in Real World Workflows
Technology is a crucial component of modern compliance, but only if the technology works in conjunction with how teams work. A significant number of healthcare organizations purchase technology solutions (i.e., platforms for managing contract lifecycles) that do not integrate these solutions into the day-to-day workflow of the team. As a result, these technologies are often adopted at a very low rate and teams continue to use manual tracking methods.
Okoye recommends that organizations treat technology solutions like contract management systems as infrastructure, not accessories. A properly implemented CLM solution will be able to track the relevant terms of a contract, flag renewal periods, maintain version control of contracts, and create a transparent audit trail for approvals and amendments to contracts.
Properly implemented CLM solutions reduce the reliance on memory and informal processes, which are two of the primary causes of compliance failures.
“Technology should assist individuals in making better decisions in real-time,” Okoye has stated in various advisory capacities. “If the technology does not change how the work is done, it is not fixing the problem.”
Executive teams can see into every department’s compliance efforts thanks to a centralized system. Executive teams are able to identify areas of inefficiencies, identify potential compliance risks earlier, and intervene earlier to prevent small issues from escalating into larger compliance exposures.
Scaling Systems for Growth and Regulatory Changes
Healthcare organizations rarely remain stagnant. Organizations grow, acquire other practices, form joint ventures, and develop new service lines, all of which bring additional layers of regulatory complexity.
Okoye suggests that his clients design compliance systems that scale, but do not require constant rebuilding or re-design. Developing consistent processes across departments and locations simplifies employee training, eliminates confusion among employees, and limits reliance on individual institutional knowledge.
“The fact that you will need a new compliance program every time the business changes is unacceptable,” Okoye states to clients. “Well-developed compliance programs provide organizations with the ability to evolve.”
Developing strong compliance systems also supports internal accountability. Establishing expectations and maintaining consistency in processes enables employees to make compliant decisions without constant attorney oversight.
Leadership and Compliance Culture
Effective compliance requires leadership commitment. Okoye stresses that compliance culture starts at the top. When leaders view compliance as a strategic function versus a barrier to doing business, that culture is spread throughout the organization.
When leadership communicates effectively and openly with employees, employees are more likely to report non-compliant behavior in a timely manner. In addition, when employees understand expectations and know that they will be supported by leadership, employees rely less on external counsel for routine matters and have greater internal capability.
“The organizations that manage compliance effectively are typically the ones that can easily articulate their decision-making process,” Okoye has observed. “Organizations that can clearly articulate their decision-making process establish credibility with regulators and business partners.”
Efficiency, Transparency, and Credibility
Transparency and efficiency complement each other in heavily regulated industries. Well-organized systems enable teams to complete tasks quickly while remaining in compliance. Transparency in the decision-making process establishes trust with regulators, investors and business partners.
It is disorganization and not the regulations themselves that hinder organizations’ productivity.
When organizations can document how decisions were made, who authorized them, and where the documentation is located, they minimize both their compliance-related risk and their operational friction. Visibility into the organization’s processes during audits, transactions, and regulatory inquiries can also help mitigate the risk of regulatory enforcement.
Steps for Healthcare Leaders
Based upon common compliance risk factors, Okoye regularly encourages leadership teams to focus on a few actionable steps:
- Consolidate all contracts and compliance documentation into a single system
- Identify and assign a responsible person to approve/renew agreements and documents
- Implement automatic alert mechanisms to notify parties of impending deadlines and/or regulatory requirements
- Provide leadership teams with visibility into compliance performance metrics
- Treat compliance as a long-term infrastructure investment, not a quick fix
These steps may not eliminate compliance-related risk, but they can greatly diminish the likelihood of preventable compliance-related exposure.
Practical Compliance Pathway
Compliance in the healthcare industry will continue to grow increasingly complex as enforcement increases and technology continues to advance. Organizations that invest in creating clear systems, using integrated tools, and developing accountable leadership will be best situated to manage the growing complexity of healthcare compliance.
Okoye’s work is focused on implementation and not theory. By linking regulatory requirements with operational design, Okoye enables organizations to treat compliance as a component of how the business operates as opposed to a recurrent crisis event.
As Steven Okoye frequently states in advisory forums, the question is not whether regulatory requirements will continue to increase. The question is whether an organization’s compliance systems are capable of supporting the regulatory landscape.
About Steven Okoye
Steven Okoye is a corporate and healthcare attorney based in New York. Mr. Okoye advises healthcare organizations on regulatory compliance, contract management, and operational legal infrastructure. Mr. Okoye has worked in senior in-house positions, including serving as Deputy General Counsel at EHE Health, a preventive health and telemedicine platform.
Steven Okoye is active on Facebook.