One of the hardest lessons for healthcare compliance officers to learn is that you cannot fix everything at once. Believe me, I have tried. More than once. Well, ok, more than thirty-seven times, but who’s counting.
In my experience, most compliance departments are understaffed, under-resourced, and overwhelmed with competing priorities. When you layer on unexpected issues, continual regulatory changes, and operational pressures, it quickly becomes clear: trying to tackle every matter equally is not realistically possible.
And yet, we do it.
We fool ourselves into thinking we can do “Everything, Everywhere, All at Once” (to quote the 2022 sci-fi comedy drama). We pressure ourselves into thinking we have to respond to every concern with the same level of urgency. The problem is that approach creates frustration, reactive decision-making, and eventually leads to burnout.
(And I’m saying that, as someone who nearly succumbed to burnout about 15 years ago.)
But I’m still here.
Because going through that process made me realize that effective compliance officers are not built by trying to do everything. They are built by learning how to prioritize the right things, at the right time.
This article will provide you with some mindset shifts that helped me more realistically prioritize compliance risks, and avoid burnout. My hope is that’ll help you do the same.
The Goal is Risk Reduction, Not Perfection
Many compliance professionals, myself included, enter the field with a strong sense of responsibility.
That’s a good thing, right?
Overall, “yes” it is, but the problem is that same strong sense of responsibility can easily turn into an unrealistic expectation that every risk needs be addressed immediately. As I learned from those who mentored me, that’s just not how effective compliance officers operate in the “real world”.
Healthcare organizations function on a daily basis within environments that are filled with competing priorities, limited resources, and clinical and operational demands that can change within an instant. Compliance leaders must constantly make decisions about where to focus attention, time, and energy.
For that reason, the measure of effectiveness becomes reducing risk, not, responding perfectly to every compliance demand that surfaces. That mindset shift matters because it changes how you approach your work, and how you feel, about how you approach your work.
Tip:
Ask yourself: “Which issues create the greatest risk to the organization if left unaddressed?”, and then focus your efforts there.
Not All Compliance Risks Are Equal
One of the biggest mistakes I used to make, is treating all issues as though they carry the same level of risk.
They don’t.
For example, a delayed annual review of a policy does not present the same risk as a pattern of inappropriate billing.
Yes, everything matters, but what I’m saying is that everything does not matter equally. In my experience, the compliance officers who know how to distinguish high-risk issues from lower risk ones are the most effective. Learning how to make that distinction helps you practically allocate your resources instead of reacting emotionally to whichever issue is currently coming in the loudest.
Tip:
One of the simplest and most effective ways to prioritize compliance risk is to evaluate two factors: Likelihood and Impact.
Ask yourself two questions:
“How likely is this issue to occur or continue occurring?”
“If the issue occurs, how significant could the consequences be?”
Knowing how to prioritize risk requires both critical thinking and context centered around those two questions.
Don’t Let Emotion Drive Your Priorities
When it comes to prioritizing risk, a constant challenge that compliance officers face is organizational pressure. In my experience, sometimes the issue receiving the most attention internally is not actually the issue creating the greatest compliance risk.
For example, a healthcare leader may call with an urgent request: "We're exploring a partnership with another organization that’s tied to a strategic initiative and need an answer today. Can we do it?" Meanwhile, a recurring billing error affecting hundreds of claims may continue in the background, receiving far less attention simply because it is less visible and lacks a vocal champion. This is where you have to be careful not to confuse urgency with importance.
Compliance officers who learn how to separate organizational noise from true organizational risk, are the ones who become the most effective. That doesn't mean dismissing people's concerns. It means evaluating issues objectively based on factors such as regulatory exposure, financial impact, patient harm, reputational risk, and the likelihood that the issue will continue if left unaddressed.
Tip:
A useful question to ask yourself is:
“Which one of these projects would create the greatest organizational risk if nothing changed?"
That simple exercise can help cut through competing demands and focus attention where it matters most.
Prioritization Requires Diplomacy
One of the most overlooked aspects of compliance risk prioritization is communication. When a compliance officer decides not to address an issue immediately, people don't always hear: “We have higher-risk priorities right now." Instead, they may hear: “Compliance doesn't care about my issue."
Effective compliance officers understand that how they communicate a decision is often just as important as the decision itself. Rather than simply telling a department that their request will be delayed, they validate the operational concern, explain the rationale behind the prioritization decision, and set expectations for what happens next.
Tip:
Whenever you defer an issue, communicate three things to the operational leader:
1–An acknowledgment of their concern;
2–An objective reason for the delay; and
3–A specific timeline for circling back.
Leaders are far more likely to accept a delay when they understand why it is happening and when they can expect an update.
Pulling it All Together
If there is one thing I've learned over the last 25 years, it's that there will always be more compliance work than time available to complete it. That reality doesn't mean your compliance program is failing, it just means prioritization is an inherent part of the job.
The most effective compliance officers are not the ones trying to do everything at once. They are the ones who can identify the risks that matter most, allocate their attention strategically, and thoughtfully stay focused on long-term progress.
They understand that compliance is not about chasing every issue with equal intensity, it's about applying limited resources where they will have the greatest impact. Ultimately, success in this role is not measured by how many issues you touch. It's measured by whether you focused on the right risks, at the right time.
