Blog Post

How to Build a Speak-Up Culture: Going Beyond the Compliance Hotline

September 2025

Healthcare compliance leaders understand the importance of an anonymous ethics and compliance hotline. But given many employees’ well-established fears of retaliation and punishment, many leaders wonder how they can ensure employees use the service. 

The key is to build a compliance culture where individuals feel a sense of responsibility to report concerns.  Not only will this improve the adoption and efficacy of your hotline, but it will also strengthen overall compliance and streamline the management of regulatory requirements. 

This article explores why that is the case and what you can do to build a stronger culture of compliance. First, we need to establish what exactly a “culture of compliance” truly entails. 

What is a Culture of Compliance? 

A culture of compliance is built upon the “unstated ethical and compliance expectations that employees feel from their colleagues.”1 Rather than simply leaving regulatory concerns to the compliance team, individuals within a culture of compliance feel a sense of personal responsibility to understand, meet, and maintain their industry’s ethical standards. 

This cannot be enforced top-down; it must emerge as a natural consequence of two essential factors: 

  1. Perceived Ethical Commitment: Employees’ belief that their peers genuinely care about compliance and ethics. 
  2. Corporate Ethical Identity: Employees’ belief that their organization is committed to compliance and ethics. 

The result? Employees feel their sense of belonging is often rooted in shared organizational values – values that align with the regulatory standards that protect your patients, reputation, and bottom line. 

Three Key Benefits of a Culture of Compliance 

An established culture of compliance delivers several clear benefits for compliance leaders: 

1. Better Business Outcomes 

Research shows that companies with the strongest ethical cultures achieve business results 2.3 times better than their peers.2 This may be driven by a stronger sense of shared values, leading to more effective internal coordination and collaboration. 

2. Stronger Compliance Posture 

Studies find up to 95 percent of data breaches are caused by human error,3 with analysis suggesting many incidents are the result of negligence.4 A workforce that holds itself accountable for breaches – and understands why they are so harmful – is more likely to combat such carelessness and improve compliance organically. 

3. Easier Compliance Management 

Internal resistance to compliance measures is a common barrier for leaders, as teams struggle to get employees to adopt new policies and procedures. In a true culture of compliance, these changes are taken seriously and adopted quickly, making it easier to meet evolving regulatory requirements

The best way to understand these benefits may be to look at a concrete example that directly affects your ability to identify, mitigate, and avoid serious compliance violations. 

How Culture Impacts Your Compliance Hotline 

Compliance hotlines are an essential tool for healthcare compliance, providing a confidential avenue to report potential or suspected violations, ranging from negligence to outright fraud. Any compliance leader who has tried to maintain an effective program knows that it requires much more than setting up a public phone line or web portal.  

Employees must actually use the hotline to make it effective – otherwise, it’s just another expense. This requires leaders to overcome several common areas of resistance: 

  • Fear of Retaliation: Over a quarter of employees have seen wrongdoing but refused to report it because they feared retaliation.5 
  • Lack of Trust: Many employees feel their anonymous tips will not amount to any real action and may therefore believe reporting is pointless.  
  • Lack of Investment: Reporting compliance issues that do not affect the employee directly may be perceived as out of their remit. 

Most organizations tackle these problems by making hotlines anonymous and contracting a neutral third-party to operate the line. Yet these points of resistance are not only structural; they are also influenced by your organization’s culture. If employees truly believe their organization cares about compliance and feel a personal ethical responsibility to report issues, even when they are not directly impacted, they are far more likely to use the hotline. The question then becomes how to ensure employees feel that way.  

How to Build a Culture of Compliance 

While every organization’s needs vary depending on its existing Compliance Program and culture, there are a few factors our experts have seen work repeatedly across numerous organizations of all sizes and types: 

1. Measure Employee Perceptions 

The first step to improve your compliance culture is to establish the current baseline. The goal is simple: evaluate to what extent the average employee believes their peers and employer care about compliance and the factors that influence those perceptions. This might include actions that have occurred, such as historical data breaches, or inactions, such as the infrequency of compliance training) 

Note: Employees are unlikely to announce that they think their peers or employers “don’t care” about compliance, so you’ll need to be careful how you approach the issue. Ask questions that allow employees to state their opinions without direct accusations. For example: 

  • Don’t ask “Do you believe our company cares about data privacy?” 
  • Instead, ask “what would a company that truly valued compliance do about data privacy?”  

2. Implement New Policies and Procedures 

Official policies are a powerful tool to signal your organization’s commitment to compliance, yet many organizations do not update their policies and procedures frequently. This leaves employees to assume existing efforts are “good enough”. In fact, recent surveys found that more than 50 percent of organizations have 16 or fewer HIPAA-related policies. 

Refresh your policies and procedures to show that compliance is being prioritized and ensure employees understand what is expected of them. Our experts suggest two ways to enhance the impact of these efforts: 

  • Focus on Comprehension: Compliance jargon and technical terminology may be unavoidable in certain instances, but it also alienates the average employee. Swap complicated language for clear, simple explanations and concrete examples to improve comprehension and show that your policies exist to guide action – not to tick boxes. 
  • Leverage Templates: Creating new policies from scratch is time-consuming and expensive, limiting the volume of new policies you can introduce during a given period. But leaders can use customizable templates from trusted third parties to scale policy production while tailoring policy to their specific culture. 

3. Invest in Training 

Regular compliance training is essential to build and maintain a shared sense that compliance is a priority. Leaders should increase the frequency and intensity of these sessions to signal their commitment to compliance standards, but also focus on: 

  • Training Accessibility: Leverage online platforms and self-directed modules to help employees across the entire organization access training with ease, including those who work from home.  
  • Training Reinforcement: Ensure training sessions are not treated as “one and done” with follow-up sessions and quizzes to assess employees’ comprehension.  

4. Promote Your Hotline 

Every employee should know about your compliance hotline and understand exactly how it works. That requires ongoing promotion that makes clear that tips are safe and anonymous, with regular updates about how the information is used to monitor, identify, and remediate compliance issues. 

This may require a partner like Compliance Resource Center that can introduce and manage a truly neutral hotline:  

  • Improve Access: We offer both a standard telephone and a web-based portal, making it easier for employees to report issues in whichever way they feel comfortable.  
  • Enhance Reports: Our system sends instant notifications when issues are reported to help you log, manage, and respond to complaints or concerns faster. 
  • Simplify Documentation: You enter notes related to the investigation, which are automatically added to the report modules and are kept organized and confidential in the user-friendly online portal. 

Want to build a culture of compliance around your hotline? 

Schedule a Consultation

__ 

References

Lawrence, A. (2025, June 3). Culture of compliance: Gauge and enhance program effectiveness. Gartner. Retrieved from https://www.gartner.com/en/articles/culture-of-compliance

Author, A. A. (Year, Month Day). Title of article. Infosecurity Magazine. Retrieved from https://www.infosecurity-magazine.com/news/data-breaches-human-error/

Yeo, L. H., & Banfield, J. (2022, March 15). Human factors in electronic health records cybersecurity breach: An exploratory analysis. Perspectives in Health Information Management, 19(2), 1i. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9123525/

Kennedy, S. (n.d.). What is an ethics reporting hotline? Best practices for employers. StarCompliance. Retrieved August 26, 2025, from https://www.starcompliance.com/ethics-hotline/

__ 

Subscribe to blog

Build an effective compliance program with expert hotlines, sanctions screening, training, and more.

Speak to an Expert