The Compliance Navigation:
cross-functional consensus building
stakeholder education
risk mitigation
I was brought in to identify analytics requirements for a pioneering patient support program, but the organization had no approved pathway to access the data it would be collecting.
My role was to transform risk-averse gatekeepers into collaborative partners.
The Problem
The client had invested heavily in building their first direct-to-patient support program to own the data and generate richer insights than partnerships with external vendors could provide. But Legal, Privacy, and Compliance had no precedent for handling self-reported patient data and defaulted to maximum risk aversion: no one could access the data at all. This created a paradox: the entire point of building an in-house program was to unlock insights, but the organization's fear of regulatory exposure was threatening to make the data entirely unusable. Without established protocols for what data could be accessed, at what granularity, and under what conditions, the organization was unable to unlock any value from the patient data they were collecting. My dashboard project became the test case that would either prove the model viable or confirm that the organization couldn't operationalize what it had built.
The Solution
I facilitated a months-long series of cross-functional conversations that transformed vague concerns into concrete policies. Rather than treating Privacy and Compliance objections as roadblocks, I used my dashboard mockup as a discussion tool. I walked stakeholders through each visualization to dissect what data points were required, how calculations would be performed, how data was collected, and why specific levels of granularity mattered to the business. Through these sessions, we negotiated our way to consensus. For example, when Privacy initially prohibited zip codes entirely under Safe Harbor regulations, I worked with them to identify a middle ground, and we eventually were permitted to use the first three digits (with certain zip codes entirely prohibited) and installed a minimum patient threshold before data appeared on dashboards. By pioneering the first approved use case of patient data, I effectively established the template that Data Governance later formalized into the company's first data request process, complete with privacy impact assessments and approval pathways.
My Approach
I wasn’t ready to take “no” for an answer without understanding why. I quickly realized that the “no” from Legal and Privacy stemmed from all the uncertainty, which was exacerbated by the fact that they had been consulted late in the process of building the program. Data Governance was only a fledging function of just one person. To get their full attention and collaboration, I needed to be proactive and consistent in getting them to understand the business need and objectives. With each subsequent meeting, I pushed us to dive deeper, asking questions and inviting them to co-create boundaries, exploring questions such as: what granularity was truly necessary versus nice-to-have? Given that all the data was already de-identified, what additional measures needed to be taken in the analysis process to further mitigate risk?
By being the translator between functions, I got everyone on the same page. Privacy was worried about Safe Harbor compliance; the business wanted actionable insights; Data Governance needed scalable precedents. With an understanding of everyone’s priorities, I reframed business requirements in privacy terms and translated legal constraints into business trade-offs so we could better see how we could help each other achieve our objectives and they were not in conflict. For example, "we want a breakdown of enrollment count by zip codes" became a negotiation that landed on using the first three digits with minimum count thresholds, which satisfied both regulatory concerns and business needs. This shared understanding removed the paralyzing anxiety of uncertainty. Once everyone could see the same problem through the same lens, we stopped debating whether to move forward and started designing how to move forward safely.
Core Skills Leveraged
-
Even though I was representing the brand lead, my client, I obviously had no formal power over Legal, Privacy, or Compliance. I needed their approval to move forward and their collaboration to shape company policy. I built influence through persistence, preparation, and respect for their constraints. I asked questions to dig deeper to understand their concerns, and made it clear I was also invested in achieving their goals. I earned their trust by demonstrating that I understood the regulatory landscape they operated in and that I wasn't asking them to compromise compliance, only to reimagine how it could evolve given the new business operations already underway. Over time, they stopped viewing me as a stakeholder making requests and started treating me as a thought partner helping them navigate unfamiliar territory. This shift unlocked the influence for me to shape not just my project's approval, but the policies that would govern all future patient data initiatives.
-
Working on building an analytics dashboard to replace manual reporting with a one-month lag revealed the opportunity to also help the organization build a capability it didn’t have. The company had invested in collecting patient data but had no infrastructure for using it responsibly. Legal and Privacy defaulted to prohibition because they lacked the mental models, processes, and precedents to evaluate risk in this new domain. I recognized that my role wasn't just to navigate their uncertainty for my project; it was to help them build the frameworks that would enable the organization to innovate confidently going forward. I approached this as a change management challenge: I needed to move stakeholders from "we can't do this" to "here's how we do this safely." I did this by breaking down the overwhelming ambiguity into manageable decisions—one visualization, one data field, one calculation at a time. Each conversation became a building block for the larger framework. My dashboard project became the pilot that future processes were scaffolded upon, giving Data Governance the confidence to formalize a repeatable data request process. By spurring the creation of infrastructure that would allow future teams to derive insights from patient data, I helped the organization turn the chapter in their fundamental approach to understanding their customers.
-
Success in this project depended entirely on my ability to build trust and communicate across functions that spoke different languages and operated with different priorities. I invested heavily in relationship building. I attended meetings not just to present the business case, but more so to understand each stakeholder's perspective, constraints, and concerns. I asked questions, listened actively, and validated their positions before proposing solutions. This built the credibility I needed to challenge assumptions and push for middle ground. My communication approach was deliberately multilingual: I translated business requirements into privacy impact language, reframed legal constraints as design parameters, and explained how technical or regulatory limitations would change the business requirements. For example, instead of saying "we need zip codes for segmentation," I explained how understanding geographic uptake would play a part in tailoring patient support, and then worked with Privacy to identify what level of geographic detail would satisfy both regulatory and business needs. I also communicated transparently about what I didn't know and where I needed their expertise, which reinforced that I respected their authority and wasn't trying to steamroll decisions. By consistently showing up prepared, being respectful of their time and constraints, and demonstrating that I valued their input, I transformed skeptical gatekeepers into engaged collaborators. These relationships became the foundation for productive problem-solving. Once trust was established, we could have honest conversations about trade-offs and co-create solutions that none of us would have reached alone.
