“What You Know Can’t Hurt You”

Debra Muscio’s passion for compliance, audit, information, and technology keeps Community Medical Centers vigilant against noncompliance and security threats

One of Debra Muscio’s professors told her that she would be an auditor one day. Muscio laughed, but her professor was right. Muscio’s current role as senior vice president and chief audit, enterprise risk management, ethics, and compliance officer at Community Medical Centers in Clovis, California, is a perfect fit.

“I get up every day loving the profession that I’m in,” says Muscio, who earned an MBA in strategic leadership and a BS in accounting and has received a number of certifications and awards over the years. “Education is a large part of my life,” she says. “If you want to be in the know, this is the job for you.”

Muscio always wants to be in the know. She doesn’t consider herself merely a Type A personality. “I’m probably triple-A, which works in this profession,” she says. “Various individuals in the organization do the work, but if I don’t stay informed, I can’t lead.”

Muscio is a nationally known leader with thirty-three years of experience, twenty-nine of which she spent in the audit and compliance healthcare profession in Connecticut and California. She served as the chief audit and compliance officer at Central Connecticut Health Alliance for sixteen years and internal audit at Hartford HealthCare Corporation for six years.

Debra Muscio, SVP, Chief Audit, ERM, Ethics, and Compliance Officer at Community Medical Centers

In 2011, Muscio relocated to California to join Community Medical Centers (CMC), where she serves as the senior vice president, chief audit, ERM, ethics, and compliance officer. Experience has taught her the risks of being blind to initiatives that other team members or individuals at CMC are working on.

“There will always be human error,” she says. “Not everyone will understand it all. That’s why we have a team environment here. We’re all part of this, and we all need to make it work.”

Muscio credits her team, fellow executives, and the rest of the staff for helping CMC handle privacy, information security, and compliance issues as quickly as healthcare regulations change. Simply put, it’s a big job. CMC is the largest hospital system in the Fresno-Clovis area, serving a fifteen-thousand-square-mile area, and regulations in California can be complex.

One example is the little-known fact that California is one of a handful of states that prohibits the direct employment of doctors by hospitals. As such, physicians’ contracts and the encompassing regulatory requirements become a compliance concern. Muscio, the legal team, and the executive team work closely together to gather the appropriate documentation to support compliance.

“The regulators have increased scrutiny, making sure we pay and treat physicians fairly, and the supporting information you have must demonstrate you do so,” Muscio says. “We have a whole team that meets, reviews, and assesses this documented process.”

She notes that she needs to work closely with the chief legal officer or outside counsel. “I don’t have that legal expertise,” Muscio says. “This collaborative working relationship is a key component for compliance.”

The process sounds exhaustive—and it is—but Muscio’s self-described Type Triple-A personality helps keep things moving along. Plus, she has the teams implement steps to ensure that, should CMC ever get audited, cases can be resolved quickly.

“When an area is presented with an audit and we need to demonstrate compliance, you don’t want to have to reinvent the wheel,” she says. “We have processes in place in which information is documented and saved so we don’t have to question past or present happenings.”

“Education is a large part of my life. If you want to be in the know, this is the job for you.”

Muscio is big on documentation. A certified fraud examiner, she advocates everyone involved in contracting, billing, coding, and documentation is educated and understands that they must make a record of everything to guard against human error, false claims, and other pitfalls.

Lately, more potential pitfalls are coming in the area of cybersecurity. About a year ago, Muscio hired a chief information security officer (CISO) to work within her compliance department, independent of the IT department, but also working closely with the chief information officer.

“Sometimes, IT people are working so fast to implement, upgrade, or fix systems, but many times no one inside or outside the IT department focuses on understanding the vulnerabilities,” Muscio says. “Having the CISO outside of IT helps make me more aware of these situations. I can be forward-thinking.”

Muscio is uniquely qualified to do so. She has experience as an IT auditor, during which she attended hacking/IT audit and security training classes to learn how systems are often compromised. She has a passion for that side of the business, saying that before she hired the CISO, she would periodically talk to IT and ask questions. “By educating the system and building the compliance information security team, it gives us the means and tools to monitor and assess the security risks,” she says.

Now compliance can monitor phishing tests to gauge the vulnerability of the network. Implementing the monitoring programs, she knows when someone is inappropriately looking at EMRs and can take corrective measures. In short, she has a lot more information to work with, which is exactly what she needs and wants.

“What you know can’t hurt you,” she says. “It’s what you don’t know that can come back to cause problems. I’m constantly looking for answers to what I don’t know.”


Hooper, Lundy & Bookman, P.C. congratulates Ms. Muscio, and is proud of our association with Community Medical Centers. With offices in California, Massachusetts, and Washington, D.C., Hooper, Lundy & Bookman is the largest law firm in the country dedicated exclusively to the representation of healthcare providers and suppliers.