The word "compliance" generally does not generate much enthusiasm outside of an annual compliance association's conference or beyond the office walls of the Compliance Officer. The concept, though, is critical, particularly in health care, which requires compliance with a spectrum of overlapping federal and state regulations, industry standards and contractual obligations. Perhaps one of the most significant compliance areas revolves around HIPAA and matters related to protecting patient privacy. Compliance occurs in day-to-day operations, not just in preparation for an audit or in response to a legal action. For compliance to be more than a set of checklists and to become an integral component of company culture, people need to understand why they should comply and be provided access to the means to follow through. Ideally, compliance belongs at all levels of the organization, shared by all regardless of whether the word itself is found in the job description. A culture of compliance must be encouraged, developed and maintained throughout the organization so every employee understands her responsibility to maintain the privacy and security of health information. For an effective compliance program, according to U.S. Federal Sentencing Guidelines an organization must foster an organizational culture that "encourages ethical conduct and a commitment to compliance with the law." Building a culture of compliance requires the support of executive management, including the board of directors. Buy-in by C-suite staff is required, and managers must lead by example. Setting and then fulfilling expectations for ethical actions counters a culture of complacency. Executives also must give appropriate authority to carry out the compliance activities in the first place.