Blog Post

Managing Compliance Documents: An Overview of DMS

Richard P. Kusserow | April 2020

Key Points:

  • A Compliance Document Management System (DMS) is critical for effective programs and applies to all stages of a document life cycle.
  • Half of all Compliance Offices manage compliance-related documents manually.
  • Helpful questions to review concerning DMS functions for Compliance Officers’ ongoing monitoring.

Controlling and managing compliance-related policies and procedures are among the most challenging areas for Compliance Officers. It is also a subject of great confusion. The 2020 Healthcare Compliance Benchmark Survey Report (Survey), analyzed by Strategic Management Services, included questions that focused on the management of policies and compliance documents.

What is a Compliance Document Management System (DMS)?

Document management involves the process of organizing, filing, controlling, and storing documents, and includes all stages of the document life cycle. Results from the latest Survey found that Compliance Offices were split nearly in half between those that manually managed compliance-related documents and those that used automated assistance services instead.

One-third of respondents reported using some sort of document management software for assistance. One-fifth of respondents reported using a comprehensive document management system (DMS). The trend from review of past surveys clearly indicates a movement away from manual processes to DMSs.

Compliance Document Management Mistakes

Many Compliance Officers develop compliance-related policies and other documents in an ad hoc manner. This can create a lot of potential problems. The Compliance Officers may not properly keep track of policies, which can result in overlapped or duplicate documents on the same subject, causing potentially significant liability. The failure to keep track of rescinded or revised policies is a common problem with potential legal consequences.

One of the worst mistakes Compliance Officers can make is copying and pasting policy documents from other organizations to short-cut the process. This is fraught with risks because there may be differences between the organizations including with their management and missions. In addition, the other organization may not have done a very good job addressing the issue for compliance with applicable rules and regulations.

Implementing a Compliance Records System

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) notes in its various compliance guidance documents that all effective compliance programs should also include implementation of a records system.

The records system should ensure that all records necessary to protect the integrity of the organization’s compliance process and documents are properly maintained and current with applicable laws, regulations, and requirements. A well-managed document records management program also provides evidence to confirm the effectiveness of the program.

Reviewing Document Management System Functions

As part of ongoing monitoring, Compliance Officers may find the following questions concerning DMS functions to be useful in their reviews:

  1. Has the process for developing compliance-related policies been standardized?
  2. Is there an established method by which documents are added to the DMS?
  3. Can documents be created directly in the DMS?
  4. Can files be emailed, or documents be scanned, into the DMS?
  5. Have document formats been established that must be followed?
  6. Does a DMS integrate easily with other software systems and solutions?
  7. Does the DMS allow document adding, editing, and sharing?
  8. Can documents be created, organized, tagged, and stored by project name and stage?
  9. Have permissions been set to limit those who can modify documents?
  10. Does the DMS allow simultaneous editing and writing by collaborators?
  11. What controls are there for multiple people viewing and working on a document?
  12. What kind of internal and external security is in place for the DMS?
  13. How does the system handle user authentication?
  14. Can you set different levels of permission (for instance, edit vs. view only), as needed?
  15. How are all compliance-related documents controlled?
  16. What is the process for establishing a need for a new document?
  17. Does the DMS manage workflow in the creation of new/revised documents?
  18. Does the DMS track when documents should be reviewed for updating?
  19. Does the DMS prompt when action is needed?
  20. Is there an archive of retired and revised documents and policies?
  21. Does the DMS store and manage all compliance-related documents?
  22. Does the DMS ensure document access control and security?
  23. Does the DMS facilitate distribution of documents to employees, vendors, and consultants?
  24. Does the DMS document approval authorities, certifications and attestations?
  25. Are there controls and prompts for review of documents?
  26. What method is there to keep documents current with changing standards and regulations?
  27. Do the documents have appropriate citations of authorities?

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog