Compliance Program Structure: Developing Policies And Procedure

Richard P. Kusserow | November 2014

Development, implementation and dissemination of written healthcare compliance policies and procedures are key compliance program elements. Such documents include policies and procedures that cover management and operation of the compliance program and address high-risk operational areas, as well as the Code of Conduct. These documents facilitate compliance with applicable laws, regulations, rules and standards. The cost of developing a single policy can average thousands of dollars. This high cost is regardless of whether the writing the policy and procedures is done through an outside contractor or law firm or internally by the compliance committee. If healthcare compliance policies and procedures are developed internally then consideration must be given to the resources expended to properly review and approve the documents to ensure consistency with other related policies and all applicable laws and regulations. All of this can be costly in terms of time and effort.

Therefore, it is not surprising that many turn to short cuts to reduce the cost of writing policy and procedures by using or adapting templates developed by other organizations. Some organizations, healthcare and non-healthcare, post their policies and procedures online; making them free to download. However, care must be taken when copying and pasting another organization’s documents, as there may be significant differences in the organization and how it manages its high-risk areas. There is also the question of whether the other organization correctly and consistently addressed applicable laws and regulations—if it didn’t, you will be bringing their mistakes into your own workplace.

Another option is to access a service that has ready-to-use healthcare compliance policies and procedures. Services, such as the Policy Resource Center, can provide hundreds of tested and up-to-date healthcare compliance policies and procedures at a significantly reduced cost than internally development.

Learn about our Policy Resource Center

Get Free Quote & Demo

Whether you are developing policies in-house or using compliance document templates, the following will assist in understanding what is needed, why, and how to do it properly.

Compliance Policy Document Structure

The U.S. Department of Health and Human Services Office of Inspector General (OIG) stresses in the Publication of the OIG Compliance Program Guidance for Hospitals[1] the importance of the development and distribution of written policies and procedures to ensure compliance with all applicable laws and regulations. There are many challenges in carrying this out. A good starting point is to ensure there is a formalized process for policy development, as stressed in the OIG’s various compliance program guidance documents. This includes the form, format and process for development and implementation of new and revised policy documents.

In beginning the process, it is important to understand that a policy statement conveys officially-approved guiding principles or courses of action, and is a general description of a course of action serving as a guide toward accepted strategies and objectives. In contrast, procedures convey a means by which a policy can be accomplished, by defining and outlining officially-approved processes and standard practice instructions. In short, procedures provide a description of how a policy is to be carried out. Procedures define courses of action to meet planned objectives.

Developing a standardized policy template is very important, as it will prevent missing any key elements when writing policy and procedures.  It has the added benefit of making the policies immediately recognizable to everyone. From our experience at Compliance Resource Center, LLC in developing policies and procedures, the following general template and format has proved to be the most useful in writing policy and procedures.

  • Header Block. The header block should include a number of things, including but not necessarily limited to:
    • Title
    • Identity of the department responsible for drafting, reviewing, and enforcement
    • Effective date
    • Policy number
    • Date of approval
    • Identity of approval authority
    • Whether it replaces or modifies an existing policy
    • Number of pages inclusive in the document

All of the above elements in the header block are critical to proper policy management. Additionally, the title should clearly identify the general topic of the policy and assist those who may be searching for guidance on the topic area. The effective dates of policies’ implementation and revisions must be maintained. If an issue arises, the date of applicable policy that applies is absolutely essential.

  • Background. This explains the context by which the policy has been created, such as changes in law, regulations, standards, compliance guidance, etc. This can be used to introduce the context for the policy document. If the policy relates to a specific law, regulation or compliance standard, this section can explain how the policy document is designed to address that issue. It can also be used to relate and/or differentiate the particular policy document to other written guidance. This section should assist in understanding and following the policy. It is best to have this precede the statement of purpose.
  • Purpose. Outlines what the policy document is designed to achieve. When developing or revising a policy, begin with a statement of purpose section that defines the intent and objectives of the policy. It should be relatively short and direct. It is suggested that it begin with an active verb such as, “to promote . . .,” “to comply . . .,” “to ensure . . .,” etc.
  •  Purpose. In many cases, documents will use terminology that requires understanding and clarification in order to meet the policy’s intention. These may be of a legal nature, or something specific to the organization. It is advisable to cite authority for the definitions being used.
  • Scope. Explains the range of applications of the document in terms of covered persons, facilities, sites, etc.
  • Policy Statements. Reflects the basic objectives of the organization and is a description of the general guiding principles or rules.
  •  Procedures. Provides detailed procedural requirements, methods, and guidance on how covered persons are expected to act in accordance with the policy.
  • Related Policies. It is important that policies addressing similar or related issues be linked to ensure that they are consistent. There is nothing worse than having issues or incidents arise only to find the written guidance on the subject is in conflict.
  • References/Citations. This section can be used for legal and regulatory citations, as well as that of the organization. If the policy document was in response to legal or regulatory authority, that authority should be noted along with a list of supporting and source documentation used to validate the policy and procedure. This can also be used to reference other policy related policy documents.

Compliance related policy documents are needed to establish the structure and operation of the compliance program. The failure to properly develop and disseminate compliance related policies and procedures, and to train covered persons, can prove to be a huge mistake that can result in a variety of liabilities, including loss of revenue and reputation.

The fact is that scores, if not hundreds, of policy documents are needed to be in compliance with regulatory and care standards. The challenge is how to identify and develop all the needed policies. Some of the types of compliance related policies include those that address the Anti-Kickback Statute, Emergency Medical and Active Labor Act, Health Insurance Portability and Accountability Act, Sarbanes Oxley Act, Stark Law, claim processing system, cost reports, human resources management, laboratory services, quality of care, among many others. The following are some tips for policy development:

  • Standardize the policy and procedure template and form
  • Ensure all policy statements are short, declarative, and specific to a single issue.
  • Written in the active voice
  • User friendly and understandable to those who have to adhere to them
  • Avoid conflicting guidance between other policy documents
  • Cross-reference policy documents with similar ones
  • Define all key terms used
  • Anchor policy documents in cited authority

This article only touches on the subject of policy documents as key compliance program elements. And, there is far more involved in how you ensure each element is adequately addressed in writing policy and procedures. Policy documents are key for an effective compliance program structure. For more information and details concerning type of compliance policies, as well as development and management, can be found at the Policy Resource Center.


About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.