Developing Compliance Policies and Procedures

Richard P. Kusserow | September 2013

Compliance policy and procedure documents are the foundation of any compliance program, both in terms of organization and management of the program. These document also facilitate compliance with applicable laws, regulations and standards by compliance high risk operational areas. The average cost of developing a single policy averages about $5,000.  This is regardless of whether the development is done through an outside contractor or law firm or internally by a committee within the organization.  You must also consider the resources expended to properly review and approve policy document. This can be time consuming and costly in terms of time and effort.

Many turn to short cuts to reduce the cost, such as using policy templates already developed. Some organizations post their own policies online and are free to download. If using this approach care must be taken when copying and pasting another organization’s document.  There may be significant difference in the organization and management of the policy and procedures, which makes adapting them difficult.  Also, there is the question of whether the other organization correctly and consistently addressed applicable laws and regulations.  There are also legitimate sources that assist in developing policy documents in an efficient, effective, and inexpensive manner.[1]

Whether you are developing policies in house or using policy templates, the following will assist in understanding what is needed and why, and how to do it properly.

Learn about our Policy Resource Center.

Get a Free Quote & Demo

The HHS Office of Inspector General (OIG) has issued a number of compliance program guidance documents, all of which stresses the importance of written compliance guidance for employees.  The OIG notes that “At a minimum, comprehensive compliance programs should include…the development and distribution of written standards of conduct, as well as written policies and procedures that promote the [organization’s] commitment to compliance and that address specific areas of potential fraud, such as claims development and submission processes, code gaming, and financial relationships with physicians and other health care professionals.”[2]  The United States Sentencing Commission “Federal Sentencing Guidelines” notes “have an effective compliance and ethics program.., an organization shall…shall establish standards and procedures to prevent and detect criminal conduct.”

The failure to properly develop, disseminate, and train covered persons on compliance-related policies and procedures can prove to be a huge mistake that can result in a variety of liabilities, loss of revenue and reputation.  The fact is that scores, if not hundreds, of policy documents are needed to be in compliance with regulatory and care standards.  Compliance related policy documents are needed to establish the structure and operation of the compliance program.  These alone number in the dozens.  Some of them are identified directly in compliance guidance documents, such as duty to report, non-retaliation, confidentiality, etc.

However, most of the needed compliance related policies are operational in nature and relate to compliance high risk areas.  The upcoming deadline for ICD 10 Coding mandates is a reminder of this.  The deadline for these policies is October 1, 2014 and that date is fast approaching.  Those failing to meet this deadline will be confronted by a host of payment and penalty problems.  Those who have been working to revise and update the code policies know how difficult, time consuming and expensive to do this.

The challenge is how to identify and develop all the needed policies.  The following are some common types of compliance related policies:

  • Anti-Kickback Statute
  • Claims Development & Submission
  • Clinical Research
  • Coding
  • Cost Reports
  • Human Resources Management
  • Laboratory Services
  • PATH
  • Quality of Care
  • Recovery Audit Contractors
  • Sarbanes Oxley
  • Stark Law

The following are some tips in policy development:

  • Standardize polices in form and format to avoid confusion.
  • Ensure all the policy statements are short, declarative, and specific to a single issue.
  • Write the document in the active voice.
  • Make documents user friendly to those that have to live by them.
  •  Make sure the policy does not conflict with other policy documents.
  • Cross reference all policies to similar ones.
  • Define all key terms used in the document.
  • Anchor the document in cited authority.

All policy documents should include:

  • Header Block
  • Background Introduction
  • Purpose/Objectives Statement
  • Definitions Section
  • Scope of the Policy
  • Policy Statements
  • Procedures
  • Related Policies
  • References/Citations

[1].For more guidance go to the Policy Resource Center

[2].Office of Inspector General. Publication of the OIG Compliance Program Guidance for Hospitals. 63 Fed. Reg. 35, 8987 (Feb. 23, 1998).

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 2,000 health care organizations and entities in developing, implementing and assessing compliance programs.