Blog Post

Documents That Support Effective Compliance Programs

Richard P. Kusserow | January 2021

Checklist of 21 Key Documents

Reinforcement with key documents and metrics is key to an effective Compliance Program (CP). Any evaluation of the CP should include requests for the following documents to be reviewed and examined:

  1. Code of Conduct. This can be viewed as the Constitution for the organization and should be distributed to all covered persons.
  2. Charters for the Executive and Board-Level Oversight Committees. These should establish oversight and support for the CP and define members’ roles and responsibilities.
  3. CP Charter and Compliance Officer Position Description. It is important to formally describe the Compliance Officer’s role, responsibilities, and reporting relationship to the CEO and Board of Directors.
  4. Protocols for Interaction Between the Compliance Office and Legal Counsel, Human Resources, Internal Audit, etc. Many functions overlap or intersect with the Compliance Office. Working relationships need to be defined to avoid “turf issues.”
  5. Compliance Education/Training Policy. This item should describe the development and implementation of regular, effective education and training programs for all affected parties. It should also discuss training topics, frequency, and documentation.
  6. Hotline Charter/Policy. Organizations should maintain a document that establishes a process to receive and handle complaints. It should also describe how individuals can report concerns, ask questions, and request guidance.
  7. Policies Addressing Ongoing Monitoring of High-Risk Areas. Such policies are intended to assist program managers in carrying out their responsibilities to monitor assigned risk areas, develop and implement written guidance for staff, train staff on how to comply with regulations and organizational policies, and verify they are following instructions.
  8. Policies Addressing Ongoing Auditing of High-Risk Areas. These policies should address independent reviews of high-risk areas to verify that ongoing monitoring is operating appropriately and assist in the management of identified problem areas. 
  9. Policies Governing Internal Investigations. These policies should outline the general steps that will be taken to investigate reports of possible compliance issues and document the investigative results.
  10. Policies Addressing Non-Engagement of Sanctioned Individuals and Entities. These policies should state that there will be no engagements, contracts, referrals, or prescriptions accepted from those that are sanctioned, excluded, or debarred from federal and state health care programs.
  11. Conflicts of Interest Policy. Organizations should maintain policies that require all potential conflicts of interest to be disclosed and outline methods for addressing them.
  12. Anonymity and Confidentiality Policies. Employees should be permitted to report potential wrongdoing anonymously, and protection of identity should be provided to those who request it.
  13. Non-Retaliation Policy. This policy should address protection against retaliation for those who report potential wrongdoing.
  14. Document Management and Retention Policy. This policy should outline document retention and destruction requirements and address electronically maintained documents.
  15. Credentialing and License Policy. This policy should address which individuals must maintain licensure and prohibit engagement or contracting with individuals and entities that are not properly licensed. It should also outline verification procedures.
  16. Disclosure of Overpayments and Violations of Law and Regulations Policies. Overpayments are common, and sometimes there is identification of wrongdoing. These policies should provide strict rules governing when and under what circumstances disclosures of overpayments to outside parties are required. 
  17. Memoranda from Meetings Between the CEO and CCO. The purpose of these documents is to provide evidence of a direct working relationship with and active commitment from the top of the organization.
  18. Board and Executive Committee Oversight Meeting Minutes. These are meant to evidence the active oversight and support of the program from executive management and the Board of Directors.
  19. Hotline Log. This should indicate how calls reporting possible wrongdoing were handled from receipt to final resolution.
  20. Sanction Screening and Compliance Training Report. This should include metrics to demonstrate that these compliance processes are functioning appropriately.
  21. Compliance Training Programs. Organizations should maintain copies of compliance training courses and document the dates and manner of delivery.

These are only a starting point, and all the documents listed above should be reviewed on an annual basis and updated as necessary. For additional information on this topic, contact Richard Kusserow at [email protected].

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 2,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog