Policies and procedures templates and other related compliance documents are the necessary foundation for a compliance program. These documents provide the Compliance Officer, executive management and the workforce with an understanding on what is expected and how to operate. The first document developed and distributed should be Standards of Conduct or Code of Conduct. This document must:
- Establish a commitment to compliance with all federal and state standards.
- State the organization’s goals, mission and ethical requirements.
- Express clear expectation that all members of the workforce, management, governing board, contractors and other agents working on behalf of the organization adhere to the standards.
The second type of document healthcare providers must establish is policy and procedures. In the Publication of the OIG Compliance Program Guidance for Hospitals, the OIG outlines several specific areas where policy developed is necessary. Organizations should take into account regulatory exposure of certain high risk areas. The OIG addresses special areas of concern, including:
- Billing for items or services never provided
- Providing medically unnecessary items or services
- Upcoding and Diagnosis Related Group (DRG) creep
- Unbundling services
- Duplicate billing
- Anti-Kickback Statute
- Joint ventures, Stark Law and financial arrangements between hospitals and hospital-based physicians
- False cost reports
It is important to develop policies that address the aforementioned areas. However, you must also be mindful of your organization’s own unique high risk areas. Identification of high risk areas can be made through annual compliance audits, internal claims reviews, hotline reports, etc. Looking at your own high risk areas will help establish necessary procedures to remediate these risks.
In addition to high risk areas, the OIG highlights several other areas that should be addressed through policy and compliance documents.
- Claim development and submission. Not only does the OIG identify a number of high risk areas related to billing, there are also numerous Centers for Medicare & Medicaid Services contractors (e.g., MACs, RACs, ZPICs, MICs) looking at medical records, which place claims under high scrutiny.
- Medical Necessity. The Compliance Officer should ensure there is a clear and comprehensive summary of what constitutes “medical necessity” definitions, as well as the rules for federal and private payers.
- Anti-Kickback and Self-Referral Concerns. Policies should address contracts between physicians and the hospital, referral sources, financial arrangements and safe harbor regulations.
- Bad Debts. Establish a plan to annually review if the organization is properly reporting and claiming.
- Retention of Records. Policies and procedures should clearly establish creation, distribution, retention, storage, retrieval and destruction of documents.
Developing policy and compliance documents from scratch, and even updating current documents, can be a lengthy process. Allocating sufficient time to the process may be hard to find. There are solutions available to assist you in the process. One example is Compliance Resource Center’s Policy Resource Center, an online library of up-to-date documents. Our service provides hundreds of policies and compliance documents ready for use that address the areas discussed above. Solutions, such as the Policy Resource Center, can provide your organization with a plethora of ready-to-implement documents to get your compliance program started.
All compliance policies and related documents should be developed and reviewed under the direction of the compliance officer and compliance committee. Upon finalization of policy documents, the compliance officer should either train or schedule a training to educate the workforce affected by the policy area. Additional best practice tips include:
- Use policy templates to keep the look and format of your organization’s documents consistent.
- Write documents to be user-friendly and easy to follow.
- Annually review policy and compliance documents to ensure the content is up-to-date and consistent with federal and state rules, law, regulation and guidance.
- Ensure a policy management process is in place
- Train the workforce on new and updated policy and compliance documents during annual compliance program training, at staff meetings and ad hoc training sessions.
- Document that training was provided to the workforce using signed attestations.
- Ensure easy access of policies for all affected parties.
- Verify policies are followed through monitoring activities.
- Validate policies are achieving the desired outcome.
- Create metrics to evidence effectiveness of the policies.
This article only touches on the subject of policy development. More information and details concerning types of compliance policies, as well as development and management can be found at the Policy Resource Center.
 Department of Health and Human Services Office of Inspector General, OIG Supplemental Compliance Program Guidance for Hospitals. 70 Fed Reg. 19, 4858, 4858 (January 31, 2005).
 The practice of billing a higher DRG code that would provide receipt of a high payment than the DRG code that more accurately reflects the level of service provided.