Blog Post

Tips on Developing Compliance Policies and Procedures

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) has issued a number of compliance program guidance documents that stress the importance of having written compliance standards and procedures for employees. The OIG notes: “At a minimum, comprehensive compliance programs should include…the development and distribution of written standards of conduct, as well as written policies and procedures that promote the [organization’s] commitment to compliance and that address specific areas of potential fraud, such as claims development and submission processes, code gaming, and financial relationships with physicians and other health care professionals.” The U.S. Sentencing Commission Federal Sentencing Guidelines notes that to “have an effective compliance and ethics program… an organization…shall establish standards and procedures to prevent and detect criminal conduct.”

Developing, implementing, disseminating, and managing written compliance documents is considered a major foundation block of any compliance program, both in terms of organization and management of the program. This foundation includes the Code of Conduct and a myriad of policy documents for the management and operation of both the compliance program as well as compliance high-risk operational areas. The cost of developing a single policy averages about $5,000, regardless of whether the policy is developed by an outside contractor or law firm, developed internally by a committee within the organization, or developed by any combination thereof. It is, therefore, not surprising that organizations turn to shortcuts in an effort to reduce the cost of policy development. Some organizations cut corners by using or adapting policy templates developed by other organizations. However, care must be taken when copying and pasting another organization’s procedural documents, as there may be significant difference in how each organization manages its high-risk areas. Another important consideration is whether the other organization correctly and consistently addresses applicable laws and regulations. If it didn’t address legal and regulatory standards adequately, you risk bringing that organization’s mistakes into your own workplace. Using policy and procedure templates from other organizations can be risky if they were not done properly. Many vendors provide reliable and up-to-date templates that achieve a cost-effective solution for organizations seeking to build their compliance program written guidance while controlling costs.

The failure to properly develop, disseminate, and train covered persons on compliance-related policies and procedures can prove to be a huge mistake and can result in exposure to a variety of liabilities as well as loss of revenue and reputation. Compliance-related policy documents are needed to establish the structure and operation of the compliance program. These policy documents alone can number in the dozens. Some policy documents, such as duty to report, non-retaliation, confidentiality, etc., are directly identified in the OIG compliance guidance documents.

Hundreds of Policy Documents At Your Fingertips.

Visit Our Policy Resource Center

10 Policy Development Tips

  1. Standardize polices in form and format to avoid confusion, as is suggested below through use and inclusion of:
  • Header Block (for approving authority, dates approved/reviewed, etc.)
  • Background/Introduction Section (setting the context for the policy document)
  • Purpose/Objectives Statement (specific purpose or objective for the document)
  • Definitions Section (all key terms used in the document)
  • Scope of the Policy Statement (what operations, facilities, people the document applies to)
  • Policy Statements (setting forth what is expected of the covered persons)
  • Procedures (explaining what covered persons need to do to be in compliance)
  • Related Policies (cross-reference as many overlapping policies that are linked to the document and must be kept consistent)
  • References/Citations (setting forth applicable legal and regulatory authority)
  1. Ensure all the policy statements are short, declarative, and specific to a single issue.
  2. Write the document in the active voice.
  3. Make documents user friendly to those that have to live by them.
  4. Make sure the policy does not conflict with other policy documents.
  5. Anchor the document in applicable cited authority.
  6. Establish a compliance document management system to track and control policies.
  7. Retain all rescinded or modified policies for the record.
  8. Make sure that all affected parties have a role in the policy development.
  9. Before adopting a policy, field test it with staff to be sure it makes sense to them.

There are many advantages associated with using a standardized form and format for policy documents. It makes it easier for covered persons to quickly understand what is expected. It is also critical for compliance document management. It is vital for organizations to always follow the same structure for their policies and procedures.  Using a standardized format, serves as a reminder to not forget the necessary elements or information during policy development, but also ensures policy completeness for implementation.

Subscribe to blog