Blog Post

Tips On Compliance Policy Development And Updating

Key Points:

  • Policies are a critical element of any effective Compliance Program
  • Policies provide a structure defining an organization’s compliance culture
  • 20 factors to consider when developing and updating policy documents

Policies are all about effective communication of workplace standards and establishing the rules for business processes. They are essential to successful regulatory risk management by defining how individuals should perform their duties to avoid violations of laws, regulations, standards, privacy/data breaches, and other wrongdoing. When well developed and disseminated, policies and their implementing procedures guide employees on what to do when anything unexpected occurs, which helps protect the organization against potential liabilities. Properly prepared documents provide instructions and define boundaries for making the right workplace decisions. This is critical for achieving compliance goals and objectives. They can give clear guidance on what to do under different circumstances and help reduce or avoid compliance risks that could raise liabilities. Policies and procedures can also provide the basis for compliance education and training programs that reinforce what is expected in the workplace, along with guidance on where and who to approach when they have concerns or questions.

Statements of policy and procedures are the crux of any policy document. Policies refer to high-level guidelines as to what is expected of individuals in making decisions. Procedures describe the steps employees should take to implement a specific policy. When developing and updating policy documents, it is important to determine the resources and estimated time and effort needed to create a policy document.

Drafters should also consider the following:

  1. The need for regulatory analysis before drafting the document;
  2. Identify someone to “own” the policy to manage its development and review;
  3. Ensure the policy focuses on a signal issue (mixing issues in a single document should be avoided);
  4. Identify any overlap with other policy documents;
  5. Make sure the policy avoid overcomplicated explanations and is understandable to the broad employee base;
  6. Make sure the policy is short, direct, and uncomplicated (1-4 pages in length);
  7. Follow a standardized form and format, critical for being user friendly;
  8. Include a stated purpose as to why the document was created;
  9. Include a stated scope at to whom it applies;
  10. Have the policy undergo multiple levels of review to ensure it is accurate, and easily understood;
  11. Make sure terms used in the document are defined;
  12. Determine if the policy will require approval by the board or executive compliance committees;
  13. Ensure each step that must be followed is defined and the reason for the step;
  14. Identify some relevant measurement or standard for compliance;
  15. Make the policy easily accessible for all covered persons;
  16. Periodically review the policy to make sure it is current;
  17. Include the policy as part of a document management system to ensure it is kept up to date;
  18. Create a user group before implementation to ensure it is clear and understandable;
  19. Reinforce the policy in compliance education and training programs; and
  20. Include legal or regulatory citations to relevant authority or standards.

Shelby Cole ([email protected]) works with clients to provide unlimited access to the Compliance Policy Resource Center ( that has over 750 professionally developed templates for compliance-related policies, charters, monitoring and auditing guides, job descriptions, etc., that are adaptable for any health care organization.

Subscribe to blog