Blog Post

Written Policies and Procedures: The Foundation of Compliance


Policies, procedures, and other compliance-related documents are the necessary foundation for a successful Compliance Program. These documents supply the Compliance Officer, executive management and the workforce with an understanding of what is expected in the workplace and how to operate effectively. This ensures that the Compliance Program runs smoothly and that everyone in the organization remains compliant with internal standards and state and federal requirements.

Recommended Policies & Compliance Documents

The first document that organizations should develop and distribute is a Standards of Conduct or Code of Conduct. Explicitly documenting the expectations of conduct and behaviors in the organization will paint a clear picture for the workforce on how the organization operates. The Code of Conduct must:

  • Establish a commitment to compliance with all federal and state laws and regulations
  • State the organization’s goals, mission and ethical requirements
  • Express clear expectations for all members of the workforce, management, governing board, contractors and other agents working on behalf of the organization

The second type of document organizations must implement is health care compliance program policies and procedures. In the “Publication of the OIG Compliance Program Guidance for Hospitals,”¹ the Department of Health and Human Services Office of Inspector General (OIG) outlines several specific areas where organizations must develop compliance policies. Organizations should also take into account regulatory exposure of high risk areas. The OIG addresses special areas of concern, including:

  • Billing for items or services never provided
  • Providing medically unnecessary items or services
  • Upcoding and Diagnosis Related Group (DRG) creep
  • Unbundling services
  • Duplicate billing
  • Anti-Kickback Statute
  • Joint ventures, Stark Law and financial arrangements between hospitals and hospital-based physicians
  • False cost reports

It is important for organizations to develop compliance policies that address these areas in order to remain compliant with general rules and regulations. However, organizations must also be mindful of their own unique high risk areas that may be specific to internal operations. To identify and stay on top of these risks before they become too severe, organizations should conduct annual compliance audits, carry out internal claims monitoring and review submitted hotline reports for trends in order to help establish necessary procedures to remediate potential or actual risks.

In addition to high risk areas, the OIG highlights several other areas that organizations should address through compliance policies and documents:

  • Claims development and submission. Because claims are under high scrutiny by numerous Centers for Medicare & Medicaid Services contractors (e.g., MACs, RACs, ZPICs, MICs) that regularly audit claims, policies in this area should address the OIG’s identified high risk areas related to billing.
  • Medical Necessity. In policies related to this topic, the Compliance Officer should ensure there is a clear and comprehensive summary of what constitutes medical necessity definitions, as well as the rules for federal and commercial payors.
  • Anti-Kickback and Self-Referral Concerns. These policies should address contracts between physicians and the hospital, referral sources, financial arrangements and safe harbor regulations.
  • Bad Debt. Organizations should establish a policy that requires them to develop a plan to annually review whether they are properly reporting and claiming bad debt.
  • Retention of Records. These policies and procedures should clearly establish creation, distribution, retention, storage, retrieval and destruction of compliance-related policies and other documents.

Compliance Policies & Procedures Best Practices

Health care organizations should develop and review all compliance-related policies and documents under the direction of the Compliance Officer and/or the Compliance Committee. Once compliance policies and procedures are finalized, the Compliance Officer should make these new or revised documents available to the workforce. And, if warranted, the Compliance Department should provide a training session or guidance on the purpose and impact of the new or revised documents to the workforce members affected by the policy area. Additional best practice tips for implementing and maintaining compliance policies and procedures include:

  • Use policy templates to keep the look and format of your organization’s documents consistent.
  • Write documents to be user-friendly and easy to follow.
  • Review policies on a routine basis, such as every one to three years, to ensure the content is up-to-date and consistent with federal and state rules, law, regulation and guidance and internal practices.
  • Ensure a policy management process is in place.
  • Train the workforce on new and updated policy and compliance documents during annual compliance program training, at staff meetings, and/or through ad hoc training sessions.
  • Document that training was provided to the workforce using signed attestations.
  • Ensure easy access of policies to all affected parties.
  • Verify policies are followed through monitoring activities.
  • Validate policies are achieving the desired outcome.
  • Create metrics to evidence effectiveness of the policies.

In Review

In order for the compliance program to operate effectively, organizations must establish written guidance on the policies, procedures and other compliance-related documents that all workforce members are expected to follow. Organizations should supply training on this guidance upon hire and at least annually to ensure that workforce members are aware of updated policies and procedures and will remain compliant with such requirements. Organizations are more likely to have a successful Compliance Program when they have well-publicized compliance policies, procedures …

Subscribe to blog