3 Considerations for Managing Compliance Policies and Procedures

Written policies and procedures are often listed as the first element of an effective compliance program. Though all the elements really work together, and no singular element is necessarily more important than another, it does make sense to list written policies and procedures as the first element.

It would be hard to even establish an effective compliance program if concepts, principles, and formal commitment to a culture and program of compliance were not memorialized in writing. Written policies and procedures document and delineate expectations and steps employees need to take to comply.

In fact, the U.S. Department of Health and Human Services Office of Inspector General (OIG) has stated in published compliance guidance that, “The purpose of compliance policies and procedures is to establish bright line rules that help employees carry out their job functions in a manner that ensures compliance with Federal health care program requirements…”

Writing and Implementing Policies is Never “One and Done”

Managing policies and keeping them current and pertinent is an important ongoing, never-ending task of a compliance program. To this point, the OIG stated, “…a clear statement of detailed and substantive policies and procedures—and the periodic evaluation of their effectiveness—is at the core of a compliance program…”    When the OIG wrote their supplemental guidance for hospital compliance programs, they emphasized the importance of periodically reviewing a program’s effectiveness. This includes periodically reviewing written policies and procedures. Some of the factors that should be considered in this periodic review include the following questions:

• • Are policies and procedures clearly written, relevant to day-to-day responsibilities, readily available to those who need them, and re-evaluated on a regular basis?
  • Does the hospital monitor staff compliance with internal policies and procedures?
  • Have the standards of conduct been distributed to all directors, officers, managers, employees, contractors, and medical and clinical staff members?

The Importance of Customized Compliance Policies

Every compliance program should require the development and distribution of written compliance policies that identify specific areas of risk to the organization. These policies should be developed under the direction and supervision of the chief compliance officer and compliance committee, and, at a minimum, should be provided to all individuals affected by the particular policy at issue, including any agents and independent contractors.

Because policies should address risks specific to the organization, additional questions that should be asked include:

• • Has the organization developed a risk assessment tool, which is re-evaluated on a regular basis, to assess and identify weaknesses and risks in operations?
  • Does the risk assessment tool include an evaluation of federal health care program requirements, as well as other publications, such as the OIG’s CPGs, work plans, special advisory bulletins, and special fraud alerts?

Many ask what topics their compliance program policies should cover. A partial list to consider includes the following topics, as applicable to the organization:

• • Billing for items or services not actually rendered
  • Providing medically unnecessary services
  • Upcoding
  • ‘‘Diagnosis related groups (DRG) creep’’
  • Outpatient services rendered in connection with inpatient stays
  • Teaching physician and resident requirements for teaching hospitals
  • Duplicate billing
  • False cost reports
  • Unbundling
  • Credit balances—failure to refund
  • Anti-Kickback Statute
  • Joint ventures
  • Financial arrangements between hospitals and hospital-based physicians
  • Stark Physician Self-Referral Law
  • Patient dumping/Emergency Medical Treatment and Labor Act (EMTALA)
  • Physician speaker programs and financial payments from industry

Managing and Measuring Compliance Program Success

There are many ways to manage and assess the effectiveness of compliance program policies. These might include:

• • Employee accessibility of policies — audit how many actual "hits" on policies and procedures in an online library or electronic repository of policies.
  • Accountability— is there someone designated as a policy coordinator?
  • Ownership of policies — audit the process of how policies are enforced by chain of command when compliance is not the policy owner.
  • Maintenance of policies — check the last revision and review dates. Are the policies reviewed annually to determine if they are current and up to date?
  • Policy approval —audit policies to ensure the proper signatures and approvals are documented.
  • Language and reading level — are policies written in plain language, appropriate grade reading level and written in applicable languages for the organization?
  • Policy inventory and no overlap or gaps — create and analyze inventory. Analyze and review past efforts. Look at various departments that might have overlapping policies. 
  • New and updated policy distribution and education of appropriate staff — perform a process review. Does the organization have a formal process to make their workforce aware of new policies or changes in policies?

Policy management is a core element of any effective compliance program. Poor management of policies can result in conflicting or out-of-date policies which can lead to non-compliance.

Leveraging a policy management library like the one offered in Healthicity’s Compliance Manager is a great way to manage the often overwhelming task of compliance policy management.

To download this blog post as a pdf, click the button below.