Kusserow’s Corner: Compliance Policies and Procedures

Compliance policy and procedure documents are the foundation of any compliance program, both in terms of organization and management of the program. They are the written guidance that facilitates compliance with applicable laws, regulations and standards. These documents are not limited to the compliance office. They are critical for ensuring compliance in high risk operational areas. The average cost of developing a single policy averages about $5,000. This is regardless of whether the development is done through an outside contractor, law firm, internally by a committee, or any combination thereof. If care is not taken, this can be a costly, time consuming, and distracting endeavor. The proper and referencing of policies is a significant effort by itself.

It is not surprising therefore that many seek short cuts, such as using policy documents prepared by another organization or found on the Internet. However, care must be taken when using this approach in that there may be significant difference in the organization and management of the policy and procedures, and there is some risk as to whether the copied policy was properly developed, referenced, cited in laws/regulations, and interpreted correctly. In short copying someone else’s product may lead to problems and potential liability. However, there are legitimate and authoritative sources available to assist in developing policy documents that provide proper citation and referencing. This may prove to be an efficient, effective, and inexpensive solution to policy development. A major resource for policy development and management is the Policy Resource Center (PRC) that may be worth checking.


The HHS Office of Inspector General (OIG) has issued a number of compliance program guidance documents, all of which stresses the importance of written compliance guidance for employees. The OIG notes that “At a minimum, comprehensive compliance programs should include…the development and distribution of written standards of conduct, as well as written policies and procedures that promote the [organization’s] commitment to compliance and that address specific areas of potential fraud, such as claims development and submission processes, code gaming, and financial relationships with physicians and other health care professionals.” The United States Sentencing Commission “Federal Sentencing Guidelines” notes “have an effective compliance and ethics program.., an organization shall…shall establish standards and procedures to prevent and detect criminal conduct.”

The failure to properly develop, disseminate, and train covered persons on compliance-related policies and procedures can prove to be a huge mistake that can result in a variety of liabilities, loss of revenue and reputation. The fact is that scores, if not hundreds, of policy documents are needed to be in compliance with regulatory and care standards. Compliance related policy documents are needed to establish the structure and operation of the compliance program and these alone number in the dozens. Many needed policies are identified directly in compliance guidance documents, such as duty to report, non-retaliation, confidentiality, etc. Others noted specifically include those related to the Anti-Kickback Statute, Claims Development & Submission, Clinical Research, Coding and claims development, Cost Reports, EMTALA, HIPAA, Laboratory Services, PATH, Stark Laws, among others. However there are scores of other compliance related policies needed by health care organizations that address quality of care issues. The upcoming deadline for ICD 10 Coding mandates is a reminder that new compliance policies are mandated by October 1, 2014 and that date is fast approaching. Those failing to meet this deadline will be confronted by a host of payment and penalty problems. Those who have been working to revise and update the code policies know how difficult, time consuming and expensive to do this.

The following are some tips in policy development:

  • Standardize polices in form and format to avoid confusion.
  • Ensure all the policy statements are short, declarative, and specific to a single issue.
  • Write the document in the active voice.
  • Make documents user friendly to those that have to live by them.
  • Make sure the policy does not conflict with other policy documents.
  • Cross reference all policies to similar ones.
  • Define all key terms used in the document.
  • Anchor the document in cited authority.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Copyright © 2014 Strategic Management Services, LLC. Published with permission.