Kusserow on Compliance: Codes of conduct part 2—16 tips for developing or revising codes

The code of conduct should be a statement of guiding principles for an organization with separate policies and procedures to provide more detailed guidance on how to meet them. It should be reviewed annually as part of ongoing monitoring to ensure it is current with applicable laws, regulations, policies, and standards.   Periodically, the code will need to be revised and updated.  The HHS Office of Inspector General (OIG) has provided a number of points it believes should be included in such a document.  It is worth reviewing them as part of either developing or revising the code.  The following are tips, considerations, and suggestions related to code development or revision.

  1. Gain buy-in from the top. All codes need buy-in and support from the top, beginning with Board approval and personal involvement and support of the CEO. They should not only provide input to the process, but ultimately approve the result.
  2. Determine responsibility for code review and revision. Most codes are developed and reviewed under the leadership of the compliance officer and human resources management (HRM) with a cross section of key persons from the various operational areas. The compliance officer, HRM, and legal counsel should actively drive the process.
  3. Code will affect policy development. The code should be analogous to a Constitution that outlines basic principles; policies are like law and regulations that are consistent with the Constitution. The code should have direct contact with and influence over compliance policy development.
  4. Form a committee to assist in development/revision of the code. It is important to gain wide buy-in for the code. It is advisable to form a committee consisting of individuals across various operational areas.   Their views and input will go a long way in selling the code to the entire workforce. The committee can assist in determining format and content of the code and can be used to meet target deadlines for completion.  The committee should include the compliance officer, legal counsel, HRM, Health Insurance Portability and Accountability Act (HIPAA) (P.L. 104+191) privacy/security officers, and representatives from various operations.
  5. Develop a plan. Code development must follow a plan with timeframes for step completion and the respective roles for everyone involved in the process. All those involved in this effort needs to understand how it is going to function and the level of commitment necessary from them. The various development and approval steps, as well as timeframes for them, should be part of the plan.
  6. Consider using experts to facilitate the process. There is no need to reinvent the wheel. Code development or revision can be simplified, facilitated, and guided by compliance experts in this field. They can not only advise, but direct attention to key concepts that need to be included in the code, many of which have been outlined by the HHS OIG. They also have the advantage of avoiding turf issues that sometimes slow code making decisions.
  7. Decide upon size. The code should be a booklet, not a book. If the amount of content grows, employees’ attention to reading and absorbing the content declines. Detailed written guidance on complying with code provisions should be included in policies and procedures. Generally, codes should be about 20 pages or less.
  8. Establishing form and format. The best practice is to have each section in the code begin with an introductory statement of guiding principle, followed by bullet point standards in furtherance of that statement. Bullet points are easier for employees to follow than long narratives.
  9. Determine core content. Among the initial steps on Code development or revision is determining what is needed in terms of specific content. The code should address all stakeholders, including patients, employees, management, regulatory authorities, etc. The code should include a description of the compliance program and how to contact the compliance office via phone and email. It should also address regulatory and legal issues, including conflicts of interest, gifts and gratuities, high-risk areas, and compliance with the fraud statutes, including the Anti-Kickback Statute, Stark Law, etc.
  10. Address reporting of suspected problems. The code should clearly state that everyone has an affirmative duty to report any possible wrongdoing, along with a detailed outline of procedures for handling questions about compliance or ethical issues, and the channels by which they can report potential violations in confidence or anonymously without fear of retribution or retaliation. This includes provisions for how to report to the hotline.
  11. Decide on manner of dissemination. A decision needs to be made as to how the code will be made available to all covered persons, such as being posted on the organization’ s intranet, provided in hard copy with signature receipt, or a combination of both. If the code is not new, but one that has been revised, then steps need to be made to stop dissemination of the old version. The code should be addressed in all employee training sessions. In the case of compliance training, the code should be covered in some detail and copies of the code should be available at those sessions.
  12. Reference to policies and procedures. The code should be a document that sets for principles the way the Constitution does for the country, with policies providing more detailed written guidance, in the same way that laws and regulations do. Therefore, when the code is changed, revised, or updated, it is important to reference all policies to ensure they will be consistent with the code. Having a code and policies that conflict is a formula for migraines.
  13. Reading level. It is critical that the code be written at a level understandable by employees. Failure to do this can result in a document that cannot support adequately the compliance program goals of the organization. Finding the right reading level can be a challenge, as often there is a wide range of education, ranging from professional staff with graduate degrees to those without any degrees at all. The best practice is to try to create a document at the tenth grade reading level. The worst practice is to develop a document in legalese with footnotes to laws and regulations.
  14. Language. Many health care organizations have a significant percentage of their employees for whom English is a secondary language. The question to be determined therefore is whether the code should have versions in another language. If the decision is affirmative, care must be taken that the translation is very accurate, as nothing can create a bigger headache than multiple interpretations between documents in different languages.
  15. Date the document and formally rescind the old version. If a question arises concerning written guidance to employees, it is important to have evidence of what guidance was in place during the period in question.
  16.  Acknowledgement and attestation. There should be a form evidencing receipt of the code by covered persons, along with a form to be signed by the person attesting his or her understanding and compliance with the terms of the code. Such forms should be kept on file by HRM.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.