Kusserow on Compliance: Written policies are necessary to govern compliance communication channels

An organization with an effective compliance program is one whose employees can easily share and receive information about what is expected of them in the workplace and one who provides a means to report compliance issues and violations of standards of behavior. The OIG and DOJ stress the importance of having multiple channels of compliance communication, not limited to hotlines. Without question, the “hotline” is the major avenue of communication for receiving reports of employee concerns, observed unallowable behavior, violations of law/regulations, breach of safety standards, theft, and other wrongdoing. This channel has been further stimulated by the inclusion of web-based reporting in recent years. Other channels by which employees can voice concerns and perceptions can include feedback from training, independent confidential surveying, bulletin boards, suggestion boxes, emailing, exit interviewing, staff meetings, etc. Included with these other channels should be the easy and direct access to managers, as well as the compliance office.

Communication is a two-way street that needs to include feedback and dissemination of information to employees. It is important to share news, announcements, discussions, surveys and anything else with employees. This information needs to come from an accessible place. Many health care organizations use their Intranet as a major communication vehicle. Once the compliance communication channels have been created, it calls for “rules of the road” governing the processes in the form of policies and procedures.

The fact is that there are several related policy documents called for by regulatory authorities as essential to an effective compliance program. These include, but are not limited to, “Duty to Report Policy,” “Non-Retaliation Policy,” “Anonymous Reporting Policy,” “Confidential Reporting Policy,” “Hotline Operations Policy,” “Compliance Investigation Policy,” “Disclosure of Overpayments Policy,” “Disclosure of Violations of Law/Regulations,” and “Compliance Office Confidentiality Policy,” among others. There is also need for policies for proper handling and management of information to guard against leaks, which opens the door to a whole set of policies related to IT and information controls. These policies should be inter-related and mutually supporting. They tell employees of their obligations to report suspected wrongdoing, how to do it, how the information will be acted upon, and what to expect once the report is submitted.

For more information regarding this subject and availability of compliance policy templates, see the Policy Resource Center at www.complianceresource.com.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.