Compliance Policy Management
Both the Department of Health and Human Services Office of Inspector General and the U.S. Sentencing Commission call for developing, maintaining, and managing compliance-related documents. The 2019 Tenth Annual Healthcare Compliance Benchmark Survey conducted by SAI Global and Strategic Management Services included questions that focused on management of policy and compliance documents. In the survey, four out of ten respondents reported manually maintaining compliance-related documents in binders or through spreadsheet software. This is not advisable as it can invite mistakes and potential liability. Marvin Mills of the Compliance Resource Center’s (CRC) Policy Resource Center (PRC) assists compliance officers with developing and managing compliance-related documents, such as codes of conduct, charters, policies, audit guides, etc. Mr. Mills finds that the problem for many organizations is that they develop their compliance policies in an ad hoc manner and lack policy tracking mechanisms, which can result in overlapping or duplicate policies, potentially creating significant liability. Policy management applies to all stages of the document life cycle, and it is critical to an effective compliance program to remember the following simple rules:
- Control all compliance-related documents;
- Standardize document form and format;
- Establish a need for a new document;
- Prompt the system to send alerts when action is needed;
- Manage work flow in the creation of new or revised documents;
- Track when documents should be reviewed for updating;
- Maintain an archive of retired documents and policies;
- Store and manage all compliance department documents;
- Ensure document access controls and security;
- Establish hyperlinks to related regulators and authorities;
- Facilitate distribution to employees, vendors, and consultants; and
- Document certifications and attestations.