Code of Conduct Development and Revision

23 Tips and Suggestions

The Code of Conduct is an organization’s constitution that provides an outline of the organization’s values and general guidance on the expectations of those in the workplace. While compliance with these principles should be detailed in policies and procedures, the Code establishes the organization’s core values and expectations, requiring periodic review and update. Developing and revising a Code requires careful planning and execution. It should begin with an introductory message from the CEO affirming the organization’s commitment to its principles and values.

A well-crafted Code must address key stakeholders, including patients, workforce, business partners, and regulatory authorities. It should also describe the compliance program, outline procedures for reporting misconduct, and specify consequences for violations. Regulatory and oversight agencies, such as the U.S. Sentencing Commission, DOJ, and OIG, emphasize that the Code should be user-friendly and provide clear guidance.

To reinforce compliance, it is advisable for executive/management and board oversight compliance committees to review and approve the Code, as it helps evidence their commitment to the compliance program. Once in place, it should be easily accessible, preferably on the organization’s intranet, and incorporated into employee training to ensure widespread understanding of its content and expectations.

The following are key elements to consider when developing or revising a Code of Conduct:

1. The organization’s core cultural values and principles
2. The tone and compliance commitment
3. The scope, specifying to whom it applies (e.g., employees, managers, contractors, suppliers)
4. Use of clear, concise, and understandable language that is easily understood
5. Workplace behavior (e.g., integrity, honesty, and respect)
6. Patient rights
7. Privacy, confidentiality, and data protection
8. Relationships with business partners
9. Organization’s property, financial, intellectual, digital, and proprietary rights
10. Conflicts of interest
11. Interaction with external parties
12. Non-discrimination and general workplace fairness
13. Affirmative duty to report suspected wrongdoing
14. Clear guidelines on how to report suspected violations
15. Consequences for non-compliance
16. Anonymous reporting
17. Confidential reporting
18. No retaliation or reprisals for reporting
19. Applicable legal and regulatory requirements
20. Financial and accounting maintenance and reporting practices
21. Workplace safety
22. Consequences for failure to comply (i.e., warnings, suspension, or termination)
23. Employee Attestation to have read, understood, and compliance

Many organizations reinforce and clarify points by inserting FAQs and examples, along with having citing the policy documents that provide detail to the general policy statements. Flagging the supporting policy in the Code by number or hyperlinking will make everything more user friendly.

For more information on this topic, contact Richard Kusserow ([email protected]). You can also keep up-to-date with Strategic Management Services by following us on LinkedIn.

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.