Blog Post

Code of Conduct Development and Revision

Richard P. Kusserow | March 2025

The Code of Conduct is an organizationโ€™s constitution that provides an outline of the organizationโ€™s values and general guidance on the expectations of those in the workplace. While compliance with these principles should be detailed in policies and procedures, the Code establishes the organizationโ€™s core values and expectations, requiring periodic review and update. Developing and revising a Code requires careful planning and execution. It should begin with an introductory message from the CEO affirming the organizationโ€™s commitment to its principles and values.

A well-crafted Code must address key stakeholders, including patients, workforce, business partners, and regulatory authorities. It should also describe the compliance program, outline procedures for reporting misconduct, and specify consequences for violations. Regulatory and oversight agencies, such as the U.S. Sentencing Commission, DOJ, and OIG, emphasize that the Code should be user-friendly and provide clear guidance.

To reinforce compliance, it is advisable for executive/management and board oversight compliance committees to review and approve the Code, as it helps evidence their commitment to the compliance program. Once in place, it should be easily accessible, preferably on the organizationโ€™s intranet, and incorporated into employee training to ensure widespread understanding of its content and expectations.

The following are key elements to consider when developing or revising a Code of Conduct:

  1. The organizationโ€™s core cultural values and principles
  2. The tone and compliance commitment
  3. The scope, specifying to whom it applies (e.g., employees, managers, contractors, suppliers)
  4. Use of clear, concise, and understandable language that is easily understood
  5. Workplace behavior (e.g., integrity, honesty, and respect)
  6. Patient rights
  7. Privacy, confidentiality, and data protection
  8. Relationships with business partners
  9. Organizationโ€™s property, financial, intellectual, digital, and proprietary rights
  10. Conflicts of interest
  11. Interaction with external parties
  12. Non-discrimination and general workplace fairness
  13. Affirmative duty to report suspected wrongdoing
  14. Clear guidelines on how to report suspected violations
  15. Consequences for non-compliance
  16. Anonymous reporting
  17. Confidential reporting
  18. No retaliation or reprisals for reporting
  19. Applicable legal and regulatory requirements
  20. Financial and accounting maintenance and reporting practices
  21. Workplace safety
  22. Consequences for failure to comply (i.e., warnings, suspension, or termination)
  23. Employee Attestation to have read, understood, and compliance

Many organizations reinforce and clarify points by inserting FAQs and examples, along with having citing the policy documents that provide detail to the general policy statements. Flagging the supporting policy in the Code by number or hyperlinking will make everything more user friendly.

For more information on this topic, contact Richard Kusserow ([email protected]). You can also keep up-to-date with Strategic Management Services by following us on LinkedIn.

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog