Policy Management Supports Risk and Compliance Oversight

Hospitals and other health care facilities create and maintain thousands of policy documents. A typical hospital has policies that guide daily operations, ranging from administration and human resources to direct care and use of medication. An infection control policy, for example, guides laboratory procedures, specimen testing, personal protective equipment and waste disposal, while a discharge policy designates when and by whom patients can be released and what documentation is necessary.

Effective development, use and maintenance of an organization’s policies and procedures help to establish a culture of compliance, mitigate risk, support consistent clinical practice and achieve the organization’s objectives.

The Office of Inspector General noted the importance of effective policy development and management in its 2005 Supplemental Compliance Program Guidance for Hospitals. It suggests that, as part of an effective compliance program, hospitals must ensure that they have policies and procedures that are clearly written, relevant to daily responsibilities, readily available and regularly re-evaluated. The OIG also says that hospitals should monitor staff compliance with internal policies and procedures and strongly encourages the governing board to be involved in compliance program development and oversight.

Some hospitals, however, report that they are still creating policies on paper, storing them in binders and housing them in multiple locations, which puts their organizations at risk. For example, staff at a southern critical access hospital were asked to locate specific policies during a 2012 accreditation survey. They were unable to do so, which affected the outcome of the survey.

Governing boards have roles to play in ensuring that their organizations engage in effective policy development and management as part of risk management and compliance efforts. One way for boards to oversee these activities is through their audit and compliance committees' periodic reviews of hospital internal control systems. As part of that review, boards should ensure that policies are managed in ways that:

• are simple and accountable,

• have designated internal leaders responsible for oversight,

• ensure quick and ready access to policies,

• allow easy creation and regular review,

• link to related standards and regulations,

• take advantage of new technology that can reduce the time and expense of using manual, paper-based systems,

• allow governance, risk and compliance activities to identify areas for improvement and target resources to address them.

The board’s audit and compliance committee should be provided with data and performance benchmarks relevant to effective policy management. In the OIG report “Driving for Quality in Acute Care: A Board of Directors Dashboard,” participants in a government-industry roundtable suggest that a performance dashboard could include such metrics as numbers of new and updated policies and the amount of time spent accessing key policies, along with benchmark data for comparison. Helping boards to understand their respective organization’s performance against industry standards can help them to allocate resources to address areas for improvement.

Effective policy development and management can support an organization’s governance, risk and compliance efforts and objectives. It helps to define, articulate and communicate boundaries and expectations, guide desired conduct, establish a culture of compliance and reduce the risks of fines and litigation that may arise from lack of compliance with regulatory and other requirements.

Donna Willeumier (donna.willeumier@advocatehealth.com) is administrator, quality management and regulatory, Advocate Health Care, Downers Grove, Ill. Saud Juman (sjuman@policymedical.com) is chairman, president and CEO of PolicyMedical Inc., Pleasanton, Calif.