Share This Post

[Blog Series] 7 Elements of an Effective Compliance Program: Week 2

August 17, 2018
Compliance By Rodney Farley, Director

In week 1 of our blog series on the 7 elements of an effective compliance program, we noted that a compliance program is a formal statement of a healthcare practice’s intention to conduct itself ethically in regards to business operations, government regulations, patient services and care. The purpose of a formal compliance program is to provide a blueprint for the organization’s compliance program and accomplishing the goals.


The first of seven basic compliance elements for skilled nursing facilities, per the notice issued by the Office of Inspector General (OIG) (Federal Register Vol. 65, No. 52 Thursday, March 16, 2000), is:

“The development and distribution of written standards of conduct, as well as written policies, procedures and protocols that promote the nursing facility’s commitment to compliance (e.g., including adherence to the compliance program as an element in evaluating managers and employees) and address specific areas of potential fraud and abuse, such as claims development and submission processes, quality of care issues, and financial arrangements with physicians and outside contractors;…”

So, let's dive deeper on this element.

Standard 1: Implement Written Policies, Procedures, and Standards of Conduct

The first core element of an effective compliance program is having written policies, procedures, and standards of conduct. Establishing written policies and procedures is necessary to promote consistency and uniformity in your organization. Policies and procedures should be written clearly and describe expectations of compliance in detail. These written policies, procedures and standards should be composed with guidance from the Compliance Officer (CO) and Compliance Committee.  

These guidelines also need to be made readily available for all your employees. You and your compliance committee need to determine how these guidelines will be distributed, whether by hard copy, electronically, or company intranet. These standards should be reviewed with employees within 90 days of hire and at a minimum of annually thereafter. All employees should be required to certify that they have read, understand and agree to comply with the standards. You and your compliance committee need to establish how frequently these policies, procedures and standards will be monitored and reviewed; also, how changes will be made to these guidelines. 

The written standards for conduct or the “code of conduct” should clearly state and outline the office’s or practice’s commitment to compliance, values and quality treatment of customers/patients and employees. Standards of conduct should detail your organization’s commitment to ethical behavior, as well as your vision and values. The standards of conduct should also indicate that compliance is the responsibility of all employees and describe how to report incidents of non‐compliant or unethical behaviors. OK, let’s stop here for a minute. What does this really mean?

Developing Facility Specific Protocols

Every healthcare organization must develop facility specific protocols that define the rules of engagement for the operations to detect, deter and mitigate fraudulent activity. These policies and procedures are dynamic, refined and current with the ever-changing landscape related to regulatory, reimbursement and technological changes. Remember the reports of large number HIPAA violations across the nation? This was mainly due to the innovation of cell phones with readily accessible camera functionality. Organizations responded with additional policies on the parameters for employee, resident and visitor cell phone usage. This epitomizes the importance of having dynamic, refined and current policies and procedures.

Also consider the policy and procedures for timely transmission of MDS Assessments. The assessments are transmitted to the Quality Improvement and Evaluation System (QIES) Assessment Submission and Processing (ASAP) system. If an MDS assessment was NOT successfully transmitted and accepted in the QIES system, and the Medicare Administrative Contractor (MAC) queries a PPS MDS for a claims review and identifies this, this will result in a technical denial with provider liability (i.e., no reimbursement or right to appeal).

The initial steps for any policy and procedure manual is the outline (Table of Contents). Review your policy and procedure manual to see if it is clearly written and, when reviewed with employees, they understand what they are certifying to agree to comply with. 

Now that we know what your written policies and procedures should include, the next blog will discuss how the oversight of your compliance program should be structured and what responsibilities and authorities your compliance staff should have.

Watch our video on the seven elements of an effective compliance program and join us weekly in this series as we will discuss each of the seven elements in greater detail, along with implementation recommendations.

Don't forget, HHS-OIG encourages providers to seek help and support as needed from outside experts in billing and coding, legal counsel knowledgeable in fraud and abuse laws, and the comprehensive resources available on HHS-OIG’s website.


Subscribe to the blog to receive updates on our blog series, “7 Elements of an Effective Compliance Program” and other healthcare news.