Have you ever read or compared 100 Standards of Conduct (SOC)? As is widely known in the compliance field, a SOC’s importance is unparalleled. As the constitution of a compliance program, it outlines the organization’s major policies and sets expectations for its workforce and business partners.
In this article, we will share data collected from a review SOC of 100 healthcare organizations in the U.S. The objective was to examine and compare different aspects of SOCs to see what we could learn from their content. Using a data-based, data-driven approach, we compare and contrast SOCs.
It is essential that we keep in mind the purpose of the SOC, which is to define the organization’s appropriate and ethical way of doing business. As one an organization’s most significant documents, it shows what is important and how it aligns with its mission, vision, and values. In our review, common themes were evident. However, every organization has its own unique values that align with their cultures. The purpose of our review was to highlight the key items that can help define and improve your SOC.
Our approach
There are two main documents referenced when discussing SOCs. One applicable to compliance programs across all industries is from the Federal Sentencing Guidelines, Chapter 8, often referred to as 8B2.1.[1] The other is the U.S. Department of Health and Human Services Office of Inspector General (OIG) Compliance Program Guidance (CPG) for Hospitals.[2] Even though this document was released over 25 years ago in the Federal Register, it remains one of the most referenced documents with respect to compliance programs that are developed primarily in the healthcare industry.
8B2.1 – Effective compliance and ethics program
Section 8B2.1 of the Federal Sentencing Guidelines was first introduced in November 1991 as part of the United States Sentencing Commission’s amendment cycle. The guideline relates to the determination of the base offense level for certain white-collar crimes, including fraud and theft. Since its initial introduction, the guideline has been revised and amended several times, most recently in 2018.[3] Let’s now focus on a particular section of 8B2.1, which introduces SOC.
Subsection b introduces seven subparagraphs that list the minimal requirements to show due diligence in preventing conduct and promoting a culture that encourages ethical conduct and a commitment to compliance with the law. Right from the start in paragraph 1, it states, “The organization shall establish standards and procedures to prevent and detect criminal conduct,” and this forms the basis for the development of a SOC.[4]
Compliance program guidance for hospitals
OIG provides guidance for all types of healthcare organizations. This guidance offers descriptions of what makes up the framework of a compliance program in the OIG’s CPG for hospitals; SOC appears 12 times. Additionally, there is a separate section in the CPG dedicated to SOC.
What are the critical functions of SOC? The document itself is a form of communication. When reviewing the OIG CPG, it states that SOC is essentially an “expression of expectations,” which can be relatable to some when worded that way. For example, when a company expects its employees to bill for therapy services based on the actual minutes provided, the wording and tone of its communication are critical because it will affect employees’ behaviors. A single word change from “may” to “shall” completely changes employees’ perceptions of the company’s expectations.
SOC is about sharing information with employees, and they need to view it as a tool and resource that can help them when facing a challenging situation or when they have questions about the organization’s expectations.
