Getting Started

APPENDIX 3-E: Sample Policies and Procedures

Table of Contents for Included Policies

  • Policy and Procedure Creation

  • Directives

  • Goals

  • Compliance Program

  • Committee Members

  • Committee Duties and Responsibilities

  • Accessing and Communicating with the Compliance Committee/Officer

  • General Education Principles

  • Education for New Employees

  • Education Plan Elements

  • Documenting Education Efforts

  • Methods for Conducting All Internal Audits

  • Audit Results

  • Baseline Audits

  • Internal Audit General Principles

  • Reporting Possible Misconduct

  • Documenting Compliance

  • Enforcing Compliance Policies and Procedures

  • Investigating Alleged Violations

  • Responding to Possible Misconduct/Disciplinary Actions for Employees Who Fail to Comply with the Compliance Program

  • Compliance as an Element of a Performance Plan

  • Conflicts of Interest Policy for Directors, Officers, and Senior Management

  • Conflict of Interest Policy

[Organization Name] Compliance Program

Policy and Procedure Name: Policy and Procedure Creation
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To promote the [Organization Name] commitment to compliance and address specific areas of compliance, such as billing, contracts, marketing, and claims processing, through the development of and compliance with formal compliance policies and procedures.

POLICY: The compliance officer and committee shall develop baseline and issue-specific formal compliance program policies and procedures in a standardized and effective manner. Compliance policies and procedures shall be regularly reviewed and updated. Existing operational and other noncompliance-specific policies will be reviewed and revised as necessary to ensure compliance with [Organization Name]’s compliance program as well as federal and state laws and regulations.

The following steps should be followed when creating and approving compliance policies and procedures:

ProcedureResponsible Party
1. Baseline Policies: The compliance committee and ad hoc compliance committee members shall approve the initial list of baseline compliance policies that will be prepared. Issue-Specific Policies: The compliance committee and ad hoc compliance committee members shall request the creation of any new issue-specific policies. Existing Noncompliance Policies: The compliance committee and ad hoc compliance committee members shall determine which existing noncompliance policies should be reviewed for compliance with [Organization Name]’s compliance program. Annual Policy Review: Each year, the compliance committee and ad hoc committee will review all compliance policies and procedures and determine whether any of the policies require revisions or updates. Compliance Officer and Committee
2. Compliance officer and designated members of the committee will prepare the first draft of baseline and issue-specific compliance policies and procedures, as well as revisions to existing policies. Compliance Officer and Committee
3. Compliance officer and selected members of the committee will submit the first draft of the policies via email to the compliance committee for review as they are drafted and no later than the second Thursday prior to the monthly Monday evening compliance committee meeting. Compliance Officer and Committee
4. The compliance committee shall provide feedback on any draft policy via redlined draft or comments within a week of receipt of the draft and no later than the Thursday prior to the monthly Monday evening compliance committee meeting. Compliance Officer and Committee
5. [Organization Name] will incorporate the revisions and present a draft of the revised policy at the monthly compliance committee meeting. Compliance Officer and Committee
6. Compliance committee members will vote on the approval of each policy presented separately. If a policy is not approved, the discussed revisions will be prepared and approved in the manner described herein (steps 2 through 4). Compliance Officer and Committee
7. The compliance committee will determine the appropriate method of initially distributing the approved policy. Nevertheless, the policy will be added to each compliance manual, and it will be reviewed at the new employee compliance training sessions and existing employee annual compliance training sessions. Compliance Officer and Committee

[Organization Name] Compliance Program

Policy and Procedure Name: Directives
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To ensure that a standard compliance program is in place and is effective in ensuring compliance with government requirements.

POLICY: [Organization Name] recognizes that its compliance plan must be tailored to individual needs and to some degree must be tailored to meet the needs of individual employees and changing and evolving issues. It is, however, the commitment of [Organization Name] to guarantee that its compliance program follows the seven fundamental steps of a corporate compliance program as defined by the federal sentencing guidelines.

[Organization Name]’s compliance program is designed, at a minimum, to provide the following:

ProcedureResponsible Party
1. Directive #1—Written Code of Conduct: To assure the development and distribution of a written code of conduct as well as written policies and procedures that promote [Organization Name]’s commitment to compliance and that address industry-specific areas of risk Compliance Officer and Committee All Employees
2. Directive #2—Compliance Officer and Committee: The designation of a compliance officer and other appropriate bodies, e.g., compliance committee and ad hoc compliance committee members, charged with the responsibility of operating and monitoring the compliance program, and will report directly to [Organization Name]’s board of directors Compliance Officer and Committee All Employees
3. Directive #3—Education and Training: The development and implementation of regular, effective education and training programs for all appropriate employees and physicians to ensure their understanding of [Organization Name]’s compliance program. [Organization Name]’s compliance program policies and procedures will be distributed to all employees who are required to read and sign the acknowledgment form expressing their understanding of and commitment to [Organization Name]’s compliance program Compliance Officer and Committee All Employees
4. Directive #4—Anonymous Reporting of Complaints: For the maintenance of a process, such as an anonymous drop box, to receive complaints, the adoption of procedures to protect the anonymity of complainants and to protect whistleblowers from retaliation Compliance Officer and Committee All Employees
5. Directive #5—Investigations and Disciplinary Actions: The development of a system to respond to and investigate allegations of improper illegal activities; the enforcement of appropriate disciplinary action against employees who have violated internal compliance policies, applicable statutes, regulations, or government requirements Compliance Officer and Committee All Employees
6. Directive #6—Auditing and Monitoring: The use of audits and/or other evaluation techniques to monitor compliance and assist in the reduction of identified problem areas Compliance Officer and Committee All Employees
7. Directive #7—Nonemployment or Retention of Sanctioned Individuals: The development of policies addressing the nonemployment or retention of sanctioned individuals Compliance Officer and Committee All Employees

[Organization Name] Compliance Program

Policy and Procedure Name: Goals
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directives #1–7 and to ensure [Organization Name]’s commitment to operate its business in full compliance with all government and industry regulatory body requirements.

POLICY: [Organization Name] will conduct all of its business operations in full compliance with government requirements and maintain an effective compliance program to monitor such compliance.

The following constitute the goals of the [Organization Name] compliance plan:

Procedure
1. Comply with all federal, state, and local governmental laws, regulations, and guidelines pertaining to proper documentation for all services provided.
2. Establish a culture within [Organization Name] that promotes prevention, detection, and resolution of instances of conduct that do not conform to federal and state law and public and private requirements as well as promotes the organization’s ethical and business policies.
3. Effectively articulate and demonstrate the organization’s commitment to the compliance process.
4. Establish a central coordinating mechanism for furnishing and disseminating information and guidance on applicable federal and state statutes, regulations, and other requirements.
5. Eliminate or reduce the damage to the reputation and goodwill of the organization resulting from claims of fraud and abuse.
6. Educate and inform all employees of the importance and methods of proper billing, accounting, and [INSERT OTHER IMPORTANT PROCESSES] procedures.
7. Provide advance notice and explanation of the expectations of employees regarding compliance and the repercussions associated with any fraud and abuse.
8. Reduce and effectively eliminate inaccurate billing for all services rendered by [Organization Name].
9. Reduce or minimize exposure to penalties and sanctions that may be imposed for fraud and abuse.
10. Provide a means and method for [Organization Name] management to monitor the strengths and weaknesses of the billing and documentation processes followed for all [Organization Name] sites of service.
11. Provide a means of preventing and detecting any improper billing or business practices.
12. Provide a method for responding to any regulatory investigation or audit.
13. Provide all employees a conduit for reporting or addressing any concerns or issues they may have regarding billing practices or fraud and abuse within the organization.
14. Provide a written record of all due diligence taken on behalf of [Organization Name] to comply with all federal, state, and local laws, rules, and regulations as well as requirements of private organizations with which [Organization Name] conducts business.
15. Improve the quality of the services delivered to customers and clients.

[Organization Name] Compliance Program

Policy and Procedure Name: Compliance Program
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directive #6 and to ensure compliance with all federal, state, and other industry regulatory bodies’ requirements and guidance.

POLICY: The compliance officer is responsible for carefully reviewing and considering all government memoranda, newsletters, and any other correspondence issued by the government. The compliance officer also will review any fraud alerts, model guidance, audit, inspection, or evaluation reports relating to the industry issues by the government. All relevant materials shall be discussed with the appropriate administrative and, if necessary, legal personnel.

ProcedureResponsible Party
1. The compliance officer is responsible for carefully reviewing and considering all program memoranda, newsletters, and any other correspondence issued by the government. The compliance officer also will review any fraud alerts, model guidance, audit, inspection, or evaluation reports relating to physician practices issued by the government. Compliance Officer and Committee
2. The compliance officer will brief management and other appropriate employees on the contents of the materials and review the current practices of the organization in the areas being criticized by the government. Compliance Officer and Committee
3. If the compliance officer, administration, and other employees discover that a current practice of the organization is criticized in the materials, the management personnel are responsible to cease and correct such conduct and take reasonable action to prevent such conduct from recurring in the future. Compliance Officer and Committee
4. If an investigation is required, the compliance officer is responsible for initiating the investigation. Compliance Officer and Committee
5. The compliance officer is responsible for reviewing the findings of the investigation, contacting the appropriate personnel, and taking the necessary corrective action. Compliance Officer and Committee

[Organization Name] Compliance Program

Policy and Procedure Name: Committee Members
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directives #1–7 and to ensure that a capable and representative compliance committee supports and assists the compliance officer to carry out the mission and duties of the compliance program.

POLICY: [Organization Name] will establish a compliance committee to manage and coordinate its compliance program. The committee will comprise individuals with the authority to execute these policies and procedures as well as individuals with the experience and the capability of monitoring and executing the compliance program. The committee members will be representative of the various departments of [Organization Name] and be influential or high-level members of the departments.

The committee will consist of no less than the following individuals:

ProcedureResponsible Party
1. Committee Chairman —This individual will always be the person designated as the compliance officer or designee for [Organization Name]. This position shall always have a direct line of communication and reporting to the board of directors. This individual will be an employee with strong industry background responsible for orchestrating the compliance process and will be given the authority to handle the day-to-day administration of this program. Compliance Committee and Compliance Officer
2. Financial Officer/Controller
3. Director of Billing
4. Director of Human Resources
5. Director of Operations
6. Director of [INSERT POSITION HERE] [e.g., Director of Nursing, Director of Manufacturing Processes, Director of Government Relations, Marketing Director)

[Organization Name] Compliance Program

Policy and Procedure Name: Committee Duties and Responsibilities
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directives #1–7 and to ensure that [Organization Name] maintains an effective compliance committee.

POLICY: [Organization Name] will maintain an effective compliance committee to support the compliance officer, assist in the development and maintenance of the compliance program, and assist in the resolution of any compliance-related investigations. The compliance officer may delegate duties to the committee as he or she deems appropriate.

ProcedureResponsible Party
1. It will be the compliance officer’s and the compliance committee’s responsibility to execute [Organization Name]’s compliance plan. The compliance officer and committee will carry considerable weight and authority with the board of directors, and great deference will be afforded the compliance officer’s and committee’s recommendations. The compliance officer will provide monthly updates to the board of directors. Compliance Committee
2. The compliance officer will have the responsibility for overseeing all efforts to manage and implement this compliance program. The compliance officer has the right to delegate certain responsibilities of this position to the compliance committee in order to allow his or her responsibilities to be performed. The delegation of any of these duties does not dilute the importance or authority of the compliance officer’s role or responsibilities.
3. The compliance officer, compliance committee, management, and all department managers or heads shall be accessible to all employees to discuss, report, or address any issues related to compliance. Such accessibility will be made well known to all employees.
4. The compliance officer is responsible for developing the system to solicit, evaluate, and respond to any compliance-related complaints or problems.
5. All employees are free and strongly encouraged to discuss concerns or other issues relating to compliance with any compliance committee member or other individual identified above.
6. [OPTIONAL] The compliance officer will serve a one-year term, which can be renewed for unlimited one-year terms as mutually agreed upon by the board of directors.
7. The compliance officer will have significant authority and autonomy to address all compliance issues on a daily basis.
8. The compliance officer will have access to extensive instruction in all pertinent laws, regulations, and guidelines.
9. The compliance officer will be responsible for developing and distributing all compliance policies and procedures.
10. All audit results, decisions, and issues will be addressed with the compliance officer before reporting such issues to the board and the individual employees.
11. All compliance reports will be reviewed and signed by the compliance officer and then provided to the compliance committee.
12. The compliance officer will be primarily responsible for documenting and recording all compliance efforts undertaken by [Organization Name].
13. The compliance officer also will be responsible for coordinating responses to any governmental or other investigative requests as well as serving as liaison with all auditing agencies.
14. Any changes or developments in guidelines or issues will be monitored and incorporated on an ongoing basis by the compliance committee.
15. The compliance officer periodically revises the compliance program in light of any changes in the needs of the organization or in the law and procedures of entities with whom the organization conducts business.
16. The compliance officer will be responsible for developing and maintaining the library of compliance-related materials, fraud alerts, and for distributing relevant information to keep the employees apprised of compliance-related issues.
17. The compliance officer and their staff are responsible for monitoring and providing education to employees on compliance-related issues and processes.
18. The compliance officer will be responsible for assuring that any independent contractors or other entities performing services on behalf of the organization are aware of the organization’s compliance policies.
19. The compliance officer coordinates with personnel or human resources to ensure that employees, agents, managers, and contractors/vendors of [Organization Name] have an appropriate background check and are not excluded from participating in federal programs.
20. The compliance officer will be responsible for updating the compliance manual on a regular basis.

[Organization Name] Compliance Program

Policy and Procedure Name: Accessing and Communicating with the Compliance Committee/Officer
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directives #1–7 and to ensure an open line of communication between the compliance officer, compliance committee members, management, and [Organization Name] employees.

POLICY: The compliance officer and compliance committee members have an open-door policy for all [Organization Name] employees who request interpretation of federal and state rules and regulations and/or wish to report suspected misconduct. The employees can remain completely anonymous and are protected against acts of retribution.

ProcedureResponsible Party
1. The confidentiality of all information shared with the compliance committee and its members as well as all management will be strictly maintained. Compliance Committee
2. [Organization Name] management and compliance committee will not retaliate against employees for reporting any alleged noncompliance or fraud and abuse by employees. Compliance Committee
3. All employees will be provided periodic reminders to encourage communication and the reporting of incidents of potential fraud. Compliance Committee
4. The employees will be provided clarification from the compliance officer or members of the compliance committee in the event of any confusion or question with regard to a policy or procedure. Questions and responses will be documented and dated and, if appropriate, shared with other employees so that standards, policies, and procedures can be updated and improved to reflect any necessary changes or clarifications. Compliance Committee
5. The compliance officer will establish confidential reporting methods, including, but not limited to, personal meetings, emails, written memoranda, and other forms of information exchange to maintain confidential lines of communication. Compliance Committee
6. Matters reported through any of these communication sources that suggest substantial violations of compliance policies, regulations, or statutes will be documented and investigated promptly to determine their veracity. Compliance Committee
7. A logbook will be maintained by the compliance officer that records any compliance-related reports, including the nature of any investigation and its results. Compliance Committee
8. The compliance officer will work closely with legal counsel in order to obtain guidance regarding any compliance reports or issues. Compliance Committee
9. If an investigation is required, the compliance officer is responsible for initiating the investigation. The compliance officer is responsible for reviewing the findings of the investigation, contacting the appropriate personnel, and taking the necessary corrective action. Compliance Committee

[Organization Name] Compliance Program

Policy and Procedure Name: General Education Principles
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To ensure compliance with Compliance Directive #3 and to educate staff on proper business processes and requirements as well as compliance program obligations is the hallmark of this compliance program. Education serves as the basis from which all other aspects of this program arise.

POLICY: The following points are emphasized to all employees:

ProcedureResponsible Party
1. All employees are to be provided ample instruction and education relating to proper compliance principles. If, at any point, any individual believes that they are not provided with sufficient education or the opportunity to avail themselves of the necessary education, that person has an absolute duty to inform the compliance officer, a member of the compliance committee, or their supervisor of this issue. Compliance Officer and Committee
2. The educational emphasis is placed on understanding the principles and concepts of proper industry-specific compliance processes (such as preparation of financial statements) and not mere memorization of detailed rules and guidelines.
3. All relevant rules and regulations are contained in the compliance library.
4. Each employee should see it as their responsibility to work with all personnel to educate each other on proper compliance principles.
5. The compliance officer will designate an individual member of the compliance committee as the compliance liaison responsible for coordinating and providing the compliance education.
6. Employees whose actions affect the accuracy of the invoicing/billing, financial reporting, auditing, and other relevant business practices, such as employees involved in the billing and marketing, will be targeted for additional training.
7. The compliance officer will document all formal training undertaken by the organization as part of the compliance program.
8. Attendance and participation in training programs is a condition of continued employment, and failure to comply with training requirements will result in disciplinary action, including possible termination, when such failure is serious.
9. Adherence to the provisions of the compliance program, such as training requirements, will be a factor in the annual evaluation of each employee.
10. The practice will retain records of its training of employees, including attendance logs and material distributed at training sessions.
11. The education program also includes instruction on the [Organization Name] compliance protocol as well as the compliance policies and procedures established herein.

[Organization Name] Compliance Program

Policy and Procedure Name: Education for New Employees
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directive #3 and to provide accurate and sufficient compliance training to all new employees.

POLICY: In addition to the applicability of this compliance plan to all new employees, the following policies and procedures also will apply to all new employees:

ProcedureResponsible Party
1. Each new employee will be provided the compliance policies and procedures and is to become familiar with its contents. Compliance Officer and Committee
2. Each new employee will be incorporated into this education program.
3. The new employee will be required to attend one outside instructional seminar related to coding as soon as is practically possible.
4. The education officer will be responsible for educating new employees about government guidelines and office protocol for compliance issues and will be available to answer all questions and provide additional information on an as-needed basis.
5. New employees will be made aware of all educational materials available within the office as well as the instructional seminar requirements.

[Organization Name] Compliance Program

Policy and Procedure Name: Education Plan Elements
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To ensure compliance with Compliance Directive #3 and to ensure that all employees are up to date on compliance and well versed on the office’s proper business practices.

POLICY: The following constitutes the elements of [Organization Name]’s education plan:

ProcedureResponsible Party
1. Each employee is to be instructed on proper documentation guidelines as promulgated by the government and further explained in all other appropriate information sources. Compliance Officer and Committee
2. The compliance officer will be responsible for educating new employees about government guidelines and office protocol for compliance and will be available to answer all questions and provide additional information on an as-needed basis.
3. All government guidelines are incorporated as a part of this organization’s compliance policies and procedures and can be found in the compliance manual.
4. Within three months of the implementation of this program, each employee will be instructed on the requirements of this program and the compliance-related protocol or process established within this office.
5. All employees will be made aware of all educational materials available within the office as well as the instructional seminar requirements.
6. The compliance officer and compliance committee will designate one individual to be responsible for watching for and collecting articles, educational pieces, or any other items that can be distributed to employees to update them on “new” or helpful aspects of compliance.
7. Each employee will be required at least once a year to attend an “outside” instructional course, training session, or seminar relating to proper business practices, including financial statement preparation and compliance processes.
8. Each employee will attend one in-house instructional coding meeting each year. These sessions will be set up by the compliance officer using qualified in-house personnel and/or outside personnel.
9. Forms and templates used within [Organization Name] for purposes that affect certain business practices will be explained to each employee.
10. All written materials obtained during the instructional courses will be collected and maintained in the “compliance library.”
11. Relevant information, articles, or updates pertaining to compliance guidelines will be distributed to all employees and maintained in the compliance manuals.
12. The compliance officer will provide all employees with examples of proper and improper business practices (such as improperly completing worksheets that affect the preparation of financial statements).
13. Testing of all staff will be conducted on their relevant areas of work and overall compliance after they have been educated on proper business practices.
14. The educational officer will personally observe all new employees involved in the certain process (e.g., financial statement preparation, billing,) to provide on-site instruction and advice on issues.

[Organization Name] Compliance Program

Policy and Procedure Name: Documenting Education Efforts
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directive #3 and to document the educational efforts of the compliance program.

POLICY: In order to establish and underscore the seriousness with which [Organization Name] applies to this compliance plan, the compliance committee is to take all reasonable efforts to document its education efforts in the following manner:

ProcedureResponsible Party
1. Each employee will be provided a copy of the compliance manual, and the acknowledgment will be signed and collected. Compliance Officer and Committee
2. All educational materials received at any instructional course will be collected and maintained in a “compliance library.”
3. All educational sessions attended by employee will be documented in a logbook to be maintained by the compliance officer.
4. A calendar will be maintained within the office providing information relating to educational opportunities available to each employee. As information is received about seminars or instructional courses relating to compliance, these will be placed on a month-at-a-glance style calendar that will be distributed to all employees on a periodic basis. A copy will be maintained in the coding library as well. These calendars also will be distributed on a periodic basis at staff meetings or board of directors meetings.
5. Memos also will be distributed occasionally for updating employees about new items or issues and the availability of information in the “compliance library.”

[Organization Name] Compliance Program

Policy and Procedure Name: Methods for Conducting All Internal Audits
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directive #6 and to ensure that audits are conducted appropriately and in compliance with the Sarbanes-Oxley Act.

POLICY: [Organization Name] will maintain annual audits on an ongoing basis. The method of conducting the ongoing audits will consist of the following:

ProcedureResponsible Party
1. The internal auditors will be provided a standardized worksheet incorporating the methodology used by the employees. Compliance Officer and Committee
2. All employees exposed to compliance risk will be audited over the course of the year.
3. Each employee exposed to compliance risk will have approximately 100 separate items from 100 separate documents/transactions audited over the course of each year.
4. The items will be randomly pulled and should represent a range of compliance-related areas of risk.
5. The items selected for auditing will be audited prior to submission or delivery.
6. Auditors will audit each item independently by reviewing the available information and documentation and determining the appropriate course of action. Auditors are not to simply look at the outcome and then look for sufficient documentation to support that outcome. Auditors are to make their own independent determination of the appropriate course of action.
7. The audit will be conducted using an audit worksheet, which reports and documents all elements of the process and outcome.
8.The audit will be charted and reported using the spreadsheet used for all internal audits. Reports are to be prepared that allow the organization to track the audit results.

[Organization Name] Compliance Program

Policy and Procedure Name: Audit Results
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directive #6 and to ensure the appropriate documentation of audit efforts and results.

POLICY: [Organization Name] will conduct audits according to the audit schedule and document such audit efforts and results appropriately.

During the course of the ongoing internal audit, the following steps will be taken:

ProcedureResponsible Party
1. Any practices that are found to be inappropriate will be reported to the designated individuals in management and compliance immediately. The inappropriate activities either will be stopped or modified to be appropriate immediately. Compliance Officer and Committee
2. The compliance officer, compliance committee, management, etc. will review the audit documents to verify the findings of the audit.
3. Any employees found to be conducting inappropriate activities will be interviewed by management and the compliance officer to investigate the origin and purpose of the inappropriate activities.
4. The compliance officer will always be available to address and resolve any discrepancies determined during an audit.
5. If in doubt as to the appropriate answer to a discrepancy, the more conservative approach will be taken until outside, expert opinions can be obtained.
6. The compliance chairman and officer will be provided with audit results on a monthly basis.
7. The board of directors will be provided with a quarterly update on the audit results.

[Organization Name] Compliance Program

Policy and Procedure Name: Baseline Audits
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directive #6 and to ensure that certain business practices have baseline audits performed against which future audit results can be measured and to ensure initial compliance with regulations governing that business practice.

POLICY: Immediately upon the adoption of these policies and procedures the [Organization Name] will conduct a baseline audit to determine the current compliance status for the entire organization.

The methodology will follow the methods used for all audits outlined above but also will include the following:

ProcedureResponsible Party
1. Each auditable business practice will have an initial baseline probe audit performed. Compliance Officer and Committee
2. Corrective actions needed for any errors found in the baseline audit will be implemented.
3. Should the audit results demonstrate that the practice has an error rate of greater than 10%, the underlying causes for the audit will be investigated and corrected. A secondary baseline audit of the “clean” process will be conducted. This process will be repeated until the error rate is less than 10%.
4. An accuracy percentage rate will be compiled for each employee/process, and an average will be assessed for the organization. This will constitute the “baseline accuracy rate.”

[Organization Name] Compliance Program

Policy and Procedure Name: Internal Audit General Principles
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directive #6 and to monitor and evaluate the [Organization Name]’s efforts at compliance with proper business practices and documentation processes.

POLICY: [Organization Name] will have regular audits conducted by qualified individuals who document the audit process and results appropriately.

ProcedureResponsible Party
1. An established routine for conducting internal audits will be adopted and enacted. Compliance Officer and Committee
2. Internal audits will use the same guidelines and methods used by the government and other monitoring agencies.
3. The compliance officer will assign an individual and/or a group of individuals to conduct internal audits.
4. The internal auditors will be well-versed in the specific area of audit (e.g., financial reporting, billing) and documentation requirements and will be provided ample educational opportunities relating to the same.

[Organization Name] Compliance Program

Policy and Procedure Name: Reporting Possible Misconduct
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directive #4 and to ensure that employees, supervisors, managers, and administrators report all suspected and/or actual misconduct to the appropriate personnel without fear of retaliation.

POLICY: All employees, supervisors, managers, and administrators are required under the compliance program to report, anonymously if desired, any suspected and/or actual actions of misconduct without fear of retaliation.

ProcedureResponsible Party
1. All employees, supervisors, managers, and administrators are required under the compliance program to report, anonymously if desired, any suspected and/or actual actions of misconduct without fear of retaliation. All employees, supervisors, managers, and administrators
2. If the compliance committee or management determines there is credible evidence of misconduct from any source and, after a reasonable inquiry, has reason to believe that the misconduct may violate criminal, civil, or administrative law, then the compliance contact will contact [Organization Name]’s legal counsel. Compliance Officer and Committee
3. Legal counsel will determine if a violation has occurred that necessitates reporting the existence of misconduct to the appropriate governmental authority. In cases where reporting is necessary, the violation will be reported within a reasonable period of time. Legal Counsel
4.Appropriate federal and state authorities that may be contacted include, but are not limited to, the Criminal and Civil Divisions of the Department of Justice, the U.S. Attorney’s Office, Internal Revenue Service, Office of Inspector General, and Federal Bureau of Investigation.

[Organization Name] Compliance Program

Policy and Procedure Name: Documenting Compliance
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directives #1–7 and to ensure that all compliance efforts are appropriately documented and retained.

POLICY: [Organization Name] will document its efforts to comply with applicable statutes, regulations, and federal requirements. The compliance officer is charged with the responsibility of documenting and recording all efforts taken by [Organization Name] to implement this compliance program.

These implementation efforts will include:

ProcedureResponsible Party
1. Maintaining a “compliance file” in which all compliance efforts and issues are recorded. Compliance Officer and Committee
2. Documenting all audit results and efforts. Compliance Officer and Committee
3. Recording all educational efforts and initiatives supplied or attended by all employees in a logbook. Compliance Officer and Committee
4. Maintaining documentation regarding any disciplinary actions taken regarding compliance-related issues. Compliance Officer and Committee
5. Maintaining the minutes from all board meetings wherein compliance issues were raised. Compliance Officer and Committee
6. Maintaining and recording any discussions or documentation regarding requests for advice from a private program or government agency charged with administering a federal program whose regulations affect [Organization Name]’s business. Compliance Officer and Committee
7. Documenting all conversation and correspondence with legal counsel and other outside entities regarding advice and recommendations for compliance-related issues.Compliance Officer and Committee

[Organization Name] Compliance Program

Policy and Procedure Name: Enforcing Compliance Policies and Procedures
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directive #5 and to ensure that compliance policies and procedures are followed and enforced and that federal program requirements are met.

POLICY: The compliance officer will develop a protocol for disciplinary action for managers and employees who have failed to comply with the organization’s standards of conduct, policies and procedures, or federal and state laws, or those who have otherwise engaged in wrongdoing.

The disciplinary protocol will follow these guidelines:

ProcedureResponsible Party
1. The compliance committee is responsible for enforcing all compliance efforts at [Organization Name]. Compliance Committee
2.

All disciplinary actions for any violations of the compliance program policies and procedures or federal program requirements by employees will be implemented by the compliance officer or administrator. Disciplinary action for employees will follow the process outlined below:

  1. First Unintentional Violation—verbal counseling/warning

  2. Second Unintentional Violation—written counseling/warning and additional training

  3. Third Unintentional Violation—written counseling/warning, additional training, and probation

  4. Second Intentional or Third Unintentional—Termination

Department Manager and Administrator
4. All sanctions are subject to review by the compliance committee upon request of the affected individual or the compliance officer. Compliance Committee
5. Violations of a criminal nature (e.g., intentional fraudulent acts) will subject the employee to immediate suspension pending investigation. Upon completion of an internal investigation by the compliance committee whereby guilt is confirmed, the suspected individuals will be terminated. Compliance Committee and Board of Directors
6. Acts or failures to act by any employee that negatively affect the accuracy or appropriateness of billing or financial reporting accuracy will be subject to immediate review and action by the compliance committee. Compliance Committee and Board of Directors
7. All personnel are advised that disciplinary action will be taken on an impartial, consistent, and equitable basis. Individuals are not and will not be insulated from disciplinary action due to their position or role within [Organization Name]. Other than requiring the review and approval by the board of directors of any discipline of management, management is subject to the same scrutiny, expectations, and sanctions as all employees and are held to the same compliance standards. Everyone is to understand that all personnel will be held to the same standards.

[Organization Name] Compliance Program

Policy and Procedure Name: Investigating Alleged Violations
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directive #5 and to ensure that all reports of suspected violations of the compliance program or federal program requirements are appropriately investigated and remedied.

POLICY: [Organization Name] recognizes that violations of its compliance program along with violations of applicable federal or state law, and other types of misconduct threaten its status as a reliable, honest, and trustworthy organization capable of participating in federal and private programs. Consequently, upon reports or reasonable indications of suspected noncompliance, the compliance officer along with management will initiate prompt steps to investigate the conduct in question to determine whether a material violation of applicable law or the requirements of the compliance program has occurred and, if so, take steps to correct the problem.

As appropriate, such steps to investigate misconduct will include the following:

ProcedureResponsible Party
1. All reports of any alleged misconduct that may rise to the level of fraud and abuse will immediately be communicated to the compliance officer. Reporting may be anonymous. Reports may be made without fear of retaliation. Compliance Officer and Committee
2. Such reports will be investigated immediately. Compliance Officer and Committee
3. Depending upon the nature of the alleged violations, an internal investigation will include interviews and a review of relevant documents. Compliance Officer and Committee
4. For violations that are severe upon initial review, the compliance officer will engage outside counsel, auditors, or other experts to assist in the investigation. Compliance Officer and Committee
5. Records of the investigation will contain documentation of the alleged violation, a description of the investigative process, copies of interview notes and key documents, a log of the witnesses interviewed and the documents reviewed, the results of the investigation, e.g., any disciplinary action taken, and the corrective action implemented. Compliance Officer and Committee
6. The compliance officer will take appropriate steps to secure or prevent the destruction of documents or other evidence relevant to the investigation. Compliance Officer and Committee
7. If an investigation of an alleged violation is undertaken and the compliance officer believes the integrity of the investigation may be at stake because of the presence of employees under investigation, those subjects will be removed from their current work activity until the investigation is completed. Compliance Officer and Committee
8. A corrective action plan will be created if any fraud and abuse or material violation of this program is found to have occurred. Compliance Officer and Committee/ Management
9. Any violations, which are found to have occurred, will be reported to the suspected individuals. Compliance Officer and Committee/Management
10. Any discipline that the compliance officer, and when appropriate the board, determines is necessary will be implemented. Compliance Officer and Committee/Board/Management
11. If any overpayment or underpayment was involved, a report will be sent to the appropriate personnel/agency pursuant to government and other applicable guidelines. Compliance Officer and Committee/Management
12. When appropriate, an immediate referral to criminal and/or civil law enforcement authorities. Compliance Officer and Committee/Management
13. After a reasonable period, the compliance officer will review the circumstances that formed the basis for the investigation to determine whether similar problems have been uncovered. Compliance Officer and Committee

[Organization Name] Compliance Program

Policy and Procedure Name: Responding to Possible Misconduct/Disciplinary Actions for Employees Who Fail to Comply with the Compliance Program
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directive #5 and to ensure that employees are aware of corrective/disciplinary measures to be taken upon noncompliance with [Organization Name]’s compliance program or improper/illegal activities related to the compliance program.

POLICY: Employees are expected to comply with the provisions set forth in the compliance program code of conduct. Failure to do so will result in the use of counseling and corrective actions to motivate employees to participate directly in the resolution of such situations. Depending on the severity of the violation, steps in the corrective action process may be omitted in order that immediate corrective action, including termination if necessary, can be taken.

ProcedureResponsible Party
1. If the employee fails to attend a compliance program training session or in-service, a corrective action process will be used, which may include one or all of the following: verbal counseling, written counseling, suspension, and/or termination if necessary. Compliance Officer and Committee
2. In the event an employee is charged with a criminal offense, is accused of alleged misconduct related to the compliance program, or is proposed for debarment or exclusion during employment with [Organization Name], the individual will be immediately removed from responsibility or involvement with [Organization Name]’s business affairs until the resolution of such criminal charges, suspension, or proposed debarment. Compliance Committee and Management
3. If the employee is convicted, the compliance officer will immediately notify management. The compliance officer will assist with the investigation as directed by management. [Organization Name] will terminate that individual from employment or contracts with [Organization Name]. Compliance Committee and Management

[Organization Name] Compliance Program

Policy and Procedure Name: Compliance as an Element of a Performance Plan
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To comply with Compliance Directive #5 and to ensure that directors/managers/supervisors with compliance responsibilities educate their subordinates of the provisions of the compliance program.

POLICY: Directors/managers/supervisors with compliance responsibilities will educate their subordinates regarding the provisions of [Organization Name]’s compliance program. Sanctions will be imposed on directors/managers/supervisors for inadequately instructing subordinates of the compliance program and/or failing to detect noncompliance with the compliance program, where reasonable diligence on the part of the director/manager/supervisor would have led to the discovery of any problems or violations and given the appropriate personnel the opportunity to correct them earlier. Directors/managers/supervisors also will sign and date the [Organization Name] compliance policy and procedure certification and ensure that their employees read, understand, sign, and date the form.

ProcedureResponsible Party
1.

Directors/managers/supervisors will educate their employees on the following:

  • Compliance program responsibilities

  • Compliance as a condition of employment

  • Disciplinary actions for noncompliance

Compliance Officer and Committee
2.

Directors/managers/supervisors will sign and date the employee acknowledgment form, acknowledging sanctions for the following:

  • Failure to adequately instruct subordinates regarding the compliance program

  • Failure to detect noncompliance with applicable policies and legal requirements, where reasonable diligence on the part of the directors/manager/supervisor would have led to the discovery of any problems or violations

3.

Employees will sign and date the employee acknowledgment form, informing them of the following:

  • [Organization Name]’s commitment to compliance with all federal rules and regulations

  • Compliance program standards of conduct

  • The provisions of the compliance program

  • Strict compliance with the compliance program as a condition of continued employment

  • Their obligation to report any potential violation of the compliance program

  • Disciplinary action, up to and including termination, to be taken upon confirmation of noncompliance with the compliance program

[Organization Name] Compliance Program

Policy and Procedure Name: Conflict of Interest Policy for Directors, Officers, and Senior Management
Policy Number: Effective Date:
Policy Review Date:
Approval:

Under [state] law and by resolution of the board of directors, all officers, directors, corporate members, and employees have affirmative duties of loyalty and care to [Organization Name]. The duty of loyalty is the obligation to give primacy to the interests of [Organization Name] rather than personal concerns—to avoid self-dealing at the corporation’s expense. The duty of care is to act in good faith, in a manner that is reasonably believed to be in the best interests of [Organization Name], with the care a reasonably prudent person would use in similar circumstances. Together, the duties of loyalty and care frame the requirements for proper conduct of our business affairs and avoidance of conflicts of interest.

To help directors, officers, and employees honor their duties of loyalty and care, the board of directors has adopted the following requirements:

ProcedureResponsible Party
1. Whenever a director, officer, or member of senior management has a personal interest in another party that has or may have business dealings with [Organization Name], they shall disclose that interest to the corporate secretary and refrain from participation in [Organization Name]’s business dealings with that party.Directors, Officers, and Senior Management
2. Whenever a director, officer, or member of senior management has a personal interest in another party that has received or may receive a charitable contribution from [Organization Name], they shall disclose that interest to the corporate secretary and shall seek permission from the corporate secretary before engaging in any discussions with [Organization Name] concerning charitable contributions to that party.
3.If a director, officer, or employee is in a position where access to [Organization Name]’s proprietary information may materially influence their decisions in another party engaged in business or competition with [Organization Name], they shall decline that information. Proprietary information includes financial, marketing, customer, pricing, medical management, or operations information and strategic plans and initiatives that are important to [Organization Name].
4.If a director, officer, or employee is in a position where access to [Organization Name]’s proprietary information may materially influence their personal financial or investment decisions, they shall decline that information.
5.All directors, officers, and members of senior management shall complete an annual statement, in a form prescribed by the corporation, disclosing financial, personal, and other interests and relationships that may present a conflict of interest. Any change to the information set forth in the annual statement shall be disclosed to the corporate secretary as soon as reasonably practical.
6.The law department is available to consult with any director, officer, or employee on matters related to conflicts of interest. In addition, a corporate conduct policy governing employees’ conduct with respect to conflicts of interest has been adopted by senior management and is attached hereto.

[Organization Name] Compliance Program

Policy and Procedure Name: Conflict of Interest Policy
Policy Number: Effective Date:
Policy Review Date:
Approval:

GOAL: To uphold associates’ fiduciary duty to the company. This duty means that associates must act in the company’s best interest, protect its assets, and be loyal to it.

POLICY: Associates must avoid undisclosed conflicts of interest. A conflict of interest may occur if an associate’s outside activities or personal interests influence or appear to influence the associate’s ability to make objective decisions in the course of his or her job responsibilities.

Guidelines: To ensure compliance with the company’s policies on conflicts of interest, directors, officers, and certain senior leaders must complete and file an annual conflict of interest disclosure statement with the board of directors.

Note on Disclosure: Potential conflicts of interest can often be managed so long as there is advance disclosure of the potential conflict. When in doubt, associates should tell their leader or the compliance officer about the situation, which may give rise to the conflict.

Here are a few specific guidelines:

GuidelineResponsible Party
1. Avoid the Appearance of a Conflict of Interest and Disclose Potential Conflicts. Associates should take appropriate steps to avoid both conflicts of interest and situations that may appear to others to present a conflict of interest. Anytime an associate faces a situation that might give rise to questions, the associate should disclose the potential conflict to their leader or the compliance officer. Associates who are not sure whether a situation presents a conflict should ask first.Directors, Officers, and Senior Management
2. Do Not Profit from a Transaction Involving the Company. Associates must avoid participating in any company decision, directly or indirectly, when associates might personally benefit. Example: If an associate moonlights for a construction company, that associate should not participate in any way in a decision whether to award that firm a contract to perform a construction job for [Organization Name]. Even if associates are not involved in the company’s decision-making process, they should disclose their financial interest to avoid questions as to whether they exerted improper influence.
3.Avoid Conflicts with Interests of Family Members. Associates must similarly avoid situations in which the interests of an immediate family member or close relative may be at odds with those of the company. Example: An associate gets involved in the appeal of a claim denial on behalf of their brother-in-law. Instead, the proper course would be to take no part in the appeal, inform their leader of the potential conflict, and let another associate handle it. Another example: If an associate’s spouse works for a consulting firm seeking to perform services for [Organization Name], the associate should not participate in any way in the decision whether to award the firm a contract. And, as above, the associate should disclose the potential conflict to avoid questions as to whether improper influence was exerted.
4.Do Not Use “Inside Information.” Associates must never use any confidential or proprietary corporate information for any purpose except as required to perform their job. Associates must never disclose any confidential or proprietary information to anyone outside the company and should restrict disclosure inside the company to those who need to know. Confidential and proprietary information includes information about members and associates, as well as business information like sales reports, account lists, planning documents, and descriptions of business initiatives that have not been disclosed publicly. The obligation to keep these types of information confidential remains even if—and after—associates leave the company.
5.Do Not Use Company Assets Except for the Company’s Benefit. The assets of [Organization Name] are to be used solely for the benefit of the company and its members. Company assets include tangible things, like money, equipment, and supplies, and also intangible things, like business plans, member lists, financial data, and trade secrets.
6.Do Not Accept Gifts or Favors Intended to Influence Associates. Associates and their family members should refuse gifts or favors when it appears a gift is intended to influence an associate’s or the company’s decisions. No gift with a value of more than $100 may be accepted.
7.Note on Conflicts of Interest: The most obvious examples of conflicts of interest revolve around financial interests, in which someone might try to take financial advantage of their relationship with [Organization Name]. Remember that conflicts may also arise in nonfinancial situations. Associates should avoid secondary employment or outside activities that could have a negative impact on job performance, conflict with job obligations, or diminish the company’s reputation. In considering whether a situation poses a conflict of interest, it may be helpful to ask yourself: “Would I be concerned if other people found out about it?” “How would it look if it was in the newspaper?” “How would I feel if it involved someone else?” “What is the right thing to do?”

This document is only available to subscribers. Please log in or purchase access.
Purchase Login

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings