Compliance 101. Developing Sound Policies and Procedures Specific to Potential Risks

Hospitals are becoming more reliant on risk assessments to discover prospective risk areas and to determine how these risks can be reduced. A hospital should examine internal and external sources for various risks, and use this information to identify and prioritize its highest concerns. Examples of potential organizational risks include cost reports, EMTALA, and anti-kickback areas. When the hospital’s risks have been prioritized, internal controls can then be integrated to assist in managing these risks. Policies and procedures are often a good solution to address risks because they require a review of applicable federal and state regulations, examine current operating procedures, and provide an opportunity to train affected personnel with updated information. This article will outline a process that can be used from development to finalization of policies and procedures to internally manage designated risks.

Review, revise and/or develop policies and procedures? To begin this process, a team of individuals with the appropriate knowledge and skills pertaining to each of the risk areas to be tackled should be designated. A work plan should be developed including a timeline. Designated personnel should collect and review existing policies and procedures. There are essentially six steps involved in the development of the policies and procedures.

The first step involves the creation of a criteria/condition matrix. This matrix is an analysis of current federal and state regulations for the particular risk issue (ie, cost reports, EMTALA, anti-kickback, etc.). All applicable federal, state and local regulations should be reviewed specific to the issue being addressed. Additionally, existing policies should be reviewed to determine if they sufficiently address all requirements. Please refer to Table 1 for an example of the criteria/condition matrix.

The second step is based on these regulations and the review of existing policies and procedures. An analysis should be undertaken and a determination made as to which documents may need to be developed and/or updated. As soon as the proposed policies have been agreed upon, drafts should be developed.

The third step entails reviewing the draft policies and procedures with the appropriate team of designated personnel, who are the primary users, to ensure all procedures are in line with what is currently being done, as well as to ensure that federal and state regulations and payer requirements are sufficiently addressed. For instance, if developing cost report policies and procedures, you should meet with members of the reimbursement department who are responsible for the submission of the cost report.

The fourth step includes revising the policies and procedures based on the feedback obtained. These policies should be assessed once more, with the designated staff having final review, and then a final draft of the policies will be composed. Once the policies are finalized, they should be made available?to all applicable employees via the Intranet, electronic or hard copy distribution, organizational newsletter, etc.

The fifth step is to develop training for the staff on these policies. While the policies are being implemented, discussions should be held concerning the type of training needed?to address the risk area. As soon as the policies are fully implemented and all applicable staff has received the policies and procedures and has had time to review them, training should begin. Personnel should be designated to conduct the training, whether it is interactive or Web-based. Organizations must be certain to address why these policies were developed and/ or updated, as well as any applicable regulations requiring specific procedures or examples of how the procedures can be applied.

The sixth step is to audit the policies to determine whether the departments are adhering to the guidelines and to measure if the policies have helped reduce the risks for the specific risk area.

Throughout this process, the executive management committee and the board of directors should be kept informed on the actions that are being taken internally to address selected risks. This will allow executives an opportunity to respond to any concerns they may have regarding procedures being implemented or training that is provided.

Personnel should be selected to annually review the …

‹ Return to the Main Publications Page
‹ Return to the CRC Homepage