Lessons learned from a review of 100 standards of conduct

Frank Ruelas

Frank Ruelas

Frank Ruelas (francisco.ruelas@commonspirit.org) is Compliance Responsibility Officer at CommonSpirit Health, St. Joseph’s Hospital and Medical Center in Arizona.

Jodi A. Ridder

Jodi A. Ridder

Jodi A. Ridder (jridder@bchealth.org, https://www.linkedin.com/in/jodiridder/) is Compliance Officer at Buchanan County Health Center in Independence, IA.
J. Veronica Xu

J. Veronica Xu

J. Veronica Xu (veronica.xu@saberhealth.com) is Chief Compliance Officer at Saber Healthcare Group in Cleveland, OH.
Listen to article
10 minute read

by Frank Ruelas, Jodi A. Ridder, and J. Veronica Xu

Have you ever read or compared 100 Standards of Conduct (SOC)? As is widely known in the compliance field, a SOC’s importance is unparalleled. As the constitution of a compliance program, it outlines the organization’s major policies and sets expectations for its workforce and business partners.

In this article, we will share data collected from a review SOC of 100 healthcare organizations in the U.S. The objective was to examine and compare different aspects of SOCs to see what we could learn from their content. Using a data-based, data-driven approach, we compare and contrast SOCs.

It is essential that we keep in mind the purpose of the SOC, which is to define the organization’s appropriate and ethical way of doing business. As one an organization’s most significant documents, it shows what is important and how it aligns with its mission, vision, and values. In our review, common themes were evident. However, every organization has its own unique values that align with their cultures. The purpose of our review was to highlight the key items that can help define and improve your SOC.

Our approach

There are two main documents referenced when discussing SOCs. One applicable to compliance programs across all industries is from the Federal Sentencing Guidelines, Chapter 8, often referred to as 8B2.1.[1] The other is the U.S. Department of Health and Human Services Office of Inspector General (OIG) Compliance Program Guidance (CPG) for Hospitals.[2]  Even though this document was released over 25 years ago in the Federal Register, it remains one of the most referenced documents with respect to compliance programs that are developed primarily in the healthcare industry.

8B2.1 – Effective compliance and ethics program

Section 8B2.1 of the Federal Sentencing Guidelines was first introduced in November 1991 as part of the United States Sentencing Commission’s amendment cycle. The guideline relates to the determination of the base offense level for certain white-collar crimes, including fraud and theft. Since its initial introduction, the guideline has been revised and amended several times, most recently in 2018.[3]  Let’s now focus on a particular section of 8B2.1, which introduces SOC.

Subsection b introduces seven subparagraphs that list the minimal requirements to show due diligence in preventing conduct and promoting a culture that encourages ethical conduct and a commitment to compliance with the law. Right from the start in paragraph 1, it states, “The organization shall establish standards and procedures to prevent and detect criminal conduct,” and this forms the basis for the development of a SOC.[4]

Compliance program guidance for hospitals

OIG provides guidance for all types of healthcare organizations. This guidance offers descriptions of what makes up the framework of a compliance program in the OIG’s CPG for hospitals; SOC appears 12 times. Additionally, there is a separate section in the CPG dedicated to SOC.

What are the critical functions of SOC? The document itself is a form of communication. When reviewing the OIG CPG, it states that SOC is essentially an “expression of expectations,” which can be relatable to some when worded that way. For example, when a company expects its employees to bill for therapy services based on the actual minutes provided, the wording and tone of its communication are critical because it will affect employees’ behaviors. A single word change from “may” to “shall” completely changes employees’ perceptions of the company’s expectations.

SOC is about sharing information with employees, and they need to view it as a tool and resource that can help them when facing a challenging situation or when they have questions about the organization’s expectations.

Selecting SOCs

We selected the 100 SOCs from the current list of hospitals that are participating providers with Medicare.[5]  The reason is that the majority of hospitals participate in Medicare, and using this list provides access to an easily accessible list of hospitals. What was surprising when researching the list was the amount of inpatient days that Medicare pays for with respect to the hospitals on the list.

Here is the data from a fact sheet from the American Hospital Association dated May 2022 that breaks down the percentage of inpatient days paid for by Medicare:[6]

  • Hospitals with 50% or more of inpatient days paid for by Medicare: 94%

  • Hospitals with 67% or more of inpatient days paid for by Medicare: 77.6%

  • Hospitals with 75% or more of inpatient days paid for by Medicare: 42.6%

  • Hospitals with 90% or more of inpatient days paid for by Medicare: 5.3%

This data adds a new perspective and appreciation related to the number of inpatient days paid for by Medicare. This also adds more validity and a better appreciation of the correlation between a hospital’s Medicare participation status and its sustainability in the long term. 

Titles used for SOC

Titles can create powerful impressions. In our review, the “code of conduct” was the most frequently used title for SOC, even though the regulations use the phrase “standards of conduct.” Some titles that were reviewed used the terms “excellence” and “values,” which could imply a more positive approach. There could be a variety of reasons that an organization chooses to use different terms. By using different terms or titles for their version of SOC, organizations can make the SOC more relatable to those within their organizations.

The perception of SOC by employees should be considered. Since there could be other similar-sounding documents in the same organization, it is vital to avoid making SOC another redundant document that mirrors the human resources handbook or operations manual. Differentiate the documents by clearly stating their unique and specific purpose and function. Many organizations have other documents that employees must review during the new employee onboarding and the annual training, including the employee handbook, employee conduct, anti-fraud policy, and SOC. Given the similarity of the document names, compliance professionals should recognize the potential confusion they can cause.

Content of SOC

There are five content focus areas derived from the OIG CPG SOC. The results of SOCs reviewed are as follows:

All SOCs received high marks, with the lowest 90%. The one universal topic included in all SOCs was regarding how to report a concern, which is consistent with the element of an effective compliance program (i.e., a reporting mechanism such as a hotline and disclosure program).

Names for the compliance reporting method

A good portion of the samples referred to the reporting line as the compliance hotline; however, other names were used, such as compliance helpline, integrity hotline, compliance line, alert line, and ethics line. Like the title of SOCs, the name of the reporting line can also create impressions—either positive or negative.

Values

When referring to values, people often associate different meanings with the same word. For example, the word excellence could mean achieving sales targets, excellence in achieving compliance, or both, depending on the reader’s role and position in the organization. The same could be true for the word “performance.” Depending on the employee’s role, the interpretations may vary. The document should provide clarity, so words won’t be misconstrued. Consider expressing your organization’s values by using an example of a scenario that illustrates the meaning of the value. By putting the word into a scenario, people can derive a more consistent meaning because of how the value is expressed in context.

To help employees easily remember and retain the information, some organizations create meaningful mnemonics with their values, such as “CARE,” “SPIRIT,” and “PRIDE,” which can have different values and words that make up that word. It is worth noting that a new value—often referred to as DEI or diversity, equity, and inclusion—has been recently added to the language in SOCs. It places the emphasis on the role that everyone, including compliance, plays in this process.

Readability data

As an essential compliance document, it is imperative that employees read and understand the organization’s SOC. When drafting a SOC, think about what draws your employees into reading it. Perhaps it is a professional-looking cover page or the layout of the content. Maybe it is even the length of the document, or the size of the words used. Because the SOC provides vital guidance to employees, its readability directly determines the effectiveness and success of your compliance measures and processes.

In the Measuring Compliance Program Effectiveness: A Resource Guide, sometimes referred to as MEG, there are over 400 checkpoints/measurements that can be used to support creating metrics in seven domains.[7] These can be used to answer the elusive question of how to effectively measure the effectiveness of a compliance program. There is one particular checkpoint that suggests that the readability of a SOC should be at most 10th grade.

One question worth asking is: Have you ever assessed the readability of your own SOC? It’s crucial to keep your target audience in mind instead of assuming everyone can understand your SOC. 

Readability examples

To put grade-level readability into perspective, here is an evaluation of some familiar passages:

  • Mary Had a Little Lamb: Grade level 2.4

  • Twinkle Twinkle Little Star: Grade level 4.3

  • Happy Birthday song: Grade level 5.9

  • Preamble of the Constitution: Grade level 12

  • Martin Luther King’s acceptance speech for the Nobel Peace Prize: Grade level 8.2

Many times, we are not even aware that we are using big words and writing lengthy sentences. King’s acceptance speech is the perfect example of what can be done at or below a 10th-grade reading level. Often, companies have lawyers draft compliance documents, including the SOC, without realizing that not every employee understands the legal language as lawyers do. Therefore, to mitigate that, it will be beneficial to have a nonlawyer read the SOC, provide feedback, and replace any legal jargon.

Accountability

Your organization has put a SOC in place. Now what? Compliance is about accountability. But how do you hold people accountable? Accountability depends heavily on people’s knowledge of it, which falls on how the information is disseminated and distributed. Format is equally vital. Questions that should be asked include: Is it handed over to employees in person during orientation or annual training? Or is it completed on an e-learning platform where employees just click through the boxes to get it done and over with?

Frequently, the attestation verbiage is drafted by attorneys who know how to cover the organization, but they often forget that most of the workforce are not lawyers. What’s often overlooked is the periodic assessment of employees’ understanding of the document. It certainly should not be solely an attestation form placed in employees’ personnel files.

Languages

Although Section 1557 of the Patient Protection and Affordable Care Act applies to our patient population, it might be good to also apply it to employees, especially for important documents such as the SOC and key policies.[8] As a nation of immigrants that embraces and promotes diversity, there are employees with different cultural and ethnic backgrounds who may not be proficient in English. Ensuring those read and understand the SOC lays a solid foundation for the effectiveness of your compliance program.

Cover page elements and composition

People do judge a book by its cover. The cover page of your SOC sends a powerful message to all readers. In our review, there were a variety of compositions used on the cover page, such as shapes, scenery, people, and objects. Some common scenery included a hospital or a city. Many also used people, such as staff, clinicians, nonclinicians, and patients. When people were used, there were a variety of poses, but the popular ones were people facing each other or touching each other, which provides the feeling of “a healing touch.”

Themes and symbols are equally potent in conveying messages. Sometimes, one symbol can carry a stronger message than 100 words. When designing the cover page and selecting themes and symbols, be mindful of the audience who will see and read your messages. Because we live in a diverse world with various cultures and traditions, the same symbol may have different meanings in other cultures. For example, the North Star represents guidance and a sense of direction to some people, while in other cultures, it is a symbol of inspiration, hope, and power.

The compass is a commonly used symbol in many compliance documents. On the document published by HCCA & OIG: Measuring Compliance Program Effectiveness, A Resource Guide, the cover page has a compass.[9] It is meant to represent our society’s consciousness and our moral compass. It illustrates compliance’s role in an organization. The symbol or the design can be visually appealing and eye-catching, but the principal piece is clarity. Essentially, it is about communication. The document communicates a critical message to your workforce, and the compliance team should not lose sight of that. To accomplish that objective, the compliance team could survey employees to gauge their understanding of the SOC content and assess the accessibility of the document. Posting your SOC on the company’s official website, intranet, or shared drive is another helpful way to ensure easy access.

Conclusion

A SOC’s success and effectiveness depend on a wide range of factors, including relevancy, applicability, readability, clarity, simplicity, and consistency. Considering, reviewing, and comparing the ones provided herein can help compliance professionals improve and refine their own compliance documents, including the SOC.

Takeaways

  • When reviewing your standards of conduct (SOC), resources such as the U.S. Department of Health and Human Services Office of Inspector General Compliance Program Guidance and Section 8B2.1 of the Federal Sentencing Guidelines provide tremendous value to compliance professionals.

  • Ensuring your SOC’s readability and accessibility is the first step to building an effective compliance program; use the Flesch–Kincaid Grade Level option available in Word.

  • Your SOC should state and align with your mission, vision, and values; use creative acronyms to help employees remember your values.

  • Differentiate your SOC from other documents by providing clarity and understanding its unique function.

  • Consider strategies on how to effectively communicate your SOC to your workforce, including non-English-speaking employees.

 
1 U.S. Sen’g Guidelines Manual § 8 (U.S. Sen’g Comm’n 2021), https://www.ussc.gov/guidelines/2021-guidelines-manual/annotated-2021-chapter-8.
2 Publication of the OIG Compliance Program Guidance for Hospitals, 63 Fed. Reg. 8,987 (Feb. 23, 1998), https://oig.hhs.gov/documents/compliance-guidance/798/cpghosp.pdf.
3 U.S. Sen’g Guidelines Manual § 8 (U.S. Sen’g Comm’n 2021).
4 U.S. Sen’g Guidelines Manual § 8B2.1(b)(1) (U.S. Sen’g Comm’n 2021).
5 Centers for Medicare & Medicaid Service, “Hospital General Information,” last updated July 12, 2023, https://data.cms.gov/provider-data/dataset/xubh-q36u.
6 American Hospital Association, “Fact Sheet: Majority of Hospital Payments Dependent on Medicare or Medicaid; Congress Continues to Cut Hospital Reimbursements for Medicare,” May 2022, https://www.aha.org/system/files/media/file/2022/05/fact-sheet-majority-hospital-payments-dependent-on-medicare-or-medicaid-congress-continues-to-cut-hospital-reimbursements-for-medicare.pdf.
7 HCCA–OIG Compliance Effectiveness Roundtable, Measuring Compliance Program Effectiveness: A Resource Guide, March 27, 2017, https://oig.hhs.gov/documents/toolkits/928/HCCA-OIG-Resource-Guide.pdf.
8 U.S. Department of Health and Human Services, Office for Civil Rights, “Section 1557 of the Patient Protection and Affordable Care Act,” last reviewed February 3, 2023, https://www.hhs.gov/civil-rights/for-individuals/section-1557/index.html.
9 HCCA–OIG Compliance Effectiveness Roundtable, Measuring Compliance Program Effectiveness: A Resource Guide.
This publication is only available to members. To view all documents, please log in or become a member.
Become a Member Login

What to read next...

A new SCCE & HCCA for the future

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings