How to Create a Hospital Policy on Policy Management

If your hospital or healthcare organization’s policies are gathering dust on shelves or sitting idly on a shared drive, take heed: Without properly thought out and formalized protocol, it will be difficult to effectively manage the policies themselves as well as the risks the policies are designed to prevent. To ensure the hospital or and healthcare organization remains compliant with the standards and regulations that govern it, it must be able to manage its policies.

In a recent webinar on policy management, symplr surveyed healthcare leaders and found that many organizations lack an overarching strategy for managing their policies. In this article, we explain what policy management is, why it’s important, and how to effectively execute on it.

What is hospital policy management? 

Put simply, hospital policy management is “the guideline for an organization’s guidelines.” It’s part of healthcare governance, and it specifies how hospitals and healthcare organizations should create, implement, maintain, and update their policies.

Having a formal policy structure allows organizations to seamlessly roll out policies and procedures at every level and for every role to ensure that all areas of the organization are operating from the same playbook and working toward the same goals. Typically, the quality or compliance department of a healthcare organization owns policy management and may appoint a hospital policy administrator (read more under “How to manage your hospital policies,” below).

The following guidelines provide a great start or a refresher on policy management. 

Policy audits 

To determine what policies are needed, healthcare leaders conduct policy audits. Reviewing existing policies helps identify those that are working, and the ones that may need to be amended or retired. An audit also helps identify gaps and streamline processes governed by multiple competing or conflicting policies. The latter could be a red flag for compliance issues and/or wasted resources, for example. Finally, a policy audit is also an opportunity to review and identify effective methods for communicating change.

It’s important to realize that policies and procedures aren’t the same thing. 

  • Policies are your organization’s general principles and goals.
  • Procedures are the concrete steps that staff, providers, and administrators are expected to follow to ensure goals are achieved. 
Creation of policies

Once a policy audit is complete, the next step is to draft new policies to address existing gaps or to pre-emptively address future needs. It’s also an opportunity for healthcare organizations to standardize their policies and to ensure that all future policies will use the same template, which will make them easier to adopt and implement across the organization. 

Policy templates typically include the following basic information: 

  • Date
  • Policy number
  • Approvers (including who has final approval authority)
  • Associated procedures
  • Definitions of any unique terms in the policy (ideally hyperlinked to an online glossary)
  • Any applicable statutes, regulations, or other related source documents
  • Specific examples of when this policy will apply
Communication of policies 

As most healthcare leaders know, writing the policy itself is only the beginning. Even the most carefully crafted hospital policies are unlikely to succeed if they’re not communicated effectively. But what does effective communication look like? In healthcare, it can take numerous forms, including: 

  • Unit-level meetings
  • Person-to-person contact
  • Tailored messages to individual groups
  • Small-group conference calls
  • Chat or discussion groups 
  • Inclusion in the newsletter
  • Formal employee education sessions
  • Document dissemination and acknowledgment surveys

Ideally, policies should be communicated in the same way every time to minimize the risk of misunderstandings or oversights. 

Types of hospital policies

Hospital policies come in all shapes and sizes, but there’s a common thread: They should all be designed to help organizations avoid the top compliance issues that most frequently occur in healthcare. Typically, hospital policies fall into one of the following categories: 

  • Administrative and human resources (HR)
  • Health and safety
  • Information management
  • Medicine and drug handling
  • Patient care 
  • Coding and billing
  • General compliance
Administrative and HR policies 

Administrative and HR policies focus on setting standards for providers, management, staff, and volunteers. They can include things like dress codes, visitation rules, procurement, bed policies, and career/employment policies. Without such formalized policies in place, healthcare organizations can struggle to operate smoothly and efficiently. 

Health and safety policies 

Health and safety policies are designed to protect both patients and an organization’s staff and providers, and they have become especially important in a post-COVID 19 world. Health and safety policies are geared toward preventing safety incidents such as falls, medication errors, and adverse events. They also cover things like vendor and visitor management policies and policies regarding personal protective equipment (PPE). Above all, they are a key part of creating a culture of safety within a healthcare organization. 

Incident/event management policies may also fall under this category. They recognize that despite our best efforts, systems flaws and human errors can result in patient, staff, or visitor harm. Incident management policies set a workflow to capture details and share the account digitally to help avoid harm.

Information management policies 

Hospitals and healthcare organizations have a responsibility to protect patient data and privacy. The Privacy Rule under the Health Insurance Portability and Accountability Act (HIPAA) and, more recently, the 21st Century Cures Act Information Blocking provisions, establish specific requirements regarding the use and disclosure of protected health information (PHI). Organizations must ensure that they have appropriate information-management policies in place to maintain compliance with these requirements.

An example of a current issue related to information management and privacy is disclosure of vaccination status. According to an article published by symplr partner WebMD, “[T]here’s no federal law that forbids your employer from asking your vaccine status. But they must keep your information confidential.”

Historically, the protection of any patient data and privacy meant ensuring paper charts were stored in locked file cabinets, but the rise of technology solutions in healthcare has necessitated the expansion of these policies. Information management policies set a standard for storing and accessing patient data, establish guidelines for protecting patient privacy, and dictate how medical records may be distributed. In addition, they help to secure provider privacy.  

Medicine and drug handling policies 

Pharmacies require the maintenance of clear-cut standards to ensure that medication is dispensed safely and responsibly. Medication errors pose a serious threat to patient safety, and an effective set of medication and drug handling policies can help improve pharmacy practices and limit potential risks to patients. In addition, adherence to written, sound policies and procedures can protect both the pharmacists and the pharmacy if liability issues arise.

Patient care policies 

Healthcare organizations must maintain patient-care policies. These policies are clinical in nature and establish clear guidelines for how providers will treat patients in a given situation. In the same way that patient care goes beyond treating the problem that’s in front of the provider, patient care policies should cover more than just a simple decision tree depending on the diagnosis. That means establishing guidelines and expectations for things like nutrition education, smoking cessation, patient education, admission and discharge, and so on. It can include a continuum of care guide for a patient’s family members post-discharge, for example.

Unlike other sets of policies that can be applied uniformly across the organization, effective patient care policies will likely vary by department to reflect the unique procedures and services, and the needs of the patients treated within each specialty or subspecialty department. 

Medical staff policies and procedures

Because medical staff bylaws, policies, and procedures govern the employed, contracted, and affiliated clinicians of the health system, medical staff policies warrant their own category. The bylaws, for example, are essentially a master policy that can govern everything from credentialing and privileging of clinicians to physician-age practice limits to ED call. According to the New England Journal of Medicine, beyond the governance structure and committee responsibilities, the bylaws outline: 

  • Qualifications for membership and privileges
  • Decision-making methods and conflict resolution
  • Investigations, corrective action plans, and hearing and appeal plans
  • Emergency corrective action
  • Automatic suspension and termination
  • Hearing and appeal processes
  • Final decisions by the board of trustees
  • Meeting attendance requirements

The importance policy management 

The benefits of policy management “done well” are numerous and integral to a healthcare organization’s success across compliance, quality, and safety initiatives, including:

Patient safety and reduced liability 

Patient safety, of course, is of the utmost importance to any healthcare organization. From a business standpoint, patient safety is especially important for protecting the organization from potential legal liability—and policies play an outsized role in doing so. By maintaining a robust set of policies focused on compliance, quality, and safety, organizations can better avoid adverse events in patient care. In healthcare, every second counts. Patients in the community rely on your organization to deliver the care they need quickly and efficiently, and for that to happen, everyone involved in a patient’s care must be on the same page. The only way to achieve that goal is to have detailed, well-thought-out and well-maintained hospital policies that clearly establish the roles and expectations of everyone along the care continuum, in any given situation. 

Beyond the obvious benefits for patient care, organizations with effectively managed policies often enjoy improved communication between providers and staff, and between staff and management, which minimizes the potential for miscommunication that can lead to patient safety errors and compliance violations. Further, it creates a more efficient and reliable environment that providers and staff enjoy being a part of. 

Simplified healthcare accreditation 

Healthcare accreditation can be a complex and time-consuming process. By establishing and maintaining policies around accreditation, healthcare leaders help to ensure that their organizations are up to date on all necessary activities needed to remain compliant not only with state and federal regulations, but with their chosen accreditation body (e.g., The Joint Commission, NCQA, etc.). 

How to manage your hospital policies 

Create a policy on policies 

Before you start writing up specific policies, first create an overarching policy and procedure document. This document will set the standards by which all future policies will be created and implemented, and it should include: 

  • How future policies will be drafted
  • Who will be involved in the process (and their responsibilities)
  • How the policy review process will work
  • Who has final approval 
Create a policy committee 

Your “policy on policies” should also designate a policy management committee, outlining specifically who will be responsible for overseeing the policy creation and approval process. Typically, policy committees are composed of individuals representing different departments in the organization, for example, compliance, HR, pharmacy, billing/coding, etc.

The organization should also clearly establish how often the committee will meet. Setting regular meetings helps healthcare organizations avoid falling into the trap of only creating policies in response to events—rather than being proactive and using policies to help prevent these events from occurring in the first place. 

Maintain and archive policies 

In addition to outlining which individuals participate in policy creation, your “policy on policy management” document should also clearly identify what happens to policies after they’re established. Who will own it (i.e., individual by role who will promote the policy and ensure it’s up to date)? Ideally, a dedicated policy management administrator will take ownership of the master policy and perhaps all policies enterprise wide. 

Absent such an administrator, it’s especially important to establish who will be responsible for keeping policies current. A challenge many organizations have is maintaining standardization enterprise wide, ensuring every policy is kept up to date, and retiring them as necessary. 

The policy and procedure document should also spell out how long policies should be maintained and in what form. Even if certain policies are not expected to change, the document should still establish regular intervals for the policy committee to meet and review them at appropriate intervals. 

When a policy must be retired or replaced, it’s important that your organization doesn’t just delete it and replace it with a new one. Maintaining old policies can help leaders and policy administrators track how a policy has evolved over time—and those old policies can be invaluable when it comes to legal issues that could potentially pop up down the road. 

Appoint a hospital policy administrator 

Due to the sheer volume of policies that exist across a typical health system, the job of maintaining them can be a difficult one. That’s why it’s a leading practice to appoint a hospital policy administrator to take ownership of shepherding policies through the approval/amendment processes: finalizing, distributing, and implementing new policies, coordinating policy reviews, and maintaining existing or archived policies. 

Typically, the ideal candidate for this role is someone from the administrative support side of the organization’s operations, such as quality, compliance, or administration, though there may also be appropriate candidates in the organization’s nursing department. 

Control access and security 

A master policy document should also establish employees’ ability to access any given policy. symplr recommends that all employees should have access to the final, active version of all hospital or healthcare system policies. By making active policies accessible to all employees in symplr’s Document and Policy Management solution, for example, they have the ability to download and print them. For control and security organizations should, however, determine which individuals have rights to edit or delete a policy and/or access archived policies.

Finally, any policy updates should be reviewed, discussed, and signed off on by the committee before dissemination. Once implemented, secure them and control access. Once again, a hospital policy administrator can be the ideal single point of contact when it comes to accessing existing policies. 

How policy management software helps 

By now, the value and benefits of policy management should be clear. But where should your organization start? And what resources do you need to start building the policies necessary for smooth and efficient policy operations and compliance? 

For many hospitals and healthcare organizations, the challenge is often less about building the policies than it is about maintaining them through their life cycle. Policy management software simplifies this process by providing a holistic view of where your organization is right now, helps create a roadmap to where you need to be, and provides the analytics to ensure you’re on the right track.

A document and policy management solution can also assist with the challenges of managing the document review and approval processes, as well as ensure that when documents are due for review, the appropriate individuals are made aware so documents can stay current and up to date. Learn more about how symplr can help shore up your organization’s policy management.

Get In Touch  Listen to a recording of our recent webcast, Best Practices in Policy Management.


Request a Demo