Best Practices for Policy Management and Oversight


Creating a strong internal policy structure

When you hear the word “policy,” it doesn’t exactly get your heart racing, does it? It’s sort of like renewing your license. You dread making the appointment, camping out at the DMV all day, and sitting with a group of people you don’t necessarily know. But in the end, renewing your license gives you the ability to drive and the freedom to go where you want. The same goes for policies. You may dread the process, but the result helps ensure that your workplace is safe, organized, comfortable, and nondiscriminatory. It’s essential, and if something arises, you’ll be happy you have them.

Clear ownership of policy oversight

To create a strong internal policy structure, you should start from the basics. First, you’ll want to make sure that there’s clear ownership of policy oversight. Often, that means ownership by human resources, operations, legal, or even by your compliance officer. Whomever this may be, the written policies and procedures must be effectively communicated throughout the entire organization (and not just placed in a closet). After all, it’s better to have no policy at all than to have a policy that you’re not following. 

Define a Single Source of Truth

A Single Source of Truth is the practice of combining data from many systems within an organization (think departments, branches, divisions, etc.) to a single location. If systems exist independently, it poses a challenge since the organization’s members aren’t operating off of the same policies.

There is such a thing as too many….

Don’t be fooled! There is such a thing as having too many policies. This may be surprising to some, as you might think that with more coverage, the more protected your organization will be. The truth is that more policies limit management’s capacity to address individual employee needs or unique situations. In some cases, your would-be policy could be a best practice or guidance instead. 

Defined Method for Policy

If you’re an optimist, you might be the hoper of far-flung hopes and the dreamer of impossible dreams, but with developing policies, it’s best to put your feet back on the ground. While every policy has to have an owner, it’s essential to think more long-term. For instance, you might assign a couple of policies to Deborah. What if Deborah finds another job or retires? If someone leaves, do you really want to have to touch every policy that has their name on it? For this reason, it’s more practical that an entire department owns such policies. 

Other items that should be acknowledged are the approval and review process. Questions to consider are:

  • Does it have to have a compliance committee or legal review before becoming a policy? 
  • Who should review a change to an existing policy?
  • Who will review the policy before it gets final approval? 
  • How is it determined if a policy should be retired?

As far as version control and tracking, it’s essential to know what policy version you’re looking at, at any point in time. Version control is significant for litigation or audit look-back periods. 

As a rule of thumb, policies should be reviewed regularly to ensure they comply with federal and state laws and the requirements of the organization. New laws, regulations, and court cases can affect policy language and how employers implement the policies. Most experts suggest a thorough review of policies at least once a year.

A central hub

If you’re going to go through all the above hassle, you better make sure your policies are easy to find. Forty years ago, that meant some office or department had stacks and stacks of binders lodged into filing cabinets. Now, it’s easy to house your policies on your organization’s Intranet or SharePoint Site. If team members aren’t familiar with the location of policies or have the proper training on them, it will cause a lot of internal challenges for both parties. 

A few questions to check the P&P Pulse

Now that we’ve reviewed what makes a strong internal policy structure, here’s a cheat sheet that lists the questions you and your administrators should be asking: 

  1. Is there clear accountability for who owns the process?
  2. When is the last time you reviewed the process for changes/updates?
  3. Do you review every policy every year, or do you have a rotation schedule?
    1. If you don’t have a review process, when is the last time you randomly tested a few policies to see if you were able to follow the procedure?
  4. If you asked ten people outside of your corporate office, would they know where to find company policies?
  5. Ask those same people if they know how to request a change to a policy?
  6. Have you ever tested your policy library to confirm only current policies are available on the site?
  7. Is there anything that your Compliance Committee could monitor to help you ensure an up to date process?

Connecting back to the patient

At ProviderTrust, we sell an innovative approach to healthcare monitoring. To do that, we work closely with customers, coaching them into thinking about their business issues differently while collaborating to build the solution. One way in which we do this is by connecting the why to policies and procedures. For example, we might use a case study to help craft an effective strategy for ongoing monitoring. How do we get your internal teams on board? Well, we take something as abstract as a policy and connect that back to real patients (humanizing it). 

For instance, in regards to monitoring, we may mention that in the period from 2012-2015,  1,364 excluded providers treated over 1.2 million Medicare beneficiaries and received more than $630 million in Medicare payments. Or perhaps that in one year, there are 333 patients that an excluded provider treats, 24 services that an excluded provider delivers per patient or $168,225 that an excluded provider receives from Medicare.  

Having this sort of clear connection between policy and “the real world” helps with adoption and consistency throughout organizations and across the board in general. 

Cross-team connection in 2021

With the onset of COVID-19, you may be experiencing significant changes in your role and within your organization. Some might be new or extra responsibilities for COVID-19, never-ending regulatory changes, or new or expanded telehealth and telemedicine services. 

Right now, we must make sure that our teams have the proper tools, resources, and support they need during this challenging time. For best practices, we’d like to share our 3 c’s for success with you:


  • Establish clear communication 
  • Coordinate communication and new guidelines between departments
  • Enable your team with the tools/and or resources they need to support the organization
  • Have an agile and flexible approach to handle the daily changes you are facing
  • Begin planning a comprehensive approach to manage in a post-COVID-19 world


  • Policies and Procedures
    • Coordinate who’s tracking changes in requirements, interim P&Ps, policy violations
  • Compliance
    • Many regulations have been modified.
    • Do you know all of the policy “changes”?
    • Are they interim changes?
  • Human Resources and Compliance
    • People are working outside of their normal roles.
    • Do they know the expectations of their new role and the related policies and procedures?
  • Do they need additional education?


  • Create or establish daily routines.
    • What’s your cadence?
  • Provide simple ways to deliver messages.
    • 5-minute stand-ups
    • Daily emails
    • COVID Team Updates
  • Connect each person to their role(s) and expectations.
    • Tell me what matters to me
  • Include a positive/encouraging message
    • Remind people there is hope
    • Remind them how important they are
  • Tell them where to find help when they need it themselves.

Watch the on-demand webinar.

Stay Up-to-Date

Subscribe and get the latest news and advice from industry experts delivered straight to your inbox.

Related Resources

Never miss an update

Get the latest healthcare news, advice from industry experts, and all things related to monitoring solutions delivered straight to your inbox.