Corporate compliance officers can learn a lot from their counterparts in government agencies. Today we’re going to review lessons about successful policy management, or the lack thereof, from the Veterans Health Administration.
It runs more than 1,200 clinics, which serve roughly 9 million veterans each year. The VHA is also organized into 145 “program offices” that can have either clinical or administrative functions.
The issue caught my eye because of a recent Government Accountability Office (GOA) report analyzing the VHA’s efforts to overhaul its policy management. Since 2014 we’ve seen many news articles and congressional hearings about poor performance at the VHA: long wait times to see doctors, records altered to hide mismanagement. New leadership vowed change, and improving the policy practices of the VHA was one priority.
That is no easy task. The VHA is the largest healthcare system in the United States. It runs more than 1,200 clinics, which serve roughly 9 million veterans each year. The VHA is also organized into 145 “program offices” that can have either clinical or administrative functions.
Those program offices can develop their own policies as necessary. To help coordinate all that policy-making activity, the VHA also has an Office of Regulatory and Administrative Affairs (ORAA). The ORAA’s job is twofold: to help standardize and roll out national policies; and to help program offices develop their own policies.
The Policy & Procedure Overhaul Plan
The policy management overhaul began in June 2016 with a new VHA directive to eliminate outdated policies and to streamline the process to create new policies.
The directive defined two types of national policy: directives, which set out policy and assign specific roles and responsibilities for it; and notices, which address one-time events or create interim policies until a more permanent directive comes along.
The ORAA’s task was to review 788 documents previously flagged as national policy – even if they were in the form of handbooks, memos, standard procedures, or other formats – and then determine which ones could be deleted because they were outdated, inconsistent, duplicative, or otherwise unnecessary.
So, 15 months later, the GAO has a fresh look at the VHA’s policy management efforts so far. What can we learn?
A Policy about Policies Works
The VHA had too many policies, existing in too many formats, with too little oversight and coordination; that was one of its biggest challenges. Hence the June 2016 directive: a policy about VHA policies, to bring more order to the chaos.
The directive included several important elements. First, it crafted a simple definition of what a policy is. That point may seem self-evident to senior executives, but that’s not always the case with employees or third parties. They often take whatever the boss says as policy, in whatever format the boss uses.
Second, the directive required that all policies have a fixed lifespan. Formal directives must be reviewed and recertified at least every five years; notices expire after one year. Clauses like that help prevent compliance policies from lingering on after they become outdated.
How prevalent is that problem? When the ORAA began reviewing its 788 policy documents, 60 percent were already outdated. The ORAA has worked to rescind those outdated documents, and so far has pared its pile of paper down to 595 documents; 256 of them are still outdated.
Employees Abhor a Vacuum
The point about outdated policy underlines another critical risk in policy management: employees generally keep doing what they do, until a manager tells them to do otherwise. As the GAO put it, “Officials from most [operating units] in our review told us that unless a policy has been rescinded, they continue to follow it even if past its recertification date.”
Most of us have seen something similar in our own experience. A question arises, and a manager makes a decision that everyone interprets as “the policy.” That manager then takes a new job, and everyone keeps following the policy. Soon enough, employees follow that procedure “because we’ve always done it that way.”
That attitude can lead to disaster. It divorces policy and procedure, which keep motoring along as usual, from business objectives and risk, which can change often. Policy is a structured response to objectives and risk; and therefore needs to be compared to them regularly to ensure the policy still fits.
Policy Software Resources Matter
Complaints about budgets always sound a bit bland, but they do matter in an important way. Without proper resources, policy management efforts can complicate an employee’s life more than help it. And we all know what happens we an employee encounters a policy that complicates his life too much: he seeks a way around it.
At the VHA, for example, local program offices keep issuing policy under the guise of memos. Technically that’s a no-no, but consider: formal review and blessing of a policy took an average of 317 days in 2016. You can’t blame a local executive for evading the standard process when the process thwarts him or her from doing his job.
Likewise, the VHA hasn’t yet addressed conflicting local policies created by program offices, because the VHA lacks a central repository where all documents can be stored, reviewed, and managed. Why? Not enough money.
Policy management guides employee action. Without enough support, you can’t guide that action properly.
Compliance officers will still be busy under that circumstance. You’re just busy with investigations and remediation, rather than preventive medicine.