Policies and Procedures: Critical for Healthcare Organizations

policies and proceduresIn the healthcare industry, written and implemented policies and procedures should help an organization and its employees make decisions, take the appropriate action, and ensure activities are in compliance with laws. Policies and procedures are essential for making major decisions and actions, and for determining guidelines for an organization's day to day activities.

Occasionally we are asked, what should be in a policy? What should be in a procedure? Why do we say policies and procedures are critical for a healthcare organization?


By definition, a policy is a course or principle of action adopted or proposed by a government, party, business, or individual. Policies define an organization's approach. According to the Department of Health and Human Services (HHS) most business policies establish measurable objectives and expectations for the workforce, assign responsibility for decision-making, and define enforcement and consequences for violations


Procedures describe how the organization carries out that approach, setting forth explicit, step-by-step instructions that implement the organization's policies. In other words, procedures are particular ways of accomplishing something (e.g., the policy).

Policies and procedures collectively should reflect the mission and culture of the organization; and whenever necessary, policies and procedures may be updates to meet the changing needs of the organization, as long as the changes are documented and implemented.

free healthcare compliance consultation

Critical for Healthcare Organizations

It's not uncommon for us to ask an employee of an organization if they are aware of implemented policies and procedures, and hear a response such as "I know we have them; I'm just not sure what they say."

In the healthcare industry, it is critical for an organization to make sure all employees who are expected to follow policies and procedures understand how to access them, what they are, and what instructions they are expected to take.

For example, you might have a Password Policy such as:

Wemust develop, implement, and regularly review a formal documented process for appropriately creating, changing, and safeguarding passwords used to validate a user's identity and establish access to information systems and data. All employees must be regularly trained and reminded about this process.

With procedures such as:

Wetrain and remind our employees and the employees of our business associatesabout our process for creating, changing and safeguarding passwords used to validate a user's identity to access our information systems.

Passwords will be changed from time to time and must not be shared with anyone else or ever displayed in open view. No workforce member of our practice or our business associatesmay request another employee to reveal their password.

We require all employees to update/change their computer password(s) at least every 180 days.

This is just one example that shows we can see why it's critical for an organization to ensure employees understand procedures they must be followed to fulfill the organization's Password Policy.


In the Healthcare Industry, written and implemented policies and procedures that are up-to-date are critical. Any employee who is expected to follow your policies and procedures should understand what they are and what steps they must take. Your organizations policies and procedures should help with making major decisions and actions, and for determining guidelines your organization's day to day activities.

Have questions about a specific policy and procedure? We can help. You can send your questions to support@hcp.md or reach us by phone 855-427-0427.