Managing policies in healthcare without compliance theatre
Compliance and risk are critical in the healthcare sector. They heavily influence everything from patient care to the systems and applications in place. Compliance and quality teams face a challenging regulatory landscape and a demanding administrative burden. The specific regulations in scope depend on jurisdiction.
In the US, key frameworks include HIPAA (data privacy for covered entities), 21 CFR Part 11 (FDA rules for electronic records in regulated life sciences), and Joint Commission accreditation standards. In England, the Care Quality Commission (CQC) sets the regulatory framework for health and social care providers. Across the EU and UK, GDPR governs the processing of personal data, including patient information. Patient safety, data privacy, and passing related inspections are all areas where there is no room for compromise.
Challenges for healthcare compliance teams
Given these demands, it’s no surprise that healthcare compliance teams can feel pressurised, overloaded and overwhelmed. A survey from Barnes & Thornburg found that only 31% of healthcare compliance and risk leaders feel that they are “very prepared” to meet future compliance challenges. Even more concerning, only 42% felt “very confident” they could maintain a high quality of care given compliance issues.
These challenges are made worse by issues familiar in healthcare. Overworked staff, high volumes of documentation, and the difficulty of reaching busy frontline staff all add to the pressure. So does the looming threat of audits. When an inspection is imminent, teams face a scramble to tick all the required boxes.
This intense activity can also lead to “compliance theatre”. This is where teams make policy changes and carry out reporting that ticks the audit paperwork boxes, but doesn’t make the bigger, more systemic changes that actually reduce risk.
What is compliance theatre?
Compliance theatre is defined by the International Compliance Association as “activities that demonstrate compliance without necessarily achieving the outcomes that the regulation is meant to deliver.”
A healthcare provider guilty of “compliance theatre” might pass an inspection. But it is not introducing the measures that actually reduce the risk of a data breach or a patient safety issue. In healthcare, compliance must be effective. It cannot be a box-ticking exercise.
What does compliance theatre look like in healthcare policy management?
Compliance theatre takes several forms, especially in healthcare policy management:
- Policies that appear to be up to date but have not actually been properly reviewed by all the experts who need to read them.
- Logs and audit records relating to policy management that have been manually updated but are not necessarily reliable and are very time-consuming to complete.
- Policy changes have been made, but employees have low awareness of the details of the actual change.
- Policy management processes are nominally in place, but then fall apart once the inspection is over.
- A pattern that keeps on repeating for each audit and inspection – box-ticking rather than real change.
What are the risks of “compliance theatre”?
Of course, the risks of compliance theatre can be serious:
- A data breach that results in a financial penalty and reputational damage.
- Patient safety was potentially compromised, again resulting in fines and a damaged reputation.
It can also lead to lower-level risks such as operational inefficiencies, while the compliance team remain hindered by manual processes and unnecessary administrative tasks, with less opportunity to provide value. Overall, employees are less aware of policies and related updates, and there is not a strong culture of compliance as there should be.
What leads to compliance theatre in the healthcare sector?
There are potentially multiple reasons why “compliance theatre” happens:
- Compliance teams do not have enough resources to set up a compliance or policy management system that actively reduces risk.
- Where policies are spread over multiple sites and multiple versions, and are difficult for employees to find and for compliance teams to keep track of.
- There are too many manual approaches for reporting that are hugely time-consuming.
- There has been underinvestment in effective technology, for example, solutions that use automation to save time or help employees access and find policies.
- High numbers of frontline healthcare workers prove very difficult to reach with ongoing compliance-based communications, especially when they are very busy, based across multiple locations, work in shifts and have a high turnover.
What does effective healthcare policy management look like?
Policy management in the healthcare sector that completely avoids compliance theatrics has several pillars that combine to establish a system that actually reduces risk:
- Easy access to policies: employees can effortlessly find the latest version of a policy at the point of need.
- Automated policy management: automation across every aspect of policy management, lifting the admin burden on compliance teams.
- Effective change management: changes and updates to policies that employees take notice of to increase awareness.
- Being audit-ready: Policies that are up to date and a system all in place that avoids the mad scramble around inspections and audits.
In the world of “compliance theatre”, policies exist to tick a box, but they are not necessarily read or followed by employees. Policies and procedures must be designed to be used and be easily accessible at the point of need for employees to find them.
An effective policy management solution, such as Xoralia, helps to remove any barriers to access through:
- One simple, personalised policy library with searching and browsing options so employees can find the policy they need.
- A policy library built within Microsoft 365, accessible from a SharePoint intranet or Teams, so integrated into the digital workplace and the flow of work.
- Optimised for mobile devices so policies are easily available for frontline and clinical health workers from any site.
- Version control over all the policies so employees know they are accessing the latest and up-to-date policy or procedure, helping drive trust and compliance.
In any policy management system and related processes, there are multiple opportunities to automate parts of the system – from policy lifecycle management to reporting around employee attestation. This hugely reduces the manual overhead and administrative burden for compliance teams, allows them to keep on top of healthcare policy management, and avoid compliance theatre. Areas that can be automated include:
- Workflow across the policy management lifecycle, such as notifying policy owners and reviewers when they have a task to complete, or a periodic review is due.
- Notifications relating to employee attestation, so employees receive reminders when they need to confirm they have read and understood a policy.
- Automatic reporting on employee attestation, mandatory reads and more to automate evidence capture for audit and compliance purposes and also track progress to drive high completion rates.
The automation by design built into the Xoralia platform has proved to be one of the most popular aspects of the solution.
One of the hardest aspects of healthcare policy management – particularly within healthcare with a busy, mobile frontline workforce – is ensuring that employees adhere to policies and procedures and are also aware of any associated changes and updates. This latter aspect is particularly difficult. The kind of features in a system that can help with actual policy compliance include:
- Easy-to-use employee attestation, where it is effortless for employees to read and confirm that they follow a particular policy.
- Having employee attestation features available on mobile devices.
- Automated and personalised notifications about policy updates and any mandatory reads or attestation tasks that are required.
- The ability to layer custom quizzes and questions on top of the employee attestation process to force employees to actually digest the contents of the policy or the change to the policy, to test for understanding and avoid it being a “tick the box” exercise.
- The easy ability to embed employee attestation and access to mandatory documents as part of an employee onboarding experience, so new hires are exposed to critical policies that reduce risk.
Being “audit ready” avoids the need for compliance theatre to prepare for an audit or inspection. Because you have a systemic approach to policy management in place, compliance teams no longer have the frenetic activity that just focuses on getting the audit over the line and essentially papering over the cracks.
Being audit-ready means having policies that are always up to date, reporting already in place and proper lifecycle management, and is achieved through:
- Easy access to policies at the point of need
- Comprehensive policy lifecycle management
- Easy employee attestation with additional custom learning
- Robust reporting in place to support compliance
- Audit trails and logs built into the platform
- And more.
Need to avoid compliance theatre in your healthcare organisation? Try Xoralia
Healthcare compliance teams need to actively reduce risk and avoid compliance theatre at all costs. A solution like Xoralia supports effective healthcare policy management and supports audit-readiness. Want to experience it for yourself? Book a free demo!
About the author
Dan Hawtrey
Dan Hawtrey
How policy management software can help
We think the best place to store your policies is inside SharePoint. Most companies already have SharePoint as part of their Microsoft 365 subscription. Using SharePoint means you have full control of your policies, and many best practices can be achieved right out of the box. However, there are gaps and certain best practices are hard to achieve.
To fill these gaps, and for best results we recommend using purpose-built policy management software for SharePoint and Microsoft 365.
We’ve developed a dedicated solution called Xoralia (pronounced Zor-ra-lee-a) that will ensure you have the best overall approach to policy management, supporting your users, policy owners and administrators.
We learned all about policy management from many years of building custom solutions for our clients on SharePoint. But we kept coming up against the same challenges, mostly caused by feature gaps in SharePoint. One day, a client asked us to build a policy management tool that filled these gaps. The trouble was, they didn’t have a lot of budget. But we had a good relationship with them and so we decided to collaborate on it provided we got to keep the code. Looking back, it was a pretty simple tool but over the years we have added more features and relaunched it. We’re now on version 3 and our original customer is still using it!
3 benefits you can expect from Xoralia
Make it easy to find policies
Centralised policy library with powerful search and filtering
Reduce administrative burden
Automations and notifications so that all policy tasks are carried out on time
Demonstrate compliance and best practice
Sophisticated tracking and dashboards to drive and measure compliance.
And lots more!
What our clients say
A great time saver and tool for document management
We have found Xoralia to be very beneficial to us as it has allowed us to focus on other area’s as Xoralia will take care of who has read the documents and notify them if they have not. A great time saver and tool for document management all together.
Tim Galer
IT Coordinator
Hughes
Ideal partner for our regulated environment
LifeArc operates in a strictly regulated sector where compliance and information security are critical. It is essential that LifeArc’s workforce have easy and effortless access to the latest up-to-date policies and procedures, which is the structure Xoralia gave us.
Adam Lythgoe
IT Manager
LifeArc
How to get started with Xoralia
Step 1: Explore or request a demo
Start a free trial for instant, hands-on access, or fill out our form to book a personalised demo at a time that suits you.
Step 2: Get a price proposal
If Xoralia looks right for your organisation, ask us for a tailored quote. We’ll outline any options and packages to fit your needs.
Step 3: Install and launch
Set up Xoralia in your environment with our support. We’ll provide onboarding, training, and full assistance to get your team up and running quickly.
Here's what you'll get
-
Central policy library
-
Search and filter tools
-
Mandatory read policies with attestations
-
Quizzes
-
Notifications and alerts
-
Employee dashboard
-
Line manager dashboard
-
Works on mobile, in Teams and SharePoint
-
New policy creation workflows
-
Policy update workflows
-
Review and approval gates
-
Policy version history
-
Compliance dashboard
-
Audit trail
-
Full reporting
And last but not least:
-
Professional implementation service and support
-
Evergreen software – frequent updates and improvements
-
Comes with our "it just works" support warranty – we’ll fix any bugs, often before you even notice
Ready to get started?
Connect with us to streamline your policy management and ensure effortless compliance.
Improved compliance and policy knowledge
It allows for easy document management and attestation of policies. It improved compliance with policies and helped with internal policy management.
Karolina
Administration & Facilities Manager
Client Earth
Uniting excellence in integration and features for seamless policy management
As the newly appointed IT Manager at our company, I was tasked with implementing the Xoralia policy management tool, and the experience has been nothing short of impressive.
Rian Stuart
IT Manager
TwinStream
