Can I Get That In Writing
I am currently working on my presentation for a training speaking engagement coming up this spring. The focus is going to be on the importance of written documentation in your compliance program, even as a very small business (or medical practice or dental office). We’re going to clarify some key differences between “policies” versus “procedures”, talk about other important kinds of documents that help describe and prove your compliance efforts, etc. and spend most of the time working through how to figure out what documentation you need.
While I’m planning to give a very short literal lecture on one’s obligations to obey applicable laws, I’m hoping to avoid any fingers-in-the-ears-La-La-La-I-can’t-hear-you reactions by making clear right off the top that that’s not the point of the presentation. Instead, we’ll look at some of the reasons to write things down that should appeal most to busy entrepreneurs—things related to cost savings and funding.
The title currently has some variation of the cliché “put it in writing”, with my goal being to play off the intent of that phrase to mean “it doesn’t matter unless it’s written down”.
Most of us know that a contract can exist without being written down. And though there are regulatory authorities that get rather explicit in saying what documents one must create to be in compliance with their regulations, many just say that a covered entity (whether you use that term in the context of HIPAA or other regulations that may call the regulated entity by another name) “must have policies or procedures” or something like “a written security program” and then they don’t go on to spell out for you exactly what that means. As a result, it isn’t uncommon for businesses to have real rules and defined procedures that impact compliance but that are not written down. So you could have a valid compliance program that is not all in writing.
I won’t be trying to convince people in my presentation that they just HAVE to spend money and precious time documenting businesses policies and procedures to satisfy a regulator who may have little likelihood to pay them a visit.
But there are several other reasons why small business owners should spend their money and someone’s precious time to create at least a basic set a business policies and procedures for their business or healthcare practice. And they’re reasons that usually have bottom-line financial impacts, such as:
- Employee Productivity - Whether you include such policies and procedures in your employee handbook or a separate compliance manual, that documentation can save you money getting new staff to a productive level of performance more quickly. And the compliance manual can also become the basis of employee training.
- Funding and Credit - You can quickly show potential investors how your business works overall to facilitate their risk decision making and investment decisions. And the simple existence of this documentation helps with the more subjective “gut instinct” impressions of your business and management approach.
- Other areas include working with your financial institutions and service providers, family business succession planning, winning business contracts and insurance.
I’m currently working on the first “installment” which will focus on insurance (especially the new area of cybersecurity insurance—and how you might need to have a written information security compliance program if you have any hope of a claim being approved and if you want to get your premiums lowered for the coverage).
These posts will be tagged with the same “But why?” tag I’m giving this one. Please connect and share—and let us know if you have experiences with documentation in your business that have led you to finding other cost-savings effects: