Code of Conduct Evaluation and Benchmarking Tool Developed by the hcca payor/Managed Care cfg code of Conduct Benchmarking Work Group

Download 128,12 Kb.
Date conversion11.09.2018
Size128,12 Kb.
Code of Conduct Evaluation and Benchmarking Tool

Developed by the HCCA Payor/Managed Care CFG

Code of Conduct Benchmarking Work Group
The HCCA Special Committee for Payors charged a work group with the specific tasks of identifying key components of a code of conduct and developing an evaluation tool to benchmark these components against others in the industry. The attached guidelines and performance measurement tool are the results of this work group’s efforts.
These benchmarks are not intended to be absolute standards. Benchmarking is not an exact science, due to the unique nature and characteristics of each organization. Differences in size, scope, services, customer mix, market, competition and labor force all play a role. Accordingly, each organization should apply the performance measurement tool with discretion and with an eye toward the unique characteristics of the organization.
How to Use the Evaluation Tool

  1. There are two scoring elements:

  • A weight is assigned to each listed component (down the left hand side of the page). Each component will have a weight of either “1”, “2” or “3”, depending upon the relative importance of that component.

  • One of three values is assigned to characteristics that describe how an organization fulfills each component. Those characteristics will have a value of “0”, “2” or “4”, depending upon the relative effectiveness of the identified approach. Note: You need not be limited to the whole numbers listed (0, 2, 4). Use numbers in between, or fractions, to assign a different value if you feel your organization fits somewhere in between the increments given.

  1. For each of the components listed, determine which characteristics in the corresponding columns best describes your organization’s code of conduct.

  2. Multiply the value of the characteristic times the weight of the component to determine the score for each component. Put that score in the far right column.

  3. Then add all the scores in the far right column to determine the total overall score.

How to Interpret the Results

Again, because this is not an exact science and because each organization is unique, there is no absolute pass/fail grade. Rather, the total overall score will fall within a range, with each range generally indicating the following:


Benchmarking Interpretation

0 – 25

Code is not effective.

26 – 54

Code is somewhat effective, but still presents risks for the organization, rather than helping to minimize risks.

55 – 75

Code contains some good elements, but enhancements would increase effectiveness.

76 – 100

Code is strong and is likely to be effective.

101 – 124

Code represents best practices on numerous accounts.

Code of Conduct Guidelines for

Payors/Managed Care Organizations1

You are responsible for drafting your organization’s first Code of Conduct (Code) or you want to replace an existing Code. Where do you start? First, determine whether the organization has a rules-based Compliance Program, a values-based Compliance Program or a rules and values-based Compliance Program. What is the difference?


Compliance Program

Employees receive a set of rules to follow – ideally for every situation they may face. Employees do not receive guidance or information about the organization’s values, mission, goals, or ethics. They are told to go to management if they encounter a situation that falls outside the rules.

Values-Based Compliance Program

Employees receive few, if any, rules about how to conduct themselves on the job. The organization describes its values, mission, and ethical framework and tells employees to act accordingly.

Rules and Values-Based Compliance Program

Employees receive rules for frequently encountered and high-risk issues. Employees also receive information about the organization’s values. Employees are told how to resolve issues for which there is no rule by using the organization’s values as their guide.

An organization’s Compliance Program type will largely determine the Code’s structure and content. Because experience indicates that rules and values-based Compliance Programs are most effective, the balance of these guidelines will assume a rules and values-based Compliance Program.2

Purpose of the Code of Conduct
Why have a Code of Conduct? A good Code of Conduct can be a powerful tool for an organization. It is a way for a company to tell employees about the company’s requirements and expectations. The Code can also be the employees’ primary resource concerning:

  • Conduct that is or is not acceptable.

  • How to decide on what to do when there is not a rule that applies.

  • What to do if they have a question.

  • Who to tell if they suspect misconduct.

The Code can also encourage and empower employees. Employees are more loyal to employers they believe are ethical. Such employees are also less likely to engage in misconduct that can get the company into trouble or conduct that hurts the company, such as employee theft. Finally, employees who have been given guidance and tools that help them make compliant and ethical business decisions feel more empowered to do so – it is more likely they will do what is right.

It is helpful to begin the Code of Conduct with an introductory letter or statement from the CEO and/or Board Chair. This conveys the message that the Code is an important document that is taken seriously by the organization’s senior leadership team, thereby “setting the tone at the top.”
Characteristics of Effective Codes of Conduct
An effective Code (one more likely to achieve the desired ends), has the following characteristics:

The Code should have a readability level of 8th-10th grade. Many Codes have a 12th grade or higher reading level – often because they are written by lawyers and are very legalistic in their tone and language. At best this can be off-putting to employees; at worst it can render the Code incomprehensible to those who are expected to abide by it. Use plain, direct language. The syntax should be uncomplicated.

Additional Readability Tips:

  • Use an active voice rather than passive voice. Turn on the grammar check and review the “readability” statistics in your word processing program to help you.

  • Avoid repeated long references. Instead of using “Directors, officers, employees and contractors” repeatedly, use “you” or “staff” or “everyone.” This will make it a more personal and friendly document and lower your readability score.

  • Keep sentences to 14 words or less and paragraphs to no more than 5 lines.

  • Use one- and two-syllable words.

  • Avoid assumptions – define acronyms -- and avoid jargon.

Format Have a user friendly and attractive organization and layout, with plenty of white space. Employees are turned off by Codes that look and read like a legal document. The Code will not have the desired impact if the employees do not read the Code because of its format and readability.
If you have a graphics designer to help with the format – great. If you don’t, use the word art and graphic features available in Word. Even if you only change the spacing and font type and size, it is better than a long narrative in Times Roman. Just make it interesting to look at.
Additional Format Tips:

 Use the talent you have in the organization - your marketing department. They are experts at taking complicated information and communicating it in an easy to understand and appealing manner.

 Establish a brand for the entire Compliance Program, including the Code of Conduct. The brand can help “sell” the Code to your employees.

 Try different formats within the document to move the reader’s eye.

 Have plenty of “white space,” even if it will add a couple of pages to the length.

 Use headers and titles for new topics.

 Change font size, colors, formatting.

 Do not use the usual business document font.

 Use bullets

 Periodically change the format, so you have some information in full-width narrative and some in columns or tables.

 Call out important information in some fashion so the reader’s eyes go to it. For example, use sidebars to provide illustrations or other information.

 Incorporate graphics – even if it is just clipart. (And remember, if you do insert artwork or photographs, make sure that you have obtained appropriate permissions from the copyright holder to use them, or that you use images that are proprietary to your organization or in the public domain.)


As a general rule, use a consultative and helpful tone – not a series of threatening “thou shalt” and “thou shalt not.” Rather, convey that the company wants to be successful and wants to do so through compliant and ethical business conduct. Make the employee feel guided, not threatened. Although there may be elements in the Code of Conduct that are “non-negotiable” (e.g., non-retaliation for good-faith reporting, or mandatory participation in compliance training), the overall tone should be consultative, supportive and helpful – as opposed to directive.

Additional Tone Tips:

  • Use pronouns and other “friendlier” terms when referring to employees.

  • Use “us,” “we,” “our,” instead of “the company” – this promotes a sense of being in it together rather than an “us vs. them” mentality.

  • Talk about how everyone can be successful and feel good about working for the company, not just how to avoid problems and legal violations.

Statement of Values

In a rules and values-based Compliance Program, the Code should contain a statement of the values employees can use to interpret how the rules should apply and what to do in the absence of a rule. Explicitly address management’s position that although it is important for the company to be vigorously competitive and successful, it must do so using compliant and ethical business practices. Consequently, the “sale at any cost” approach is not acceptable. This can be a difficult message for employees to believe, so they need to see it backed up by management’s conduct.

Additional Statement of Values Tips:

  • Do not include it if it is not an honest reflection of the company’s culture and management. A statement of values that is broadly perceived as untruthful is worse than no statement at all.

  • Align the statement of values with any other values and mission statements the organization has adopted.

  • Provide guidance for how to handle situations that are not addressed by a rule. For example, “service to the customer is the first concern and should be the foundation for all other decisions and actions.” Alternatively, “Providing high quality safe products is the most important service we provide – everything you do and every decision you make should be based on quality and safety.”

  • Include ways that employees can figure out the right thing to do, e.g., the newspaper test – would the employee want to read about their conduct in the newspaper?.

Directions for Asking Questions and Reporting Concerns

Employees need to know that they are expected to notify the company if they think there is misconduct. They also need to know how to ask questions and report any concerns they have.

Whom do they contact?

Can they go to someone other than their boss?

Can they report a concern anonymously?

What will happen when they report a concern – what is the process?

Will anyone else know they reported a concern?

What if it is an employment issue?

You need to answer all of these questions so employees know what to expect. You also want employees to believe the company takes their reports of possible misconduct seriously and that it will stop any misconduct. Placing this information after the Statement of Values and before the description of Policies tells employees that the company wants to know about problems and fix them.
Additional Reporting Process Tips:

  • Employees are nervous about reporting problems – make them feel comfortable and secure in doing so.

  • Be very clear about what an employee can expect when he or she reports a concern. Answer all of the questions listed above, as well as any others your employees may have.

  • Tell employees what they can expect to be told or not be told about investigation results. For example, tell them they will not be told about employment action that resulted from a report because of the other employee’s right of confidentiality.

  • Tell employees that there can be instances in which there is additional information they are not aware of that can result in a decision that something is not misconduct – and that you may not be able to share that other information with them.

  • Provide multiple alternatives for reporting a concern so if they are uncomfortable with one option, they have others.

  • Explain how anonymity is achieved and maintained.

  • Let employees know that there are times when an anonymous caller’s identity may be known. For example, if an employee who has been working with Human Resources also makes an anonymous call to the hotline, the company may be able to identify the anonymous caller. State how the company will deal with that type of situation.

  • Tell employees that if they report something anonymously, additional information is sometimes required to complete an investigation and if the anonymous reporter does not provide the requested information, the case may have to be closed.

  • Let them know that there are some types of issues, such as many employee relations issues, that can not be handled anonymously.

Note: If you have separate communication collateral about the hotline, such as a brochure, incorporate some of these tips in it instead of the Code. If there is no other communication collateral about the hotline, then include the information in the Code.
Non-Retaliation Promise

Because employees are afraid of retaliation if they report a problem, the Code must assure them that the company has and strictly enforces a non-retaliation policy (and the organization must adhere to this policy). Employees are very concerned and sensitive about what can happen to them if they report a problem – especially about something management is doing. They are even more concerned if their boss is involved.

The promise should include a commitment to discipline anyone who retaliates against another employee. The non-retaliation promise is not very meaningful if there are no real consequences to the retaliator.
The Code should also instruct employees what to do if they think they are a retaliation victim. Tell employees to immediately contact Human Resources and/or call the hotline. Remind them that this type of issue can not be addressed on an anonymous basis.
Additional Non-Retaliation Tips:

  • Have a stand-alone non-retaliation policy that is separate from non-retaliation in a sexual harassment and discrimination policy.

  • Include in the policy a provision for disciplinary action for anyone who retaliates against another employee.

  • This is one of the few cases in which clearly stated and definitive “thou shalt” and “thou shalt not” is appropriate.

Easy to Read and Understand Description of the Important Policies

Do not make the Code the sole source of information about the company’s policies. A Code that is the sole source of the company’s policies will result in an ineffective Code. Complete policies should be available elsewhere – such as an employee handbook and/or policy manual.

Include summaries of the most important policies in the Code. Organize and write the policy summaries so they are intuitive and easy for the reader to follow and understand.
Instead of saying, “Do not violate insider trading laws,” explain what insider trading is and provide examples of how it can occur. The average employee may not know how insider trading can occur. They may not know that providing tips to someone else who buys or sells the stock is an insider trading violation, or, that the law applies to information they have about another company.
Instead of saying “It is against company policy for family members to report to each other,” state “In order to avoid the bad feelings and other problems that can occur when family members report for each other, we do not allow one family member to have a reporting relationship to another family member.”
This approach may result in a slightly longer Code, but if you provide explanation and examples, employees are more likely to read, use and understand it.
Do not summarize all of the company’s policies – only those that are higher-risk issues and/or applicable to most employees. Either omit or include only very brief discussion about any policies that are low risk or applicable to only a limited number of employees.
Which policies do you include? A payor or managed care organization may have dozens, if not hundreds, of policies. To decide which ones to include in the Code:
(1) List your policies; and

(2) Decide which policies are either (a) most important to your organization’s compliant and ethical business practices; and/or (b) apply to most employees

In addition to providing employees with specific information about the higher-risk policies, use the Code to remind employees in the Code about the other policies they are required to comply with and where they can find them. Following is a list of policies, organized by general category, that your organization may choose to identify, in varying levels of detail, in the Code of Conduct:

Business Practices

  • Accounting and Accurate Record Keeping

  • Accurate Billing Practices

  • Business Courtesies (Receiving and Giving Gifts, Gratuities and Entertainment)

  • Charitable Contributions

  • Environmental Protection

  • Fraud, Abuse and Theft

  • Government Contracting

  • Government Interviews of Company Employees

  • Kickbacks and Rebates

  • Product Quality and Safety

  • Protecting Shareholder Rights

  • Records Retention

  • Regulatory Compliance

  • Sales and Marketing

  • Tax-exempt Status

  • Truth in Advertising, Marketing and Sales

  • Using Agents, Representatives, Contractors and Consultants


  • Antitrust

  • Competitive Information

  • Competitor Relations and Disparagement

Compliance Program

  • Compliance Hotline

  • Reporting Possible Misconduct

  • Investigations and Corrective Actions

Conflicts of Interest

  • Avoiding Conflicts of Interest

  • Boards of Directors/Trustees

  • Honoraria

  • Insider Trading

  • Outside Directorships

  • Outside Financial Interests

  • Public Office

  • Services for Competitors/Vendors

Employment Practices and Employee Conduct

  • Community Activity

  • Discrimination and Harassment

  • Drug-Free Workplace

  • Email and Internet Usage

  • Employee Privacy

  • Labor Relations

  • Non-Retaliation

Health, Safety and Security

  • Emergency Action

  • Fire Safety

  • First Aid

  • Hazard Communication Program

  • Injury Records

  • Safety Committee

  • Severe Weather


  • Enrollee/Member Privacy

  • Employee Information

  • Personnel Actions/Decisions

  • Proprietary Information

Member/Enrollee Rights

  • Appeals

  • Quality

  • Privacy

  • Non-Discrimination

Political and Community Activities

  • Community Relations and Support

  • Lobbying

  • Personal Community Activities

  • Political Activities

Protection of Assets

  • Information Security

  • Personal Use of Company Assets

  • Travel and Entertainment Reimbursement

Public Communications and Relations

  • Crisis Communications

  • Disclosure of Information to the Public, the Media and Analysts

Instead of addressing the employment and employee relations policies in the Code, you may decide to refer readers to the employee handbook. Or, you may decide to include some of the higher-risk employment issues in the Code. For example, the Code may include information about sexual harassment and discrimination, drug-free workplace, non-retaliation and anything else that is particularly important to the company. In that case, also refer employees to the employee handbook for the other policies.

Additional Policy Content Tips:

  • If length is an issue, refer to the location of the other policies and focus attention on the highest risk issues for your business.

  • Organize the policies so the flow is logical and intuitive to the reader.

  • Provide examples of appropriate and inappropriate conduct that the employees can recognize.

  • If possible, explain why the policy is good for them.

Other Recommendations
Versioning and Archiving

Know what version of the Code was in effect when. This information may be important if your organization is investigated or subject to any enforcement action. Fines and penalties can be reduced under the organizational sentencing guidelines if an effective compliance program was in place at the time of the misconduct. To prove an effective compliance program, you need to know which version of the Code was in effect when the misconduct happened.

Clearly identify the version of the Code (as well as all policies and other elements of the Compliance Program) on the document itself. You will also need to be able to produce the Code, so archive all versions of the Code for easy retrieval at a later date.
Although there should be some type of reference within the Code (and other compliance documents) that identifies the version, you can track more detailed information, such as when it became effective, in a separate log. If you are not maintaining a separate log, then include the effective date in the document.
References to Other Policies

The Code may be the only statement of a policy or it may be summarizing a policy that exists independent of the Code. If the Code summarizes another policy, then reference the full policy and where it can be located. If the policy that is referenced is changed, make sure you update the Code to ensure consistency (and vice versa).

Distributing and Webizing

You need to make sure that employees actually have access to the Code – either through distribution of a paper copy and/or posting it on the company intranet. If an organization has an intranet, consider “webizing” the Code and posting it on the intranet, including links to other related documents that are available on the intranet, e.g., the employee manual. This improves the accessibility of the Code. If most employees have access to the intranet and the Code is available on the intranet, you can enhance its profile and availability.

Employee Awareness

Regularly and repeatedly remind employees about the Code. Do not remind employees about the code just once a year. In newsletters, meetings or emails and any other employee communication avenues you have, remind employees that there is a Code and about certain issues addressed in it.

Employees receive so much information that reminders about the Code are necessary long after you are tired of sending them out. Plus, you need to catch the new employees who did not receive all of the previous messages.
Acknowledgments or Certifications

Decide whether to require employees to acknowledge or certify they received, read and understood the Code. If you are going to require acknowledgements or certifications, consider alternatives to the typical paper chase. For example, consider a web-based acknowledgement, making certification part of the annual review processes, etc. Whatever methodology you adopt, make sure you can manage it. In addition, you should also make sure that consequences for not submitting acknowledgments or certifications are: (1) communicated to employees; (2) actually enforced; and (3) enforced consistently. If there are no consequences, or if those consequences are not enforced consistently, this will undermine your organization’s claim that the Compliance Program is effective.

Posting the Code on the Internet

Decide whether to post the Code on the company’s public internet site. An increasing number of companies are doing so. Alternatively, some companies just have a discussion on their website about their commitment to compliance and ethics.

Before posting the Code of Conduct on the company’s website, consider the potentially positive and negative implications of making it available to the general public. On the one hand, it reflects a commitment by the organization to ethical and compliant business practices. On the other hand, it will be scrutinized (and criticized) by others, including the media, your enrollees and members, regulators and litigants. In addition, by making the Code available on the internet, you will also be making your contact information (such as hotline number) available to the public, which may or may not be desirable.

Sample Codes of Conduct
If a company posts its Code on its website, it is often, but not always, available on the “Corporate Governance” page. Codes of Conducts from other organizations, even if they are from different industries, can be helpful to decide on the type of Code your organization wants to develop. The following companies’ Codes of Conduct are available on the internet. They may or may not follow the characteristics listed above. They tend to be for larger companies. Even if you are a small organization, these Codes can still provide ideas about what may or may not work for your organization.



Baxter Pharmaceutical


Bell South




Bristol Myers




HCA, The Health Care Company


Jet Propulsion Labs



( goverance/codeconduct.doc)





UnitedHealth Group


Code of Conduct Evaluation and Scoring Tool









Weight x Value = Score


Weight - 2

No mention of Code of Conduct purpose.

Identifies purpose of Code of Conduct.

Message from CEO reinforcing importance of code and it’s purpose.

Weight = 2

Value =

Score =


Weight - 1

No audience specified.

Specifies audience as employees only. Other categories of individuals not addressed.

Specifies employees and others or addresses how other groups are bound by a code (trustees, employees, company officers, agents/brokers, vendors/suppliers, contractors/consultants, subsidiaries, students/residents, volunteers).

Weight = 1

Value =

Score =


Weight - 3

__8-10th grade reading level

__Plain, direct language (layperson vs. legalese)

__Uncomplicated syntax

__Active voice

__Sentences 14 words or less and __Paragraphs no more than 5 lines

__One-and two syllable words

__Acronyms defined – no jargon
0-2 of the above


5 or more

Weight = 3

Value =

Score =


Weight - 2

__User friendly


__Plenty of white space

__Established brand

__Headers and titles

__Vary font size and format



__Call out of important information


0-3 of the above


8 or more

Weight = 2

Value =

Score =


Weight - 1

Uses a directive (“thou salt not”) and threatening tone throughout the document.

Consistently uses a consultative tone throughout the document. Makes employee feel guided, not threatened.

Overall, uses a consultative and helpful tone, selectively using a directive tone when appropriate (e.g. non-retaliation).

Weight = 1

Value =

Score =

Statement of Values

Weight - 2

Values presented are not an honest reflection of the company’s culture and management.

No value statement is included in the code of conduct.

A statement is included describing how the code is aligned with other company values and the organizations mission statement.

Weight = 2

Value =

Score =


Weight - 3

Reporting is not addressed.

The process of how to report a code violation is described.

Along with a description of the process for reporting code violations, the code includes an explanation of why individuals are obligated to report violations and an explanation of what will happen when they report a potential violation.

Weight = 3

Value =

Score =


Weight - 3

Absence of non-retaliation language.
The code includes non-retaliation language but, in practice, it is not followed.

Non-retaliation language is included along with a commitment to discipline employees who retaliate.

In addition to having non-retaliation language and a commitment to discipline employees who retaliate, the code includes instructions about what to do if an employee is retaliated against.

Weight = 3

Value =

Score =

Policy Description

Weight - 3

Code is sole source of policies.
Policies are oversimplified.
Policies are too detailed.

All policies are listed (title only) along with directions on how to locate the policy.

Summaries of the policies most important to the compliance and ethics program and/or policies that apply to most employees are included along with directions on how to access the entire policy.

Weight = 3

Value =

Score =


Weight - 2

Different versions are not maintained.

A history of the document is maintained but it is not easily identifiable on the policy.

Current and previous versions of a policy are maintained and are easily identified.

Weight = 2

Value =

Score =


Weight - 3

No formal process to distribute the code.

Annual distribution to all employees along with periodic announcements of revisions/updates. New employees receive a copy of the code.

Available at all times electronically with periodic announcements of revisions/updates. New employees receive a copy of the code.

Weight = 3

Value =

Score =

Employee Awareness

Weight - 3

No reminder

Annual reminder

Multiple avenues for reminding employees throughout the year.

Weight = 3

Value =

Score =


Weight - 3

No acknowledgement required of employees

One-time acknowledgement when employee initially receives the code.

Annual acknowledgement that the employee has access to, read, and understands the Code of Conduct.

Weight = 3

Value =

Score =


1 HCCA’s Payor/Managed Care Compliance Focus Group’s Code of Conduct Benchmarking Work Group would like to thank Vickie McCormick, Halleland Lewis Nilan Sipkins & Johnson, for her generosity in letting the work group plagiarize a substantial portion of her previous work on this subject.

2 See, Managing Ethics and Legal Compliance: What Works and What Hurts, A Summary of a 1999 Study by Arthur Andersen. You can request a copy of this report from Vickie McCormick, Halleland Lewis Nilan Sipkins & Johnson at

HCCA Payor/Managed Care CFG Work Group

Code of Conduct Benchmarking & Evaluation Tool

Page of

Version 1.0

The database is protected by copyright © 2016
send message

    Main page