Regulatory – Regulations / Legislation

Service: Risk Management
Subject: Regulatory
Type: Risk Profiles

The risk of not meeting regulatory and legislative requirements, internal policies and procedures, directives, and legal agreements may be linked to insufficient resources, increased complexity, and intensity of requirements, as well a rapid and continuous evolution of legislative landscape. Impacts could include reputational loss, significant use of resources, financial implications, or litigation. This document contains information entered by HIROC Subscriber healthcare organizations (acute and non-acute) in the Risk Register application to help you in your assessment of this risk.

Key Controls / Mitigation Strategies

  • Compliance Management 
    • In-house or external legal counsel is consulted on appropriate application of legislation to help proactively adjust to changing legislative environments
    • Continuous communication to stakeholders as new laws, regulations and standards are developed
    • Compliance Framework that defines, documents, and continuously updates regulatory requirements/responsibilities. Includes activities to sustain or enhance compliance.
    • Registries of applicable legislation, regulations and corporate policies. Designated leads (e.g. by portfolio) to ensure integration of changes and updates in legislation.
    • Active participation in local and/or provincial working groups, advisory committees, and expert panels to monitor progress of recommendations and determine impact of legislative, regulatory and policy changes
    • Partnerships with other healthcare organizations for best practices, policy and regulatory requirements/interpretations. Lessons learned are shared with peer organizations.
    • Contract compliance including signing authority policy with established framework for identifying who can bind the organization
    • Process for reviewing agreements that focus on identification of actual, potential or perceived conflicts of interests
    • Use of both legislative compliance exercises and enterprise risk discussions to identify areas of non-compliance and develop plans to address gaps
    • Action plan to monitor any identified areas of potential non-compliance
    • Quality Improvement workplan incorporates regulatory requirements
    • Hospital/health region credentialling processes conform to all statutory requirements
  • Policy and Procedure Management 
    • Formal processes to review established policies and procedures 
    • Policies and procedures adhere to government and regulatory requirements, including new regulations 
    • Dedicated resources allocated for policy management to review current process and identify recommendations for improvement
    • Electronic database to track policies and procedures due for revision 
    • Policy writing toolkit to ensure consistency
    • Title pages to policies highlight key messages to assist managers with education and rollout
    • Established cataloging system for corporate policies with alignment to operations (e.g., Finance, Human Resources, patient care, etc.)
    • Formal education and rollout strategy of new or updated policies and procedures. Ensure a process is in place to require users to confirm understanding and acceptance.
    • Compliance with policies and procedures 
    • Retention and destruction of corporate records policy establishes a framework for retaining key documents, including agreements 
    • Governance
      • o    By-laws and constitution reviews 
      • o    Legal Counsel documents are reviewed and current (e.g. Government filings, leases, etc.)
      • o    Reviews to ensure minutes are signed bi-annually

Monitoring / Indicators:

  • Audit and Monitoring Program, including regular external and internal audits
  • Training completion rates (e.g., privacy and confidentiality, information security)
  • Number of outdated corporate policies and procedures 
  • Decreased number of employees stating they were not aware of policies
  • Decreased number of outdated corporate policies and procedures
  • Metrics for compliance where process auditing is in place (e.g. professional practice evaluation processes, hand hygiene, and privacy)
  • Annual attestation of compliance with relevant policies
  • Inspection with code updates (e.g. Fire, Building, and Electrical)
  • Statutory filing up to date
  • Number of work refusals
  • Number of tickets issued by Ministry of Labour
  • Integration of Key Performance Indicators of core regulatory operations into workplans 
  • Number of compliance order(s) (Long Term Care Sector)
  • Theme of compliance order(s) (Long Term Care Sector)
  • Monitoring of sector changes to legislation
Date last reviewed:
This is a resource for quality assurance and risk management purposes only, and is not intended to provide or replace legal or medical advice or reflect standards of care and/or standards of practice of a regulatory body. The information contained in this resource was deemed accurate at the time of publication, however, practices may change without notice.