Compliance HouseCompliance is becoming increasingly important outside the financial sector, for instance in the healthcare sector. By compliance we mean promoting and enforcing compliance with both external laws and regulations and internal rules and standards, as well as the integrity of the organisation and its employees, with focus on managing risks and preventing damage resulting from risks. Compliance is inseparable from risk management, which can be described as the combining and coordination of the management of business risks throughout the organisation.Benieuwd naar hoe uw onderneming er in het kader van compliance voor staat en wat Compliance House voor u kan betekenen?
Neem dan contact op met onze specialisten

Neem Contact Op


The fact that healthcare is different from the business sector in several respects implies that additional requirements must be imposed on the management and supervision in healthcare and within healthcare institutions (‘governance’). This is also the subject that has received a great deal of political attention in recent years. It is very important to keep the governance within a healthcare institution organised. In practice, this does not always go well. In recent years, various healthcare institutions have been in the news due to scandals and bankruptcies caused by poor governance. The most well-known headlines were Slotervaart and the IJsselmeer hospitals.
Compliance house
Regulations can help prevent problems, but in order to reduce the risks of problems, it is of the greatest importance that governance in healthcare is more professionalized. Insight and awareness of the different roles and responsibilities of the directors and supervisors require professional expertise. According to current legislation and regulations, the most important tasks and responsibilities lie with the board of directors, the supervisory board, the compliance officer, the management secretary, the works council, the client council and the medical staff within the healthcare institution. The concrete execution of the roles also depends on the type of healthcare institution, the situation in which it operates and the internal regulatory system, which is laid down in the articles of association.

Risk management

Compliance in healthcare is a complicated but necessary process to create order in the complex organization and to effectively manage risks. This requires support and active cooperation of all parties involved in gaining insight into the established responsibilities, legislation and internal/external regulations as well as their implementation. The scope of the compliance and risk management function includes all relevant risk areas:

  • That relate to the legal entity;

  • Which represents the centre of activities in the field of healthcare provision (research and education);

  • All related internal codes of conduct.

The most important risks that can be distinguished are:

  • Patient risks (in particular patient safety);

  • Reputational damage;

  • Environmental risks;

  • Company safety (especially fire safety);

  • Terrorism risk;

  • Liability risks.

Risks can be approached in four ways: by eliminating, transferring, reducing or accepting them. Considering the mission and vision, the organisation will constantly have to make choices when analysing and optimising risk management. It is also relevant to choose between what is (legally) necessary and what would be wise if more resources were available.


The goal of compliance and risk management is to bring the organisation more ‘in control’ when it comes to compliance with external and internal laws and regulations, guidelines. Tasks also include procedures and instructions in order to manage unacceptable risks in the selected risk areas, as well as possible to ensure optimal patient safety. Compliance and risk management creates significant benefits:

  • More insight;

  • Improved accessibility;

  • Better supervision;

  • Less overlap;

  • Ability to report in transparently.

Good practice

The following elements are important for an effective, regulatory and incentive compliance program:

  • The tone of the leadership at the top;

  • Risk analysis and control through hard and soft controls;

  • A clear code of conduct;

  • Communication and behavioural programme;

  • Adequate organisation of the compliance function;

  • Open reporting culture;

  • Continuous monitoring, control and follow-up.

Once the relevant legislation as well as the (external and) internal regulations, guidelines, procedures and instructions of the risk have been analysed, there will be verification of areas with the greatest risks of non-compliance.
This will reveal contradictory, over-lapping and/or outdated internal rules and procedures. These must then be eliminated. The most workable option is to jointly involve a group of employees from the various departments in the cleaning procedure. This process is also very suitable for harmonising and streamlining operations as well as exchanging best practices between business units.

Compliance Officer in de zorg

An important factor for the success of implementation is its supervision. A compliance officer takes care of this and coordinates the compliance process while maintaining an overview of the compliance policy. This includes issues such as safety, protection of personal data and competition law. The compliance officer is responsible for the following tasks:

  • Development and coordination;

  • Monitoring and auditing;

  • Advising and answering questions regarding compliance;

  • Periodically reviewing amendments to laws and regulations;

  • Updating the risk inventory and risk assessment;

  • Management of the possible crisis. This requires an up-to-date crisis plan. The plan includes how internal (employees, clients, supervisory board and external communication (with press, Inspectorate, care office and municipality) will proceed in the event of a crisis.

It is important that the compliance officer is able to operate at the same time with daily pressure and acting with importance of integrity. Because of the high level of attention for the healthcare sector by the media and public opinion, are also transparency, the prevention of loss of reputation and sanctions part of the duties.


The Healthcare Governance Committee can act if an interested party thinks that a healthcare institution does not comply with legislation and regulations. The Governance committee investigates of the healthcare institution perform in accordance with the Healthcare Governance Code 2017. If the Governance committee is of the opinion that a healthcare institution does not apply this code correctly, then the health institution will be addressed, and they will have to adjust the governance in line with the committee’s opinion. If this does not happen, the sector organisations such as the Dutch Healthcare Authority (‘NZa’) and the Healthcare and Youth Inspectorate (‘IGJ’) may take action.
Compliance house
The NZa and the IGJ see to it that healthcare institutions provide good, affordable and accessible care. More specifically, the IGJ monitors the quality and safety of care. The IGJ also examines how the cooperation between care providers progresses. The NZa stimulates the affordability, accessibility and transparency of care, good governance, compliance with the duty of care by health insurers and concentration in care. The NZa supervises good governance together with the IGJ. As soon as NZa and the IGJ receive signals that something may be wrong, they intervene.


Laws and regulations, sector standards and their application are constantly changing, as are the circumstances in which the organisation operates. It is advisable to change the compliance policy where necessary, and regularly adjust the policy to avoid uncoordinated ad hoc actions and the associated risks. It is good to keep in mind that it is not only laws and regulations that can lead to change. Actual changes such as downsizing or enlarging the organization or a merger, for example, may also lead to evaluation and adjustment of the policy.We can examine your entire organisation in a short period for the most relevant risk and compliance aspects. In this process, we focus also on the structure of compliance within the organization. We outline the most important laws and (internal) regulations and the relationship with the management, external supervisors and other risk management functions. Where necessary, we provide concrete recommendations for improvement. We also pay attention to the culture and behaviour of the organisation because, according to our vision, this is inseparably linked to compliance and the implementation of legislation and regulations.Benieuwd naar hoe uw onderneming er in het kader van compliance voor staat en wat Compliance House voor u kan betekenen?
Neem dan contact op met onze specialisten

Neem Contact Op