The Basics

Core 22 is what I call the "mini-HIPAA" standard, even though it predates HIPAA's privacy rules.  It requires that the organization describe how Individually Identifiable Health Information ("IIHI") will be used and limit that use to those people for whom the use is necessary for business purposes.  The organization must identify who will have access to IIHI and for what purposes, to mandate anyone who might touch IIHI (employees, contractors, committee- and board-members) to keep IIHI private, and to require such people to sign a confidentiality statement.

URAC Accreditation Tips

Your HIPAA P&Ps and evidence of training on those P&Ps will suffice for purposes of the AccreditNet submission. However, one word of caution -- make sure that you don't limit this to employees. The most common mistake we've seen in our clients' applications is to have the privacy P&Ps apply to employees only, leaving out members of the governing board and/or non-employee members of committees (e.g., quality management and credentialing). Note that subsections (e) and (f) are quite specific about this.

One other thing about (f) -- this refers to patient confidentiality, not the confidentiality associated with proprietary information.  Make sure your documentation -- particularly the training and signed statements -- is clear on this point. 

The onsite review will involve an interview with the privacy officer, a close examination of signed confidentiality statements from employees, committee members, and board members, and training and other documentation regarding implementation of your privacy P&Ps.

Note that this is a mandatory standard -- no getting accredited without this one!

URAC Accreditation Tips

Core 1 requires that your organization clearly defines its structure, roles, and responsibilities.  This 3-weighted standard is rather straightforward and seldom the subject of a comment by URAC reviewers. Its purpose is to give the reviewer an understanding of the structure, ownership, and reporting mechanisms of the organization. The applicant should submit organizational charts at both the macro level (with senior organizational leadership described) and at the department level for the departments who are the subject of the accreditation under consideration. Additionally, organizational charts should show key committees, especially the Quality Management Committee and any other accreditation-relevant committees (e.g., credentialing committees for Health Plans and Health Networks). Any official company documents that describe the organization, particular the services that are the subject of the accreditation, will help, too.

If you submit these charts and program descriptions, you probably won't get any comments from the URAC reviewer. However, you may be asked for more information beyond this if there is something about the ownership structure that is unclear. For example, if you have a holding company or corporate affiliate, the name of which is all over your company documents but not reflected in the organizational charts, the reviewer may ask for some more detail.

The onsite review will simply be focused on making sure that what you said in the application is, in fact, the truth in practice. The interpretive guide says the following about the onsite review:

Recent (within past 6 months) reports demonstrating organizational oversight: reports will be analyzed along with any meeting minutes where they were presented and discussed

This review of reports and committee minutes, however, will be going on anyway in connection with other standards, so very little happens specifically and exclusively in connection with this standard.

The Basics

This standard requires that the organization operate a formal employee assessment program that contains two essential features: (1) an annual review, and (2) the review of documentation produced by the employee.

Management Tips

Some organizations have tried to meet the intent of this standard, and particularly the requirement that the appraisal include a review of documentation produced by the employee, by including in the template appraisal form a section allowing the employee to comment on his/her performance or on the supervisor's appraisal.  It is increasingly clear that this will not suffice.  Rather, your P&P and your template appraisal should be written to require and document that the supervisor looked a actual documentation produced by the employee in the course of performing his/her job.  

URAC Accreditation Tips

You need not submit an actual review in the initial, AccreditNet phase.  A template will suffice.  As usual, however, you also must submit a P&P that requires both the annual appraisal and a review of the documents produced by the employee.

The onsite review will involve an actual examination of the last one or two performance appraisals from the selected employees' personnel files.  

The Basics

Core 21 requires mechanisms to assure clear communications about services to clients and consumers and protections against misleading communications.  These mechanisms must operate before a marketing piece goes out and, in addition, in a process of ongoing monitoring for accuracy.  Finally, this review must happen through an interdepartmental process.

It is important to note that even organizations that have no direct contact with consumers must comply with this standard, as it covers communications with clients, as well. 

It is also very important for everybody involved with the organization's communications to understand that this standard does not apply only to newly-developed marketing materials.  Note that subsection (d) applies to existing materials.  Therefore, not only your policy and procedure, but also your execution of that policy, must include a documented periodic review of existing marketing materials for accuracy. 

Management Tips

While the intent of this standard is to assure that the information that applicants give to consumers about their services are accurate, it is not the kind of standard about which the URAC reviewer can directly assess compliance.  In other words, it is highly unlikely that the reviewer will be able to look at a piece of marketing material and determine that it is a misrepresentation about the organization’s services. 

The only example of this kind of direct assessment of compliance with the standard that I can recall had to do with the use of the URAC logo to signify accreditation status.  One thing about which URAC is quite clear is which organizations have received accreditation and for what programs.  If you use the logo in a way that suggests the scope of your accreditation is broader than it truly is, in that case, URAC is likely both to detect it and frown upon it.  Otherwise, however, the assessment of compliance with the standard is largely a process-oriented assessment. 

URAC Accreditation Tips

The reviewer will focus his/her attention on mechanisms and processes.  Our baseline recommendations for compliance with the standard are:

• A policy and procedure that clearly describes the full array of mechanisms for communicating with consumers and clients, including those components of the processes that address assuring the accuracy of those communications;
• Documentation (meeting minutes for marketing materials review audit sheets) clearly demonstrating that the materials review process was interdepartmental;
• Documentation that all current marketing materials, whether print or electronic, have been subject to this interdepartmental review process.

The Basics

Core 13(d) requires that the organization implement a system for the "storage, maintenance, and destruction" of information.  This is not a pure IT-department standard, as it includes not only electronic information but also paper-stored information.  

IT employees need to know the company's policies for all information, in case the reviewer should ask, even though this is not only an IT issue.  

Management Tips

Consider developing a comprehensive P&P dealing just with the issue of storage, maintenance, and destruction of information, making sure that it is inclusive of all information.  Such a P&P therefore would address not only such things as hard drives, disk drives, and back-up media, but paper shredding, policies about documentation retention, and the like.  

URAC Accreditation Tips

This is a primary element of a mandatory standard, and is a bit tricky if you are not paying attention. The most straightforward aspect of the subsection is expressed in this paragraph of the “Points to Remember”:

A plan for storage, maintenance, and destruction would include where information would be stored, how it could be retrieved, who is responsible for stored information, who could have access or approves access, how long information would be maintained before it is destroyed (if it is ever to be destroyed), and how it would be destroyed.

The trickier, and more frequently missed understanding of the standard is in the very next paragraph of the program guide:

Note storage, maintenance and destruction of information applies to both electronic and paper documentation.

I guess that this is overlooked most frequently because compliance with Core 13 is usually turned over to the IT folks, who typically don’t pay an awful lot of attention to paper. URAC is very clear, though, not only in the Program Guide, but also in interpretation by its reviewers, that your policies and procedures must specifically address storage, maintenance, and destruction of print data, as well as electronic data.

The Basics

Standard Core 12 requires that the organization have mechanisms for interdepartmental coordination that weave QM, administrative and, where applicable, clinical functions. What this means to all employees is that you need to see yourself as working in a team with people from other departments, and be familiar with how communication among departments happens in your organization.  Teamwork might happen via committees with representatives of multiple departments, or less formally through emails, impromptu meetings, or in-house newsletters.  Just be ready, if asked, to describe how your or people in your department interface with people in other departments, in as many ways as possible.

URAC Accreditation Tips

This seemingly straightforward standard has been the subject of increasingly rigorous interpretation in the last couple of years. It is rated "4", and is therefore worth spending a little extra time on.

The Program Guide is quite clear about the documents that will be reviewed on Desktop Review:

• Agenda and attendance roster for recent three (3) inter-departmental meeting minutes: please identify the attendees by name, credentials, and affiliation/department
• Job descriptions or temporary staff assignments for staff functioning as a liaison to other departments
• QI project description: see “Accreditation Tools” for a sample template

Despite the clarity of this guidance, however, some applicants have overlooked essential requirements. For example, some have submitted minutes of inter-departmental meetings without identifying the name, credentials, and department affiliation of the attendees. Without this information, there is no way for the reviewer to know that the meeting was, in fact, "inter-departmental".

Some applicants have failed to demonstrate in their documentation that interdepartmental meetings dealt with quality improvement issues. The reviewer will need to see relevant documentation addressing the mechanisms to promote communication, collaboration, and coordination across disciplines and departments as they relate to quality improvement initiatives, not merely the integration of administrative activities. Don't overlook the possibility of submitting a quality improvement project description form that, in and of itself, contains documentation of inter-departmental coordination.

The Basics

Core 6 requires the implementation of a P&P policy to conduct a verification the licenses and credentials of personnel (including consultants) who are required to be licensed and certified.  This verification must occur upon hire, and no less frequently than 3 years after hire.

In addition, Core 6 places an obligation on such staff members to notify the organization of any adverse change in licensure or certification status.  Finally, the organization's P&P on the topic needs to empower and require the organization to take corrective action when it learns of such adverse changes in the licensure or certification status.

Management Tips

It is important to note that the scope of the standard is broad: "licensed or certified personnel/consultants". While these are not defined terms, it is fairly clear that the URAC standard would sweep up a pretty broad array of licensed and certified people, not just employees.

Another thing to note is that the standard applies not only to licensure, but also to certification. This is particularly important with respect to accreditation standards such as case management, where certification might be a requirement. Be sure, therefore, that your process of verification, both as described in your policy and procedure and in practice, includes all certifications that might be required by the particular accreditation standards under which you are applying or by your own policies and procedures.

Finally, make sure not only that your policy and procedure on the subject imposes an affirmative obligation on the licensed personnel and consultants to notify the organization of adverse changes in licensure or certification status, but that everybody has been trained on this obligation. It would not be a good thing in an interview with a member of your staff if it became apparent that this requirement was unknown to licensed or certified staff members.

URAC Accreditation Tips

This standard is mandatory. Furthermore, every subsection of the standard is a "primary element", which means that there is no aspect of the standard that an organization can miss and still expect to gain full accreditation.

The documentation required for the standard in the application is straightforward: job descriptions and a policy and procedure that addresses all three elements of the standard.

The documentation for the on-site review, on the other hand, is usually where the problems arise, if there are any. During the on-site review, the URAC reviewer will request a listing of all the members of the staff (at least those that are the subject of the review), randomly select several of the staff members, and ask to see their personnel files. The reviewer will be checking the job description and resume of each of the selected employees to see if the employees meet the requirements of the job as described in the job description. In addition, the reviewer will be looking for evidence that the employee's required licenses and certifications have been verified. Therefore, a best practice is for the organization to conduct periodic audits of all of its clinical staff members' personnel files to make sure that this is happening on ongoing basis, and particularly before the reviewer arrives.

The Basics

Core 3 requires that your organization operate under policies and procedures ("P&Ps").  This is an incredibly important standard.  It requires several things of all employees.  First, you need to know where your organization's "master list of P&Ps" is.  If you don't know, find out.

Second, you need to be able to access -- quickly and easily -- the specific P&Ps that apply to your job.  Again, if you don't know, find out.

Third, you need to do your job in accord with those P&Ps.  Failing to do so is, itself, a way to miss this standard, even if what you are doing complies with the applicable URAC standard.  For example, if you are in the IT department performing an activity (e.g., destruction of old data) in a way that complies with the applicable URAC standard, you'll miss points under this standard anyway if you are doing it in a way that is inconsistent with your organization's P&P on the subject.  So, if your P&P inaccurately describes the way things are done, get whoever is in charge of your P&Ps to change the P&P to fit reality.

Management Tips

Core 3 sets forth a number of requirements for an organization's policies and procedures (P&P) processes.  URACrequires that the organization complies with its P&Ps, maint a list, keep them up-to-date through an annual review, and leave a paper-trail for each P&P of its effective, review, and revision dates, as well as who (or what committee) approves each P&P.

The standard applies "to the key services and internal programs established by the applicant. For purposes of accreditation, the policies and procedures that cover primary health care-related program services will be examined for compliance with these standards." So, while its scope is broad, many organizations will have a number of policies and procedures that are not affected by the requirements of the standard. As the Program Guide notes, "Policies and procedures covering general personnel, accounting, office management, and other such support services for the organization are not required as evidence for meeting these standards."

Third, mere maintenance of policies and procedures will not suffice. One of the most powerful two-word phrases in all of the URAC standards is subsection (a)'s "and complies". The effect of this phrase is to transform all your organization's policies and procedures into accreditation standards. In other words, even if you are complying with a particular URAC standard, if you are not in compliance with your own policy and procedure on the topic, you may run afoul of Core 3(a). And that would be very bad.

Fourth, one of the more frequently missed elements of this standard is Core 3(d)(i). While it may not be evident from the language of the standard, "review" and "revision" can be two entirely different events happening on entirely different dates. For example, if you review a policy without revising, your policy and procedure and/or your master list of P&Ps will need to indicate both dates, not simply the most recent day that somebody in authority looked at the policy. Therefore, either your P&P or your master list should have one place for the effective date, another place for the most recent revision, and another place for the most recent review.

URAC Accreditation Tips

Compliance with your P&Ps is mandatory. Mess up subsection (a), the only primary element of the standard, and you will do no better than a Conditional Accreditation.

Management Tips

What will the URAC reviewers find when they pull a random sample of your employees' personnel files? What should they find?

The URAC standards are rife with requirements that are likely to be evidenced in your personnel files. Because these standards are scattered throughout the Core module, it may not be immediately apparent what a URAC applicant should have in its personnel files.

Here's a short list, taken from an actual URAC onsite review agenda one of our clients just received from URAC, rearranged for clarity's sake:

Evidence of Training

• Conflict of Interest Training
• Education on URAC Standards
• Continuing Education
• Orientation to job
• Staff Confidentiality Statements
• Regulatory Training
• Fraud & Abuse Training

Other documentary requirements

• Annual Performance Review Process
• Job description/qualification evaluation

Special requirements for clinical staff

• Scope of Practice Attestations
• License verification
• Certification verification

Particularly if your organization is a first-time applicant, you may be realizing that your personnel files don't have all these documents. What do you do now?

We recommend this four-step approach:

1. Conduct a thorough initial assessment. How bad is it? Take a random sample of your employee files and run down the above list for each one. Using this list to perform a gap analysis that will let you know the difference between what you have and what you need to have by the time the reviewers arrive.
2. Look for alternative sources of information. Now that you know what you need, find out whether you have that information, but not in the personnel files. For example, if your company has a centralized training tracking function, you may be able to take care of demonstrating compliance with all or most of the training documentation requirements through that tracking function.
3. Make a plan. With those items that are neither in the personnel files nor in a centralized function, you need to make a written plan, with specific time lines (that end before the reviewers arrive!), for pulling your files into compliance with the URAC standards. The discipline of going through such an exercise will be necessary, as may be the assistance of temporary help if your staff doesn't have the capacity to handle this task.
4. Look to the future. Once you have your personnel files in order and compliant with the URAC standards, make sure your policies and procedures are written in such a way to keep those files up-to-date. It will do no good to get the files into compliance this year if, for example, you are not doing annual performance reviews for all your employees and getting the results of those reviews into your personnel files.

Well-kept personnel files will help you meet the requirements of a significant number of important Core standards. Getting them into compliance may take some time, so start now.

One of the areas in which the new emphasis on error reduction and consumer safety is Core 37 (Core 35 in v. 2.1).  The standard requires two quality improvement projects (QIPs).  One of the QIPs must focus on consumers or client services, relate  to key quality indicators, and involve senior clinical staff oversight if it is a clinical QIP.  The other QIP must involve consumer safety (if the organization is applying for HUM, WCUM,
HCC, HP, DM, IRO, or CM accreditation), or error reduction, if the accreditation sought is not one of those listed.

There are a few key things to keep in mind about this standard and the quality improvement programs (QIPs) it mandates:

• URAC reviewers will interview the senior clinical staff person to assess his/her involvement in clinical judgments (subsection (a)(iii)).
• The requirement for patient safety applies only to certain modules (HUM, WCUM, HCC, HP, DM, IRO, and CM). All the rest of the clinical programs can use an error reduction QIP.
• A good place to look for ideas for QIPs are barriers to proper medical management, use of current triage guidelines, integration of quality information, patient access issues, sentinel events tracking, etc.
• Make sure the baseline and goals are measurable, and in the same units.
• Make sure your goal is connected to a target date for achievement.