Certification of Organizational Management 1.0

C-CPE 2-3: Monitoring and Oversight of Ethical Healthcare Practices

Submited by: Tom Goddard

The Basics

Once an organization has defined ethical practices, as required by the previous standard, it must implement mechanisms to monitor for violations of its ethical standards and address those violations. Such mechanisms must spell out how it:

  • Identifies appropriate authorities to remediate particular situations involving ethical transgressions;
  • Will take action in the event of ethical issues; and
  • Will review information relevant to monitoring and addressing ethical issues.
In addition, this standard has an optional element that encourages organizations to anticipate future ethical issues through such actions as review trends in healthcare ethics.

Management Tips

Your policies will need to clearly articulate accountabilities, activities, and specific types of ethical issues that need remediation. You may even establish an ethics committee to address some or all of these activities. 
URAC recommends that your organization have an escalation matrix that details communications around ethical violations.

Accreditation Tips

Desktop Review
The minimum documentation required for this standard include policies, process documents, or other documentation that outlines the steps your organization will take to address ethics issues.
Other types of documentation to help tell the story may include bylaws, screen shots, meeting minutes, and other documents.
Validation Review
The reviewer will interview senior management about the mechanisms described in your ethics policies.
Document review
The reviewer will want to see documentation of actual instances of interventions in the event of ethical practices. Also, you should be prepared to document to the reviewer your active monitoring for unethical behavior.

  • Core 4.0 Pre-release / 12.31.2018

    C-RM 3-1: Information Systems Risk Assessment and Reduction

    URAC assumes that your organization has a comprehensive risk management program, and in this standard, requires that your information systems are a component of that system. Specifically, the IT component must address explicitly data storage, gathering, and transfer.Your organization must conduct risk assessment in these three areas, and that assessment must periodically include "an entity with th...

  • Core 4.0 Pre-release / 12.26.2018

    C-RM 2-3: Business Continuity Plan Testing

    Your organization must test its business continuity plan ("BCP") no less frequently than every two years. Notably, the BCP test can be a tabletop exercise, which URAC defines as:test of a Business Continuity Plan (BCP) that includes documentation of the following aspects of the test:A tabletop exercise simulates an incident in an informal, stress-free environment.The participants who are usually t...

  • Core 4.0 Pre-release / 12.26.2018

    C-RM 2-2: Pharmacy Emergency Management Plan

    Applicable only to organizations seeking accreditation in one of URAC's pharmacy modules, this standard requires that your business continuity plan describe an emergency management system that addresses how the organization will distribute medications in the event of an emergency. The description must address the organization's facilities, its services, and its products in some detail. As was the...