Core 4.0 Pre-release

C-OPIN 3-2: Staff Training Programs

Submited by: Tom Goddard

The Basics

The organization must train its staff members in the following areas:

  • Privacy and security of information (HIPAA, HITECH, and applicable state laws and regulations);
  • New-hire orientation and training in role performance expectations before being allowed to assume the position;
  • Healthcare ethics;
  • The organization's code of conduct, which defines ethical business practices dealing, at a minimum, with conflict of interest, false claims, fraud and abuse, and other illegal activities;
  • The organization's applicable policies and procedures and URAC accreditation standards; and
  • Ongoing training to maintain each staff person's competence in their assigned duties.
Notice that not all of these trainings are on the same required timetable. For example, new-hire training must happen once, before the person assumes his/her duties. On the other hand, professional competence training must be ongoing, which we interpret to mean every year. Others are on an as-needed basis. If the applicable laws, policies, or accreditation standards remain stable over time, while it might make sense to provide ongoing training in them, compliance with this standard is demonstrated by showing that the most recent training on these topics were on the current laws, policies, or standards.

Management Tips

One of the greatest management challenges with this standard relates to making sure that you are documenting the ongoing professional competence training. In most organizations, this happens at the department level, and therefore can be more difficult to capture in documentation than, say, an organization-wide HIPAA training. If this is so for your organization, we encourage you to take minutes at such meetings and record who was there and what training was covered. Then, forward a copy of such department-level trainings to the HR department to be maintained with the rest of the employee's files. Be sure attendance at such meetings is recorded so that the reviewer can connect each employee with each training he/she attended.
Note that the trainings in laws, policies, and URAC standards need to relate specifically to the functions performed by each staff person. Thus, a general "what is URAC and why are we going through accreditation" training does not meet this requirement. Rather, your IT team needs to be trained in URAC's IT standards and your policies that address those standards; your quality team needs to be trained in URAC's quality standards and your policies that address those standards.

Accreditation Tips

Desktop Review
Submit training content for each of the areas bulleted, above, frequency of training on each topic, and the methods your organization uses to track each staff member's participation in those trainings.
Validation Review
Because these training requirements are applicable to every member of your staff, any member of your staff could be ask to talk about the training he/she has received on any of these topics.
Document review
You'll give the reviewer a comprehensive staff list. From that list, the reviewer will select staff members and ask to see documentation of required training for each staff member.

  • Core 4.0 Pre-release / 12.31.2018

    C-RM 3-1: Information Systems Risk Assessment and Reduction

    URAC assumes that your organization has a comprehensive risk management program, and in this standard, requires that your information systems are a component of that system. Specifically, the IT component must address explicitly data storage, gathering, and transfer.Your organization must conduct risk assessment in these three areas, and that assessment must periodically include "an entity with th...

  • Core 4.0 Pre-release / 12.26.2018

    C-RM 2-3: Business Continuity Plan Testing

    Your organization must test its business continuity plan ("BCP") no less frequently than every two years. Notably, the BCP test can be a tabletop exercise, which URAC defines as:test of a Business Continuity Plan (BCP) that includes documentation of the following aspects of the test:A tabletop exercise simulates an incident in an informal, stress-free environment.The participants who are usually t...

  • Core 4.0 Pre-release / 12.26.2018

    C-RM 2-2: Pharmacy Emergency Management Plan

    Applicable only to organizations seeking accreditation in one of URAC's pharmacy modules, this standard requires that your business continuity plan describe an emergency management system that addresses how the organization will distribute medications in the event of an emergency. The description must address the organization's facilities, its services, and its products in some detail. As was the...