Core 4.0 Pre-release

C-RM 1-2: Policy Addressing Reporting of Violations

Submited by: Tom Goddard

The Basics

This standard requires your organization’s compliance policies to:

  • Protect individuals reporting violations of ethical, regulatory, or legal requirements;
  • Address the consequences of failing to report violations; and
  • Protect the confidentiality of anyone reporting violations.

Management Tips

It will be important that your entire staff know about the mechanisms described in this standard. Be sure to include it in your compliance training.

Accreditation Tips

Desktop Review

The same set of P&Ps and/or program description you use for C-RM 1-1 should work here. Just make sure those policies have solid whistleblower protections and mechanisms to require reporting of violations.
Validation Review
This standard will be covered in the interviews of compliance-relevant management (including but not necessarily limited to the Compliance Officer), as well as interviews with staff throughout the company.

  • Core 4.0 Pre-release / 12.31.2018

    C-RM 3-1: Information Systems Risk Assessment and Reduction

    URAC assumes that your organization has a comprehensive risk management program, and in this standard, requires that your information systems are a component of that system. Specifically, the IT component must address explicitly data storage, gathering, and transfer.Your organization must conduct risk assessment in these three areas, and that assessment must periodically include "an entity with th...

  • Core 4.0 Pre-release / 12.26.2018

    C-RM 2-3: Business Continuity Plan Testing

    Your organization must test its business continuity plan ("BCP") no less frequently than every two years. Notably, the BCP test can be a tabletop exercise, which URAC defines as:test of a Business Continuity Plan (BCP) that includes documentation of the following aspects of the test:A tabletop exercise simulates an incident in an informal, stress-free environment.The participants who are usually t...

  • Core 4.0 Pre-release / 12.26.2018

    C-RM 2-2: Pharmacy Emergency Management Plan

    Applicable only to organizations seeking accreditation in one of URAC's pharmacy modules, this standard requires that your business continuity plan describe an emergency management system that addresses how the organization will distribute medications in the event of an emergency. The description must address the organization's facilities, its services, and its products in some detail. As was the...