Core for Health Plan 3.2

CORE 3 - Policy and Procedure Maintenance, Review and Approval

Submited by: Tom Goddard

The Basics

Core 3 requires that your organization operate under policies and procedures ("P&Ps"). This is an incredibly important standard. It requires several things of all employees. First, you need to know where your organization's "master list of P&Ps" is. If you don't know, find out.
Second, you need to be able to access -- quickly and easily -- the specific P&Ps that apply to your job. Again, if you don't know, find out.
Third, you need to do your job in accord with those P&Ps. Failing to do so is, itself, a way to miss this standard, even if what you are doing complies with the applicable URAC standard. For example, if you are in the IT department performing an activity (e.g., destruction of old data) in a way that complies with the applicable URAC standard, you'll violate a mandatory element of this standard anyway if you are doing it in a way that is inconsistent with your organization's P&P on the subject. So, if your P&P inaccurately describes the way things are done, get whoever is in charge of your P&Ps to change the P&P to fit reality.

Management Tips

 Core 3 sets forth a number of requirements for an organization's policies and procedures (P&P) processes. Your organization must comply with its P&Ps, maintain a list, keep the P&Ps up-to-date through an annual review, and leave a paper-trail for each P&P of its effective, review, and revision dates, as well as who (or what committee) approves each P&P.
The standard applies "to the key services and internal programs established by the applicant. For purposes of accreditation, the policies and procedures that cover primary health care-related program services will be examined for compliance with these standards." So, while its scope is broad, many organizations will have a number of policies and procedures that are not affected by the requirements of the standard. As the Program Guide notes, "Policies and procedures covering general personnel, accounting, office management, and other such support services for the organization are not required as evidence for meeting these standards."
Third, mere maintenance of policies and procedures will not suffice. One of the most powerful two-word phrases in all of the URAC standards is subsection (b)'s "and complies." The effect of this phrase is to transform all your organization's policies and procedures into mandatory accreditation standards. In other words, even if you are complying with a particular URAC standard, if you are not in compliance with your own policy and procedure on the topic, you may run afoul of this standard. And that would be very bad. The key to documenting this is to make sure that your applicable P&P includes the method by which the organization monitors its core business operations for compliance with written policies and procedures.
Further, your organization must monitor compliance with your P&Ps. Make sure your P&P on P&Ps addresses this new issue. URAC reviewers insist that your P&P on P&Ps (or some equivalent document) describe how you make sure that your staff members comply with your P&Ps. Most of our clients meet this requirement by describing the mechanisms for overseeing staff members' behavior as it relates to P&Ps. Supervisory oversight, staff auditing, and performance evaluations are usually the key components of such a monitoring system.
One of the more frequently missed elements of this standard is Core 3(d)(i). While it may not be evident from the language of the standard, "review" and "revision" can be two entirely different events happening on entirely different dates. For example, if you review a policy without revising, your policy and procedure and/or your master list of P&Ps will need to indicate both dates, not simply the most recent day that somebody in authority looked at the policy. Therefore, either your P&P or your master list should have one place for the effective date, another place for the most recent revision, and another place for the most recent review.

Accreditation Tips

Desktop Review
For the desktop review, you should submit the master list of P&Ps and your policy and procedure on the maintenance of policies and procedures, including the method by which the organization monitors its core business operations for compliance with written policies and procedures.
Validation Review
The on-site reviewer will assess whether your staff can easily access the policies and procedures that govern their work. They could do this at any point during the day, during any interview. The question might go like this: "If you have a question about how to do a particular aspect of your job, and your supervisor is not readily available, can you access the policy and procedure that might answer that question? Could you show me, now, how you would do that?"
Document Review
The reviewer will examine, as needed, policies and procedures and the master list. Make sure all the policies have been reviewed within the previous 12 months.