Standards Interpretations

Case Management Version 4.1

  • General Question, Standards 1-28: File Review

    + Details

    Question: We are seeking accreditation under the URAC standards for the first time.  When the Reviewer visits our offices to conduct the onsite review, what can we expect as it pertains to the date range for selecting files for review?

    Response: For organizations that are seeking initial accreditation in any given module, URAC expects the organization to have been in compliance with the standards since at least the date that the application was submitted.  Therefore, the file pull date range would be from the date of the onsite visit back to the date the application was submitted to URAC.

  • Standard 2: Case Manager Case Load

    + Details

    The organization:

    1. Establishes guidelines for reasonable case manager caseload with supporting rationale;
    2. Applies an ongoing process to monitor caseload based on guidelines developed by the organization;
    3. Consistent with the guidelines established in CM 2(a), employs/contracts with an adequate number of case management personnel to provide services to the consumers of the program; and
    4. The organization identifies those circumstances that trigger a review and possible change in its case load guidelines.

    Question: Does URAC specify what a case manager case load should be?

    Response: URAC does not specify what a case manager case load should be; however, in standard CM 2, a new element was added whereby an organization identifies those circumstances that trigger a review and possible change in its case load guidelines. Caseloads are dynamic and books of business change; therefore, caseload guidelines should be reviewed periodically.   

      

  • Standard 4: Case Manager Qualifications

    + Details

    The case manager position requires:

    1. Licensure or certification in a health or human services discipline that allows the professional to conduct an assessment independently as permitted within the scope of practice of the discipline;
    2. Two years full-time equivalent of direct clinical care to the consumer; and
    3. At least one of the following:
    4. Certification as a case manager from the URAC-approved list of certifications; or
    5. A bachelors (or higher) degree in a health or human services related field; or
    6. A registered nurse (RN) license.

    Question:  I have searched the URAC Web site and cannot locate the list of URAC recognized case management certifications.  Can you please provide me with the web link?

    Response: The link to the URAC recognized case management certifications is: (insert link to document containing URAC-Recognized CM Certifications).

    Question: What are the requirements for clinical experience for case managers and does it apply to just RNs?

    Response: The requirement for direct clinical care to the consumer is two (2) years and it applies to all case managers, not just those that hold an RN license.  Staff hired prior to the organization seeking and obtaining accreditation may be grandfathered in if they do not meet the minimum two (2) years of clinical experience requirement and they possess a minimum of five (5) years case management experience.
  • Standard 6: Case Manager Supervisor Qualifications

    + Details

    Individuals who directly supervise case management practices:

    1. Meet the qualifications for case manager as defined in CM 4; and
    2. If they have directly supervised the case management process for at least three (3) years with the organization, hold a certification in case management from the URAC approved list of certifications.

    Question: If a supervisor has directly supervised the case management process for three or more years in another organization and that supervisor is subsequently hired as the case management supervisor for a program that is seeking URAC accreditation does the prior supervision count, therefore requiring the supervisor to be certified as a case manager?

    Response: The CM certification requirement applies to individuals who have held the position of a case management supervisor in the applicant organization for 3 or more years. If the individual has held the position of case management supervisor in the applicant organization for less than 3 years at the time of application review, this standard is non-applicable.  

    Question: Does URAC require that case manager supervisors be certified in case management?

    Response: Yes, if the applicant organization want to achieve full points for standard CM 6 "Case Manager Supervisor Qualifications," then all supervisors must be certified in case management if they have directly supervised the case management process for at least three (3) years with the applicant organization. If the individual has held the position of case management supervisor for less than 3 years at the time of application review, this standard is non-applicable.

  • Standard 10: Case Review Process and Evaluation of Goals

    + Details

    The organization conducts reviews of the case management process through case review to promote achievement of case management goals as established in consumer-specific case management plans. These case reviews, conducted by the case management program director or other supervisor (or equivalent designate) in collaboration with the case manager, include analysis of short and long term goals to:

    1. Evaluate if goals are appropriate considering the circumstances surrounding the case and if not, revise them; and
    2. Determine if goals are being met and if not, examine why to establish next actions to move towards goal.

    Question: Our organization recently went through a downsizing leaving us with one Nurse Case Manager who is our Case Management Supervisor. As a result, the Director of Quality Assurance assumed responsibility for auditing the Nurse Case Manager claims.  Is this arrangement sufficient for purposes of meeting the intent of CM 9?  If not, do you have recommendations for meeting the intent of this standard?

    Response: It is acceptable for the Director of Quality to perform quality audits for case management.

  • Standard 15: Case Manager Ethics Training

    + Details

    The organization educates case management personnel, no less than annually, on written policies and documented procedures supporting the ethical framework for case management practice including:

    1. Advocacy for consumer needs;
    2. Guidance for professional relationships with consumers;
    3. Prohibition of relationships that could compromise professional objectivity;
    4. Resolution of conflicts of interest between the case manager, consumer, third party payer, provider or other entity;
    5. Business, financial and marketing practices;
    6. Resolution of perceived lapses in quality of care resulting from actions by consumers, payers, case managers, providers, organizations or other entities affecting the case management process;
    7. Policies that address case managers' handling of consumer needs when such needs extend beyond the scope of the organization's services;
    8. Prohibition of discrimination against a consumer or group of consumers by the case manager or organization; and
    9. Information on how policies regarding the ethical framework will be shared with staff, contractors, clients, and consumers.

    Question: May telephonic case managers conduct utilization review as part of their work?

    Response: If the Case Manager is involved in benefits determinations, safeguards should be put in place to assure that the role of advocacy is not compromised. Examples include conducting interviews and case file review.  Most organizations conduct an annual review of the organization's ethical framework for case management practice (along with review of confidentiality policies).  This annual review, which must address all sub-elements in the standard, is documented in each case manager's file or an attendance sheet is kept to document the review.  Please also contact the organization's compliance department as there may be regulatory implications.

  • Standard 19: Case Management Consent

    + Details

    The organization implements written policies and/or documented procedures regarding consumers' consent for participation in case management activities that:

    1. Require obtaining and documenting oral or written consent;
    2. Indicate the time frame in which the consent must be obtained; and
    3. Indicate the duration of the validity of the consent.

    Question: We currently obtain oral consent from individuals we are case managing. This oral consent is documented in our system.  In order to comply with standard CM 19, do we also need to make an attempt to obtain written consent? If so, does URAC have an example of a consent form?

    Response: No the organization is not required to obtain verbal consent and make an attempt at obtaining written consent.  The standard states that the organization obtains and documents a verbal or written consent. The organization must establish written guidelines for obtaining consent and may allow that consent is not obtained in every case.  If the organization allows exceptions from consent requirements, it should be prepared to justify those exceptions for quality of care, legal, or other valid reasons on a case-specific basis.  It is expected that this consent is obtained from the consumer (patient), but may be from a family member in extenuating circumstances, (e.g., patient is unconscious, a minor, or determined not legally competent).

  • Standard 23: Assessment Categories

    + Details

    For each consumer during the initial or subsequent assessments, the case manager assesses and documents:

    1. Current health status;
    2. Clinical history, including medications;
    3. Treatment plan;
    4. Medication safety, including:
    5. Medication knowledge;
    6. (ii) Medication adherence; and
    7. The need for medication reconciliation;
    8. Resources required to meet immediate needs for health care;
    9. Care coordination needs, including transitions of care;
    10. Psychosocial status; and
    11. Safety concerns.

    Question: Does URAC specify assessment categories for the assessments conducted by the case manager?

    Response: Yes, starting in version 4.0, there is a requirement to address particular areas of assessment for each consumer.  Not all categories will necessarily be assessed at the initial or subsequent case management visits. Organizational policies should provide guidance to the case manager on the assessment process and priority areas.        

  • Reporting to URAC on Mandatory Measures: RPT 1

    + Details

    The organization reports on all mandatory measures required for this accreditation.

    Question: Which version of the standards includes measures for case management?

    Response: Version 4.1.  There are two standards associated with the case management measures.  Reporting standard 1 requires that organizations have the resources and mechanisms to produce and report on a specified set of performance measures on a periodic basis.  The second reporting standard indicates that organizations will report on the measures.  There are six (6) measures where four (4) are mandatory and two (2) are optional as "exploratory" measures.   

    Question: What is necessary to have in place as evidence for having systems in place to collect CM performance measure data?

    Response: In order to demonstrate compliance with the standard, the organization should assign at least one person the responsibility for collecting, analyzing and reporting the measures.  The person's job description should address this responsibility.  The organization should also have in place a written data collection plan that identifies the performance measures including the populations and departments or programs addressed, what data is collected, what constitutes the numerator and denominator, the method(s) of calculation, and the analysis and reporting methodologies. During the onsite review, URAC reviewers will verify that the organization's data collection plan to address the measurement standards has commenced.

  • Reporting to URAC on Mandatory Measures: RPT 2

    + Details

    The organization can choose to report on any of the exploratory (leading) measures that may be included with this accreditation.

    Question: Which version of the standards includes measures for case management?

    Response: Version 4.1.  There are two standards associated with the case management measures.  Reporting standard 1 requires that organizations have the resources and mechanisms to produce and report on a specified set of performance measures on a periodic basis.  The second reporting standard indicates that organizations will report on the measures.  There are six (6) measures where four (4) are mandatory and two (2) are optional as "exploratory" measures.   

Core Version 3.0

  • General Questions

    + Details

    Question: Why were the standards in Core renumbered and will URAC provide a crosswalk for this renumbering from version 2.1 to 3.0?

    Response: For the URAC Core Organizational Quality Standards version 3.0 (Core), the standards were reorganized to ease the application process. Standards listed first apply to all health care organizations. These standards are followed by those where the applicant organization must have licensed or certified clinical staff in order to conduct the function covered by the accreditation. The last sections of Core apply to those organizations that interact directly with health care consumers on an ongoing basis in order to provide health care management support services directly to the consumer.

    A list of the accreditation programs and the standards that apply to each along with a standard numbering crosswalk from version 2.1 to 3.0 and 3.0 to 2.1 are located in the front of the accreditation guides.

    Question: Does URAC consider shredding and/or storage of records of Personal Health Information (PHI) and/or Individually Identifiable Health Information (IIHI) delegation?

    Response: Yes, shredding and/or record storage of PHI/IIHI is considered a delegated function with regulatory compliance implications. Depending on whether you provide services under worker's compensation or general health will determine what information must be provided to demonstrate compliance. A worker's compensation organization must execute a vendor contract agreement, and develop a policy and procedures that detail (where applicable) how the vendor storage receptacles are secured onsite, how the vendor receptacles IIHI are transferred to the vendor, the location where destruction is performed (onsite/offsite) how health information is transported offsite for shredding and destruction and/or storage. A Business Associate (BA) agreement is not required. However, the vendor agreement should address breach, and breach remediation. Attaching vendor policies and procedures to the vendor agreement may be helpful. For general health an organization must execute BA, and Vendor agreements that address the following elements: breach, breach remediation, transferring of data, requirements of training for the BA's workforce, and proper handling of the PHI. This may be done by attaching the business associates policies and procedures to the agreement as attachments or addressing the specific elements in the contract. The organization must also develop a policy and procedures that detail (where applicable) how the vendor storage receptacles are secured onsite, vendor receptacles containing PHI are transferred to the vendor, the location where destruction is performed (onsite/offsite) how health information is transported offsite for shredding and destruction and/or storage.

  • Standard 13: Information Management

    + Details

    The organization implements information system(s) (electronic and paper) to collect, maintain, and analyze information necessary for organizational management that:

    1. Provides for data integrity;
    2. Includes a plan for storage, maintenance and destruction; and
    3. Includes a plan for interoperability;
    4. Between internal information systems; and
    5. With external entity information systems.

    Question: For the new standard elements in Core 13 on interoperability, do we need to have implemented the plan for interoperability?  Does the plan have to be approved?  And if so, who needs to approve it?

    Response: Core 13(c) calls for a plan for interoperability, but it does not have to be implemented or approved – a comprehensive draft will meet the intent of the standard.

    The plan needs to address the information exchange between an organization's internal information systems [Core (c)(i)].  It also needs to address the information exchange between its internal information systems and those of external entities [Core (c)(ii)]. 

    As with any plan, a description of current information system structure is needed to show what is currently in place (how many systems do you have, do they need to talk to each other and if so, is that data exchange occurring as needed, etc.)  The same baseline analysis applies to the data exchange with external entities.  The plan should address the need to exchange data and the feasibility of making that occur – what resources would it take to make it happen and what are the inherent risks – both for and against – exchanging information both internally and externally? 

  • Standard 14: Business Continuity

    + Details

    The organization implements a business continuity plan for program operations, including information system(s) (electronic and paper) that:

    1. Identifies which systems and processes must be maintained and the effect an outage would have on the organization's program.
    2. Identifies how business continuity is maintained given various lengths of time information systems are not functioning or accessible;
    3. Is tested at least every two years; and
    4. Responds promptly to detected problems and takes corrective action as needed.

    Question: URAC used to have a standard requiring a "disaster recovery plan" and now it doesn't appear to be included in Core.  Was this requirement dropped?

    Response: In version 3.0, standard Core 14 on "Business Continuity" incorporates the previous concept of "disaster recovery."  The standard expands on the concept in an effort to ensure that organizations account for various levels of interruption in their business operations – will business be interrupted for 1 hour? 1 day? 2 weeks?  What's the plan for each of these scenarios?  Are both paper and electronic systems addressed in the plan?  Testing means that the alternate system was put in place and used to see how well it worked.

  • Standard 15: Information Confidentiality and Security

    + Details

    The organization provides for data confidentiality and security of its information system(s) (electronic and paper) by implementing written policies and/or documented procedures that address:

    1. Assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of information systems;
    2. Prevention of confidentiality and security breaches; and
    3. Detection, containment and correction of confidentiality and security violations.

    Question: URAC has expanded the areas for organizations to address related to information confidentiality and security, but is the scope of the standard the same?

    Response: Core 15 addresses data confidentiality and security of both the electronic and paper information systems supporting the function covered by the accreditation.  In addition, "electronic" includes Web-based information systems and the use of portable media (e.g., portable computers, hand-held devices, flash drives, etc.)

  • Standard 19: Quality Management Program Requirements

    + Details

    The organization has a written description for its quality management program that:

    1. Is approved by the organization's appropriate oversight authority; 
    2. Defines the scope, objectives, activities, and structure of the quality management program;
    3. Is reviewed and updated by the Quality Management Committee at least annually;
    4. Defines the roles and responsibilities of the Quality Management Committee; and
    5. Designates a member of senior management with the authority and responsibility for the overall operation of the quality management program and who serves on the Quality Management Committee.

    Question: Does an organization's Board of Directors have to approve its quality management program?

    Response: It can, but it does not have to.  Core 19(a) was revised to broaden the types of acceptable entities that can approve an organization's quality management program description such that "governing body" was replaced with ""…appropriate oversight authority."  This was done to address those situations where a board of directors is not the appropriate oversight authority for the quality management program.  An oversight authority reviews and approves the program description and has the knowledge and power to ensure that the resources are available to carry out the goals set for the quality management program.

  • Standard 27: Staff Training Program

    + Details

    The organization has an ongoing training program that includes:

    1. Initial orientation and/or training for all staff before assuming assigned roles and responsibilities;
    2. Training in current URAC Standards as appropriate to job functions;
    3. Conflict of interest;
    4. Confidentiality;
    5. Documentation of all training provided for staff; and
    6. Ongoing training, at a minimum annually, to maintain professional competency.

    Question: There used to be a standard element (g) in Core 7 (version 2.1) that required staff training in fraud, waste and abuse.  Do the standards still require training in this area?

    Response: Fraud, waste and abuse issues are addressed through state and federal regulation and as such are covered as part of an organization's compliance program, which is within the scope of the regulatory compliance standard (Core 4 in version 3.0).  Training in these areas would be conducted as needed to ensure the organization's compliance with applicable laws and regulations [see Core 4(b)].

  • Standard 32: Senior Clinical Staff Responsibilities

    + Details

    A senior clinical staff person's program responsibilities include:

    1. Provides guidance for clinical operational aspects of program;
    2. Is responsible for oversight of clinical decision-making aspects of program;
    3. Has periodic consultation with practitioners in the field; and 
    4. Ensures the organizational objective to have qualified clinicians accountable to the organization for decisions affecting consumers. 

    Question: What is the purpose of adding element (d) to Core 32 related to senior clinical staff responsibilities?

    Response: Element (d) was added to address an important component of the senior clinical staff person's role.  Since the senior clinical staff person may or may not serve as a clinical decision-maker for the clinical areas covered by the organization's services, the new standard element makes it clear that it is part of this person's responsibility to make sure that the organization has qualified clinicians accountable to the organization for decisions affecting consumers.  By way of example, if the CMO for a health plan is a pediatrician, then for those clinical issues that pertain to internal medicine this CMO would make sure that a clinician with the appropriate clinical background and experience in internal medicine is available to make decisions in this area.

  • Standard 35: Consumer Complaint Process

    + Details

    The organization maintains a formal process to address consumer complaints that includes: 

    1. Process to receive and respond in a timely manner to complaints;
    2. Notice (written or verbal) of final result with an explanation; 
    3. Informs consumers of the avenues to seek further review if an additional complaint review process is available;
    4. Evidence of meeting the organization's specified time frame for resolution and response; and
    5. Reporting analysis of the complaints to the quality management committee.

    Question: What type of evidence is referred to in Core 35(d)?

    Response: URAC review staff will look for reports showing summary data on complaints and an analysis of the organization's average response time as compared to the timeline it has set for resolving and responding to complaints.  During the onsite review, complaint records will be reviewed and more granular reporting analyzed against summary reports. Staff and management will be interviewed to verify their understanding of the complaint process, the organization's specified time frame for a response, and that an analysis of the complaints is forwarded to the quality management committee.

  • Standard 36: Coordination with External Entities

    + Details

    The organization establishes and implements mechanisms to promote collaboration and communication with applicable external entities to coordinate health services for consumers.
    Question: What is URAC going to look at with respect to compliance with this standard on coordination with external entities?  What happens if our organization reaches out to coordinate with others and they don't respond – will their lack of response be held against us in the application?

    Response: The intent of Core 36 "Coordination with External Entities" is for organizations to establish processes to promote cooperation and effective communication with other organizations in the interest of safe, quality health care.  That being said, applicants will not be penalized for things they do not control, which includes the situation where external entities do not communicate back to you.
    As for verification of compliance, on the desktop review, reviewers will look to see written policies and documented procedures (e.g., process flowcharts, guidelines, etc.) reflecting the organization's process for sharing information and coordinating care for a health care consumer.  During the onsite review, staff will be interviewed and asked to discuss current procedure for care coordination and discuss instances where these procedures were implemented.  Case documentation exemplifying care coordination with external entities will also be examined. Applicants will be asked to pull cases illustrating implementation of its care coordination policy.  The scope of this standard covers coordination of the provision of clinical services to consumers.

  • Standard 40: Health Literacy

    + Details

    The organization will implement a documented practice addressing health literacy that:

    1. Requires consumer materials to be in plain language.
    2. Assesses the use of plain language in consumer documents; and
    3. Provides relevant information and guidance to staff that interfaces directly with, or writes content for, consumers.

    Question: We have certain documents, such as letters to the consumer that have to include specific language as required by law.  How will URAC handle this given that much of it is not in plain language and may even include legal terms that many cannot understand?

    Response: Organizations are not expected to change those documents or sections of documents that must be written with specific language due to federal or state law; however, where changes can be made and content is under the organization's control, the organization uses plain language to communicate with the consumer.  Please note that "health literacy" and "plain language" are defined terms.

Disease Management Version 3.0

  • Standard 23: Plan Addressing Delivery of Health Information to Consumers

    + Details

    The organization has a documented plan addressing the delivery of health information to consumers:

    1. Targeting one or more of a consumer's information needs for the current episode of care;
    2. Proactively providing health information to the individual consumer;
    3. Supporting one or more of the following: 
      1. Informed decision making;
      2. Skill building and motivation for effective self-care and healthy behaviors related to the consumer's information needs for the current episode of care; and
      3. Consumer comfort and acceptance.
    4. Promoting the use of information tailored to the individual consumer's specific needs and characteristics, including health literacy levels; and
    5. Providing health information that is accurate, comprehensive, and easy to use;and
    6. Using community resources and other health care partners to provide health information to consumers.

    Question: Do we have to have implemented a plan for the delivery of health information to consumers?

    Response: No, applicant organizations need to have a documented plan, reviewed by the requisite leadership for disease management that indicates what structures and processes the organization needs to put into place in order to proactively provide health care information to consumers.

  • Standard 24: Evaluation of Consumer Health Information

    + Details

    As part of its documented plan addressing the delivery of health information to consumers, the organization provides health information that is accurate and appropriate for the population served by:

    1. Having providers with current knowledge relevant to the information review it prior to its release and thereafter at least annually to ensure that it is based upon current clinical principles, processes and when available, evidence based information;
    2. Having the medical director (or equivalent designate) or clinical director (or equivalent designate) approve the information to be released to consumers.

    Question: Why does health information need to be reviewed prior to giving it to the consumer?

    Response: Information provided to the health care consumer should be reviewed by providers with current knowledge of the subject matter to ensure that it is current and accurate.

Drug Therapy Management Version 2.0

  • Standard 7: Periodic Consumer Reassessment Process

    + Details

    Question: Under this new standard, how often does the organization have to reassess the participating consumers?

    Response: The URAC standard is not prescriptive regarding the frequency with which consumer reassessments are conducted. The organization should specify appropriate, specific timeframes for reassessments in its policies and procedures for this process.

  • Standards 21, 22 and 23: Program Evaluation: Process, Outcome, and Methodology Disclosure

    + Details

    Question: Since the evaluation of the program is a key focus of these new standards, what is expected by an organization?

    Response: An organization should have a mechanism for evaluating the success of its program offered. This evaluation includes the assessment of clinical/health related benefits financial benefits, and the impact of a specified program. The program evaluation benefits (outcomes) must be reported to current and prospective purchasers/clients, and the evaluation methodology used to determine the program evaluation must also be disclosed.

Health Network Version 6.0

  • Standard N-CR 18: Credentialing Phase-In

    + Details

    The organization implements the credentialing program required by N-CR 1 according to time frames that are no longer than the following:

    1. At the time of the on-site review, the organization has completed the credentialing process for at least 100 practitioners;
    2. Credentialing of at least 50% of participating providers within the scope of the credentialing program will be completed within two years from the date the organization initially receives URAC accreditation; and
    3. Credentialing of all participating providers within the scope of the credentialing program will be completed within three years from the date the organization initially receives URAC accreditation.

    Question: What happens if a network accreditation applicant comes up for re-accreditation in three years and has not completed credentialing of all providers within the scope of the credentialing program?

    Response: Standard N-CR 18 is Mandatory; therefore, the applicant organization would not be meeting element (c) and as a result would not be eligible for a full accreditation.  Please note that this standard does not apply to Health Plan accreditation.

Health Plan Version 6.0

  • Standard P-MR 2: Consumer Information Disclosure

    + Details

    Information available to consumers includes:

    1. Descriptions of the processes the organization uses to provide information and support to consumers: [--]
      1. For whom English is not their primary language; an
      2. With special needs, such as cognitive or physical impairments.
    2. List of providers that are in the provider network;
    3. Descriptions of participating provider compensation arrangements;
    4. The tools the organization makes available to assist in self-managing care;
    5. Consumer satisfaction statistics;
    6. Administrative requirements;
    7. Medical management requirements;
    8. How the health benefits program works;
    9. Financial responsibilities for consumers, including potential out-of-pocket costs, such as deductibles, co-pays, co-insurance, annual and lifetime co-insurance limits, and changes that could occur during the enrollment period;
    10. Health benefits decision-making responsibilities for consumers;
    11. Condition-specific criteria for benefits; and
    12. Coordination of benefits.

    Question: Are there any requirements in the Health Plan standards related to consumers for whom English is not their primary language or who have special needs?

    Response: Yes, the most recent version of the Health Plan standards requires applicant organizations to submit a description of how they accommodate consumers with those particular types of needs.  This would be confirmed during the on-site review through management and staff interviews for the customer support areas.
  • Standard P-MR 3: Consumer Communications Plan

    + Details

    The communications plan (required under Core 22) provides that at the time of enrollment, consumers are provided with materials that clearly explain:

    1. Instructions on how to receive assistance via e-mail, telephone, or in person;
    2. The scope of covered benefits;
    3. How to access covered benefits, including:
      1. (i) Requirements for prior authorization;
      2. Accessing emergency services and out-of-service-area services; and
      3. On-going access to current drug formulary;
    4. Cost-sharing features under the benefits plan;
    5. How to obtain the cost of covered benefits;
    6. Any obligations for consumers to cooperate with the organization’s medical
    7. Coverage exclusions;
    8. How to obtain evidence-based health information and content for common conditions, diagnoses, and the treatment, diagnostics and interventions;
    9. Complaint and appeals processes available to consumers.

    Question: Do Health Plans have to do anything additional as far as their consumer communications plan?

    Response: Yes, for P-MR 3 they need to provide consumers with materials that clearly explain how to obtain evidence-based health information and content for common conditions and diagnoses, along with the treatment, diagnostics and interventions.

  • Standard P-UM 1: Independent Review Process

    + Details

    The organization has a mechanism for consumers to access an independent review process, after all internal appeal mechanisms have been exhausted, for clinical determinations relating to the necessity or appropriateness of medical services (including determinations that proposed medical services are experimental in nature).
    The independent review entities conducting the independent review process:

    1. Must access and rely on appropriate clinical expertise in rendering independent review determinations;
    2. Must not have any direct financial interest in the organization or in the outcome of the independent review;
    3. Render determinations for non-urgent cases, within thirty calendar days from the date the consumer initiated the independent review;
    4. Render determinations for cases involving urgent care, within 72 hours from the date the consumer initiated the independent review;
    5. May not have been involved in the original determination under appeal.

    Question: The UM standard specific to Health Plans looks different, but reads the same.  Was there any change to the intent or language?

    Response: No, P-UM 1 was simply reorganized to clearly show that the elements within the standard describe requirements for an independent review entity that the health plan would use for the independent review process.

Health Plan/Health Network Version 6.0

  • Standard P/N-NM 15 & 16: Provider Dispute Resolution Mechanisms

    + Details

    P/N-NM 15 – Disputes Involving Professional Competence or Conduct
    The organization implements a mechanism to resolve disputes with participating providers regarding actions by the organization that relate to a participating provider's status within the provider network and any action by the organization related to a provider's professional competency or conduct.  That mechanism:

    1. Specifies that all disputes are referred to a first-level panel consisting of at least three qualified individuals, of which at least one must be a participating provider who is not otherwise involved in network management and who is a clinical peer of the participating provider that filed the dispute;
    2. Includes the right to consideration by a second-level panel and the methods to request such consideration; and
    3. Provides for consideration to a second-level panel consisting of at least three individuals that comply with element (a) of this standard and that were not involved with the first-level panel.

    P/N-NM 16 – Disputes Involving Administrative Matters
    The organization implements a mechanism to resolve disputes with participating providers not covered by N-NM 14 that offers the disputing provider the right to consideration by an authorized representative of the organization not involved in the initial decision that is the subject of the dispute. [M]

    Question: Do the provider dispute resolution mechanisms found in P/N-NM 15 and 16 preclude having the same individuals involved in the original dispute reconsider the matter given additional input from the provider?

    Response: No, these standards do not prohibit a re-review of the matter by those involved in the original dispute; however, if such a re-examination does not result in a satisfactory resolution from the provider's perspective, then the dispute resolution mechanism remains available to the provider.

  • Standard P/N-CR 12: Credentialing Time Frame

    + Details

    The organization does not submit for initial review any credentialing application that:

    1. Is signed and dated more than 180 days prior to credentialing committee review; or
    2. Contains primary or secondary source verification information collected more than six months prior to review.

    Question: We've heard that some accrediting bodies are allowing credentialing applications to be signed and dated up to 360 days prior to credentialing committee review.  Do URAC credentialing standards allow for credentialing applications to be signed/dated that far in advance of initial committee review?

    Response: No, with the latest revision of the Health Plan and Health network standards, this timeline did not change, such that a credentialing application cannot be signed and dated more than 180 days prior to initial credentialing committee review.

  • Standard P/N-CR 13: Credentialing Determination Notification

    + Details

    The organization provides written notification to providers of the determination of the providers' credentialing application within ten (10) business days of the determination.

    Question: Did URAC tighten up the time frames for notification of a credentialing determination?

    Response: Yes, with the most recent version of the Health Plan and Health Network standards (version 6.0), standard P-CR 13/N-CR 13 changed from "60 calendar days" to "10 business days."

  • Standard P/N-CR 17: Credentialing Delegation

    + Details

    The organization complies with the Core Standards for any credentialing functions it delegates to another entity.  In addition, the organization:

    1. Retains authority to make the final credentialing determination regarding any provider; and
    2. At least every three years, conducts on-site surveys of each entity that performs credentialing functions on behalf of the organization.

    Question: Is it a requirement to conduct on-site surveys of entities delegated credentialing?

    Response: Yes, the requirement is for an organization to conduct on-site surveys of delegated entities every three (3) years.

Health Utilization Management Version 5.1

  • Standards 1-30: General Question

    + Details

    Question: Does URAC consider the determination of whether a treatment or service is or is not "experimental" or "investigational" to be within the scope of "utilization review" and therefore subject to its standards? Our question does not focus on whether a particular service, procedure, drug or device was or was not in benefit; our concern is with the medical evaluation of same.  When a payer makes a medical determination that a service, procedure, drug or device is "experimental" and/or "investigational" and the attending physician disagrees based upon his perspective of prevailing practice, peer reviewed literature, etc., we would classify the appeal of such "non-certification" as falling within the four corners of our state law that addresses medical determinations of the necessity and appropriateness of care, drugs and devices.  We were interested in knowing whether URAC concurred on this point.

    Response: Up to the point of requesting an appeal of the non-certification due to an initial determination that the service or treatment is experimental or investigational, the process is covered by URAC’s Health Utilization Management Standards (e.g., HUM 1 30); the subsequent appeal process is covered by URAC’s Health Plan Standards (e.g., Core 11, Core 27 29 and P UM 1) cited below.

    CORE 11 – Senior Clinical Staff Responsibilities
    The senior clinical staff person:

    1. Provides guidance for all clinical aspects of program;
    2. Is responsible for clinical aspects of program; and
    3. Has periodic consultation with practitioners in the field.

    CORE 27 – Complaint and Appeal System
    The organization maintains a system to receive and respond in a timely manner to complaints and, when appropriate, inform consumers of their rights to submit an appeal.

    CORE 28 – Appeal Process
    The organization maintains a formal appeal resolution process that includes:

    1. Written notice of final determination with an explanation of the reason for the determination;
    2. Notification of the process for seeking further review, if available; and
    3. A reasonable, specified time frame for resolution and response.

    CORE 29 – Complaint and Appeal Reporting
    The organization reports analysis of the complaints and appeals to the quality management committee.

    P-UM 1 – Independent Review Process
    The organization has a mechanism for consumers to access an independent review process, after all internal appeal mechanisms have been exhausted, for clinical determinations relating to the necessity or appropriateness of medical services (including determinations that proposed medical services are experimental in nature).  Independent review entities:

    1. Must access and rely on appropriate clinical expertise in rendering independent review determinations;
    2. Must not have any direct financial interest in the organization or in the outcome of the independent review;
    3. Render determinations:
    4. For non-urgent cases, within thirty calendar days from the date the consumer initiated the independent review; and
    5. For cases involving urgent care, within 72 hours from the date the consumer initiated the independent review;
    6. May not have been involved in the original determination under appeal.
  • Standard 10: Initial Clinical Reviewer Qualifications

    + Details

    Individuals who conduct initial clinical review:

    1. Are appropriate health professionals; and
    2. Possess an active professional relevant license.

    Question: Does the URAC Health UM, CM and DM accreditation include staff performing these functions that are telecommuting or working out of a client site?

    Response: Yes, staff working offsite – either telecommuting or working at a client site – is included within the scope of the accreditation. URAC reviewers will examine staff files, QM oversight, etc. as it involves this type of staff and URAC reviewers may interview them either telephonically, have them come into the office, or even visit them at their off-site location.
  • Standards 15 & 16: Peer-to-Peer Conversation Availability and Peer-to-Peer Conversation Alternate

    + Details

    HUM 15 – Peer-to-Peer Conversation Availability
    Health professionals that conduct peer clinical review are available to discuss review determinations with attending physicians or other ordering providers.

    HUM 16 – Peer-to-Peer Conversation Alternate
    When a determination is made to issue a non-certification and no peer-to-peer conversation has occurred:

    1. The organization provides, within one business day of a request by the attending physician or ordering provider, the opportunity to discuss the non-certification decision:
    2. With the clinical peer reviewer making the initial determination; or
    3. With a different clinical peer, if the original clinical peer reviewer cannot be available within one business day); and
    4. If a peer-to-peer conversation or review of additional information does not result in a certification, the organization informs the provider and consumer of the right to initiate an appeal and the procedure to do so.

    Question: Does URAC require the offering of a peer-to-peer conversation for retrospective medical necessity denials?

    Response: No, standards HUM 15 and HUM 16 apply to the prospective and concurrent review processes where the request for certification is non-certified by a clinical peer reviewer.
  • Standard 31: Appeals Process

    + Details

    As part of the appeals process:

    1. The organization provides the patient, provider, or facility rendering service the opportunity to submit written comments, documents, records, and other information relating to the case, and
    2. Takes all such information into account during the appeals process without regard to whether such information was submitted or considered in the initial consideration of the case, and
    3. In instance of a first level appeal, the organization implements the decision of the first level clinical appeal if it overturns the initial denial.

    Definition of Appeal:  Formal request for review of an organizational determination (i.e., services have been denied, reduced, etc.)  Note: Specific terms used to describe appeals vary, and are often determined by law or regulation. URAC’s UM Standards apply to first-level appeal.

    Question: Is the UM appeal file review limited to first level appeal, or does it include all levels of appeals?

    Response: The scope of URAC’s medical necessity appeal process is limited to the first level of review as indicated by the definition (above) and standard HUM 31(c) (above); therefore, the file review for Health Utilization Management accreditation will be limited to the first level of review.
  • Standard 32: Appeal Peer Reviewer Qualifications

    + Details

    Appeals considerations are conducted by health professionals who:

    1. Are clinical peers;
    2. Hold an active, unrestricted license to practice medicine or a health profession;
    3. Are board-certified (if applicable) by:
    4. A specialty board approved by the American Board of  Medical Specialties (doctors of medicine); or
    5. The Advisory Board of Osteopathic Specialists from the major areas of clinical services (doctors of osteopathic medicine);
    6. Are in the same profession and in a similar specialty as typically manages the medical condition, procedure, or treatment as mutually deemed appropriate; and
    7. Are neither the individual who made the original non-certification, nor the subordinate of such an individual.

    Question: If new information is received with an appeal request, can a nurse reviewer approve the appeal if the new information meets criteria?

    Response: Yes.  Though this process is not specifically addressed in the accreditation guide, it is not prohibited by the standards.  An organization must meet the timeframes required by the standards regardless of any additional steps it may conduct.

    Question: What is appropriate specialty matching and does the standard of care in a community factor in?  For instance, in our community we have no endocrinologists so our PCPs generally care for their own diabetic patients, but if that patient is in a teaching facility they might be cared for by an Endo.  If there is an appeal by a specialist for a condition, which is generally treated locally by a PCP, who would URAC like to see reviewing the appeal?

    Response: When selecting a physician to conduct a medical necessity appeal, first choice would be a specialist in the area of concern for the appeal, even if the physician requesting the appeal is not a specialist.  Physicians with more general practices (e.g., IM, PCP, FP, etc.) may conduct an appeal if they have experience treating the case under review.  When asked to do a review, physicians will tell you if it is not an area they typically treat, in which case you would select another physician to conduct the appeal.  Also, pursuant to the standard, the selected appeal reviewer is “…mutually deemed appropriate” by your organization and the physician requesting the appeal [HUM 32(d)].  So if there is some doubt, it is perfectly acceptable to discuss the selection with the requesting provider.  Also, general practitioners are not used for appeals and it is not appropriate to have a pediatrician review an adult case.

    If an endocrinologist or a PCP is managing a diabetic case and has made an appeal, then an endocrinologist would be first choice to conduct the appeal, an IM or PCP with extensive experience in diabetes would be a second choice.  See additional scenarios below.

    Scenario 2: Cardiothoracic surgeon performs CABG, patient is newly diagnosed with Diabetes, Endo was consulted and discharge left up to Endo.  Last day was denied and is being appealed.  What kind of specialist should review?  Endo, IM, FP or GP or Cardiothoracic surgeon?

    Response: The issue keeping the patient in the hospital was diabetes, so an endocrinologist would review the appeal for the last day of inpatient stay, or IM/FP with extensive experience in diabetes.  General practitioners are typically not used for appeals.

    Scenario 3: Pt. was admitted for Chest pain by IM/GP/FP.  Cardiology was consulted. Discharge by attending left up to consultant.  Day denied and appealed.  Who reviews, Cardiology or IM/ FP/GP?

    Response: Medical issue could be reviewed by IM/FP or a cardiologist.  General practitioners are typically not used for appeals.

    Scenario 4: Pt admitted with new onset of seizures by IM/FP/GP/Peds.  Neuro consult ordered.  Discharge by attending left up to consultant.  Day denied and appealed.  Who reviews, Neuro or IM/FP/GP/Peds?

    Response: Neurologist would conduct the appeal since seizures were the reason for the last inpatient day.  If it was a pediatric patient with seizures, then a pediatrician with experience treating those types of patients could conduct the appeal.

    Scenario 5: Can FP review for IM for inpatient appeals or does it have to be IM for IM and FP for FP, etc. 

    Response: Internal Medicine should review for Internal Medicine, FP for FP.

    Scenario 6: Does the matching have to be MD to MD or can it be MD reviewed by DO, etc?

    Response: MD and DO can review for each other.

    Scenario 7: Can a general surgeon review a case of a Vascular surgeon?

    Response: Did the appeal turn on a vascular issue – such as was the vascular surgery necessary?  If yes, then a vascular surgeon would be appropriate to conduct the appeal.  If more of a general surgical issue, then a general surgeon could review the case.

    Scenario 8: Do the reviewers just have to have knowledge in the field or truly be "specialty matched"?

    Response: Start with the specialty match – you can’t go wrong there.  Then there are general surgeons and internal medicine where they may have extensive experience in a given area, and as such could be used for the appeal.

    Scenario 9: IM admits for DVT.  An inpatient day is denied.  Who can review the appeal?  FP or Peds or does it have to be IM?

    Response: IM would be best choice; PCP/FP could be used.  Most primary care doctors will tell you if they do not believe they have the background or experience to review a case.  Peds is not a good choice for adult cases.

    Scenario 10: FP admits an adult with Pneumonia.  Day is denied.  Can a Pediatrician review?  Must it be FP?  IM?

    Response: Pediatrician is not appropriate for an appeal on an adult case.  FP or IM could review the case.

    Scenario 11: A 10-wk pregnant patient admitted with DVT by OB.  Vascular surgeon consults and follows, too.  Who can review case for denied days?  Can FP or Pediatrician review concurrently without consulting with a Like Specialist for advice?

    Response: It depends upon the reason for the denial and why patient was kept – was there some other reason for the hospital stay?  If it was determined that the DVT condition no longer warranted inpatient stay, then a vascular surgeon, IM or FP could review.  If there was some other complication related to the pregnancy, then an OB would appear to be appropriate.

    Scenario 12: Total abdominal hysterectomy performed by GYN surgeon.  Can general surgeon do the appeal review?

    Response: If the general surgeon has experience with abdominal hysterectomies, then yes.

    Scenario 13: Pulmonologist admits for pulmonary emboli.  Who must review appeal?  IM, FP, Peds or pulmonologist?

    Response: Pulmonologist, IM or FP.  Peds should review for pediatric patients.

    Scenario 14: Pancreatitis admitted by FP.  Consulted with a general surgeon, but treated medically.  Who should review appeal?

    Response: IM or FP.

    Scenario 15: GI hemorrhage admitted by GE.  No surgery was required, just scoping and watching. Who should review appeal?  GE, surgeon, IM, FP, Peds?

    Response: GE, surgeon or IM.  FP if experience with these types of cases.  Peds should not review adult cases.

    Scenario 16: Can a Pediatrician review cases on adults that were admitted by IM or FP or specialists?  Can FP do reviews on neonates being cared for by neonatologists?

    Response: No to both scenarios.

HIPAA Security Version 3.0

  • Standard HS1: Security Official

    + Details

    The organization has documented appointment of a chief security official who has defined authority, oversight, and accountability, and who is responsible for the HIPAA security compliance program of the organization, including the development of any necessary policies and procedures.

    Question: What type of preparation is required in order to become a "security official" for HIPAA matters?

    Response: URAC outlines the requirements in the "Points to Remember" section of the accreditation guide for version 3.0 of these standards.  In summary, two (2) years managing a HIPAA Security compliance program or greater than one (1) year's experience with significant responsibility for regulatory compliance AND certification in HIPAA Security AND any other industry-recognized security certification.  The certification is chosen by the applicant organization and must meet URAC's definition for "certification."  (URAC does not keep a list of approved certifications; instead, as part of its desktop review documentation, the organization includes information demonstrating that the certification chosen meets URAC's definition.)

  • Standard 8: Policy and Procedure Updates

    + Details

    The organization:

    1. Revises policies and procedures as necessary, prior to:
    2. Environmental or operational changes affecting the security of the electronic protected health information based upon information from periodic risk assessment;
    3. The effective date for changes in the HIPAA Security Rule;
    4. The effective date for law or regulation affecting the HIPAA Privacy Rule; and
    5. URAC application for HIPAA Security Accreditation to the organization; and
    6. Maintains an archive of superseded policies and procedures for at least six (6) years.

    Question: Why was this standard revised from the previous version (2.1)?

    Response: Some applicant organizations are reactive rather than proactive about updating their policies and procedures as needed to reflect changes to their own processes or the HIPAA Security Rule; therefore, this change was made to clarify the intent of the standard as well as in response to the sections of the American Reinvestment and Recovery Act (ARRA) that impact the HIPAA Security Rule, which are now considered part of the HIPAA Security Rule.

    The specific section of the HITECH Act that supports this standard generally and specifically is as follows: ARRA Pub.L. 111-5, Title Xiii Subsection D.

HIPAA Privacy Version 3.0

  • General Question

    + Details

    Question: Why were the HIPAA Privacy standards for business associates and covered entities combined into one (1) accreditation?

    Response: Some business associate applicant organizations do not identify all parts of the HIPAA Privacy Rule that are applicable to them, resulting in noncompliance with the Rule as well as the concomitant URAC standard(s) for accreditation.  By having to address each standard, the business applicant must affirmatively evaluate whether it is required to meet each particular standard and document why the particular standard does not apply to their organization.

  • Standard HP1: Privacy Official

    + Details

    Question: What type of preparation is required in order to become a "privacy official" for HIPAA matters? 

    Response: URAC outlines the requirements in the "Points to Remember" section of the accreditation guide for version 3.0 of these standards.  In summary, two (2) years managing a HIPAA Privacy compliance program or greater than one (1) years' experience with significant responsibility for regulatory compliance AND certification in HIPAA Privacy AND any other industry-recognized security certification.  The certification is chosen by the applicant organization and must meet URAC's definition for "certification."  (URAC does not keep a list of approved certifications; instead, as part of its desktop review documentation, the organization includes information demonstrating that the certification chosen meets URAC's definition.)

  • Standard HP9: Policy and Procedure Updates

    + Details

    Question: Why was this standard revised from the previous version (2.1)?

    Response: Some applicant organizations are reactive rather than proactive about updating their policies and procedures as needed to reflect changes to their own processes or the HIPAA Privacy Rule; therefore, this change was made to clarify the intent of the standard as well as in response to the sections of the American Reinvestment and Recovery Act (ARRA)/HITECH that impact the HIPAA Privacy Rule, which are now considered part of the HIPAA Privacy Rule. The specific section of the HITECH Act that supports this standard generally and specifically is as follows: ARRA Pub.L. 111-5, Title Xiii Subsection D.

  • Standard HP26: Access and Amendment

    + Details

    The organization may specify exceptions when it will not release or allow amendment of protected health information, provided that such exceptions are consistent with the HIPAA Privacy Rule.

    The organization has policies and procedures to:

    1. Accept and process requests by individuals to inspect and copy their protected health information that is maintained in a designated record set;
    2. Allow individuals to request amendments of their protected health information in a designated record set;
    3. Offer individuals an electronic copy of their information contained within a designated record set, which is maintained within an electronic health record and contains disclosures made for Treatment, Payment and Operations (TPO); and
    4. Offer to forward an electronic copy of individuals' information contained within a designated record set, which is maintained within an electronic health record to a third party of their choice.  This electronic copy of the information maintained within the electronic health record must contain disclosures made for Treatment, Payment and Operations (TPO).

    Question : Why do organizations have to offer individuals an electronic copy of their information?

    Response: The HITECH Act requires organizations to offer individuals an electronic copy of information available within a designated record set. 

  • Standard HP 55: Nominal Reimbursement Providing PHI for Marketing

    + Details

    Under no circumstances shall the organization accept more than a nominal amount of financial reimbursement for providing protected health information to another entity for use in marketing.

    Question : Why was this standard added to the HIPAA Privacy standards (v3.0) and how will URAC evaluate "nominal" reimbursement?

    Response: The standard reflects a requirement under the HITECH Act and though "nominal" is not specifically defined URAC will examine a breakdown of the organization's charges for providing the protected information to another entity that seeks to use it for marketing purposes.  The breakdown must include how much it cost the organization to provide the information, apart from any other charges.  Evidence must be provided upon desktop review.

  • Standard HP 56: Authorization to Use PHI for Fundraising

    + Details

    If the organization uses protected health information for fundraising purposes, it has policies and procedures that govern such activities and that specify the circumstances under which it will seek authorization, whereby:

    1. Individuals must indicate on the authorization form that they are aware of their right to "opt in" and the process for doing so, of authorizing the use of their protected health information for such fundraising purposes; and [M]
    2. If the organization does not use protected health information for fundraising purposes, then it must have a policy statement to that effect. [M]

    Question: Doesn't the new Privacy Rule call for individuals to "opt out" instead of "opt in" for the authorizing the use of their personal health information (PHI) for fundraising?

    Response: A HIPAA Privacy Rule change requires that individuals are provided a clear opportunity to "opt out" of authorizing use of their PHI for fundraising purposes.  URAC chose to employ a more consumer-centric standard by requiring that an individual must "opt in" instead of "opt out" as part of the formal authorization process for using PHI in fundraising.

  • Standard HPRV 13: Privacy Awareness Training

    + Details

    Question: Why are the topics of civil and criminal penalties included in privacy training requirements?

    Response: The Privacy provisions outlined in President Obama's economic stimulus package, the "American Recovery and Reinvestment Act" (ARRA)/HITECH include civil and criminal penalties which require organizations to provide training on the various penalties, the fine amount and under what circumstances they apply.  In addition, ARRA/HITECH has specific guidelines expanding the enforcement powers of State Attorneys General. Under the regulations, State Attorneys General may work on behalf of state's residents to bring civil actions, stop violations, or obtain damages. Although state action is limited while federal action is pending.  This now applies to all covered entities, business associates and individuals, with access to private patient information.

  • Standard HPRV 15: Breach Discovery Policy

    + Details

    Question: Under what circumstances does the "Breach Discovery Policy" apply?

    Response: This standard applies to all situations where it is suspected that a breach might have occurred, which is the initial stage when the organization has an incident that may affect the privacy and/or security of PHI and/or ePHI and may not be sure whether a breach has actually occurred or not.

  • Standard HPRV 18: Breach Notification to the Federal Government

    + Details

    Question: Does this standard apply if the organization determines that a breach did not occur?

    Response: No, notification to the Department of Health and Human Services is not required if a breach did not occur.

  • Standard HPRV 21: Post-Breach Evaluation and Remediation

    + Details

    Question: What happens if the same breach occurs more than once?

    Response: URAC will review the organization's post-breach evaluation and remediation process to determine that it was done pursuant to the standard in each instance.

  • Standard HPRV 67: Privacy Notice Provision

    + Details

    Question: The standard regarding notice to subscribers of privacy practices seems to contradict the HIPAA regulation.  How do you explain that?  How are organizations to provide this notice?

    Response: Standard HPRV 67 "Privacy Notice Provision" is consistent with HIPAA regulation; however, it is more stringent.  Though it is impractical to provide "Notice of Privacy Practices" to all subscribers at the time of enrollment (not just new ones), organizations need to provide notice upon material change and at least every two (2) years in order to keep its membership informed.  So HPCE 59(b) was added and requires notice of privacy practices to all subscribers at least every two (2) years.  Organizations can use mass mailings, newsletters, member Web sites, etc., as ways to carry out this notice.

Independent Review Organization Version 5.0

  • Standard 2: Reviewer Credentials Verification

    + Details

    At a minimum, the reviewer credentialing program shall address verification of professional credentials, including:

    1. Primary source verification of the requisite licensure or certification required for clinical practice;
    2. If a reviewer is an M.D., D.O. or D.P.M and is board certified, then primary source verification of the reviewer's board certification(s);
    3. History of sanctions and/or disciplinary actions; and
    4. Professional experience including:
      1. Length of time providing direct patient care; and
      2. Dates indicating when the direct patient care occurred.
    5. Identifying a reviewer's professional affiliation, privileging or participation with:
    6. Health benefit plans of insurance issuersor group health plans; and Facilities.

    Question: What's the difference between the "certification" noted in standard element (a) and the "board certification" cited in element (b)?

    Response: The certification identified in (a) is required for entry level into clinical practice for those clinicians where certification and not a license is needed to practice.  The "board certification" in (b) is in addition to initial licensure.

  • Standard 6: External Review: Additional Reviewer Qualifications

    + Details

    Per IR 1(a), the organization establishes criteria for the qualification of reviewers.  At a minimum, such criteria will specify that for all external review cases the organization selects reviewers who:

    1. Meet the requirements as specified in IR 4;
    2. Meet the requirements as specified in IR 5;
    3. Have at least five (5) years full-time equivalent experience providing direct clinical care to patients; and
    4. Have clinical experience within the past three (3) years.

    Question: Why does IR 6 reference standards IR 4 and IR 5 when those credentials requirements are specific to internal reviews (health plan controlled) and IR 6 is specific to external reviews (required by state/federal law/regulation)?

    Response: The requirements for IR 6 build upon the credentials requirements specified in the previous standards.  So in order to avoid confusion and show the progression of requirements, the standards are cross-referenced within IR 6.
  • Standard 7: Defining Reviewer Conflict of Interest

    + Details

    Prior to executing a contract to provide review services, the organization verifies what constitutes reviewer conflict of interest according to applicable state or federal law or regulation as well as the contracting entity, including clarification of the following situations with regards to conflict of interest:

    1. A reviewer has a contract to provide health care services to enrollees of a health benefit plan of an insurance issuer or group health plan that is the subject of a review; and
    2. A reviewer has staff privileges at a facility where the recommended health care service or treatment would be provided if the health carrier's previous non-certification is reversed.

    Question: If discussions with an entity result in having (a) and/or (b) identified as a conflict of interest, then does this have to show up in the contract language and what about the reviewer conflict of interest attestation signed by each reviewer who accepts a case?

    Response: Whether or not (a) and/or (b) are identified as conflicts of interest, it's a best practice to document that decision in one place tied to the contract, which includes:

    1. The body of the contract
    2. Addendum to the contract
    3. Document/reference cited by reference within the contract

    If (a) or (b) are determined to be conflicts of interest by the parties to the contract (i.e., the IRO and organization it is contracting to provide services for), then 1. and/or 2. must be written into the reviewer conflict of interest attestation signed by the reviewers that accept the cases for that particular client.

  • Standard 12: External Review: Defining Organizational Conflict of Interest

    + Details

    Prior to executing a contract to provide external review services, the organization verifies what constitutes an organizational conflict of interest:

    • According to applicable state or federal law or regulation;
    • According to the contracting entity; and
    • Including clarification whether a relationship between the organization and an insurance issuer's or group health plan's parent company, sister companies or subsidiaries constitutes an organizational conflict of interest.

    Question: As with IR 7, if discussions with an entity result in having (a), (b) and/or (c) identified as a conflict of interest, then does this have to show up in the contract language and what about the organizational conflict of interest attestation executed prior to or as part of contracting to conduct external reviews?

    Response: Whether or not (a), (b) and/or (c) are identified as conflicts of interest, it's a best practice to document these decisions in one place tied to the contract, which includes:

    • The body of the contract;
    • Addendum to the contract; or
    • Document/reference cited by reference within the contract.

    If (a), (b) or (c) are determined to be conflicts of interest by the parties to the contract (i.e., the IRO and organization it is contracting to provide services for), then (a), (b) and/or (c) must be written into the organizational conflict of interest attestation signed by a principle of the IRO prior to executing a contract with that particular client.  It is also considered a best practice to periodically (i.e., annually) "refresh" this attestation since changes could occur that add or remove a conflict of interest for the IRO.

  • Standard 22: Time Frames for External Reviews

    + Details

    The organization completes an external review according to the following time frames (unless superseded by applicable law or regulations):

    1. An expedited review is completed as soon as possible, but in no event more than 72 hours after receipt of the request for an expedited external review;
    2. A non-expedited review is completed within 45 calendar days after receipt of the request for an external review; and
    3. The time frame starts upon receipt of the request for a review and ends once the organization issues a determination to all requisite parties as required by contract, law or regulation.

    Question: How did URAC determine the time frames for conducting a review?

    Response: The time frames align with federal requirements pursuant to the PPACA, Public Law 111 148 "Technical Release" on August 23, 2010, which indicates that a health plan must comply with the state process if it provides for an external review process that meets, at a minimum, the consumer protections set forth in the interim final regulations.

Pharmacy Benefit Management (PBM) Version 2.0

  • General Question: PBM Organization Function

    + Details

    Question: What do pharmacy benefit management (PBM) organizations do?

    Response: Pharmacy benefit management organizations work like a health plan for drugs/medications. They manage drug benefits on behalf of employers, negotiating preferred pricing for drugs, determining pharmacy networks, and developing and maintaining a “formulary”—the list of covered or preferred medications--with the goal of helping purchasers reduce costs. They can either work in partnership with a health plan to provide services, or can work as a stand-alone service. Employers use these services to lower costs because the cost of pharmaceuticals represents more than 12 percent of total health spending, a significant proportion of their total health expenditure.

  • Standard CSCD 6 and DTM 15: Coordination of Communications

    + Details

    Question: Is an organization required to coordinate its communications with its clients’ health and service offerings?

    Response: No. The organization should ensure that the various communications received by consumers from different sources do not conflict with one another. Examples of such communications include but not limited to educational materials, information, resources, and other communications that are available to consumers. If an organization is asked to coordinate its program into the current benefit structure, it will also be necessary to coordinate materials and communications between the organization and those other existing programs. It is the purchaser’s responsibility to inform the organization of its benefit structure and request the organization coordinate its offering within that structure.

  • Standard CSCD 7: Disclosure, and CSCD 8: Disclosure Verification

    + Details

    Question: What has been revised in version 2.0 regarding these standards that address disclosure of information to clients?

    Response: These standards and elements are now mandatory, based on the new scoring methodology. The standards addresses disclosure of potential conflicts of interest, sources of revenue, pricing structure, and delegation/subcontracting. The organization allows its client to verify such disclosures.

  • Standard CSCD 14: Electronic Prescribing

    + Details

    Question: What is required by a pharmacy organization regarding electronic prescribing?

    Response: The new standard for electronic prescribing is a mandatory standard that requires the organization to use a system for electronic prescribing, which can be integrated with its drug management systems and complies with NCPDP standard transactions. The electronic prescribing system may include but not limited to information on formularies, benefits, medication history, and prescription fill status.

  • Standard PHARM-DC 9: Distribution Channel Management

    + Details

    Question: Is the PBM expected to verify the credentials of all pharmacies in its network?

    Response: Yes. With this new mandatory standard, an organization is required to have a policy and/or documented procedure for verifying its network pharmacy’s credentials. The verification must include facility state licensure, DEA registration, and professional liability insurance. The organization must also verify the determination of the absence of government debarment and the ability to transmit transactions electronically.

Pharmacy Quality Management® Programs: General Questions

  • Accreditation Benefits

    + Details

    Question: Why is URAC’s Pharmacy Quality Management® Accreditation a good idea?

    Response: The lion’s share of insured Americans receive PBM services, yet URAC’s accreditation program is the first to give comprehensive, third-party assurance for consumers and purchasers that quality standards were met for consumer protection and empowerment, appropriate access to drugs and pharmacies, patient safety, and disclosure of pricing and contracting terms.

    In 2005 alone, Americans spent more than $170 billion for prescriptions at retail pharmacies.  This staggering dollar figure represents more than 3.1 billion individual retail prescriptions filled or re-filled—and doesn’t include some 244 million prescriptions filled via mail order pharmacy. 

    Some 70 percent of those prescription drug transactions were managed by a prescription benefit management (PBM) program.

    Pharmacy related expenses in the United States were expected to reach $250 billion in 2006, representing an 11.5 percent increase over 2005. 

    The sector saw rapid expansion with the introduction of Medicare Part D prescription drug coverage in 2006, with more than 39 million Medicare beneficiaries (90 percent) now enrolled in that program.

    The need for additional consumer protection and safety guidelines is an area of concern for many. The final rule implementing the Medicare Modernization Act of 2003 (MMA) included specific language addressing some of the key issues surrounding PBM practices, and included an invitation from the Centers for Medicare and Medicaid Services (CMS) for industry self-regulation. The regulation recognizes third party accreditation programs to create recognition for:

    • Access to covered Part D drugs including the pharmacy access requirements and the use of standardized technology and formulary requirements;
    • Drug utilization management, Quality Assurance, Medication Therapy Management, and a program to control fraud, waste and abuse; and
    • Confidentiality and accuracy of enrollee records.

    URAC’s Pharmacy Benefit Management Accreditation addresses many of these concerns.

    Question: In what ways do Pharmacy Quality Management ® organizations benefit from URAC accreditation?

    Response: The standards support creation and maintenance of a quality management framework, or a template for policies and procedures that address:

    • Ongoing management of quality procedures, including a quality committee, following a logical blueprint for quality management, maintenance and reporting.
    • Development and maintenance of written policies and procedures
    • Staff qualifications, credentialing, and oversight requirements of qualified staff for certain functions
    • Development, delivery and expectations of drug utilization management programs
    • Scope of appeals considerations, or procedures in place for how an appeals process works.
    • URAC educational support and training to assist with adherence to standards
  • Applying for Accreditation

    + Details

    Question: Who can apply for URAC’s Pharmacy Quality Management® accreditation program?

    Response: Health plans offering these services or standalone pharmacy organizations may apply.

    Question: How can organizations apply for Pharmacy Quality Management® accreditation?

    Response: Call URAC at (202) 216-9010.  For more information about the accreditation process, go to http://www.urac.org/healthcare/accreditation.

  • Application Submission

    + Details

    Question: How should multiple locations/sites be included in the application?

    Response: The application should list all the sites that directly support the functions of the accreditation program. If the organization's corporate headquarter is considered a site, that address must be included in the listing of sites. All sites that perform call center functions should also be included in the list of sites. Note: the locations for the onsite reviews can only be selected from the specific sites listed in the application.

  • Accreditation Benefits to Consumers

    + Details

    Question: How do URAC’s Pharmacy Quality Management® Accreditation standards benefit consumers?

    Response: The standards require organizations have policies and procedures in place that ensure:

    • Access to appropriate drugs/medications
    • Protection of health information
    • Customer service center operations and performance standards, such as timeliness and performance in answering telephone inquiries, or reasonable and accessible hours or operation.
    • Complaint and appeals tracking and resolution
    • Drug safety issues identification, resolution, and informing consumers promptly.  For instance, the standards examine policies and procedures that govern pharmacy networks and how they ensure drug safety protocols at the pharmacy level—issues such as drug interactions, whether a drug is appropriate for the consumer’s age and gender, or whether there are drug alerts that apply.
    • Accessibility and reliability of information intended for consumers, such as availability of provider directories or information about formularies and benefit coverage.
    • Methods to measure customer satisfaction
    • Access, availability, and quality and safety criteria in the pharmacy network (including any way drugs are distributed, such as retail and specialty clinics).
  • Accreditation Benefits to Purchasers

    + Details

    Question: How do URAC’s Pharmacy Quality Management ® Accreditation standards help purchasers?

    Response: Since purchasers seek PBM services on behalf of consumers, many of the same benefits apply.  In addition to those listed above, the standards require organizations have policies and procedures in place that ensure:

    • Data integrity security, so purchasers know health and personal information about the employees is safe.
    • Disclosure and verification of contractual policies, such as how payment policies with drug manufacturers were developed;
    • Disclosure of what audit rights clients have to ensure pricing methodologies remain transparent.
    • Integrity of the formulary development process.  These include standards surrounding the way drugs are selected for inclusion in formularies, such as the qualifications of those making decisions and that considerations about safety and effectiveness come before cost.
    • Operational requirements and performance standards, such as licensure and certification of staff.
  • Areas of Interest for Regulators

    + Details

    Question: In what ways will Pharmacy Quality Management® accreditation address areas of interest for regulators?

    Response: The standards require organizations have policies and procedures in place such as:

    • Conflict of interest requirements—for staff, committees, or others connected to the organization.  For example, members of a pharmacy and therapeutics or formulary committee cannot have relationships with a drug manufacturer with a product under consideration.  
    • Safeguards to ensure that financial incentives do not create conflicts of interest.
    • Access to drugs and services needed by consumers.
    • Regulatory compliance such as licensure of staff and facilities.
  • Accreditation Contract Agreement

    + Details

    Question: How do URAC’s Pharmacy Quality Management® accreditation standards address clarity in contracting agreements?

    Response: The standards require organizations have policies and procedures in place for the purchaser that ensure:

    • Disclosure of rebate structure
    • Disclosure and definition of pricing structure
    • Audit arrangements
    • Formulary decision making
  • Clinical Rigor

    + Details

    Question: How do URAC’s accreditation standards assure clinical rigor in its Pharmacy Quality Management® programs?

    Response: The standards require organizations have policies and procedures in place that ensure:

    • Clinical decisions and information are developed and delivered with the involvement and oversight of appropriate clinicians to promote optimal and cost effective drug use.
    • Clinical decisions and information are developed through an evidence-based process.
    • Clinical information undergoes timely review and updates.
    • The Pharmacy and Therapeutics Committee and formulary development and management process is based on efficacy, safety, and therapeutic need.
  • Organizations’ Content Information Level

    + Details

    Question: Are organizations required to have the content of information at a specific grade-level?

    Response: URAC will not specify that consumer content be developed for a sixth-grade (or any) reading level.  However, URAC will ask the organization to state what reading level it targets, the criteria it uses to test content against that reading level, and how it ensures that consumer content meets those criteria. Refer to the Health Literacy Communication Requirements and Consumer Education sections for additional information.
  • Regulatory Compliance

    + Details

    Question: Is an organization required to meet state and federal laws if it is not noted in the standards and/or interpretive information/commentary section?

    Response: State and federal laws supersede URAC Standards if the laws or regulations are more rigorous than URAC Standards. Conversely, an applicant must comply with URAC Standards if the standards are more stringent. If an applicant is required by law to carry out its business in a manner not consistent with URAC Standards, then the applicant may request a variance from a URAC Standard. A copy of the relevant statute or regulation must accompany the request submitted for that standard in the application.

Accreditation Onsite Process

  • What is the look back period for selecting files for initial applicants?

    + Details
    An initial applicant is defined as an organization that has never received a URAC accreditation for the module If an applicant is applying for initial accreditation they must be prepared to provide a log of all cases, or files such as credentialing, complaints, employee records processed since the date of application submission If the Desk top Review findings identify non-compliance with the standards it is expected that the files will demonstrate changes effective from the accepted standard evidence. URAC will verify changes made have been implemented and applied to cases processed. Case files are not pre-selected before the onsite.
  • What is the look back period for selecting reaccreditation files?

    + Details
    A re-accredited organization is an organization that has been previously accredited and is applying to renew the previous accreditation If an applicant is applying for re-accreditation they must be prepared to provide a log of all cases processed since the date of the applicant's last onsite visit. Case Files are not pre-selected before the onsite.
  • How many cases will be reviewed during the onsite?

    + Details
    A minimum of thirty cases for example; case management, health call center call records, credentialing files, medical necessity standard appeals, and medical necessity expedited appeals, wellness consumer records, or disease management consumer records will be reviewed. If an area of non compliance is identified additional cases may be selected for review. The total number of cases reviewed is at the discretion of the reviewer. The size of the organization will factor into the number of cases reviewed.
  • Do case records need to be printed for the file audit?

    + Details
    No, cases may be reviewed on line if the applicant provides a super- user to navigate in the applicant's system. However, the organization must be able to print out a file if requested. Credentialing files and Provider contracts must be viewed in paper format. Contracts must be fully executed with signatures and dates.
  • Personnel/Consultants Orientation and Credentials Verification:

    + Details
    The reviewer will request a listing of personnel /consultants who function under the scope of the accreditation. For example if the organization is applying for accreditation under the Utilization Management module, the reviewer will request personnel files for those staff members who perform Utilization Management functions. A minimum 10% or 10 of the organization's personnel files will be reviewed, whichever is greater. The reviewer will look for evidence of: • Job description and resume or job application please see (Core 25) • Licensure, this will require Primary source verification of licensure (See Core 30) • Certification, if the staff member's job description requires certification the reviewer will look for evidence of primary source verification of certification. (See Core 30) • Documentation of Initial orientation (See Core 27) • Training in the current version of URAC standards as applicable to job functions (See Core 27) • Conflict of interest training (See Core 27) • Confidentiality training (See Core 27) • Signed Confidentiality Statements/Agreements • Documentation of additional training for all staff (See Core 27) • Ongoing training for all staff at a minimum annually to maintain professional competency. (See Core 27) • If the selected individual is a consultant please provide a copy of the contract • Temporary staff are subject all of the documentation above Training records may be viewed electronically.
  • Does the senior clinical staff person have to be present during the onsite?

    + Details
    Yes, the senior clinical staff person must be present during the onsite. If he/she is unable to be present please discuss the circumstances with the accreditation reviewer prior to the scheduled onsite.
  • When should an applicant expect to receive the agenda for the onsite?

    + Details
    The link for the onsite agenda will be found in the email identifying the onsite date. It is approximately half way down the email. It includes tips for a successful review, a list of documents to have available and the agenda identifying the onsite details. Onsite dates will be discussed with the contact person during the initial call with the assigned accreditation reviewer after submission of the application. URAC does not schedule onsites on federal holidays. An onsite day commences no later than 9am and concludes by 5pm. When will an onsite be cancelled? In the event of a declared emergency such as a hurricane, tornado, or terrorist act in the applicant's State. The onsite will be re-scheduled at a mutually agreeable timeframe.
  • Does the business continuity testing have to occur prior to the onsite?

    + Details
    The business continuity testing must be completed before the date of the onsite. Testing that has occurred within the last two years will meet the standard requirement. Documentation related to the testing must be provided during the onsite. The documentation should depict any identified gaps and remediation planning.
  • How do accreditation reviewers decide who to interview during the onsite?

    + Details
    The onsite agenda will list the department representatives that will be interviewed. The applicant will identify who from the following departments will be interviewed: Marketing, Regulatory Compliance, IT Privacy and Security Officers, Quality Management, and Supervisory Staff. The Senior Clinical Staff person will be interviewed. The Accreditation reviewer will randomly select non-clinical and front line clinical staff to interview.

Interested in accreditation?
Contact businessdevelopment@urac.org

Contact Us | Privacy Policy | Terms of Use

Social Media TextFollow us on FacebookFollow us on TwitterFollow us on Linked In