An Insider's Perspective: How URAC's New Core 4.0 Accreditation Standards Align with Best Practices in Today's Changing Healthcare Environment

Transcription

1 An Insider's Perspective: How URAC's New Core 4.0 Accreditation Standards Align with Best Practices in Today's Changing Healthcare Environment Session Code: MN16 Date: Monday, October 23 Time: 2:45 p.m. - 4:15 p.m. Total CE Credits: 1.5 Presenter(s): Donna Merrick, MEd, BSN, RN

2 An Insider s Perspective: How URAC s New Core 4.0 Accreditation Standards Align with Best Practices in Today s Changing Healthcare Environment URAC Core 4.0 Standards 1

3 URAC Core 4.0 Standards Meet the Core Standards - Meet the Demand for: Accountability Quality Value URAC Core 4.0 Standards Where is this demand coming from? Payers Government Public URAC Core 4.0 Standards Demand for Accountability, Quality, and Value: Drives changes to Core standards Evident through evolutionary changes in the healthcare system 2

4 URAC Core 4.0 Standards The U.S. healthcare system is evolving Increased reliance on electronic media Standardized measures (Affordable Care Act) Value-based reimbursement Formation of clinically integrated networks URAC Core 4.0 Standards Four Core Focus Areas: Risk Management Consumer Protection and Empowerment Operations and Infrastructure Performance Management and Improvement URAC Core 4.0 Standards Focus Area (group of related standards) Standards (general description of requirement)» (applicants rated for compliance) Interpretive Information Demonstration of Compliance: Desktop Review Demonstration of Compliance: Validation Review 3

5 URAC Core 4.0 Standards Example: Case Management Accreditation Program Core Module + Case Management Module Focus Areas Focus Areas Standards Standards Elements Elements Focus Area: Risk Management Focus Area: Risk Management C-RM 1: Risk Management Strategies Enterprise risk management Proactively identify, prioritize, and address risk, which drives:» Accountability» Quality» Value 4

6 Focus Area: Risk Management Brought forward from Core 3.0: Information privacy, security, and integrity Regulatory compliance Business continuity Focus Area: Risk Management Information privacy, security, and integrity» Scope: includes data that is stored, data gathering, and data transfers» Periodic risk assessment conducted by an entity with: Expertise No stake in the outcome Focus Area: Risk Management Regulatory compliance: Compliance Officer Cannot be a committee Cannot be a consultant Can be an organization s general counsel» Who may or may not be an employee Best practice: direct access to president 5

7 Focus Area: Risk Management Regulatory compliance: Internal Controls Monitoring, auditing and reporting Prompt response to problems and incidents Prevention of future problems and incidents Focus Area: Risk Management Business Continuity Plan (BCP) testing clarified Occurs every two (2) years Tabletop exercise (minimum) Telecommunications rolled over to a backup arrangement (optional) Test results correct and update the BCP Focus Area: Risk Management New to Core 4.0:» Risks pertinent to the functions covered by the accreditation are included in the risk management program» (optional) Identify management processes to be informed by risk intelligence 6

8 Focus Area: Consumer Protection and Empowerment Focus Area: Consumer Protection and Empowerment Ethics in healthcare practices are explicit Reporting of impaired, incompetent, or unethical practice Professionalism in the use of digital media high-risk online behaviors Focus Area: Consumer Protection and Empowerment Ethics in healthcare practices are explicit Conflict of interest Peer review Avoidance of discrimination 7

9 Focus Area: Consumer Protection and Empowerment Ethical practices provide a foundation for quality Define ethical practices and educate staff Monitor services (including delegated services) Take action on ethics-related issues or events Focus Area: Operations and Infrastructure Focus Area: Operations and Infrastructure Code of ethical business conduct addresses: Agreed upon ethical principles Expected and prohibited behavior/ practices Whistleblower situations Consequences 8

10 Focus Area: Operations and Infrastructure Definition of leadership: the individual(s) with the authority and accountability for the quality of the product/ service delivery for the function(s) covered by the applicable URAC accreditation or certification program. Focus Area: Operations and Infrastructure Why address leadership in accreditation standards? Without leadership, the same issues and performance problems will continue to linger without improvement or resolution. Focus Area: Operations and Infrastructure Leadership is accountable for: Achieving continuous quality improvement Managing risk 9

11 Focus Area: Performance Management and Improvement Focus Area: Performance Management and Improvement Quality management program has defined: Scope Goals and objectives Measurable goals for improvement Strategies for improvement Focus Area: Performance Management and Improvement Implement a systematic, evidence-based process PDCA DMAIC 10

12 Focus Area: Performance Management and Improvement Data Management Select performance indicator/metrics Collect, analyze, and ensure data integrity Benchmark performance Focus Area: Performance Management and Improvement Quality management programs support performance indicator: Collection Analysis Reporting URAC Guiding Principles 11

13 URAC Guiding Principles Published in the accreditation program guides to be transparent about what URAC considers to be the essential characteristics of a healthcare system Guide the standards development process URAC Guiding Principles Leadership Stakeholder Involvement Individual Protection Culture of Quality Enterprise Risk Management URAC Guiding Principles Quality Improvement Process Optimization Information Systems Performance Measurement and Reporting 12

14 URAC Guiding Principles URAC-GP 1: Leadership Organizational leaders share responsibility for and demonstrate their commitment to quality, service excellence and healthcare innovation that is recognized through accreditation or certification. Modified Scoring Methodology Modified Scoring Methodology In Core 4.0: Numeric weights simplified to [2] and [4] New requirements () in Core 4.0 are not Mandatory Core remains 30% of the total score (no change) 13

15 Modified Scoring Methodology After at least 3 years of experience with Core 4.0, URAC will revisit the scoring to consider: Modified Scoring Methodology Increasing the Core module from 30% to 40% of the total accreditation score Moving main (non-core) modules to simplified numeric weights of [2] and [4] Calculating the score using all numeric elements in a module, instead of scoring each standard Modified Scoring Methodology These proposed changes will be: Researched and analyzed using at least 3 years of final application scoring data Recommendations presented to URAC Board (anticipated: 2021) If approved, phased in as programs are revised 14

16 Questions? 15

17 Focus Area Core Risk Management (C-RM) v Guiding Principles URAC-GP 3 - Consumer Protection Consumer rights are respected in the planning and delivery of healthcare and related services, including equitable access, safety, effectiveness, efficiency, timeliness, dignity, disclosure of pertinent information, cultural appropriateness, and participation in decision-making and selfmanagement. Privacy and security of personal health information is protected. URAC-GP 5 - Regulatory Compliance A process is in place for preventing non-conforming processes or product/services through compliance strategies designed to promote ethical behavior and regulatory conformity, manage risks, and reduce errors and omissions. Rationale Value protection and reduction of actual or potential consumer harm is accomplished through proactively identifying, analyzing, preventing and controlling potential risks, including clinical, business and operational risks. Risk management through established programs that include regulatory compliance is a basic component of consumer protection. Scope These standards apply to all types of organizations, including support organizations that provide health services whether or not the services are directly consumer facing. Enterprise risk management is an organization-wide approach to managing risk in many areas. For free-standing entities, these standards will be evaluated for the organization; for larger entities, these standards will evaluate the functions relevant to the accreditation or certification as it is embedded within a larger organization. The scope of these risk management standards excludes financial and strategic risk, and as such an applicant does not address these areas for the following elements of performance: o Risk Management Program Scope [C-RM 1-1]; o Risk Management Program Structure [C-RM 1-2]; o Risk Management Program Implementation [C-RM 1-3]; and o Risk Management Program Evaluation [C-RM 1-4]. Operational risks inherent in the structures and processes that support the functions covered by the accreditation or certification are included within the scope of the risk management program [C-RM 1-1(a)]. URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 1

18 In addition, the scope of risk management covered by these standards includes areas of importance to healthcare: o Information privacy, security, and integrity [C-RM 2-1]; o Regulatory compliance [C-RM 3-1]; and o Business continuity [C-RM 4-1 through C-RM 4-3] These standards incorporate implementation of a robust enterprise risk management program and compliance with all federal and state healthcare laws and regulations applicable to the functions and locations incorporated within the scope of the application for accreditation or certification. Applicable jurisdictions identified as pertinent by an organization may include those wherein the organization maintains business sites, where healthcare or healthcarerelated services are provided and/or where consumers served reside. Jurisdictional issues are state specific. URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 2

19 Standard C-RM 1: Risk Management Strategies Programs engage in enterprise risk management strategies and activities appropriate to their scale and business model that seek to proactively identify, prioritize and appropriately treat hazards and risks including occurrence of errors, events, and system breakdowns for the benefit of consumers. C-RM 1-1: Risk Management Program Scope At a minimum, the scope of the risk management program includes: (a) The types of risk identified by the applicant pertinent to the functions covered by the URAC program for this application [2] (b) In addition to those identified by the applicant, the risk management program covers, or articulates with programs that address risk in the following areas: (i) Information privacy, security, and integrity [2] (ii) Regulatory compliance [2] (iii) Business continuity [2] (c) The management processes chosen by the applicant to be informed by its risk intelligence [L] New Glossary Term Risk intelligence: the ability to transform risk data into meaningful and useful information for risk analysis, treatment and planning purposes, which includes the ability to distinguish between risks to avoid, risks that provide a competitive advantage, as well as risks that have both characteristics. C-RM 1-2: Risk Management Program Structure The risk management program design: (a) Is supported by a written plan [2] (b) Establishes program goals [2] (c) Identifies strategies (e.g., activities, methods, and techniques) that can be used to meet program goals [2] (d) Includes mechanism(s) for the evaluation of risk management effectiveness [L] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 3

20 C-RM 1-3: Risk Management Program Implementation The risk management plan strategies are implemented for the program, including: (a) Collection and review of information the applicant deems relevant to risk management [2] (b) Based on review findings, action is taken when the applicant determines that there are risk-related issues that need to be addressed [4] (c) Periodic review and, when indicated revision of practices, processes, protocols, and systems [L] C-RM 1-4: Risk Management Program Evaluation Risk management program effectiveness evaluation includes: (a) Periodic evaluation of risk management program effectiveness [L] (b) Specific areas of evaluation: (i) Analysis of performance against goals [L] (ii) Analysis of program integration within the organization [L] (iii) Assessment of program impact and subsequent value to the organization [L] (c) Program effectiveness findings and recommendations are reported to leadership [L] New Glossary Term Leadership: the individual(s) with the authority and accountability for the quality of the product/ service delivery for the function(s) covered by the applicable URAC accreditation program. URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 4

21 Standard C-RM 2: Information Systems Risk Management Applicants proactively seek to identify and protect against actual and potential threats to information privacy, security, and integrity. C-RM 2-1: Information Systems Risk Assessment and Reduction Information systems (electronic and paper) are addressed as a component of an organization s overall risk management program. (a) Risk assessment processes are in place for information systems to identify, document, thwart and/or remediate actual or potential hazards or threats to the security of all the following areas: (i) Stored data [4] (ii) Data gathering [4] (iii) Data transfer [4] (b) Risk assessment processes described in element (a) include a periodic risk assessment conducted by an entity with the expertise to handle these types of assessments and that has no stake in the outcome of the assessment [2] (c) Risk prevention processes in place identify, document, thwart and/or remediate actual or potential hazards or threats to privacy including: (i) Access issues [2] (ii) Incidents, which includes those determined to be a breach [2] (d) If gaps or potential failures in information privacy, security, and/or integrity are identified, they are promptly addressed through: (i) Thorough analysis of cause(s) [2] (ii) Development of action plans [2] (iii) Management of corrective actions [2] (iv) Periodic ongoing monitoring and reevaluation to ensure sustained compliance [2] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 5

22 Standard C-RM 3: Regulatory Compliance Risk Management Applicants implement internal controls and ongoing monitoring to mitigate risks of noncompliance with applicable state and federal laws and regulations. C-RM 3-1: Regulatory Compliance and Internal Controls The risk management of regulatory compliance incorporates the following elements of performance: (a) Identified compliance officer designated with responsibility for overseeing program matters [2] (b) Implementation of methods and accountabilities to track applicable state and federal laws and regulations [M] (c) Ongoing internal monitoring, auditing and reporting designed to ensure consistent compliance with applicable laws and regulations [M] (d) Prompt response to detected risks, problems or incidents related to regulatory compliance [4] (e) Corrective action is taken as needed to prevent future occurrence of problems or incidents [4] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 6

23 Standard C-RM 4: Business Continuity Risk Management The business continuity plan, an important component of an applicant s overall risk management strategy, is designed to ensure minimal disruption of program functions and services. [Note: C-RM 4-1 is not applicable to pharmacy programs; whereas, C-RM 4-2 is only applicable to pharmacy programs.] C-RM 4-1: Business Continuity Plan The organization implements a Business Continuity Plan (BCP) for program operations that identifies: (a) Which systems and processes must be maintained, and the effect their disruption would have on the organization's program [4] (b) How business continuity is maintained given various lengths of time information systems are not functioning or accessible [4] C-RM 4-2: Pharmacy Emergency Management Plan The organization ensures business continuity for its operations by having an emergency management system in place that: (a) Addresses its facilities, services, and products [4] (b) Identifies the effect that a disaster would have on the organization s program [4] (c) Includes a plan for distribution of pharmaceuticals during an emergency [M] C-RM 4-3: Business Continuity Plan Testing The organization s Business Continuity Plan (BCP): (a) Is tested at least every two (2) years [2] (b) At a minimum, is tested using a tabletop exercise [4] (c) In addition to a tabletop exercise, includes a test whereby telecommunications for at least a segment of its business is rolled over to a backup arrangement, thus demonstrating in fact the ability to continue business during an outage [L] (d) Test results are used to correct problems with the BCP, including updates as needed to reflect current business processes and systems [4] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 7

24 New Glossary Term Tabletop exercise: test of a Business Continuity Plan (BCP) that includes documentation of the following aspects of the test: A tabletop exercise simulates an incident in an informal, stress-free environment. The participants who are usually the responsible managers and the response teams gather around a table to discuss general problems and procedures in the context of an incident scenario. A scenario is developed in advance, but there are no attempts to arrange elaborate facilities or communications. One or two evaluators may be selected to observe proceedings and progress toward the objectives. The focus is on training and familiarization with roles, procedures, and responsibilities. There is review of the step-by-step procedures for each of the critical plan elements outlined in the BCP The success of a tabletop exercise is determined by feedback from participants and the impact this feedback has on the evaluation and revision of policies, plans, and procedures. URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 8

25 Focus Area Core Consumer Protection and Empowerment (C-CPE) v Guiding Principles URAC-GP 2: Stakeholder Involvement The organization promotes quality in their services by soliciting feedback from both internal and external stakeholders to determine needs, decide how to best close gaps between expectations and deliverables to improve performance. Consumer satisfaction feedback is used to improve organizational effectiveness. URAC-GP 3: Consumer Protection Consumer rights are respected in the planning and delivery of healthcare and related services, including equitable access, safety, effectiveness, efficiency, timeliness, dignity, disclosure of pertinent information, cultural appropriateness, and participation in decision-making and selfmanagement. Privacy and security of personal health information is protected. Rationale Consumers are integral to achieving positive health outcomes. Scope Consumer protection and empowerment applies to organizations providing direct or indirect services affecting healthcare consumers. Respect for consumer rights by quality healthcare organizations includes access, safety, effectiveness, efficiency, timeliness, dignity, information disclosure, cultural appropriateness and participation in decision-making and self-management. Ethical practices and health information confidentiality also protect the consumer. URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 9

26 Standard C-CPE 1: Protection of Consumer Information Programs implement information systems controls that maintain consumer protection and promote consumer empowerment. C-CPE 1-1: Confidentiality of Consumer Health Information The organization implements processes and procedures to protect confidentiality of protected health information (PHI) and individually-identifiable health information (IIHI) as required by applicable laws and regulations. (a) Execute Business Associate Agreements with Business Associates (excluding workers compensation lines of business) [M] (b) For those who have access to PHI/IIHI, address the responsibility of program employees, committee members and officers to preserve the confidentiality of this type of information [M] (c) Address situations where an individual or organization (e.g., an electrician or janitorial service) whose functions or services do not involve the use or disclosure of PHI/IIHI, but whose work puts them in the vicinity of this type of information [M] Standard C-CPE 2: Healthcare Ethics Programs engage in methods to assure ethical practices that protect consumers. C-CPE 2-1: Consumer Rights and Responsibilities Consumer rights and responsibilities are defined and enabled. (a) Programs implement a notification process for informing consumers of their rights and responsibilities [4] (b) Consumer rights and responsibilities inform program policies, procedures and processes for services design and operation [2] (c) Consumer rights and responsibilities address: (i) Confidentiality [4] (ii) Information disclosure [4] (iii) Submission of complaints and appeals [2] (iv) Access to services [2] (v) Respect and nondiscrimination [2] (vi) Consideration of consumer preferences [2] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 10

27 C-CPE 2-2: Ethical Healthcare Practices Ethics in healthcare practices are explicit. Programs define ethical healthcare practices concerning: (a) Reporting of impaired, incompetent, or unethical practice [4] (b) Avoidance of discrimination based on race, color, national origin, sex, age, or disability [2] (c) Professionalism in the use of digital media [2] (d) Conflict of interest [2] (e) Peer review [2] (f) Ethical obligations of Medical/Clinical Directors [L] (g) Responsibility to study and prevent error [L] (h) Prudent stewardship of healthcare resources [L] (i) Commitment to reduction of health disparities [L] C-CPE 2-3: Monitoring and Oversight of Ethical Healthcare Practices The applicant organization monitors its services (including services outsourced to contractors/ delegated entities; does not include vendors) covered by the URAC program for this accreditation or certification for unethical healthcare practices by implementing strategies that include: (a) Collection and review of information the applicant deems relevant to monitoring for unethical healthcare practices [2] (b) Based on information review findings, action is taken when the applicant determines that there are ethics-related issues or events that need to be addressed [4] (c) Identification of a designated authority for remediation of specific situations [4] (d) Periodic review of healthcare ethics issues, events and trends and, when indicated actions are taken to prevent future occurrences [L] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 11

28 Standard C-CPE 3: Consumer Protection Consumer protections include clinical oversight, safety mechanisms, provider collaboration and coordination, marketing safeguards and appropriate use of financial incentives. C-CPE 3-1: Clinical Staff Credentialing The organization implements a written policy and/or documented procedure to: (a) Primary source verify the current licensure or certification of staff whose job description requires licensure or certification upon hire, and thereafter no less than every three (3) years [M] (b) Require staff to notify the organization in a timely manner of an adverse change in licensure or certification status [M] (c) Implement corrective action in response to adverse changes in licensure or certification status [M] C-CPE 3-2: Clinical Oversight of Program A senior clinical staff person oversees the services provided; therefore, organizations designate at least one senior clinical staff person who: (a) Is currently licensed to practice a health profession in the relevant jurisdiction(s) [M] (b) Has documented qualifications to perform clinical oversight for the services provided as set forth by the organization to meet its needs [M] (c) Provides guidance for clinical operational aspects of the program [4] (d) Is responsible for oversight of clinical decision-making aspects of the program [M] (e) Ensures that qualified clinicians are accountable to the organization for decisions affecting consumers [M] C-CPE 3-3: Consumer Safety Mechanism The applicant organization has implemented a consumer safety mechanism. (a) The applicant organization has a mechanism to respond on an urgent basis to situations that pose an immediate threat to the health and safety of consumers [M] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 12

29 C-CPE 3-4: Employment Screening applicable only to URAC pharmacy programs The applicant organization has an employment background screening and drug testing/ screening program where upon hire: (a) Employees who handle patient data receive a criminal background check [M] (b) Employees who physically handle pharmaceuticals receive drug testing/screening [M] C-CPE 3-5: Financial Incentives If the organization has a system for reimbursement, bonuses or incentives to staff or healthcare providers based directly on consumer utilization of healthcare services, it must implement mechanisms to: (a) Prohibit the use of incentives that compromise medical decision-making [M] (b) Monitor the use of incentives to ensure that consumer healthcare is not compromised [M] C-CPE 3-6: Marketing Safeguards The applicant organization follows marketing and sales practices that include: (a) Implementing mechanisms that safeguard against misrepresentations about the organization's services for new and existing marketing materials and other general communications across all media [M] (b) Responding promptly to detected problems and taking corrective action as needed [4] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 13

30 Standard C-CPE 4: Consumer Empowerment Consumers are empowered through access to health services, the ability to provide feedback, consent processes, and promotion of health literacy. C-CPE 4-1: Consumer Complaint Process Organizations maintain a formal process to address consumer complaints that includes: (a) A process to receive and respond in a timely manner to complaints [M] (b) Notice (written or verbal) of result with an explanation [4] (c) Informs consumers of the avenues to seek further redress if an additional complaint process is available [4] (d) Evidence of meeting the organization's specified time frame for resolution and response [4] (e) Reporting analysis of the complaints to a quality management committee or other quality oversight body [2] C-CPE 4-2: Health Literacy Promotion Organizations implement health communication practices that: (a) Require consumer materials to be in plain language [4] (b) Address barriers to effective communication, including: (i) Languages spoken and read [2] (ii) Hearing impairments [2] (iii) Sight impairments [2] (iv) Cognitive impairments [L] (c) Provide information and guidance to staff who interface directly with, or write content for, consumers [2] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 14

31 C-CPE 4-3: Culturally and Linguistically Appropriate Services Program services are modified to consider the characteristics of the population served or to be served, whereby organizations: (a) Assess the linguistic diversity of the population and establish a plan to provide appropriate services [2] (b) Assess the cultural aspects of the population and establish a plan to provide culturally appropriate services [L] (c) Incorporate cultural and linguistic competence-related measures into existing quality improvement activities [L] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 15

32 Focus Area Core Operations and Infrastructure (C-OPIN) v Guiding Principles URAC-GP 1: Leadership Organizational leaders share responsibility for and demonstrate their commitment to product/service quality, achievement of excellence and healthcare innovation recognized through accreditation or certification. Oversight structures and processes for accountability are in place. Resources to meet program objectives are identified and provided. URAC-GP 4: Culture of Quality Quality management is a defining competency for successful organizations. Quality healthcare organizations operate on a positive paradigm of a culture of quality by embracing a comprehensive approach to individual and collective accountability. Compliance, risk management, and continuous performance improvement are pillars of value protection and creation. Successful quality organizations treat employees in the same professional, courteous, respectful way they expect employees to treat clients. URAC-GP 7: Process Optimization The design, monitoring, analysis, review and continuous improvement of an organization's work processes, systems, product/services delivery and impact on consumers are key to the achievement of excellence in healthcare. URAC-GP 8: Information Technology Innovation and accountability are crucial to the continuous improvement of product/ service delivery. While URAC accepts secure paper-based information systems in some organizations, high performance organizations emphasize acquisition and deployment of secure current digital information systems, enabling accountability through shared valid and reliable data, performance measurement comparison and feedback. Rationale The design, monitoring, analysis, review and continuous improvement of an organization's work processes, systems, product/services delivery and impact on consumers are key to the achievement of excellence in healthcare. Innovation and accountability are crucial to the continuous improvement of product/ service delivery. Scope These standards apply to all functions within the scope of the accreditation and to the staff who perform those functions. URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 16

33 Standard C-OPIN 1: Leadership Leaders create the vision for the organization, while establishing the right culture and effectively planning to support that vision. Leaders are accountable for achieving continuous quality improvement in healthcare services. C-OPIN 1-1: Leadership Accountability Leadership is accountable for: (a) Achieving continuous quality performance improvement for the functions covered by the URAC program for this application [2] (b) Managing risk, including: (i) Operational risks pertinent to the functions covered by the URAC program for this application [2] (ii) Information privacy, security, and integrity (consistent with the known risks) [2] (iii) Regulatory compliance [2] (iv) Business continuity [2] New Glossary Term Leadership: the individual(s) with the authority and accountability for the quality of the product/ service delivery for the function(s) covered by the applicable URAC accreditation or certification program. URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 17

34 Standard C-OPIN 2: Business Ethics Programs adopt and adhere to a code of ethical business conduct. C-OPIN 2-1: Code of Ethical Business Conduct There is a Code of Ethical Business Conduct in place. (a) Adopted by senior management and leaders [2] (b) Addresses: (i) Agreed upon ethical principles [2] (ii) Expected and prohibited behavior and business practices [4] (iii) Whistleblower situations [4] (iv) Consequences of unethical behavior or business practices [2] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 18

35 Standard C-OPIN 3: Business Management The organization adopts and adheres to sound business practices designed to support and further its mission to provide quality services and lower its exposure to risk. C-OPIN 3-1: Written Business Agreements Written business agreements are used to clarify and document what each party has agreed to. (a) The organization maintains signed written agreements with all clients describing the scope of the business arrangement [4] C-OPIN 3-2: Policy and Procedure Compliance and Maintenance Documented policies and procedures support risk management and promote individual and program accountability, which are essential to quality performance and as such, the applicant: (a) Maintains and complies with written policies and documented procedures that govern core business processes of its operations related to the scope of the accreditation [M] (b) Maintains staff access to a master list of all such policies and procedures [2] (c) At least every 36 months (to the month), written policies and documented procedures are reviewed and if there are approved changes, they are disseminated and made effective within that maximum 36-month time frame [M] (d) Maintains documentation of: (i) Review dates [2] (ii) Effective dates [2] (iii) Identification of approval authority [2] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 19

36 Standard C-OPIN 4: Staff Management Staff members perform roles and responsibilities consistent with competencies derived from education, training and/or experience. C-OPIN 4-1: Job Descriptions and Staff Qualifications As part of managing its workforce needs, applicant organizations: (a) Establish written job descriptions for staff positions that address: (i) Scope of the positions' roles, major duties and responsibilities [2] (ii) Required education, training, and/or experience [2] (iii) Licensure/certification requirements [2] (iv) Expected competencies [2] (b) Hire qualified staff based on job descriptions. [4] C-OPIN 4-2: Staff Training Programs Staff member training includes: (a) Initial orientation and/or job-related training for all staff before assuming assigned roles and responsibilities [4] (b) Ethics in healthcare [4] (c) Code of ethical business conduct, including conflict of interest [4] (d) Requires individual attestation of understanding of consequences of unethical conduct, including violation of the Code of Conduct [2] (e) Privacy of information protections, including confidentiality [M] (f) Security of information protections [M] (g) Policies, procedures and URAC standards related to job duties and responsibilities [2] (h) Ongoing training to maintain competency in assigned roles and responsibilities [2] C-OPIN 4-3: Staff Member Performance Review Staff member performance assessment is: (a) Performed periodically [2] (b) Based on established expectations [2] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 20

37 Standard C-OPIN 5: Process Optimization Program strategy includes process optimization, designed to maximize parameters of quality and efficiency, and minimize parameters of cost. C-OPIN 5-1: Delegation: Contractor Approval and Ongoing Oversight The applicant manages the delegation process and ensures ongoing oversight of delegated entities. (a) Establishes criteria and implements processes for an assessment of contractors prior to the delegation of functions [2] (b) Evaluates a potential contractor s capacity to perform delegated functions [4] (c) Confirms that the services to be rendered are in accordance with the applicable URAC standards by conducting an analysis comparing the following: [M] (i) Contract statement of work (initial statement of work, as well as any subsequent amendments) (ii) Applicable URAC standards (iii) Contractor s policies and procedures (d) Conducts a periodic review, as determined by the organization, of the contractor's policies and procedures and documentation of quality activities for related delegated functions [2] (e) Conducts periodic verification, as determined by the organization, of the contractor's compliance with its policies and procedures and contractual requirements, which are in compliance with the applicable URAC standards [M] (f) Communicates with delegated entities regarding updates to applicable: (i) URAC standards requirements [2] (ii) Regulatory compliance requirements [2] (g) Implements a mechanism to monitor financial incentives to ensure that quality of care and/or service is not compromised [4] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 21

38 C-OPIN 5-2: Delegation: Contract Specifications The organization enters into written agreements with contractors that include the following: (a) Specify responsibilities delegated to the contractor and those retained by the organization [2] (b) Require that services be performed in accordance with the organization's requirements [M] (c) Require notification to the organization of any material change in the contractor s ability to perform delegated functions [4] (d) Require that the contractor submit periodic evidence to the organization regarding the quality of performance of its delegated responsibilities [4] (e) Specify recourse and/or sanctions if the contractor does not make corrections to identified problems within a specified period [2] (f) Specify the circumstances under which activities may be further delegated by the contractor, including any requirements for obtaining permission from the organization before any further delegation [4] (g) Specify that if the contractor further delegates the delegated functions, those functions shall be subject to the terms of the written agreement between the contractor and the organization [M] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 22

39 Focus Area Core Performance Monitoring and Improvement (C-PMI) v Guiding Principles URAC-GP 4: Culture of Quality Quality management is a defining competency for successful organizations. Quality healthcare organizations operate on a positive paradigm of a culture of quality by embracing a comprehensive approach to individual and collective accountability. Compliance, risk management, and continuous performance improvement are pillars of value protection and creation. Successful quality organizations treat employees in the same professional, courteous, respectful way they expect employees to treat clients. URAC-GP 6: Quality Improvement Continuous performance improvement is a leadership priority and systematic approaches are implemented enterprise-wide. There is involvement of a broad spectrum of staff in establishing and maintaining rigorous quality improvement practices supporting work product/service excellence. URAC-GP 7: Process Optimization The design, monitoring, analysis, review and continuous improvement of an organization's work processes, systems, product/services delivery and impact on consumers are key to the achievement of excellence in healthcare. Rationale Measurement and reporting accountability is important not only for performance reporting to purchasers, but it is also imperative for internal understanding of the achievement and improvement record. Scope These standards apply to participation in an enterprise-wide QM program through the conduct of program-specific activities for measurement, monitoring and evaluation of services and work processes and resulting performance improvement. URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 23

40 Standard C-PMI 1: Quality Oversight Procedures and Responsibilities Program maintains a quality management program that promotes objective and systematic measurement, monitoring and evaluation of services and work processes, and implementation of quality improvement activities based upon the outcomes. C-PMI 1-1: Quality Management Program Scope The quality management program scope: (a) Is defined along with the goals and objectives of the quality management program [2] (b) Includes the functions covered by the URAC program for this application [M] (c) Establishes measurable goals for quality improvement (for clinical programs, related to the population served) [M] (d) Includes the design and implementation of strategies to improve performance [4] C-PMI 1-2: Quality Management Program Structure: Oversight The applicant has a quality management committee or other quality oversight body that has the following characteristics: (a) Comprised of content experts, including physicians and/or other clinical practitioners as appropriate to the program that is within the scope of this accreditation [2] (b) Performs oversight and guidance for the program [4] (c) Provides guidance to staff on quality management priorities and projects [2] (d) Approves the quality improvement activities to undertake [2] (e) Monitors progress in meeting quality improvement goals [4] (f) Periodically evaluates the effectiveness of the quality management program [2] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 24

41 C-PMI 1-3: Quality Management Program Implementation The applicant implements a systematic evidence-based quality improvement process that includes: (a) Selection of quality indicators [2] (b) Defined performance metrics [2] (c) Measurement of process, errors/adverse events/near misses, satisfaction (of the population served), access, or outcome trends performed using valid and accurate measurement methods [M] (d) Defined and regular performance measurement and reporting time frames [2] (e) Analysis of process, errors/adverse events/near misses, satisfaction (of the population served), complaints, access, or outcome trends to determine if defined performance metrics are met [M] (f) Implementation of activities designed to improve or correct identified problems, including reduction of errors/adverse events/near misses, or meet acceptable levels of performance [M] (g) Evaluation of the effectiveness of implemented activities in attainment of desired performance thresholds and performance standards [4] (h) Revision of ineffective quality improvement activities [4] (i) Periodic re-measurement of the level of performance for as long as necessary (as determined by the applicant) to ensure sustained improvement [2] C-PMI 1-4: Data Management and Performance Reporting Implementation of the quality management program: (a) Includes data management, whereby the applicant: (i) Selects performance indicators and sets quantifiable metrics that are used to establish acceptable levels of performance [M] (ii) Collects, analyzes and ensures data integrity prior to integrating data that is used to manage key work processes [2] (iii) Benchmarks its own performance [4] (b) Supports performance indicator collection, analysis, and reporting (internally and as applicable, externally) [M] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 25

42 C-PMI 1-5: Quality Management Program Evaluation Quality management program effectiveness evaluation includes: (a) Annual evaluation of quality management program effectiveness [4] (b) Specific areas of evaluation: (i) Analysis of performance against goals [2] (ii) Determine if resources were adequate and appropriate [2] (iii) Identify if the right people were involved [2] (iv) Assess program impact [2] (c) Program effectiveness findings are reported to leadership [L] (d) Recommendations to improve effectiveness are reported to leadership [L] New Glossary Term Leadership: the individual(s) with the authority and accountability for the quality of the product/ service delivery for the function(s) covered by the applicable URAC accreditation program. URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 26

43 Standard C-PMI 2: Clinical Quality Improvement Projects Organizations responsible for direct patient care implement Quality Improvement (QI) projects that impact the quality of that care, improving health outcomes and reducing costs. C-PMI 2-1: Selection and Prioritization of Quality Improvement Projects The applicant selects and prioritizes quality improvement projects designed to: (a) Support the overall quality management strategy approved by clinical leadership [2] (b) Generate a measurable impact, which includes attaining measurable reduction in errors/adverse events/near misses, performance improvement, or health outcomes [2] (c) Provide improvement on consumer access to services, consumer health outcomes, or internal work processes based on various factors (e.g., number of consumers affected, reduced morbidity, and improved health outcomes with or without cost savings) [4] C-PMI 2-2: Clinical Quality Improvement Project Requirements The organization establishes quality improvement projects that address opportunities for error reduction or performance improvement related to the clinical healthcare services covered by the accreditation, whereby: (a) At any given time, the organization is underway (i.e., implementation has started) with no less than three (3) quality improvement projects [M] (b) All three (3) quality improvement projects must focus on clinical services (e.g., access, safety, and quality) as indicated by performance metrics [M] URAC CORE STANDARDS V4.0 PROPRIETARY PROGRAM STANDARDS 27