HEDIS/AMP Compliance Audit for Certified Vendors

Earn NCQA Measure Certification and earn exception from manual source code review during the HEDIS® Compliance Audit.

Source Code Review Impact

If you achieve NCQA Measure Certification, you are exempt from manual source code review for all certified measures by auditors during the HEDIS Compliance Audit or AMP Audit Compliance Review. However, beginning in 2021, for MY 2021 reporting in 2022, organizations must use a certified vendor or certify their code through automated source code review (ASCR). Manual source code review will no longer be an option. Certified Auditors may review items that are not included in the scope of certification or not listed in a vendor’s certification report, including but not limited to:

  • Organization-to-vendor field mapping.
  • Data scrubbing/cleaning routines conducted before measure calculations (by the organization, the vendor or the software that contains certified measures).
  • Organization-specific data integrity and medical coding issues, especially concerns that could affect the accuracy of the reported rates.
  • Measure logic application that is idiosyncratic by nature (e.g., organization-specific methods for identifying live births for obstetric-related measures).
  • Medical record review (MRR) tools and logic, including data entry screens, database layout and the correct combining of medical record and administrative data.
  • Vendor compliance with IS standards, especially concerns that could affect the accuracy of reported rates.
  • IDSS import tools, XML files or other programs that load data into a submission tool.
  • Measure versions (alternative measures) not listed on the Certification Report.
  • Combination of data types: administrative, medical record, supplemental data.
  • Queries or other checks deemed by the auditor to be necessary to support the measure results reported by the vendor’s measure code.

A measure rate resulting from calculations based on the HEDIS specifications is not considered a HEDIS rate until it is audited and designated reportable by an NCQA-Certified HEDIS Compliance Auditor.

Vendors should work with licensed organizations to facilitate review of these additional items.

Questions? Contact us through My NCQA and we will be in touch.

  • Save

    Save your favorite pages and receive notifications whenever they’re updated.

    You will be prompted to log in to your NCQA account.

  • Email

    Share this page with a friend or colleague by Email.

    We do not share your information with third parties.

  • Print

    Print this page.