Source Code Review Impact

Organizations must use a certified vendor or certify their code through automated source code review (ASCR). Manual source code review is no longer an option. Certified Auditors may review items that are not included in the scope of certification or not listed in a vendor’s certification report, including but not limited to:

• Organization-to-vendor field mapping.
• Data scrubbing/cleaning routines conducted before measure calculations (by the organization, the vendor or the software that contains certified measures).
• Organization-specific data integrity and medical coding issues, especially concerns that could affect the accuracy of the reported rates.
• Measure logic application that is idiosyncratic by nature (e.g., organization-specific methods for identifying live births for obstetric-related measures).
• Medical record review (MRR) tools and logic, including data entry screens, database layout and the correct combining of medical record and administrative data.
• Vendor compliance with IS standards, especially concerns that could affect the accuracy of reported rates.
• IDSS import tools, XML files or other programs that load data into a submission tool.
• Combination of data types: administrative, medical record, supplemental data.
• Queries or other checks deemed by the auditor to be necessary to support the measure results reported by the vendor’s measure code.

A measure rate resulting from calculations based on the HEDIS specifications is not considered a HEDIS rate until it is audited and designated reportable by an NCQA-Certified HEDIS Compliance Auditor.

Vendors and organizations should work with licensed organizations to facilitate review of these additional items.

Questions? Contact us through My NCQA and we will be in touch