For UM Accreditation, 75 files are reviewed per product line. For CR Accreditation, 75 initial credentialing files and 75 recredentialing files are reviewed.
Note: For non-health plan organizations, 30 files are reviewed per product line.
Yes, if the language specifies that the delegate must meet NCQA requirements (UM 12, Elements A and C, factor 6; UM 13, Element C, factor 5; CR 1, Element C, factor 4; CR 8, Element C, factor 5), template language may be used in the delegation agreement. Language specific to each delegate is not required.
Note: The underlined text is a correction. The previous FAQ referred to the wrong element.
Both the organization and delegate must monitor the delegate’s system security controls as part of the delegation oversight requirements and may choose audit as the monitoring method. If auditing is the chosen method, the delegate provides an audit report of modifications that did not comply with its policies and procedures or with the delegation agreement.
The organization is not required to conduct an audit if it determines that the delegate adequately monitored and reported noncompliant modifications, but must provide documentation (a report, meeting minutes or other evidence) that it reviewed and agreed with the delegate’s findings. If the organization determines that the delegate did not adequately monitor noncompliant modifications, it must conduct its own audit of the delegate’s system controls.
The organization must submit its documentation and the delegate’s documentation as part of the survey.
For UM 12, Elements A and C:
CR 1, Element C, factor 5 requires organizations to have a process for monitoring that policies and procedures are followed for all other factors (factors 1–4) in this element at least annually. Policies and procedures must describe the monitoring process for factor 5.
For CR 1, Element D, the organization submits evidence that it identified, analyzed and acted only on modifications to credentialing/recredentialing information (CR 2 – CR 5) that did not meet the organization’s policies and procedures.
UM 12, Elements A and C, factor 7 require organizations to have a process for monitoring that policies and procedures are followed for all other factors (factors 1–6) in this element at least annually. Policies and procedures must describe the monitoring process for factor 7.
For UM 12, Elements B and D, the organization submits evidence that it identified, analyzed and acted only on modifications to receipt and notification dates (UM 5) that did not meet the organization’s policies and procedures.
For CR 1, Element C:
No. If the organization provides evidence of advanced system controls capabilities, it must submit policies and procedures for UM 12, Elements A and C and for CR 1, Element C. Policies and procedures must address all factors regarding advanced system control capabilities.
Organizations are only eligible to receive a score of Met for UM 12, Elements B and D, and for CR 1, Element D if they provide evidence of advanced system control capabilities that both automatically record dates and prevent changes that do not meet the organization’s policies and procedures.
For Maryland practitioners credentialed between December 2021 and February 2022, NCQA will not penalize organizations on inability to verify licensure due to the MDH network security incident. NCQA accepts the MDH’s grace period on licensure expirations and accepts temporary licenses issued by the MDH and will consider them current and valid. Organizations should adhere to guidance provided by MDH and document the guidance in the affected practitioners’ credentialing files.