At a minimum, credentialing files must be retained for the period covering the survey look-back period. Otherwise, NCQA does not prescribe a specific time period for retaining credentialing files.
HP 2022
Yes. Because the board would have primary-source verified education and training before awarding certification, NCQA allows organizations to use expired board certifications to meet the requirements. Education and training information does not change even if board certification expires.
HP 2022
Yes, if the language specifies that the delegate must meet NCQA requirements (UM 12, Elements A and C, factor 6; UM 13, Element C, factor 5; CR 1, Element C, factor 4; CR 8, Element C, factor 5), template language may be used in the delegation agreement. Language specific to each delegate is not required.
Note: The underlined text is a correction. The previous FAQ referred to the wrong element.
HP 2022
CR 1, Element C, factor 5 requires organizations to have a process for monitoring that policies and procedures are followed for all other factors (factors 1–4) in this element at least annually. Policies and procedures must describe the monitoring process for factor 5.
For CR 1, Element D, the organization submits evidence that it identified, analyzed and acted only on modifications to credentialing/recredentialing information (CR 2 – CR 5) that did not meet the organization’s policies and procedures.
HP 2022
UM 12, Elements A and C, factor 7 require organizations to have a process for monitoring that policies and procedures are followed for all other factors (factors 1–6) in this element at least annually. Policies and procedures must describe the monitoring process for factor 7.
For UM 12, Elements B and D, the organization submits evidence that it identified, analyzed and acted only on modifications to receipt and notification dates (UM 5) that did not meet the organization’s policies and procedures.
HP 2022
For UM 12, Elements A and C:
HP 2022
No. If the organization provides evidence of advanced system controls capabilities, it must submit policies and procedures for UM 12, Elements A and C and for CR 1, Element C. Policies and procedures must address all factors regarding advanced system control capabilities.
Organizations are only eligible to receive a score of Met for UM 12, Elements B and D, and for CR 1, Element D if they provide evidence of advanced system control capabilities that both automatically record dates and prevent changes that do not meet the organization’s policies and procedures.
HP 2022
For CR 1, Element C:
HP 2022
Both the organization and delegate must monitor the delegate’s system security controls as part of the delegation oversight requirements and may choose audit as the monitoring method. If auditing is the chosen method, the delegate provides an audit report of modifications that did not comply with its policies and procedures or with the delegation agreement.
The organization is not required to conduct an audit if it determines that the delegate adequately monitored and reported noncompliant modifications, but must provide documentation (a report, meeting minutes or other evidence) that it reviewed and agreed with the delegate’s findings. If the organization determines that the delegate did not adequately monitor noncompliant modifications, it must conduct its own audit of the delegate’s system controls.
The organization must submit its documentation and the delegate’s documentation as part of the survey.
HP 2022