FAQ Directory: Utilization Management, Credentialing and Provider Network

Filter Results
  • Save

    Save your favorite pages and receive notifications whenever they’re updated.

    You will be prompted to log in to your NCQA account.

  • Email

    Share this page with a friend or colleague by Email.

    We do not share your information with third parties.

  • Print

    Print this page.

You are viewing a single FAQ from your previous search. Clear Search

5.15.2022 Delegation Oversight System Controls Monitoring - Audits Are both the organization and delegate required to conduct system controls audits for factor 5 in UM 13, Element C and CR 8, Element C?

Both the organization and delegate must monitor the delegate’s system security controls as part of the delegation oversight requirements and may choose audit as the monitoring method. If auditing is the chosen method, the delegate provides an audit report of modifications that did not comply with its policies and procedures or with the delegation agreement.

The organization is not required to conduct an audit if it determines that the delegate adequately monitored and reported noncompliant modifications, but must provide documentation (a report, meeting minutes or other evidence) that it reviewed and agreed with the delegate’s findings. If the organization determines that the delegate did not adequately monitor noncompliant modifications, it must conduct its own audit of the delegate’s system controls.

The organization must submit its documentation and the delegate’s documentation as part of the survey.

UM_CR 2022