URAC Core 4.0 — Operations and Infrastructure (C-OPIN)
In this post, I discuss the next focus area in URAC’s Core v. 4.0 accreditation standards, Operations and Infrastructure (C-OPIN). You can see all our earlier discussions of Core, generally, and this new version, specifically, at our Healthcare Accreditation and Compliance publication.
Rationale
This focus area encourages organizations to implement policies addressing the design, monitoring, analysis, review, and continuous improvement of its processes, systems, and delivery of products and services. It stresses innovation and accountability as values in this effort.
Scope
The standards within the C-OPIN focus area apply to all functions within the scope of the accreditation and to the staff members who perform those functions. “Within the scope of the accreditation” is a term that focus your attention on what accreditation you are seeking — if you are a health plan, for example, but are seeking accreditation only for your Health Utilization Management (“HUM”) function, the scope of these standards is limited to the functions and staff involving HUM, not the rest of your plan’s functions.
The Operations and Infrastructure Standards and Elements of Performance
As usual in the new URAC format, the “Standard” outlines a general principle and the real action happens at the “Elements of Performance” (“EP”) level.
Business Ethics
The standard, C-OPIN 1, requires that your organization adopt and comply with a code of conduct that governs ethical business conduct. It has but one performance element, C-OPIN 1–1, which requires that such a code be adopted by senior management and organizational leaders. That code must:
* address ethical principles;
* define expected and prohibited behavior and practices;
* cover situations involving whistleblowers; and
* outline the consequences of engaging in unethical behavior and/or practices.
While it is new for URAC to explicitly require a code of conduct, it has been an implicit requirement for some time. For example, URAC mentions the Code of Conduct in its Points to Remember for Core v. 3.0 Core 27 addressing staff training requirements. This time, however, URAC has made explicit this requirement.
Business Management
This standard, C-OPIN 2, simply requires that the organization implement “sound business practices” in support of its mission to provide clients and/or consumers with quality services and, at the same time, lower its risk.
This standard has two Elements of Performance, the first of which, C-OPIN 2–1, requires that the organization have written business agreements with all of its clients. Those agreements must be signed and describe the scope of the agreement. This EP is simply a rephrased version of the previous version’s Core 11. There are no substantive changes, in other words, from the Core 3.0 version to the Core 4.0 version.
The second EP in this standard, C-OPIN 2–2, in a significant expansion on the version 3.0 Core 3 standard, requires that the organization maintain and comply with its policies and documented procedures. What veterans of Core 3.0 will recognize from the earlier version are:
* The requirement that you comply with your own policies;
* Keep a master list of policies;
* Document review dates, effective dates, and approval authority.
What is new is the requirement that the policies be reviewed and, if changes are made, disseminated and implemented no less frequently than every 36-months. The older version had a 12-month requirement.
Staff Management
This standard, which has four EPs, governs the organization’s human resources (“HR”) functions, just as is done in Core 25–29 of Core v. 3.0.
C-OPIN 3–1 is a not-very-dramatic reworking of Core 25 and 26 of v. 3.0. It requires that the organization hire staff based on job descriptions, and that each job description:
* outlines the scope of the position’s role, major duties, and responsibilities;
* list required education, training, and/or experience for the position;
* list the licensure and/or certification requirements, if any;
* sets for the expected competences of the person occupying the position.
Staff training, formerly the realm of Core 27, is now covered in C-OPIN 3–2. Like the older version, it requires:
* training in privacy and security of information;
* new hire orientation;
* training in healthcare ethics;
* applicable URAC standards; and
* ongoing professional development.
What is new is a requirement of training in ethical business conduct, covering some issues previously required by Core 27 but adding a few new ones:
* conflict of interest;
* false claims;
* fraud and abuse; and
* illegal activities.
In addition, the new version requires formal training in the organization’s policies and procedures.
C-OPIN 3–3 is an utterly new standard, requiring the organization to have each of its “relevant individuals”, which would include all staff, committee, and board members, sign an acknowledgement:
* that he/she has access to the code of conduct and applicable laws of regulations;
* that he/she has received training on the code of conduct and other legal and regulatory requirements;
* that he/she understands the possible consequences of violating the code of conduct or applicable laws and regulations; and
* that he/she has access to means to report legal and regulatory breaches, or instances of non-compliance with the code of conduct.
The only standard in Core 3.0 that resembles this is Core 16(f), which required a signed confidentiality statement. Obviously, this goes much further.
Performance reviews of staff members, formerly the domain of Core 28 in v. 3.0, is now covered in C-OPIN 3–4. The primary difference is that they need not be performed “annually”, and don’t require a review of documentation produced by the employee being reviewed. Rather, this EP simply requires that they be performed “periodically” and are “based on established expectations.” The organization gets to define what it means by “periodically.”
Delegation
This standard has a single EP, “C-OPIN 4–1: Delegation Management”, which supplants the former Core 6 through Core 9. On its face, the EP is radically less restrictive than its predecessors, requiring only that the delegating organization:
- retains accountability to URAC for the contracted functions; and
- performs “periodic oversight” of the delegated contractor’s performance quality and compliance with applicable URAC standards.
However, in this case, the devil is in the Accreditation Guide, which retains some of the requirements and limitations of Core v. 3.0 Core 6–9, including a requirement of a formal written agreement. However, in some ways, once you look at the interpretive information, this standard requires more from the delegating organization. Among the new requirements are:
- a specific requirement in contracts with URAC-accredited contractors that the contractor notify the organization of any change in its URAC accreditation/certification status;
- a list of delegated functions described in the contract, along with a crosswalk to the applicable URAC standards and EPs;
- specific identification of the position with the accountability for oversight of the delegated contractor’s performance;
- periodic assessment of the URAC status of URAC accredited or certified contractors;
- requirement that the organization retain accountability for the contractor’s compliance with applicable URAC standards (for non-accredited vendors), and that the accountability include a compliance rating scale;
- documented evidence of active management of the contractor’s compliance with relevant URAC standards and EPs.
Make no doubt about it — this apparent step away from rigor is decidely a step toward significantly much more rigor.
