FAQ Directory: Utilization Management, Credentialing and Provider Network

Filter Results
  • Save

    Save your favorite pages and receive notifications whenever they’re updated.

    You will be prompted to log in to your NCQA account.

  • Email

    Share this page with a friend or colleague by Email.

    We do not share your information with third parties.

  • Print

    Print this page.

expand all

9.15.2022 File Review Scope for NCQA-Accredited Health Plans seeking UM-CR-PN Accreditation How many files are reviewed in a UM-CR-PN Survey for Accredited Health Plans?

For UM Accreditation, 75 files are reviewed per product line.  For CR Accreditation, 75 initial credentialing files and 75 recredentialing files are reviewed. 

Note: For non-health plan organizations, 30 files are reviewed per product line.  

UM_CR 2023

9.15.2022 Retaining practitioner records How long should practitioner records be retained?

At a minimum, credentialing files must be retained for the period covering the survey look-back period. Otherwise, NCQA does not prescribe a specific time period for retaining credentialing files.

UM_CR 2022

9.15.2022 Durable medical equipment in the scope of credentialing Are durable medical equipment entities in the scope of credentialing?

Yes. Durable medical equipment entities are in the scope of CR 7, Element A, to the extent that organizations must have policies and procedures for initial and ongoing assessment of the entities with which it contracts. NCQA’s review of the organization’s assessment of organizational providers is limited to the organizations listed in CR 7, Elements B and C.

UM_CR 2022

5.24.2022 Updated: Boilerplate Language in Delegation Agreements for System Controls May organizations’ delegation agreements contain boilerplate language for system controls delegates?

Yes, if the language specifies that the delegate must meet NCQA requirements (UM 12, Elements A and C, factor 6; UM 13, Element C, factor 5; CR 1, Element C, factor 4; CR 8, Element C, factor 5), template language may be used in the delegation agreement. Language specific to each delegate is not required.

Note: The underlined text is a correction. The previous FAQ referred to the wrong element. 

UM_CR 2022

5.15.2022 UM and CR Advanced System Controls—Policies and Procedures Are organizations that provide evidence of “advanced system controls” eligible to receive Met for UM 12, Elements A and C, and for CR 1, Element C?

No. If the organization provides evidence of advanced system controls capabilities, it must submit policies and procedures for UM 12, Elements A and C and for CR 1, Element C. Policies and procedures must address all factors regarding advanced system control capabilities.

Organizations are only eligible to receive a score of Met for UM 12, Elements B and D, and for CR 1, Element D if they provide evidence of advanced system control capabilities that both automatically record dates and prevent changes that do not meet the organization’s policies and procedures.

UM_CR 2022

5.15.2022 Clarify scope for CR 1, Element C What are the differences in scope for system controls at the factor level in CR 1, Element C?

For CR 1, Element C:

  • Factor 1 applies to verification source information from credentialing and recredentialing cycles, covered in CR 3, Elements A–C.
  • Factor 2 applies to modified credentialing verification information from initial credentialing and recredentialing cycles, covered in CR 3, elements A–C.
  • Factors 3–4 apply to all information associated with credentialing/recredentialing of practitioners, covered in CR 2–CR 5.
  • Factor 5 requires a monitoring process that covers compliance with all policies and procedures described in factors 1–4.

UM_CR 2022

5.15.2022 System Controls Goal for Analysis Is a goal required for system controls monitoring analysis for UM 12, Elements B and D, factor 2 and CR 1, Element D, factor 2?

No. Although the organization may set a monitoring goal, NCQA does not require it for UM 12, Elements B and D, factor 2 and CR 1, Element D, factor 2. The intent is that the organization reviews all instances of modifications that did not meet its policies and procedures.

UM_CR 2022

5.15.2022 Delegation Oversight System Controls Monitoring - Audits Are both the organization and delegate required to conduct system controls audits for factor 5 in UM 13, Element C and CR 8, Element C?

Both the organization and delegate must monitor the delegate’s system security controls as part of the delegation oversight requirements and may choose audit as the monitoring method. If auditing is the chosen method, the delegate provides an audit report of modifications that did not comply with its policies and procedures or with the delegation agreement.

The organization is not required to conduct an audit if it determines that the delegate adequately monitored and reported noncompliant modifications, but must provide documentation (a report, meeting minutes or other evidence) that it reviewed and agreed with the delegate’s findings. If the organization determines that the delegate did not adequately monitor noncompliant modifications, it must conduct its own audit of the delegate’s system controls.

The organization must submit its documentation and the delegate’s documentation as part of the survey.
 

UM_CR 2022

5.15.2022 System Control Requirements Review by Product Line If auditing is used to monitor an organization’s system controls or a delegate’s system controls, is sampling by product line required?

No. Sampling is not required by product line if the product lines are managed the same (a single system is used to manage all product lines).

UM_CR 2022

5.15.2022 Clarify scope for new Credentialing System Controls Oversight requirement (CR 1, Element D) How is the new oversight requirement, CR 1, Element D, different from the monitoring requirement in factor 5 in CR 1, Element C?

CR 1, Element C, factor 5 requires organizations to have a process for monitoring that policies and procedures are followed for all other factors (factors 1–4) in this element at least annually. Policies and procedures must describe the monitoring process for factor 5.

For CR 1, Element D, the organization submits evidence that it identified, analyzed and acted only on modifications to credentialing/recredentialing information (CR 2 – CR 5) that did not meet the organization’s policies and procedures.

UM_CR 2022

5.15.2022 Clarify scope for UM 12, Elements A and C What are the differences in scope for system controls at the factor level in UM 12, Elements A and C?

For UM 12, Elements A and C:

  • Factors 1–5 apply to receipt and notification dates, covered in UM 5 and UM 8–UM 9.
  • Factor 6 applies to all UM system data for managing denials and appeals (not only the dates specified in factors 1–5), covered in UM 4–UM 7 and UM 8–UM 9.
  • Factor 7 requires a monitoring process that covers compliance with all policies and procedures described in factors 1–6.

UM_CR 2022

5.15.2022 Clarify scope for new UM System Controls Oversight requirement (UM 12, Elements B and D) How are the new oversight requirements, UM 12 Elements B and D, different from the monitoring requirements in factor 7 in UM 12, Element A and C?

UM 12, Elements A and C, factor 7 require organizations to have a process for monitoring that policies and procedures are followed for all other factors (factors 1–6) in this element at least annually. Policies and procedures must describe the monitoring process for factor 7.

For UM 12, Elements B and D, the organization submits evidence that it identified, analyzed and acted only on modifications to receipt and notification dates (UM 5) that did not meet the organization’s policies and procedures.

UM_CR 2022