Information Integrity for NCQA UM Denials and Appeals - Steps to Take Now

By Nancy Ross Bell, RN

Estimated time to read: 4 minutes

Now is the time for organizations to make NCQA’s 2025 standards on Information Integrity a top priority.

In this blog, we explain:

• Why Information Integrity Matters
• NCQA’s Transition from System Controls to Information Integrity
• Requirements and Scoring
• What Organizations Should Do Now
• Next steps on delegating Utilization Management (UM) Information Integrity

Why Does Information Integrity Matter?

The massive cyberattack suffered by Change Healthcare in February 2024 is well-known to most in the healthcare industry. 

What is less known in the health plan arena are incidences of inappropriate modifications or updates of UM data, causing disruptions in the plan’s administration of healthcare services and claims payment. 

Risks associated with not maintaining the integrity of UM information could lead to:

• Wrong decisions about access to care
• Unnecessary denials and appeals
• Penalties from state or federal agencies because of fraudulent information
• Member dissatisfaction if care is wrongfully denied or delayed
• Provider abrasion about denied claims
• Impaired reputation that your organization is compromised and not trusted
• Staff frustration about inconsistencies and lack of integrity
• Financial loss

NCQA has strengthened its support of Information Integrity in the 2025 UM standards with the following:

• Must-Pass Elements
• Structural Requirements
• Annual Training
• Annual Audits
• Analyses   

You can’t be too safe with protecting member and provider information.

As you read through this blog and consider your needs, know that MHR’s Consultants will guide you through this transition. 

Additionally, refer to MHR’s blog on Information Integrity for Credentialing for credentialing-specific standards.

NCQA’s Transition from System Controls to Information Integrity

On July 25, 2024, NCQA’s Policy Accreditation Team released a directive on System Controls.  It reads:

For 2025, NCQA replaced the 2024 UM and CR “System Controls” requirements in Health Plan Accreditation; Managed Behavioral Healthcare Accreditation, Accreditation in Utilization Management, Credentialing and Provider Network; and Certification of Credentialing Verification Organizations with UM/CR “Information Integrity” requirements. Organizations are no longer required to describe their process for monitoring each factor or describe their auditing methodology in policies and procedures. Additionally, organizations are no longer required to describe the building security that adequately limits physical access for Credentialing Accreditation and Certification of Credentialing Verification Organizations.

For each of the accreditations and certifications included above, NCQA listed the Elements and Factors eliminated with the 2025 standards and explained that organizations would be scored NA (Not Applicable) for 2024 surveys that begin on or after July 1, 2024.

Information Integrity for UM

As we highlight sections of the standards below, please refer to the complete details of the 2025 standards purchased through the NCQA Store.

• Health Plan Accreditation (UM 12 and UM 13)

 The 2025 NCQA standards for MBHO Accreditation and UM Accreditation have not been released at this writing.

UM 12A: Protecting the Integrity of UM Denial Information

Element A requires a Policy and Procedure that applies to safeguarding the integrity of information used in UM denial decision processes covered in the following standards:

UM 4: Appropriate Professionals

UM 5: Timeliness of UM Decisions (non-behavioral, behavioral, and pharmacy)

UM 6: Clinical Information (non-behavioral, behavioral, and pharmacy)

UM 7: Denial Notices (non-behavioral, behavioral, and pharmacy)

Critical points to note with UM 12A are the following:

• Multiple bullet points are listed within the Explanation for each Factor and must be explicitly described in the Policy and Procedure.

A Policy is a formal documented process describing the overarching course of action the organization will follow to protect the integrity of information. Policies must be formally adopted by the organization with a documented effective date.

A Procedure describes how and by whom staff will carry out the actions to achieve the objectives stated in the policy with a documented effective date.

• Policies and procedures must cover the entirety of the LBP. The Scope of UM information for denials includes eight bullet points that are in scope (UM 12A Factor 1 Explanation). These apply to standards UM 4-UM 7 and must specify the protection of each.
  • Ensure the definitions of receipt and written notification dates of denial decisions are consistent with UM 5 requirements. These dates are audited and analyzed in UM 12D.
• Pay close attention to UM 12A Factor 4 and the list of inappropriate documentation and updates. Policies and procedures must specify all bullet points and be included in the annual training of UM staff on Information Integrity, as seen in UM 12C. These bullet points are:
  • Falsifying UM dates (e.g., receipt date, UM decision date, notification date)
  • Creating documents without performing the required activities
  • Fraudulently altering existing documents (e.g., clinical information, board-certified consultant review, denial notices)
  • Attributing review to someone who did not perform the activity (e.g., appropriate practitioner review)
  • Updates to information by unauthorized individuals
• Applies to all surveys and product lines with a Look-Back Period of prior to the survey date.
• Applies to UM information, in both paper and electronic formats, used in the UM denial process (UM 4 - UM 7).
• Is a Must-Pass Element where four of five Factors are needed to be scored as Met. There is no Partially Met scoring option.
• Is a Structural Requirement where the organization must present its own documentation.

UM 12B: Protecting the Integrity of UM Appeal Information

Similar to Element A for denials, Element B on appeals requires a Policy and Procedure that applies to safeguarding the integrity of information used in the UM appeal processes covered in the following standards:

UM 8: Policies for Appeals (internal appeals)

UM 9: Appropriate Handling of Appeals (preservice, postservice & expedited)

Critical points to note with UM 12B are the following:

• Multiple bullet points are listed within the Explanation for each Factor and must be explicitly described in a Policy and Procedure, with close attention to Factor 4 on what is considered inappropriate documentation and updates as listed above for UM 12A.
• Policies and procedures must cover the entirety of the LBP. The scope of UM information for appeals includes six bullet points that are in scope for Information Integrity Policies and Procedures (UM 12B Factor 1 Explanation). These apply to standards UM 8-UM 9.
  • Ensure the definitions of receipt and written notification dates for UM appeal decisions are consistent with UM 8 and 9 requirements. These dates are audited and analyzed in UM 12F.
• Pay close attention to UM 12B Factor 4 and the list of inappropriate documentation and updates. Policies and procedures must specify all bullet points and be included in the annual training of UM staff on Information Integrity, as seen in UM 12C. These bullet points are similar to those for denials:
  • Falsifying UM dates (e.g., receipt date, appeal decision date, appeal notification date)
  • Creating documents without performing the required activities
  • Fraudulently altering existing documents (e.g., investigation information, same-or-similar specialist review, appeal notices)
  • Attributing review to someone who did not perform the activity (e.g., appropriate practitioner review)
  • Updates to information by unauthorized individuals

It is essential to clearly differentiate your policies and procedures regarding inappropriate documentation and updates, specifically between denials and appeals.

• Applies to all surveys and product lines with a Look-Back Period of prior to the survey date.
• Applies to UM information, in both paper and electronic formats, used in the UM appeal process (UM 8-UM 9).
• Is a Must-Pass Element where four of five Factors are needed to be scored as Met. There is no Partially Met scoring option.
• Is a Structural Requirement where the organization must present its own documentation.

UM 12C: Information Integrity Training

Organizations must train their UM staff on their Policy and Procedure describing all bullet points in Factor 4 of UM 12A and B, which covers denials and appeals. In addition, UM staff must be notified of the auditing, documenting, and reporting of issues described in Factor 5 of UM 12A and UM 12B.

• Training is required annually (UM12 C)
• The Information Integrity training must include inappropriate documentation and updates for denials and appeals, as well as annual auditing, how to document and report inappropriate documentation, and consequences for inappropriate documentation (UM 12C Factors 1 and 2).
• Examples of appropriate and inappropriate behaviors for denials and appeals and a post-training assessment or survey to assess attendees’ knowledge of inappropriate documentation and updates may be helpful to reinforce learning.
• Reports reflect when training was conducted, by whom, how it was conducted, and associated materials (i.e., training presentation and evidence training was done).
• Applies to all surveys and product lines.
• Is a Structural Requirement.

UM 12D: Audit and Analysis – Denial Information

Audit for inappropriate documentation and updates, as staff were trained on in Element C, as well as a qualitative analysis of the findings, is the focus of Element D.

• Applies to random audits of UM denial files:
  • UM request receipt dates (UM 5)
  • UM denial decision notification dates (UM 5, UM 7)
  • The audit scope for denials and appeals is unchanged from the 2024 standards.
• Requires an annual audit report regardless of findings (UM 12D Factor 1 Explanation).
• A qualitative analysis of EACH instance of inappropriate documentation and update identified in the audit (UM 12D Factor 2 Explanation) is required. The report must include:
  • The titles of the UM staff involved in the qualitative analysis
  • The cause of each finding

This information drives corrective actions as required in UM 12E.

Ensure the qualitative analysis on denials includes all requirements defined by NCQA in the Glossary.

Findings of the qualitative analysis drive improvement actions for UM 12E.  

• Applies to First and Renewal Surveys for all product lines, with a Look-Back Period of at least once during the prior year.

UM 12E: Improvement Actions – Denial Information

Element E completes the quality process by following through on actions to improve the findings from Element D, then audits for effectiveness.

• describes the organization's corrective actions planned or taken. Include the issue or finding, reason or source of the problem, actions to be taken or taken, time frame, and title of staff responsible.
• Corrective actions are taken to address all inappropriate findings found in the audit of UM denial receipts and notification dates in UM 12D Factor 1.
• Audits of effectiveness must be conducted 3-6 months after completion of the annual audit where improvement actions were identified. Clearly describe the methodology used in conducting the audit. Where actions were taken, a conclusion of the overall effectiveness must be drawn (UM 12E Factor 2).
• UM 12E is a Structural Element and applies to First and Renewal Surveys for all product lines, with a Look-Back Period of at least once during the prior year.

Tips on writing a conclusion for denial information:

• What was the corrective action taken?
• Was the action effective in preventing inappropriate documentation and updates based on the follow-up assessment within 3-6 months?
• Were any new features or processes working properly?

Refer to Examples in UM 12E on how reports may be structured.

UM 12F: Audit and Analysis – Appeal Information

Requirements for auditing and analyzing appeal information are similar to UM 12D on denial information.  

• Applies to UM information used in the UM appeal process for UM 8 and UM 9. The organization defines its methodology and audits for inappropriate documentation and updates  to:
  • UM appeal request receipt dates
  • UM appeal decision notification dates
  • The audit scope for denials and appeals is unchanged from the 2024 standards.
• Even if no appropriate documentation and updates were found, an audit report is still required regardless of findings (UM 12F Factor 1 Explanation).
• A qualitative analysis of EACH instance of inappropriate documentation and update identified in the audit is required. The report must include:
  • The titles of UM staff involved in the analysis
  • The cause of each finding

Ensure the qualitative analysis on appeals includes all requirements defined by NCQA in the Glossary.

Findings of the qualitative analysis for appeal information drive improvement actions for UM 12G. 

• Applies to First and Renewal Surveys for all product lines, with a Look-Back Period of at least once during the prior year.
• Refer to Examples under UM 12F on how audit Reports may be structured.

UM 12G: Improvement Actions – Appeal Information

Element G completes the quality process for appeal information by following through on actions to improve the findings found in the audit from UM 12F, then audits for the effectiveness of the actions taken.

• Documented Process required for UM 12G Factor 1 describes the organization's corrective actions planned or taken. Include the issue or finding, reason or source of the problem, actions to be taken or taken, time frame, and title of staff responsible.
• Corrective actions must address all inappropriate findings found in the audit of UM appeal receipts and notification dates (UM 12G Factor 1).
• Audits of effectiveness must be conducted 3-6 months after completion of the annual audit where improvement actions were identified. Clearly describe the methodology used in conducting the appeals audit. Where actions were taken, a conclusion of the overall effectiveness must be drawn (UM 12G Factor 2 Explanation).
• UM 12G is a Structural Element and applies to First and Renewal Surveys for all product lines, with a Look-Back Period of at least once during the prior year.

Tips on writing a conclusion for appeal information:

• What was the corrective action taken?
• Was the action effective in preventing inappropriate documentation and updates based on the follow-up assessment within 3-6 months?
• Were any new features or processes working properly?

Refer to Examples under UM 12G on how Reports on corrective actions may be structured. 

Delegating Information Integrity-Utilization Management (UM 13)

What to do now?

Check the implementation date of all UM Delegation Agreements and update them according to the timeframes described in UM 13A Scope of Review-Documentation and included below.  These timeframes relate to the addition of the bullet points in UM 13A Factor 4 Explanation on inappropriate documentation and updates to UM information.

For Factor 4:

• Delegation Agreements in place before July 1, 2025, that include requirements for System Controls under the 2022-2024 standards do not need to be updated with new UM Information Integrity requirements, as NCQA will not evaluate these Agreements against prior System Controls standards. Note: After July 1, 2025, Agreements should be updated.
• Delegation Agreements in place before July 1, 2025, that do not address System Controls under the 2022-2024 standards must be updated with requirements on UM Information Integrity before July 1, 2025. Priority-Take Action!
• New Delegation Agreements implemented on or after July 1, 2025, must include requirements on UM Information Integrity.

Tip:  If not already in place, make a table to track your Delegation Agreements. MHR has a proprietary Delegation Suite of tools to help track and assess Agreements.

• Formally add new UM Information Integrity responsibilities of the organization and delegated entity to the Delegation Agreement (UM 13A Factor 2 Explanation). These include the details of UM activities performed by the delegate and UM activities retained by the organization.
• Assess if delegated entities have subdelegated activities whereby responsibilities for UM Information Integrity must be updated. The Delegation Agreement must specify which organization is responsible for oversight of the subdelegate (UM 13A Factor 2 Explanation).
• Update requirements on performance monitoring according to the timeframes listed above for Factor 4. Include all bullet points for performance monitoring specified in UM 13A Explanation for inappropriate documentation and updates.
• Please note that performance monitoring for UM includes the UM denial decision process (UM 4-UM 7) and the UM appeal process (UM 8 – UM 9). The Delegation Agreement must specify what is inappropriate.
• For amended and new Delegation Agreements initiated within the Look-Back Period, predelegation evaluation is required (UM 13B Explanation). If the organization amends the Delegation Agreement to include additional UM activities within the Look-Back Period, it performs a predelegation evaluation for the additional activities.
• Additional UM activities may include those listed under the scope, training, audit, and analysis. Note the Exceptions for Delegation Agreements that have been in effect for longer than the Look-Back Period.
• Verify if the delegate is NCQA-Accredited under the 2025 standards as explained under Predelegation Evaluation. Automatic credit may be available for UM Information Integrity requirements (UM 13B Explanation).
• Annually audit and analyze each delegate’s UM denial and appeal files for Information Integrity (UM 13C Factor 5 Explanation). The delegate or organization must provide a completed audit report even if no inappropriate findings were noted. Note that the audit for Information Integrity is in addition to other audits (UM 13C).
• A qualitative analysis and conclusion are required for the annual audit of UM Information Integrity. Each non-compliant file must be evaluated, and corrective action must be taken, followed by an analysis of effectiveness from 3-6 months after the action was taken (UM 13C Factors 6 and 7).
  • The health plan may conduct audits for UM Information Integrity or
  • The health plan may use the delegate’s audit.
    • In this case, the health plan submits the delegate’s audit and report to NCQA with proof of the health plan’s review and evaluation as demonstrated in a report and meeting minutes.

Formal Notification of Changes

Depending on your organization, updates to Delegation Agreements to include new or expanded responsibilities (UM 13A Factor 2) may be done by either updating the Agreement currently in place or formally notifying the Delegate in writing that the notification is an update to the Agreement.

In order for a formal notification to be acceptable, the Delegation Agreement must require the delegate to remain compliant with current NCQA Standards. The formal notification must reference this section of the agreement as this section is what requires the delegate to be compliant with the new requirements.

Key Points:

• When formal notification to the delegate is used, reference the section of the Delegation Agreement that requires ongoing compliance with NCQA and the expectation to meet the new or expanded UM Information Integrity requirements.
• Describe all new or expanded responsibilities for Information Integrity required of the delegate and retained by the organization
• Add annual staff training on Information Integrity with evidence of attendees and curriculum
• Explain the requirements for annual audits and analysis with corrective actions and follow-up analysis of effectiveness
• Require the delegate to remain compliant with current NCQA Standards
• Describe changes to delegated oversight in relationship to Information Integrity, including subdelegation oversight
• Require the delegate to affirm in writing receipt of notification and understanding by signature on an updated Delegation Agreement or other formal signature document from the organization

Getting Started

• Assess the effective date of your Delegation Agreements and prioritize according to their date and if/when UM Information Integrity is included.
• Approach changes with a multi-disciplinary team, including Utilization Management, Appeals, Contracting, Quality/Accreditation, Training, IT systems, and Legal.
• Ask your MHR Consultant to review all Policies and Procedures, Reports, and Agreements.
• Schedule training on NCQA UM Information Integrity with your MHR Consultant

How Can MHR Assist?

Potential risks of non-compliance are high.

MHR can:

• review your Policies and Procedures
• assess audit methodology for new or increased scope of the audit on denial and appeal Information Integrity
• ensure your qualitative analyses and conclusions meet requirements
• assess potential areas for automatic credit
• review your organization’s training presentations and evidence
• prioritize actions to be taken for each Delegate
• guide you in responsibilities to include in your Delegated Agreements or other formal notification
• train your team on the NCQA Accreditation standards, Delegation, and Analysis

Call to Action:

• Schedule a call with your MHR Consultant on Information Integrity
• Schedule training on the 2025 NCQA UM standards
• For non-clients, contact us at [email protected]

MHR follows a quality review process for all blogs. This blog was written with insights from Kim Carpenter Petit. Please read more about Kim and MHR’s other Independent Consultants at ManagedHealthcareResources.com/About Our Consultants.  

MHR: Driving healthcare quality one NCQA accreditation at a time