URAC Core 13(a) -- Data Integrity

One of the most frequently misunderstood URAC standards centers around this question: "what is data integrity?"

URAC's Core 13 (a) (in version 5.0) reads:

The organization implements information system(s) (electronic or paper) to collect, maintain, and analyze information necessary for organizational management that: (a) Provides for data integrity. . . .

This is a primary element of a mandatory (5 point) standard, so URAC applicants best not miss it. Yet, many do, at least on the first pass.

So, what does URAC mean by "data integrity"?

NOT SECURITY!

NOT PRIVACY!

Then what?

In a nutshell, "data integrity" means accuracy and trace-ability.

The Program Guide offers this oft-overlooked clarification:

"In this context, “data integrity” means data accuracy and trace-ability.
For example, when an organization pulls up a consumer’s records, what steps has it taken to ensure that it has pulled the correct record, and how accurate is the information in the record? Examples of “providing for data integrity” include (but are not limited to):
Monitoring data entry personnel for accuracy;
Cross-checking databases for consistency;
Using unique identifiers for consumer data; and
Prevention of and checking for duplicate entries."

So, what eveidence will URAC reviewers be looking for?

Again, the Program Guide helps: "Samples (2-3) of data integrity audit results, or records of database checks, or documents indicating unique identifiers for consumer data."

I wish I had deep wisdom to offer about how to comply with this standard, but I don't. The simple truth about this subsection is that URAC applicants miss it because they think they know what URAC means by "Data Integrity" without reading the Program Guide.

To repeat: in a nutshell, "data integrity" means accuracy and trace-ability. Security and privacy are dealt with elsewhere in the standard.