The Credentialing and Privileging Process

Healthcare organizations are legally responsible for assuring that individuals providing patient care are credentialed, verified, and competent to do so. In order to guarantee compliance and quality patient care, the Centers for Medicare and Medicaid Services (CMS), National Committee for Quality Assurance (NCQA), and Health and Human Services (HHS) require that members of the medical and allied health staff are properly credentialed and privileged.

How does a physician become credentialed? Credentialing and privileging are both necessary before a physician is permitted to practice. The credentialing process verifies and assesses that a practitioner’s qualifications and license status are in good standing to provide healthcare services.

Alongside credentialing, privileging authorizes a licensed or certified healthcare practitioner’s specific scope of patient care services and evaluates an individual’s clinical qualifications and/or performance. Privileging ensures that medical staff are properly licensed, carry appropriate malpractice insurance, and meet hospital requirements.

Credentialing and privileging must both be completed before practitioners can provide patient care services. It is therefore critical that healthcare organizations follow an efficient and thorough process of pre-application, application, identification, and processing to verify the providers’ credentials and grant privileges.

In order to provide a comprehensive primary source verification, healthcare organizations often hire a third party to verify credentials to ensure that the provider is screened against all state and federal exclusion lists, and their license is verified prior to hiring.

Credentialing for Telemedicine Providers 

Although they don’t maintain a physical presence in the hospital where they provide care, telehealth providers are still required by law to undergo credentialing. The telehealth industry is rapidly expanding; since the beginning of the COVID-19 pandemic, CMS has expanded payment for both telehealth services and credentialing which is also known as “credentialing by proxy.”

Credentialing by proxy permits the hospital to receive the telemedicine services (also known as the “originating site” hospital) and to rely on the privileging and credentialing decisions made by the hospital or entity that provides the telemedicine services (also known as the “distant site” hospital).

This streamlined process allows hospitals to avoid the full administrative burden associated with the traditional credentialing process. It also reduces the redundancy and complexities of credentialing at multiple facilities, allowing medical practitioners to provide services in more locations and hospitals and permitting rural hospitals to get the services they need.

This allows hospitals and telemedicine providers to deliver services faster and with lower administrative costs. However, if the proper monitoring tools are not in place, the lower barrier to entry could also expose hospitals to risk. Therefore, it’s critical to have continuous automated monitoring of all provider credentials to ensure ongoing compliance.

7 Red Flags to Watch for During the Credentialing Process

Trusted credentialing procedures include detailed verification of education, medical training, licensure, experience, practice, criminal background, exclusions, debarments, etc. A thorough screening is rigorous and will identify red flags which may not appear in a more lenient credentialing and verification process.

These red flags may include (but are not limited to):

1. Vague or no reference responses
2. Voluntary or involuntary relinquishment of licensure
3. Unexplained or inconsistent time gaps or periods of time that are unaccounted for or do not match the timeline reported by organizations with which the applicant was affiliated
4. Frequent employment changes
5. Numerous lawsuits
6. Prior disciplinary action by any other healthcare organization or licensing body
7. Failure to disclose information

Ways to Prevent Negligent Credentialing 

Negligent credentialing lawsuit cases are on the rise and so are the risks and costs that come with litigation. Negligent credentialing, a claim of harm or suffering brought against a provider, can result in legal liability when a patient is injured by an incompetent, unqualified, or excluded healthcare provider. This can result in a malpractice lawsuit against the healthcare provider as well as serious financial and administrative consequences for the hospital or medical institution.

Costly negligent credentialing lawsuits can threaten a hospital’s ability to participate in federally funded programs such as Medicare and Medicaid. With growing numbers of negligent credentialing lawsuits, it’s increasingly important for healthcare institutions to verify providers in the early stages of onboarding new staff and to continue monitoring providers on an ongoing basis.

To prevent negligent credentialing lawsuits, be sure to regularly and thoroughly update your documentation and credentialing processes, conduct regular background checks, check licensure status, check exclusion status, and implement thorough pre-employment screenings with top industry-trusted tools.

How the Credentialing and Privileging Processes Work

Before a provider is allowed to provide healthcare services, credentialing should be completed. When privileges are granted, the governing board should make the final decision of approval.

To meet credentialing requirements, healthcare organizations should perform primary source verifications on the provider’s education, medical training, certificates, peer recommendations, and license status. Alternatively, they can use approved designated equivalent sources from selected agencies or reports from credentials verification organizations (CVO) that meet Joint Commission standards.

If a hospital, pharmacy, or medical clinic uses an approved credentials verification organization (CVO) to perform their verifications, the organization should meet with the CVO to outline the process for gathering and verifying information. When organizations hire a CVO to perform credentialing, organizations are ultimately responsible to ensure primary source verification is being done on their population.

Whenever provider privileges are being granted, initially or renewed, the organization’s governing board should have final approval, although the board may delegate the review of recommended approvals. Recredentialing and renewal of privileges should occur at least every two years and should be completed by following established policies and procedures.

How the Application Process Works

A provider’s application for organizational membership is most effective when organizations use a two-step process. Pre-application completion helps organizations determine whether or not the applicant meets basic qualifications as outlined in staff bylaws. Once these standards are met, the provider can submit a full application.

How to Use a Pre-application When Hiring a Provider

The pre-application process helps you determine the suitability of potential providers to meet minimum requirements before you invest significant resources. When you ask candidates to fill out pre-applications, you should make it clear that they are not the full applications.

At a minimum, pre-applications should inquire about the following:

• Required board certifications
• Disciplinary actions or sanctions from professional organizations, licensing boards, or payers
• Licensure and any restrictions
• Malpractice coverage and claims history (closed and open claims)
• History of arrests
• Clinical specialties and specialty-related requirements
• Health status

You may also ask candidates to submit a curriculum vitae (CV) with their pre-application. Check with your legal counsel to make sure your pre-application complies with the Americans with Disabilities Act (ADA).

Next Steps: Application

After meeting minimum pre-application standards, the candidate may fill out a full application. Whether the applications are standardized throughout the state or not, they should always include certain conditions and expectations that the candidate agrees to follow. These requirements should include:

• Providing continuous care to patients
• Following applicable bylaws, rules, regulations, and policies
• Using internal solutions before resorting to litigation for credentialing decisions
• Alerting the organization if actions are taken against a candidate’s license
• Releasing the organization’s representatives (and their sources of information) from liability for retrieving applicant information
• Maintaining professional liability insurance
• Notifying the organization of any change in the candidate’s contact information
• Providing information on health status and vaccinations as requested
• Submitting to mental or physical exams when requested to do so by the organization
• Providing a written request for specific privileges
• Providing a written affirmation that all statements are truthful and complete to the best of the candidate’s knowledge and an agreement that providing false information may be cause for suspension or withdrawal of application

Identification and Background Checks

When the candidate submits the application, a government-issued photo ID should be included. The organization may send a copy of the photo ID when requesting references to confirm the candidate’s identity.

Organizations should also perform national and state criminal background checks on all providers. Criminal background checks are a basic employment and credentialing practice that helps organizations discover issues or concerns that should be addressed before granting privileges.

Organizations should also perform a comprehensive search of criminal and civil court records at the county, state, and federal levels. These can be completed by a credentials verification organization. If organizations do not perform these checks, they could risk negligent credentialing claims.

Background checks may require a separate consent form, but if you hire a CVO to perform the checks, they can take care of this step for you.

Performing Primary Source Verification

To verify a provider’s medical training, education, experience, licensure status, competency, and ability to provide quality healthcare according to requested privileges, healthcare organizations should gather information from primary sources such as national databases, educational institutions, state boards, and previous employers. Organizations should perform primary source verification within 120 days of the review.

You can avoid many potential problems with providers by asking them to submit a pre-application and by performing credentialing and primary source verifications properly. This will help eliminate candidates that don’t meet minimum requirements and resolve concerns about education, medical training, references, and licensure.

All credentialing, recredentialing, and privileging decisions should follow the process as laid out in the organization’s bylaws for review and approval. The governing board should document this process and have final say in approving or denying applications.

Healthcare institutions can minimize risk and maximize patient safety by using tools that keep the guesswork out of critical screening and monitoring processes. By integrating real-time tools, you can ensure that providers’ credentials such as education, medical training, board certifications, licensure, and work history are correct and verified. Verisys tools continue to monitor for any potential red flags or risks after the initial hiring screening is conducted.

Verisys provides credentialing solutions that are powered by FACIS, the healthcare industry’s gold standard in provider data. Find the right solutions to support your organization so that you can reduce risk and continue providing the highest level of patient care.

Written by Verisys Verisys transforms provider data, workforce data, and relationship management. Healthcare, life science, and background screening organizations rely on our comprehensive solutions to discover their true potential. Visit verisys.com to learn how we turn problems into power. Secure, configurable, and proven solutions Accurate, compliant, and complete information NCQA, URAC, and ISO accreditations/certifications Follow us on LinkedIn