The Key to Effective Credentialing and Privileging: No Shortcuts

Stamping paperHealthcare organizations are responsible for validating the competency of their medical staff through credentialing and privileging. Failure to adhere to solid credentialing and privileging procedures might result in a costly negligent-credentialing claim against an organization.

Credentialing is the process by which a healthcare organization verifies and assesses that a practitioner’s qualifications and license status are in good standing. Privileging is the process of authorizing a licensed or certified healthcare practitioner’s specific scope of patient-care services. Privileging is performed in conjunction with credentialing and includes the evaluation of an individual’s clinical qualifications and/or performance. In the past, credentialing and privileging were mainly associated with hospitals. Today, these procedures are also essential at other types of healthcare organizations (such as physician office practices or physician specialty groups). Not only is the credentialing and privileging process complex, requiring extensive background information—including education, training, and licensure, as well as scope of practice and organization standards—but it’s also important for it to be completed in a timely manner. This is a heavy lift for any organization. And in the current environment of staffing shortages and burnout, an arduous process such as this may give rise to a new area of potential liability.

Credentialing issues arise when an injured patient asserts that the organization failed to properly follow its credentialing and privileging processes. In those cases, plaintiffs must demonstrate that a practitioner was negligent in causing an injury and that the healthcare organization either failed to complete all the steps in the credentialing process or failed to investigate the practitioner’s negative-credentialing findings. It is therefore imperative for a healthcare organization to have a procedure in place that clearly outlines the process and is both easy to follow and understood by all necessary staff. Therefore, one of the keys to a successful process and to establishing protection against negligent-credentialing claims is ensuring that no shortcuts are taken. “The devil is in the details” rings true here.


Data Gathering, Verification, and Documentation

The first step of any credentialing and privileging process is acquiring credentials from the applicants. Every practitioner—whether they’re independent, contracted, employed, volunteer, or temporary—should be prepared to submit credentials every time they extend the scope of their services or change their employment or practice location. Additionally, all practitioners should be required to get re-credentialed every two years to maintain their privileging. This includes the re-verification of all licenses, credentials, and certifications of the practitioner through the primary-source verification process. The organization should also review quality-of-care, peer-review, Ongoing Professional Practice Evaluation (OPPE), and performance-improvement information for the previous two years. In addition to submitting qualifications such as education and licensure, applicants must also provide three verified peer-review letters that assess the applicant’s training, professionalism, and competence.

Perpetual documentation is key to good data-acquisition practices for organizations. Whenever new licensures, certifications, or other credentialing requirements are received, they must be retained permanently. These files must be properly secured and kept separate from files maintained by human-resources departments—even for providers employed by the hospital or practice. There should be a system in place to monitor expiration dates and remind providers of deadlines to renew their credentials and privileges.

Poor documentation can have consequences. If privileges are granted to a practitioner who has negative peer-review information and a patient is later harmed, the organization may risk a claim due to negligent credentialing. On the other hand, if the organization receives informal negative feedback from peers—but not in written form—and a practitioner is then denied privileges, the organization risks liability for wrongful denial of privileges.


Assessment and Confirmation of Credentials

The next step is to verify and assess the records and other credentialing documents that have been acquired. During this process, a practitioner’s reported qualifications, such as education or licensure, are confirmed by the original or primary source, preventing the hiring of individuals who falsely pose as healthcare practitioners. This process also identifies providers with red flags on their credentialing applications, alerting verifiers to delve further into their backgrounds. Peer-review letters should also be carefully reviewed. Any negative information revealed should be flagged for further investigation.

The organization should also conduct background checks to uncover past criminal behavior or medical-malpractice payments, adverse actions, or sanctions issued. Background checks may also alert you to potential behavioral issues. Documented background checks demonstrate that an organization has completed due diligence.

We strongly recommend querying the National Practitioners Data Bank (NPDB) upon initial appointment and reappointment. Completing a criminal background check when a provider is initially appointed may reveal information not identified by other database searches, and allows the organization to make informed decisions.


Oversight and Recommendations

When all the steps in the credentialing process have been completed, a formal group of stakeholders should review all recommendations. They can grant or deny privileges and permissions to provide services or treatment based upon the practitioner’s training, experience, and demonstrated competence. All final decisions should be communicated to the practitioner in writing, with a copy kept in the credentialing file.

For more information and guidance on credentialing and privileging, please visit for the following documents: