Delegated Credentialing Can Eliminate Redundancies and Draw on Expertise

Many hospitals, physician group practices, and other organizational health-care providers are pursuing delegated credentialing with health insurers. These entities want their individual providers to be placed on health insurer panels, and eligible for reimbursement, as quickly as possible. Health insurer credentialing can be time-consuming and inefficient, with some health insurers taking up to 180 days to credential a practitioner. Delays in panel placement often result in ineligibility for reimbursement for services provided.

Generally, hospitals and physician group practices have well-functioning credentialing and peer review policies and procedures already in place. These policies and procedures provide an excellent foundation for performing delegated credentialing for health insurers. Adjustments to these policies and procedures are usually necessary for a health insurer to agree to delegate credentialing and recredentialing to a provider. This is because health insurers are governed by different legal and regulatory requirements and accreditation standards. Providers interested in delegated credentialing must be aware of the requirements that must be met for an insurer to delegate credentialing and unique issues that must be addressed for organizational providers to perform credentialing on their behalf.

I. Accreditation Standards

Before any health insurer delegates credentialing to a provider, the insurer will conduct a pre-delegation audit of the provider’s policies and procedures. This is required by accreditation entities. During the pre-delegation audit, the insurer will review the provider’s policies and procedures for compliance with accreditation standards. Many insurers are accredited by the National Committee for Quality Assurance (NCQA), one of the most prevalent and widely recognized health plan accreditation programs in the country. These insurers will require any delegated entity to comply with the NCQA Health Plan Accreditation Standards.

According to the NCQA, “[d]elegation occurs when an organization gives another entity the authority to perform an activity that the organization would otherwise perform to meet a requirement in the NCQA standards and guidelines.” (NCQA, Appendix 5—Guidelines for Delegation and Automatic Credit, 5-2, Standards and Guidelines for the Accreditation of Health Plans (2016).) Delegation of credentialing and recredentialing is expressly permitted by the NCQA. Some of the “requirement[s] in the NCQA standards and guidelines” for credentialing and recredentialing are outlined below.

A. Credentialing Policies.

The NCQA Accreditation Standards require a delegated entity to have credentialing policies that include a “well-defined credentialing and recredentialing process for evaluating and selecting licensed independent practitioners to provide care to [the health plan’s] members.” (Id. at Credentialing and Recredentialing, CR1: Credentialing Policies.) The delegated entity’s credentialing policy must reflect “a rigorous process to select and evaluate practitioners.” (Id.) The credentialing policy also has to address the types of practitioners that the provider will credential and recredential. (Id. at CR1, Element A(1).)

B. Practitioners’ Rights.

Delegated entities, under the NCQA Accreditation Standards, must satisfy a number of requirements related to practitioners’ rights. For example, the delegated entity must notify credentialed practitioners about their right to review information submitted to support their credentialing application, correct any erroneous information in their credentials files, and receive the status of their application upon request. (Id. at CR1, Element B(1)-(3).) There is an important limitation on this right – the delegated entity does not have to make available sensitive information such as peer references, peer recommendations, and peer review protected information. ( Id.)

The delegated entity must also have an appeal process for practitioners who are subject to a “professional review action.” (Id. at CR7, Element C.) It is important to note that the NCQA required appeal process is not nearly as detailed as the safe harbor adequate notice and hearing provisions in the Health Care Quality Improvement Act (“HCQIA”). (42 U.S.C. § 11112(b).) Nonetheless, the delegate’s credentialing policy should reflect the provisions in the HCQIA, and the delegate needs to comply with those provisions, so that the delegate is eligible for immunity under the HCQIA safe harbor.

C. Credentialing Committee.

The NCQA Accreditation Standards require a credentialing committee “that uses a peer-review process to make recommendations regarding credentialing decisions.” (Id. at Credentialing and Recredentialing, CR2: Credentialing Committee.) The credentialing committee must consist of participating practitioners who provide advice and expertise for credentialing decisions. (Id. at CR2, Element A(1).)

The NCQA Accreditation Standards do not require that the credentialing committee make the final decision on the credentialing and recredentialing of practitioners. Thus, the board of a delegated entity (such as the board of a hospital or physician group practice) may make the final decision on credentialing matters. Other accreditation entities differ on this point. For example, under Utilization Review Accreditation Commission (URAC) standards, final credentialing decisions are made by the credentialing committee. The relevant URAC standard reads as follows: “the organization establishes a credentialing committee that … has final authority to … approve or disapprove applications by providers for organization participation status.” (URAC, P CR-3, 214, Health Plan Accreditation Standards (2014) (available to accredited programs at https://accreditnet2.urac.org/UracPortal/Login?ReturnUrl=%2furacportal%2f). (Emphasis added.))

D. Verification.

The NCQA Accreditation Standards also have distinct requirements for the verification of credentialing information through primary sources. Delegated entities must verify the following: (1) a current and valid license to practice; (2) a valid DEA or Controlled Dangerous Substance certificate, if applicable; (3) education and training; (4) board certification status, if applicable; (5) work history, including employment dates and any gaps in work history, with any gaps over one year being clarified in writing by the practitioner; (6) malpractice history; (7) state sanctions; and (8) any Medicare and Medicaid sanctions. (NCQA, CR3: Credentialing Verification.)

E. Additional Accreditation Requirements.

Although a listing of every single one of the NCQA Accreditation Standards (or the standards of any other health insurer accreditation entity) for credentialing is not feasible, there are a few others that should be of interest for providers. For example, recredentialing must be performed at least every 36 months. (Id. at CR 4: Recredentialing Cycle Length.) This should not be a problem for hospital providers considering the Joint Commission requires and the Medicare Hospital Conditions of Participation recommend that individual providers are recredentialed no more than every two years. (See The Joint Commission, MS.06.01.07, Element 9, Accreditation Requirements for Hospitals (2016) (“Privileges are granted for a period not to exceed two years”) & Medicare, Conditions of Participation for Hospitals, Interpretive Guidelines for 42 C.F.R. § 482.22(a)(1) (last revised November 11, 2015) (“CMS recommends that an appraisal be conducted at least every 24 months for each practitioner.”).)

“Ongoing monitoring and interventions” are also required by the NCQA Accreditation Standards. (NCQA, CR6: Ongoing Monitoring and Interventions.) This is basically a simple peer review process which involves the collection and review of certain types of information (such as Medicare and Medicaid sanctions, adverse events, and patient complaints) and the implementation of appropriate interventions to address any identified issues. (Id. at CR6, Element A.)

II. Select Medicare & Medicaid Credentialing Requirements

Many of the NCQA Accreditation Standards overlap with federal and state requirements for health insurer credentialing. Nonetheless, if a provider is interested in taking on delegated credentialing for an insurer that has Medicare Advantage and Medicaid plans, there are a few additional requirements.

For example, Medicare requires verification that the practitioner has not opted out of participation with Medicare or is excluded from Medicare participation. (42 C.F.R. § 422.204(b)(4); see also Medicare, Chapter 6 – Relationships with Providers, 60.2, Managed Care Manual (last revised June 6, 2003) (describing excluded provider and opt-out provider checks for confirmation of eligibility for participation in Medicare).) Additionally, the “Participation Procedures” for the Medicare Advantage program arguably do not permit the use of a hearing officer, as opposed to a hearing panel, for a practitioner’s right to challenge a decision to exclude him or her from panel participation. (See
42 C.F.R. § 422.202(d) (providing for a practitioner’s right to appeal an adverse decision and indicating that “the majority of the hearing panel members are peers of the affected physician”).) At least one major health insurer has interpreted this provision as only allowing for a hearing panel, and not a hearing officer, for practitioner appeals.

For the most part, Medicaid requirements for provider enrollment are the same as those for Medicare and accreditation entities. Some states, however, have unique credentialing requirements when it comes to their credentialing standards for Medicaid providers. Pennsylvania, for example, has incorporated the Affordable Care Act’s program integrity provisions into its Medicaid enrollment requirements and, accordingly, requires criminal background checks and screening based on risk level for fraud and abuse. Pa. Dep’t of Health and Human Servs. (Provider Enrollment and Screening Requirements of the Affordable Care Act. See also Pa. Dep’t of Health and Human Servs., MA Assistance Bulletin 99-16-13, Assignment of ACA Categorical Risk Levels and the Implementation of Site Visits.)

III. Credentialing Best Practices

The NCQA Accreditation Standards and federal and state requirements provide a floor for eligibility criteria for initial credentialing and recredentialing. The NCQA Accreditation Standards obligate the credentialing entity to verify “[a] current valid license to practice.” (NCQA, CR3: Credentialing Verification, Element A(1).) But, providers, whether it is a physician group practice or a hospital, want to attract and grant membership to only highly qualified individuals. The basic qualifications, or threshold eligibility requirements, for credentialing and recredentialing should be expanded in pursuit of this desire. The NCQA requirement could be expanded to providers that have “a current, unrestricted license and registration in this state, which is not subject to any probationary terms or conditions not generally applicable to all licensees, and have never had a license to practice or registration revoked, restricted or suspended by any state licensing agency.”

A delegated entity may also want to consider if other threshold eligibility criteria make sense even though the criteria are not required by regulation or accreditation standard. Such a criterion could include the following: “the practitioner has not had medical staff or allied health staff appointment, clinical privileges, or status as a participating provider denied, revoked, or terminated by any health care facility or health plan for reasons related to clinical competence or professional conduct.” These threshold eligibility criteria are useful because if they are not met, a practitioner is deemed ineligible for membership. This is different from a denial of membership, which would result in a report to the National Practitioner Data Bank (“NPDB”).

A delegate’s credentialing policy should include authorization for release and immunity granted by applicants and members and an agreement that the hearing process is the sole and exclusive remedy for actions taken. Additional provisions that could be included in a credentialing policy to protect those performing credentialing functions and the credentialing entity is an agreement by the applicant that if the applicant does challenge an action and does not prevail, he or she will be responsible for “all costs incurred in defending such legal action, including costs and attorneys’ fees, and expert witness fees.”

IV. Querying and Reporting

When conducting delegated credentialing, providers are going to have to comply with the rules of the NPDB. The NPDB is “an information clearinghouse, to collect and release certain information related to the professional competence and conduct of physicians, dentists, and, in some cases, other health care practitioners.” (NPDB, Chapter A (“Background”), NPDB Guidebook.) If the delegate is a physician group practice and the physician group practice has agreed to perform credentialing activities, including credentials verification, then the physician group practice will need to query the NPDB for malpractice history and any actions taken by other health-care entities. However, the group practice would need to register as an eligible entity with the NPDB before it could query or report.

With respect to reporting, the NPDB requires hospitals and other health-care entities to report “adverse clinical privileges actions.” (Id. at Chapter E (“Reports – Reporting Clinical Privileges Actions”).) “Adverse clinical privileges actions” include, but are not limited to, “any professional review action that adversely affects the clinical privileges of a physician or dentist for a period of more than 30 days.” The phrase “clinical privileges” is broadly defined for reporting purposes, and includes privileges, medical staff membership, and other circumstances (e.g., network participation and panel membership) in which a physician, dentist, or other health-care practitioner is permitted to furnish medical care by a health-care entity. (Id.)

NCQA also requires reports of practitioner suspensions or terminations to the appropriate authorities, including the NPDB. (NCQA, CR7: Practitioner Appeal Process, Element B.) NCQA states that credentialing policies and procedures describe what specific incidents are reportable, how and when reporting occurs, and to whom incidents are reported. (Id. at Element A, Explanation Factor 2.)

Some health insurers will request the actual NPDB report to conduct a pre-delegation evaluation. However, sharing of NPDB reports for this purpose is not permitted under the NPDB Guidebook. According to the Guidebook, “In a delegated credentialing arrangement, the health-care entity that delegates its credentialing responsibilities…is not considered part of the credentialing process and is prohibited from receiving NPDB query results.” (NPDB Guidebook, Chapter D (“Queries – Delegated Credentialing”).)

V. Conclusion

Organizational health-care providers, such as hospitals and physician group practices, can benefit significantly from conducting delegated credentialing on behalf of health insurers. Many of the redundancies that are present in insurer and provider credentialing can be eliminated. Moreover, delegated credentialing facilitates the placement of organizational providers’ individual practitioners on insurer panels in a more timely manner. Hospitals and some group practices are tremendously skilled in performing credentialing. The processes, procedures, and expertise that have been developed by these organizational providers through years of credentialing individual practitioners are an asset in planning for delegated credentialing. However, a provider will need to review (and possibly revise) its credentialing policies and practices for compliance with accreditation and legal requirements. Because none of these tasks are overly difficult to complete and operationalize, organizational health-care providers who desire more efficient and timely health insurer credentialing may want to explore delegated credentialing as an option.