Requirements for the Ongoing Monitoring Process of Credentialing

Requirements for the Ongoing Monitoring Process of Credentialing

Jun 2, 2022
  • Author:
    Noelle Abarelli

When it comes to credentialing, some elements, like education, need only be verified once. Others, however, need to be monitored on an ongoing basis to assure that they are always current and up to date. Accreditors and Regulatory Agencies have various requirements for ongoing monitoring of specific provider credentials, including Licensure and Certifications, Proof of Professional Liability Insurance, Medicare and Medicaid - Sanctions and Exclusions, and more. In this post, we’ll examine various Accreditors and Regulatory Agencies and the types of credentialing elements that may require ongoing monitoring to ensure you’re always ahead of the curve.


Accreditors and Regulatory Agencies


There are numerous Accreditors and Regulatory Agencies out there. Generally speaking, all share the same goals of improving healthcare by evaluating organizations that deliver patient care and inspiring them to excel. The organizations you need to achieve compliance with will depend on your unique circumstances, including your location, whether you accept Medicare or Medicaid, whether you wish to be NCQA-certified and more. Below is a list of common Accreditors and Regulatory Agencies and a summary of their requirements.


CMS - Centers for Medicare and Medicaid Services
NCQA - National Committee for Quality Assurance

Requirements for Hospitals do not specifically address ongoing monitoring of credentials. They do require that providers are licensed and that a facility complies with its own policies and bylaws. The only way of knowing if a provider has a valid license is to verify the license.

Requires ongoing monitoring of:

  • Provider sanctions, complaints, and quality issues
  • Medicare opt-out list
  • Officer of Inspector General exclusions database
  • System for Award Management (SAM) list
  • Medicaid Provider Termination & Exclusion List(s)
  • CMS Medicare Preclusion List
State Healthcare Licensing Boards
Other Healthcare Organization Accreditors

State healthcare licensing boards may have requirements for verifications contained in their regulations. As such, it is important that you know what the healthcare facility and licensed professional licensure requirements are in your state.

Healthcare organization accreditors such as URAC (Utilization Review Accreditation Commission), TJC (The Joint Commission), CARF (Commission on Accreditation of Rehabilitation Facilities) and COA (Council on Accreditation) have specific requirements for verification of individual elements with primary or secondary (designated equivalent) sources.

Credentialing Elements Requiring Ongoing Monitoring

As outlined above, each Accreditor and Regulatory Agency has its own requirements for ongoing monitoring. From Licensure and Certifications to Hospital Affiliations, and everything in between, you’ll be required to monitor something different for each. It’s a safe bet however, that you’ll be asked to monitor some or all of the items below. When in doubt, check directly with the source or accreditor to get the most accurate information.

Licensure and other certifications
  • Providers must always be licensed or certified by the state in which care is being provided to the patient.
  • Documentation of primary source verification of current licensure is a requirement of CMS regulations and all healthcare accreditors.
    • Failure to verify a current license and allowing a provider to treat a patient without a valid license could result in the healthcare facility losing its own state licensure.

Proof of Professional Liability Insurance
  • All healthcare providers must have continuous professional liability insurance.
  • Providers can renew their insurance prior to its expiration to avoid a lapse.
  • Providers can also add their facility as a certificate holder, allowing the facility to keep track of the coverage, renewal, and any changes as they occur.

Medicare and Medicaid - Sanctions and Exclusions
  • Ongoing sanctions monitoring is the process of reviewing information on a periodic basis to determine whether exclusions and sanctions have occurred with regard to a provider.
  • Providers sanctioned in one state can quickly move and open an office in another, affecting network quality, member service, and patient safety.
  • In addition to federal exclusion databases, individual states have databases of suspended or ineligible providers under the state’s Medicaid plan.

Board Certification
  • Accreditation standards do not require providers to be board certified, but if a facility does, the accrediting agency will hold the organization to its requirements, necessitating verification.
  • When a facility publishes its provider directory, it must verify board certification if this is included in the directory. NCQA standards require that, if the individual is board certified, certification must be verified.

Sanctions or Limitations on Licensure and Certification
  • Licensure is monitored on an ongoing basis to ensure the provider’s licenses remain free of sanctions or probationary conditions.

Member Complaints and Grievances
  • Member complaints and grievances for health plans are reviewed periodically, or on an ad hoc basis for urgent matters.
  • For a hospital, patient complaints are managed by a patient relations department, and the list of provider names is periodically sent to the medical staff office, where complaints are tracked.

Medicare Opt-Out
  • Providers who do not wish to enroll in the Medicare program may “opt-out” of Medicare. This means that neither the physician, nor the beneficiary submits the bill to Medicare for services rendered.
  • There is an Opt-Out Affidavit searchable database that allows you to look up providers who have “opted-out,” which is updated monthly.

Vaccines and Mandatory Testing
  • Organizations that require mandatory vaccines and testing need a way of monitoring compliance with these requirements.

Advanced Trauma Life Support, Pediatric Advanced Life Support, Advanced Cardiac Life Support, etc.
  • When these are required by an organization, they must be tracked and complied with by the provider. Many hospitals require these certifications as a requirement for privileges.

Medical Malpractice Claims
  • Most medical staff bylaws include a provision whereby providers are obligated to disclose past and pending liability actions.
  • Claims histories are also requested from external professional liability insurance companies.
  • These may be tracked on an ongoing basis.

Medicare Preclusion List
  • Providers and prescribers on this list are precluded from receiving payment from Medicare Advantage items and services, or Part D drugs prescribed to Medicare beneficiaries.
  • These may be tracked on an ongoing basis.

System for Award Management (SAM)
  • SAM is the official government-wide system of records for debarments, suspensions, and other exclusionary actions.

Drug Enforcement Administration (DEA) Certificate
  • A DEA certificate is required for all providers who write prescriptions for controlled substances.
  • The DEA certificate should be tracked in states where the provider will treat members or patients.
  • Some states also require a provider to hold a controlled dangerous substances certificate in addition to a DEA certificate. These can be verified with the state licensure board.

National Practitioner Data Bank (NPDB) Query Results
  • Hospitals are the only health care entities mandated by federal law to query the NPDB. Each hospital must query when physicians, dentists, and other health care providers apply for medical staff appointment (courtesy or otherwise) or for clinical privileges, and then every two years thereafter.
  • Healthcare organizations have two options for NPDB queries:
  • All hospital accreditors require NPDB query on initial appointment, privileging and recredentialing/reprivileging.
  • Enrollment in the “Continuous Query” option provides for ongoing monitoring.

Hospital Affiliations
  • Hospitals where the provider has privileges are usually tracked by facilities/offices that perform provider enrollment. This information is reported to the health plan on credentialing and recredentialing.
  • The health plan will validate this information when the provider notifies the health plan of any changes or every three years during recredentialing.

How to Keep Up

Ongoing monitoring ensures that providers meet the minimum credential requirements of various Accreditors and Regulatory Agencies. But due to the differing requirements among the various bodies, it can be a lot to keep track of. The good news is, you don’t have to go at it alone. CredentialStream automates the validation and monitoring of provider data. Our library includes hundreds of sources including State Licensing Boards, Federal Sites, Hospital Affiliations, Medicare Opt-Out, State Exclusions, SAM Exclusions, OIG Exclusions, Medicaid Eligibility, Abuse, Social Security Death Master File. To find out more about how CredentialStream can help you with ongoing monitoring, book a demo with our team of experts. We’re always here to help!