Answers to Top Credentialing Questions on Sharing Provider Data Across a Health System

Remember when a provider would limit where they practiced to one or two places? Life was easier for MSPs back then! Healthcare delivery has evolved since then and today providers are often credentialed and privileged to provide services throughout a healthcare system. This may be in the same geographic area, or it may be across the country. Sharing data across a health system has become essential in the credentialing, peer review and quality assessment processes for these types of providers.

Today’s healthcare organizations, including hospitals, medical groups, physician networks, health plans, and retail clinics, need accurate, continuously-updated, provider information to accelerate onboarding, connect patients with the best providers, streamline billing processes, populate mission-critical applications, and comply with industry regulations. In the past, labor-intensive and time-consuming processes were required to obtain, validate, maintain, and share data on providers, but technology has changed that. Many organizations are now benefitting from centralized data repositories for provider data or a single source of truth which helps them operate with standardized and relevant data across the board. Whether your organization has implemented technology to deliver a single source of truth or not, there are still many rules to keep in mind when sharing data across a health system.

If you’ve got questions about sharing data across a health system, we’ve got answers! Check out our responses to the FAQs we receive at VerityStream.

Q: What is meant by the term a “Single Source of Truth”?

A: A single source of truth (SSOT) is the practice of aggregating the data from many systems within an organization to a single location. A SSOT is a state of being for an organization’s data in that it can all be found via a single reference point.

Q: Do the Centers for Medicare and Medicaid Services (CMS) have requirements for sharing data across a system?

A: CMS requirements do not address sharing provider information or data.

Q: Does The Joint Commission (TJC) have requirements for sharing data across a system?

A: TJC allows supplemental data from a Medicare-certified hospital to be shared for credentialing, privileging, and focused/ongoing professional practice evaluation. Specifically, the following items can be shared between CMS organizations:

• General information related to an application for privileges that do not require primary source verification.
• Relevant training verification may be shared as long as there is evidence that the information was obtained through primary-source verification or a credentials verification.
• Physical ability to perform requested privileges.
• Peer and/or faculty recommendations.

TJC also specifies that the organization’s medical staff must develop policies and procedures to ensure oversight of local data and the use of supplemental data.

Q: Does TJC have data requirements regarding Ongoing Professional Practice Evaluation (OPPE) or Focused Professional Practice Evaluation (FPPE)?

A: Yes, and it’s the same for both OPPE and FPPE. In multi-hospital systems where each hospital operates independently under separate CMS Certification Numbers, data from those entities may be used to supplement local data. Note that supplemental data may NOT be used in lieu of a process to capture local data. Organizations that use supplemental data should continually assess and determine the data's relevance, timeliness, and accuracy.

Q: What does it mean to be the SSOT for credentialing data?

A: It means your organization can trust the data that comes out of your database and is fed to other software systems. That’s a big responsibility, which is why we recommend you ask yourself the questions below before declaring your system as your organization's SSOT.

• Is the data clean or are there multiple items that need to be fixed?
• Do you have set rules for which data you will or will not share?
• Are these rules understood by all the providers whose data will be housed in your system?
• Do you have an IT team that will support your data decisions?
• Does senior leadership support your rules around what data is shared with other software systems?
• If you are a part of a larger healthcare system, do the other participants in your credentialing system agree with your ideas?

Q: What kind of consent or release do we need from providers to share data with other hospitals in our system?

A: If the hospitals have a single unified medical staff, information can be freely shared under the medical staff’s peer-review process. For hospitals with separate medical staff, the best option is to implement an information-sharing policy. This policy must ensure that information is shared in a manner that preserves the confidential and privileged nature of the information to the fullest extent permitted by state and federal law. It should be approved by the medical staff and agreed upon by all providers as a condition of medical staff appointment and/or employment.

Q: What kind of events should be shared between system hospitals?

A: There are certain events that should always be shared between system hospitals, such as:

• A peer review committee recommending denial of an application for appointment, reappointment, or grant/regrant of privileges in whole or in part
• Formal corrective action
• Appointment and/or privileges being automatically, voluntarily, or summarily restricted
• A provider resigning appointment and/or privileges while under investigation or to avoid investigation related to professional conduct or clinical competency concerns

Q: Let’s break down a specific scenario: Our hospital has entered into a contract with a different hospital to provide telemedicine services. This other hospital will be doing the credentialing and our medical staff will make recommendations based on the credentialing and privileging decision made by that hospital. What kind of information do we need to provide back to the hospital providing the telemedicine services?

The hospital that is providing the services needs to know how the provider is doing at your facility. CMS regulations require that your hospital must provide feedback to the contracted hospital. At a minimum, periodic reports must include adverse events and complaints related to each telehealth provider’s services provided at your facility. This information sharing should be specified in your contract with the distant site hospital. For more information about this topic, download our white paper on Privileging Telehealth Providers.

Q: How does CredentialStream support sharing data across a health system?

A: Moving multiple hospitals’ provider and credentialing data into a single, shared credentialing platform is the best approach to ensuring a single source of truth for provider information. Setting as much of your provider data to Global as possible ensures that all participating hospitals are reviewing and managing the same data elements. When information must be maintained at the facility level, CredentialStream’s extensive entity security options allow the users’ access to be set up so only those that should have access to sensitive information are able to view and/or modify the data, ensuring the organization’s peer review information is protected.

Have more questions about sharing data across a health system? We’re here to help. Reach out today.