Health Plan (7.4) 7.4

P-CR 6 - Credentialing Confidentiality

Submited by: Tom Goddard

The Basics

This standard requires that your organization protect the confidentiality of credentialing information. It also requires that you limit access to provider credentialing files to authorized personnel.
You no doubt have a policy and procedure on this subject, and have received training on those P&Ps. Make sure you have access to those P&Ps, and have received the required training, as you may be asked by the URAC reviewer about your organization's confidentiality policies.

Management Tips

Naturally, it is easier to maintain the confidentiality of these files if they are electronic format and you have a system of password control that limits access to those electronic files. It becomes a little trickier if you have paper credentialing files, as most organizations do. First of all, you'll need to have a policy and procedure that address such issues as requiring that staff members put credentialing files away in a locked cabinet when they are not working on them and procedures for locking computers when staff members step away from their desks. Second, members of your credentialing staff will need to be trained on these policies and procedures. Reviewers may also ask what occurs to the information that is disposed/shredded.
An extra burden will fall of the organization if people other than credentialing staff members work in the same room as the credentialing files are stored. In such an event, the reviewers may deduct points, or at the very least make recommendations about creating a physical separation including a locked doors between where the credentialing files are stored and non-credentialing staff members.

Accreditation Tips

Desktop Review
At the desktop review level, we recommend submitting both the credentialing plan, making sure that it contains a section on maintaining the confidentiality required by this standard, as well as some sort of documentation of training of staff in preserving the confidentiality of credentialing files. That documentation might be an agenda for a training session, or a syllabus.
Validation Review
The URAC reviewer will interview members of the credentialing staff to make sure that they have a clear understanding of the policies and procedures.
Document Review
During the on-site review, the reviewer will physically inspect your credentialing Department offices, and you may even test to see if the file cabinets in which your credentialing files are stored are locked. In addition, the reviewer will more carefully examine your training documentation to make sure that your entire credentialing staff has been adequately trained in the requirements of the standard and your policies and procedures on the subject of confidentiality. 

  • Health Plan (7.4) 7.4 / 01.06.2021

    P-CR 10 - Consumer Safety Credentialing Investigation

    This extremely important standard requires that, if the credentialing process reveals information that indicates factors that may impact the quality of care or service provided to consumers, the organization conducts additional review and investigation of that provider.Your organization's policy and procedure on this issue no doubt spells out the circumstances that should trigger further investiga...

  • Health Plan (7.4) 7.4 / 01.06.2021

    P-CR 9 - Primary Source Verification

    Your organization must verify the "licensure or certification as minimally required to engage in clinical practice" and board certification (if applicable) or the highest level of education achieved by the practitioner, using primary sources. "Primary source verification" is defined as "verification based on information obtained directly from the issuing source of the credential."In other words, f...

  • Health Plan (7.4) 7.4 / 01.06.2021

    P-CR 8 - Credentialing Communication Mechanisms

    This standard carries two requirements. First, your organization must have mechanisms by which it communicates with providers about the credentialing status, upon request. Second, your organization must be willing and able to accept additional information from providers that they submit in order to correct incomplete, inaccurate, or conflicting credentialing information.Note that this standard doe...