Health Plan (7.4) 7.4
P-CR 6 - Credentialing Confidentiality
This standard requires that your organization protect the confidentiality of credentialing information. It also requires that you limit access to provider credentialing files to authorized personnel.
You no doubt have a policy and procedure on this subject, and have received training on those P&Ps. Make sure you have access to those P&Ps, and have received the required training, as you may be asked by the URAC reviewer about your organization's confidentiality policies.
Naturally, it is easier to maintain the confidentiality of these files if they are electronic format and you have a system of password control that limits access to those electronic files. It becomes a little trickier if you have paper credentialing files, as most organizations do. First of all, you'll need to have a policy and procedure that address such issues as requiring that staff members put credentialing files away in a locked cabinet when they are not working on them and procedures for locking computers when staff members step away from their desks. Second, members of your credentialing staff will need to be trained on these policies and procedures. Reviewers may also ask what occurs to the information that is disposed/shredded.
An extra burden will fall of the organization if people other than credentialing staff members work in the same room as the credentialing files are stored. In such an event, the reviewers may deduct points, or at the very least make recommendations about creating a physical separation including a locked doors between where the credentialing files are stored and non-credentialing staff members.
At the desktop review level, we recommend submitting both the credentialing plan, making sure that it contains a section on maintaining the confidentiality required by this standard, as well as some sort of documentation of training of staff in preserving the confidentiality of credentialing files. That documentation might be an agenda for a training session, or a syllabus.
The URAC reviewer will interview members of the credentialing staff to make sure that they have a clear understanding of the policies and procedures.
During the on-site review, the reviewer will physically inspect your credentialing Department offices, and you may even test to see if the file cabinets in which your credentialing files are stored are locked. In addition, the reviewer will more carefully examine your training documentation to make sure that your entire credentialing staff has been adequately trained in the requirements of the standard and your policies and procedures on the subject of confidentiality.