November 1, 2018

QUESTION:        We are considering having a Credentials Verification Organization (“CVO”) perform primary source verification and other required verifications for our credentialing process.  Do we need to have some sort of agreement in place?  If so, what should that agreement include?

ANSWER:            Regardless of whether you are using an internal CVO (i.e., one that is a part of your organization) or an external, independent CVO (i.e., one that has no corporate affiliation with your hospital), there should be an agreement in place between the CVO and the hospital.

An agreement should define the obligations of the CVO, including the services that it will provide.  The agreement should also specifically identify the information that will be verified and the sources that will be used for verification purposes.  If ongoing monitoring of practitioners’ credentials is a part of the services the CVO will provide, the agreement should state this and indicate the credentials that will be monitored (e.g., Medicare and Medicaid sanctions and exclusions).

Furthermore, sharing of confidential credentials information should be addressed and include provisions on how sensitive information such as National Practitioner Data Bank reports and drug or alcohol treatment information will be handled and shared.  If the hospital is involved in delegated credentialing for third-party payors, there are special considerations for sub-delegation agreements, which would include agreements with an external CVO to perform verification activities.

Specifically, the agreement must require semiannual reporting of the CVO to the hospital on its conduct of the contracted-for activities, describe the process by which the hospital evaluates the CVO’s performance under the agreement, and describe the remedies available to the hospital if the CVO does not fulfill its obligations, including revocation of the delegation agreement.