The Joint Commission (TJC) has expanded the pool of data sources from which an organization may obtain information when privileging telemedicine providers. However, legal experts caution there are risks when depending on others for credentialing information.

In January, TJC announced it has expanded the pool of data sources from which an organization may obtain information when privileging telemedicine providers, says John Wallin, MS, RN, associate director of TJC’s standards interpretation group.1

The change allows organizations to obtain information from another TJC-accredited or a Medicare-participating organization when credentialing/privileging telemedicine providers. Sharing such information must be in accordance with applicable law/regulation.

“Historically, organizations were limited to obtaining information only from another Joint Commission-accredited organization,” Wallin says. “This is the only change since these requirements were first introduced a number of years ago.”

Wallin explains hospitals that use telemedicine providers have three options for granting such privileges:

  1. Fully credential/privilege following the requirements found in the medical staff chapter.
  2. The originating (patient) site uses credentialing information from the distant (provider) site if the distant site is a TJC-accredited or Medicare-participating organization.
  3. The originating site may choose to use the credentialing and privileging decision from the distant site to make a final privileging decision. If this option is chosen, the organization must ensure the delineation of privileges granted at the originating site only reflect those services that will be provided to that entity.

Wallin says choosing either option 2 or 3 may be beneficial for these reasons:

  • Reduces the credentialing and privileging burden for the originating site, especially where there are many licensed independent practitioners who might provide telemedicine services.
  • Recognizes the distant site has more relevant information upon which to base its privileging decisions.
  • Acknowledges the originating site may have little experience in privileging certain specialties.

“Regardless of which option is chosen, the information must still go through the organization’s privileging process, as only the governing body can grant privileges,” Wallin notes.

Once privileges have been granted, Wallin notes it is important to understand that all requirements found in the Medical Staff (MS) chapter of the accreditation manual will apply to the telemedicine providers, including the Focused Professional Practice Evaluation and Ongoing Professional Practice Evaluation requirements.

With the expansion and growing popularity of telehealth, any change that makes it easier to credential professionals for telehealth will be welcomed, says Heather Pfeffer, claims manager with Beazley, a specialist insurer in Chicago.

However, risk managers should be aware that credentialing by proxy has limits.

“From a risk perspective, one of the concerns is that while it is going to be easier for institutions using those telehealth providers to credential them by proxy, with the original institution responsible for all their credentialing and licensing, there are still licensing and regulatory standards that may be state-specific,” Pfeffer says. “The biggest message is don’t always rely on that originating institution to have all their T's crossed and their I's dotted. The user needs to make sure the provider is up to snuff with their requirements as well.” Pfeffer anticipates a rise in telehealth malpractice claims. Simply because the number of telehealth visits increased so much in the past year, she predicts there will be a corresponding rise in claims. This could represent a liability risk for both hospitals involved in the credentialing by proxy and both facilities involved in the telehealth visit.

“To loop in as many deep pockets as possible, they’re going to go after not only the provider and that institution, but also the originating institution for the credentialing and the provider where the patient received the telehealth visit,” Pfeffer explains. “If the radiologist was in California but reading a film in Illinois, a plaintiff’s attorney is going to loop all of them in.”

Where state laws or other credentialing requirements vary, always err on the side of meeting the higher burden.

“This even crosses over into insurance because there can be very policy-specific credentialing requirements among different institutions. Even when you comply with The Joint Commission requirements, you need to always be thinking of any state-specific or insurance-related issues that also come into play,” Pfeffer says. “You also have to have a lot of confidence in the other facility, that their providers are being reviewed on a regular basis and in the proper way. You’re putting all your faith in the other institution’s credentialing process, and you share just as much risk as they do.”

Process Will Evolve

Pfeffer suspects the process for vetting the other hospital’s credentialing process will evolve as credentialing by proxy becomes more common.

“You can’t ever be too careful. If there is a claim, even though that provider is not physically sitting at your institution, the patient is part of your institution so you’re going to have skin in the game,” she says. “You may have to ask for an audit, or at least get a breakdown of details of their process, maybe annual or semi-annual reports on providers. Each institution’s quality department is going to have to ask themselves what would make them confident, knowing what their own standards are.”

Credentialing by proxy will not always be the right choice but can offer some benefits, says Rose Willis, JD, healthcare practice group chair at Dickinson Wright in Troy, MI.

“It reduces the workload and can offer some efficiency in terms of moving forward with a particular physician or physician group that you want to include in your telemedicine program,” Willis says. “There are downsides, however. You have to be reliant on the other hospital’s assurance that the Medicare credentialing requirements have been met, and that results in some Medicare or CMS liability in some situations.”

Willis says the worst-case scenario would be hospital B submitting claims for a practitioner who did not meet the Medicare requirements for telehealth because hospital A misrepresented the credentialing, or simply did not create a proper credentialing process. “It works out to a false claims situation or an overpayment and reimbursement obligation to CMS,” Willis says.

Willis suggests requesting a description of the credentialing process at the other hospital and comparing it to your own. If the other hospital’s process is the same as your own or exceeds it, that suggests an administrator can trust the credentialing by proxy from the other hospital.

If the other hospital’s process is inferior to your own in any way, Willis suggests examining each gap and determining whether that step or information is critical. If administration determines that it is not, document that the difference was addressed and why the determination was made that it was not critical.

Can Sharply Reduce Time Needed

The loss of control, and the potential liability that could result, should be considered carefully before using credentialing by proxy, says Christopher Baratta, JD, principal with Grant Thornton in Dallas.

COVID-19 rapidly accelerated telehealth use. Now, hospitals are trying to catch up with the credentialing process.

“The good news is that with the expansion of telehealth services that are reimbursable, and with patients and clinicians both wanting it from a flexibility and scheduling perspective, the credentialing time can go down with this option,” Baratta says. “The conventional time for credentialing a physician is about 100 days. But with credentialing by proxy, that can go to 30 or 40 [days]. That’s a plus, but you’re taking on potential liability, and I don’t know that all organizations are ready for that.”

Quality leaders and those involved in the hospital’s own credential process should oversee any effort to credential by proxy, says David Reitzel, JD, partner with Grant Thornton in Chicago.

“Having people who understand the process is super critical. The last year has taught [us] that there are ways to operate differently, and this is one of those areas where we can see benefits in streamlining that process,” he says. “But the people who understand the traditional, in-house credentialing process should be the ones who drive this and ensure it suits your needs.”

Credentialing by proxy should be part of an organization’s enterprise risk management (ERM) program, Baratta says. This form of credentialing should be audited at least annually as part of the ERM program to ensure the hospital is doing everything necessary to maintain the integrity of the credentialing process, even when relying on information from another hospital.

Data security is another issue to consider. “Any time you are using telehealth, you need to make sure you are using a reliable platform and you are testing it regularly. As you expand that, you need to make sure that the providers have the requisite requirements from a laptop or PC that complies with your requirements,” Reitzel says. “It’s going to require some extra commitment from your IT teams to have that type of program for checking. It’s like when you bring in third-party vendors because now this is a third-party physician who needs to undergo an IT and security check.”

State Requirements Vary

It is important to remember that peer review requirements and protections also vary by state, says Sue Boisvert, BSN, MHSA, patient safety risk manager II with The Doctors Company, a malpractice insurer based in Napa, CA. Both organizations involved in a credentialing by proxy arrangement will need to have a good understanding of how individual provider peer review is conducted, how negative findings will be acted on, and with whom the final responsibility for addressing results lies.

“Telehealth claims are rare, as are negligent credentialing and peer review claims. Widespread telehealth use is a recent phenomenon due to COVID-19 and the subsequent easing of federal and state telehealth regulations,” Boisvert says. “More organizations are using telehealth, and it stands to reason that they will also be considering credentialing by proxy. Hence, it is difficult to evaluate what, if any, effect the boom in telehealth utilization and, presumably, credentialing by proxy will have on downstream negligent credentialing and peer review allegations.”

Boisvert notes credentialing by proxy is not a requirement; it is permissible. Therefore, the distant site has to be willing to enter into an agreement with the originating site for credentialing purposes.

A formal agreement in writing is required. Both facilities should work with their governing body and medical staff leadership to secure approval and reflect the process in bylaws, rules, and regulations.

If the originating and distant sites are located in different states, close collaboration and clear lines of authority and responsibility will be necessary to ensure all applicable rules and regulations are appropriately addressed.

“The originating site has the responsibility for ensuring the distant site credentialing process is rigorous and should develop a process to evaluate distant site credentialing quality and efficacy, such as review of credentialing policies and procedures or recredentialing a small provider sample and comparing the results,” Boisvert says. “It is essential to involve the medical staff leadership in the decision process. Originating site providers will need to have a comfortable and collaborative relationship with the distant providers to facilitate safe and effective patient care.”

Helps with New Telehealth Services

Boisvert advises hospitals to conduct a thorough risk analysis that assesses the risks and benefits of relying on credentialing by proxy specific to the organization, the service lines, and the stakeholders.

“If telehealth is a new service for the originating site, using credentialing by proxy provides a good opportunity for the originating site medical staff services to gain competency in the nuances of telehealth credentialing without significant additional workload,” she says. “Credentialing by proxy is attractive when adding additional telehealth providers if the specialties are outside the current capacity of the medical staff credentialing process.”

Consider, for example, a critical access hospital adding remote pediatric cardiology services. Medical staff services may not have the capacity to credential this specialty, and the medical staff may not have the expertise to determine the appropriateness of privileges requested and to evaluate the quality and efficacy of the clinical care provided. “When an originating site is adding a remote service with multiple providers who will rotate through such services as teleradiology or teleneurology, credentialing by proxy may be more expedient,” Boisvert says. “Credentialing is time-consuming and can take months. Credentialing by proxy can speed up the process by several months.”


  1. The Joint Commission. Revised medical staff (MS) chapter requirements. Issued Jan. 20, 2021.