Special Report: Credentialing

Beware of human error in CVE reports

We must depend on ourselves’

Even though credentials verification entities (CVEs) are committed to using "due diligence" when performing primary source verification of credentialing information submitted to them, both Linda Nash, MD, medical director at Ingham Regional Medical Center in Lansing, MI, and Patrick Reymann, JD, an attorney with Buckingham, Doolittle & Burroughs in Akron, OH, say they are uncomfortable with the idea of a hospital relying on an agency for verification.

"You can’t take anyone else’s word that credentials are valid," Nash says. Even when everything else appears to be in order, "you have to go right to the source and verify information yourself." She advises that if you must delegate credential verification, be absolutely sure that your hospital and the entity to which you are delegating primary verification share a common understanding of what "primary verification" means. Look at the firm’s policies and procedures spelled out in detail.

Fraud was caught by primary verification

Nash’s meticulous work led to the apprehension of a fake doctor this past summer — a man who practiced medicine for more than 10 years despite the fact that he never went to medical school. The man faces charges of fraud, has been fined, and may have to serve time in prison for his actions. If it weren’t for Nash’s strict policy of not relying on others for credential verification, the man might have gone on treating and performing surgery on unsuspecting patients and exposing her facility to malpractice liability. Ingham Regional conducts annual audits of its credentialing process when staff review files to ensure thoroughness.

Hospital Peer Review asked Nash if she thought Florida’s new statute mandating a standardized credentials verification program will be good or bad for states that adopt it. (See related story, p. 1.) "Knowing what I know now, if such a statute were in force in my state, I would insist on spot checking and running periodic random audits of the agency holding the information," she replies.

Reymann offers this warning: "The fact that the [Florida] statute mandates that CVEs do primary source checking doesn’t mean every one does or will. You have to allow for human error." When a physician moves from hospital A to hospital B, the information supplied by hospital A should be accurate. "But if I were the lawyer for hospital B," Reymann says, "I’d say to my client, I’m nervous about your relying on that information. If they’ve done their job, great. But if not, what’s your liability?’" The Florida statute shields hospitals from liability for reliance on any data obtained from a CVE, but how narrow is the information coming in, and how good is it?

"What about the information that’s not in there?" asks Reymann. "The hospital gets immunity if it relies upon information it gets, but is the information complete? Can I feel comfortable that the first hospital knows about all the doctor’s malpractice cases? How broad is the immunity?"

Reymann says the same goes for reliance upon the National Practitioner Data Bank (NPDB). He strongly advises against any hospital relying fully on information found there. "Hospitals don’t report everything, and things do get fudged," he says. "Hospitals should do their own independent review, because the NPDB doesn’t give them any statutory immunity. The data bank is no more than a source of information."

Reymann says he’s skeptical about any single-source verification system. "I don’t have a problem with eliminating redundancy — that’s what the AMA is trying to do with its program too — but I would rather the system were dealing with general qualifications for medical staff membership, such as where the physician went to school, whether he or she is licensed in the state, whether he or she has DEA [federal Drug Enforcement Administration] registration, even whether he or she has had disciplinary actions by the state. Those are points of information that it would be great to have in one place — the basic 101 of credentialing." But when you get into other people’s opinions of a doctor’s clinical ability and judgment, no bank can tell you that, he says. "A data bank cannot be wholly comprehensive for the entire credentialing process. All it can do is give objective outside data."

In Reymann’s opinion, the further there is a movement away from general qualifications in the credentialing process, the less relevant the databank is. "I’m not comfortable with a hospital relying on anyone but itself for information. Reliance upon the centralization of information makes me back-check to ask where it comes from and how broad a net was cast."

Hospital Peer Review asked the attorney if hospitals outside Florida enjoy the same liability shield as do Florida hospitals. "Florida cannot give another state immunity," he says. "Outside entities can access information, but they can’t get immunity."