DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.
Introduction
This article discusses what activities constitute "credentialing activities" under HIPAA.
What are Healthcare Operations Activities?
"Healthcare operations" activities under HIPAA are certain administrative, financial, legal, and quality improvement activities of a covered entity that are necessary to run its business and to support the core functions of treatment and payment.
Healthcare operations activities may include, among other activities, "Reviewing the competence or qualifications of health care professionals, evaluating practitioner and provider performance, health plan performance, conducting training programs in which students, trainees, or practitioners in areas of health care learn under supervision to practice or improve their skills as health care providers, training of non-health care professionals, accreditation, certification, licensing, or credentialing activities."
What are Credentialing Activities?
According to the National Institutes of Health (NIH), credentialing is the process of assessing the academic qualifications and clinical practice history of a healthcare provider. According to the NIH, "In general, any licensed, independent healthcare professional who has been permitted by law and regulated by a licensing organization to provide services and care without supervision or direction within the scope of the individual’s license, needs to be credentialed."
Credentialing activities may include (among other activities):
1. Verification of identity
2. Verification of current licensure, registration, or certification
3. Verification of education and training
Who Performs Credentialing Activities?
The purpose of accreditation and credentialing is to establish and enforce standards to ensure provider qualifications and competence.
Several organizations are involved in credentialing healthcare providers, including government agencies like the Centers for Medicare & Medicaid Services (CMS), as well as private accreditation bodies, including the National Committee for Quality Assurance (NCQA), the Utilization Review Accreditation Commission, and perhaps the most well-known of private accreditation bodies, The Joint Commission (formerly JCAHO).
Healthcare insurance companies, including large insurers like Aetna and United, also perform accreditation activities.
How is Credentialing Regulated Under HIPAA?
Credentialing may be considered to be a business associate function if a business associate credentialing body creates, receives, maintains, and/or transmits PHI to a covered entity for or on behalf of that covered entity.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article