Risk Management Tools & Resources


Risk Perspectives in Telehealth: Credentialing & Privileging

Laura M. Cascella, MA

Risk Perspectives in Telehealth: Credentialing & Privileging

Credentialing and privileging — the processes by which a healthcare organization assesses and confirms the qualifications of a healthcare provider and authorizes the provision of specific services — play an important role in patient safety and high-quality care. These processes are essential for traditional, in-person care as well as for healthcare delivered through telecommunication technology (telehealth).

Although a telehealth provider at a remote location (distant site) will not have the same relationship with a healthcare facility (originating site) as its onsite providers do, the facility still must exercise the same level of due diligence in its screening and selection processes. Individuals accountable for credentialing and privileging must ensure that the distant site practitioner is legally allowed to provide care to the specified patient population, and that he/she is qualified for the scope of services requested.1

Credentialing and privileging can be time-consuming and expensive, often creating a barrier for smaller hospitals and healthcare facilities looking to increase their patients' access to specialty care through telehealth. To address this issue, in 2011, the Centers for Medicare & Medicaid Services (CMS) issued regulations on credentialing and privileging requirements for telehealth practitioners. CMS Conditions of Participation allow the governing body of an organization whose patients are receiving telehealth services to rely on credentialing and privileging decisions made by a distant site hospital or "telemedicine entity," such as a teleradiology group or ambulatory surgery center.2 This process is often referred to as "credentialing by proxy."

Credentialing by proxy helps organizations save time and money, but requirements must be met by both the originating site and the distant site. These requirements are as follows:

  • The two parties must have a written agreement.
  • The distant site must be a Medicare-participating hospital or telemedicine entity.
  • The telehealth provider must be privileged at the distant site.
  • The distant site must provide the originating site with a current list of the telehealth provider's privileges.
  • The telehealth provider must hold a license that is issued or recognized by the state in which the originating site is located.
  • The originating site must conduct an internal review of the telehealth provider's performance and provide this information to the distant site.
  • The originating site must inform the distant site of all adverse events and complaints regarding the services provided by the telehealth provider.3

Credentialing by proxy helps reduce the time and financial burdens associated with the originating site having to duplicate credentialing and privileging processes. However, due diligence and oversight of telehealth services are still essential. The American Society for Health Care Risk Management states "Risk managers at originating- and distant-site hospitals should collaborate with medical staff leaders to confirm that applicable credentialing requirements are in place for their telemedicine providers."4

Additionally, the Center for Telehealth and e-Health Law advises that the governing body at the originating site is responsible for ensuring that the distant site hospital or telemedicine entity is providing telehealth services that comply with CMS Conditions of Participation and other standards for contracted services.5

Beyond federal credentialing and privileging standards, states, accrediting bodies, certifying organizations, and third-party payers also may have credentialing and privileging standards related to telehealth. Healthcare organizations engaged in telehealth activities and programs should be aware of the requirements that apply to them.

For more information about credentialing and privileging of telehealth services, visit the Center for Connected Health Policy and the Center for Telehealth and e-Health Law. For more detailed information about credentialing and privileging in healthcare organizations, see MedPro's guideline on these topics.

1 ECRI Institute. (2015, May 26). Telemedicine. Healthcare Risk Control.

2 42 U.S.C. § 482.12; 42 U.S.C. § 482.22; 42 U.S.C. § 485.616

3 42 U.S.C. § 482.22

4 Russell, D., Boisvert, S., & Borg, J. D. (Eds.). (2018). Telemedicine risk management considerations. The American Society for Healthcare Risk Management. Chicago, IL: ASHRM.

5 Billings, G. (2011, May). Telehealth Credentialing and Privileging Final Rule from Centers for Medicare and Medicaid Services. Center for Telehealth and e-Health Law. Retrieved from http://ctel.org/wp-content/uploads/2011/05/2011-CTeL-Report-Telehealth-Credentialing-and-Privileging-Final-Rule.pdf

MedPro Twitter


View more on Twitter