Erin Muellenberg, Shareholder, Polsinelli, LLP

Credentialing: The Cornerstone of a Health Care Organization’s Enterprise Risk Management Program

By Erin Muellenberg
Shareholder, Polsinelli, LLP
By Ryan McAteer
Health Care Associate, Polsinelli, LLP

Original Publish Date: January 9, 2018

The process of obtaining, thoroughly verifying and assessing the qualifications of a physician or other provider prior to granting clinical privileges is vital to a health care organization’s ability to provide safe, effective and quality medical care. Credentialing can be performed at several levels ranging from simply verifying training to seeking substantive and original source information regarding all aspects of the practitioner’s training, experience and current competence. Failing to take credentialing beyond the minimum of simple verification can result in severe consequences, including financial and reputational loss, third party liability, civil and monetary fines, and even criminal penalties. When done at the deeper level, the credentialing process should result in better care, improved clinical outcomes and enhanced positioning in the marketplace. Thorough credentialing combined with routine and regular monitoring of a health care organization’s physicians and other providers is crucial to the well-being and growth of the organization.

Recent cases demonstrate how the deeper level of credentialing may avoid situations which have led to negative impacts on health care organizations and can assist in identifying avoidance strategies to limit similar exposures in the future.

The case of a neurosurgeon practicing at a highly recognized Texas medical center

In summer 2011, a doctor was recruited to a highly recognized medical center in Texas with a substantial relocation package and income guarantees. After accepting the offer, the doctor was then credentialed by the hospital medical staff. A recommendation letter from his residency training stated that “his work ethic, character, and ability to get along with others were beyond reproach.”¹ Notably, there were no comments about his surgical skills, judgment or competence. Although he had not been in clinical practice for over one year after completing his training, the doctor was granted neurosurgical privileges to operate on patients at the center.

After maiming and killing several patients and encountering complications in almost every surgery, the doctor was summarily suspended and then reinstated in an apparent deal to provide him an opportunity to resign. He was never reported to the National Practitioner Data Bank and the medical center’s reference letter stated that at the time of his resignation there were no open investigations or actions. Although the doctor resigned from the medical center under questionable circumstances, within three months he was recruited and granted temporary privileges at another highly recognized medical center in Texas. The doctor performed three surgeries, all with complications, leaving one patient dead from post-operative bleeding after a simple spinal procedure and another patient was left paralyzed. He was suspended from the second medical center and only after several more months and multiple complaints to the Texas Medical Board was his license suspended in July 2013.²

In a highly unusual move, the Dallas District Attorney filed criminal charges against the doctor. Following a lengthy trial he was found guilty and in February 2017, the doctor was sentenced to life in prison for first degree felony aggravated assault and other criminal charges. Prior to his summary suspension the doctor performed 49 surgeries on 39 patients at hospitals in Texas. Many procedures were later characterized as offering no medical benefit or left patients in pain, incapacitated, or dead. It was also discovered that during residency, the doctor was suspected of drug use and sent to an impaired physician program in addition to being prohibited from operating alone for the last six months of his residency. During the criminal investigation it was learned that the night before a spinal procedure that left a man a quadriplegic, the doctor was consuming a variety of drugs and alcohol, including cocaine and methamphetamines.

Following a string of life-changing complications at the hands of the doctor, various lawsuits have been filed by patients operated on by the doctor against the medical center and its parent company for negligent credentialing and other tort theories.

This case identified several learning opportunities:

The doctor’s curriculum vitae included a Ph.D. which was never verified and later turned out to be false. If caught, this initial misrepresentation should have raised a red flag that would have led to a denial of his application for failure to meet the ethical standards required of the profession.
Presumably, there was no contact with the director of the doctor’s training program or it would have become known that he had been referred to the impaired physician program and had been restricted from operating alone the last six months of training.
All credentialing applications ask the applicant to answer certain questions including whether there had been any prior disciplinary action or restrictions. The doctor’s inability to operate alone was a clear restriction but apparently was not disclosed when he completed the application.³ Had the program director been contacted the hospital would have discovered the presumed misrepresentation regarding disciplinary actions and could have denied his application based on failing to meet the required ethical standards.
A recruitment package was offered to the doctor before his credentials were cleared. As a best practice, recruitment offers should be contingent on successful completion of credentialing.
The doctor was permitted to resign under questionable circumstances without a report to the Texas Medical Board or National Practitioner Data Bank, clearly contrary to reporting requirements. The Healthcare Quality Improvement Act provides immunities from damages for reporting and taking proper disciplinary action. Reporting should always be done when required to protect patients at the next hospital.

The case of a fraudulent OBGYN practicing at a Maryland health care facility

In October 1991, a man entered the United States on a nonimmigrant visa. Using other names and false identifying information, he obtained three fraudulent social security numbers and used them to obtain certifications from the Educational Commission for Foreign Medical Graduates (ECFMG)⁴ to practice medicine and get into a residency program in the United States.⁵ The certifications were later suspended or revoked, and he was dismissed from a residency program after officials learned the social security number he used did not belong to him. Later, using a fourth social security number, the man completed a U.S. residency program and obtained a medical license in Maryland under a different name. He practiced obstetrics and gynecology, seeing at least 1,000 patients and performing some 500 C-sections at a health facility in Maryland. After applying to the Medicare program in 2014 and being denied for use of a false social security number, a search warrant was executed on his home resulting in the discovery of other fake numbers and fake passports. The man was arrested and in November 2016 he pled guilty to misuse of a social security number. With a plea agreement in place he was sentenced to six months in prison followed by six months home detention and three years’ probation.

The facility now faces a class action suit in federal court brought by patients claiming that they underwent unnecessary cesarean deliveries performed by the fraudulent OBGYN and that the facility knew or should have known that he was not a real doctor.⁶

This case again emphasizes the importance of thorough credentialing:

Fundamental to credentialing is preparing a chronology of a practitioner’s training and subsequent practice. That chronology is initially prepared using the information supplied by the applicant but then is compared with the information received. Any discrepancies are identified and the practitioner is provided an opportunity to supplement the application. If the gap is not explained, the veracity of the applicant should be considered in reaching further credentialing decisions.
Consider adding a requirement that practitioners be Medicare-enrolled or eligible. This may identify individuals who have been excluded, dropped before exclusion or who are otherwise not qualified or eligible.
The credentialing background check should include verification of social security numbers to avoid fraudulent activity.

Universal Health Services, Inc. v. United States, ex.rel. Escobar

In Universal Health Services, Inc. v. United States, ex.rel. Escobar the parent of a teenager who had died while under the care of a mental health facility filed a whistleblower action. Using a unique theory they claimed that the facility had violated the False Claims Act when they billed for services and did not comply with regulatory requirements. Specifically, Massachusetts’s Medicaid regulations required the mental health facility to be staffed by individuals properly licensed and qualified. However, this facility was staffed by individuals not qualified, including a director who had obtained her doctorate online and failed the licensing exam three times. Similarly, the counselors treating the teenager were not properly certified and it was learned that the individual billing numbers for the practitioners had been fraudulently obtained.

In a move that has caused considerable angst, the Supreme Court decided that a False Claims Act violation can be present when certain regulatory violations exist because the billing provider is impliedly certifying regulatory compliance each time a bill is submitted. The Court cautioned that the regulatory violation must be material to the government’s decision to pay before a violation would be found. This case illustrates that if thorough credentialing had been performed the Supreme Court likely would not have had a basis for its action because the unlicensed and unqualified individuals would not have been practicing at that facility.

Key Strategies to Avoid Liability

Health care organizations are responsible for the care rendered by their providers through accreditation, statutory and regulatory requirements and can be held liable under negligent credentialing claims and the False Claims Act. To that end, there are several key strategies that can be utilized to avoid liability:

Develop, continuously review and update a credentialing policy.
When credentialing and privileging providers, look for red flags that might require additional follow-up such as unexplained gaps in training or practice, frequent practice relocation, incomplete applications or suspicious attestations, resignations or withdrawal of applications for appointment or reappointment, reports to the National Practitioner Data Bank or state licensing agencies, suspensions or other limitations on privileges, patient complaints, formal and informal reports on clinical competencies and/or behavioral issues, and any other actions or items that seem abnormal.
Review reference letters and seek substantive comments from training programs and prior institutions regarding the applicant.
Don’t assume that the lack of a licensing action or report to the National Practitioner Data Bank confirms that a physician or other practitioner is a competent clinician. Always obtain substantive comments from individuals who have observed and worked with the practitioner.
If issues with clinical competencies, ethics, character, or impairment are identified, whether they are new applicants or already on staff, manage these issues by referring providers to well-being or other medical staff committees, requiring fitness to practice reports from accredited third parties and/or clinicians, or executing behavior agreements setting boundaries for providers and requiring certain actions.
If major problems are identified, do not hesitate to take reasoned and warranted action, including denying an application for appointment or reappointment, suspension, termination, and mandatory reporting under state laws. Consult with your attorney prior to taking such actions.
Regularly examine credentials and ensure that practitioners can perform services competently to the satisfaction of members or committees of the medical staff under state laws and federal regulations.
Share information internally and externally to allow for educated decision making and credentialing. Note, without information sharing agreements or other legal documents some state laws provide that certain information is privileged and confidential and cannot be shared (e.g., peer review information, settlement agreements, unsubstantiated complaints, defamatory information, etc.).

Although the credentialing and privileging process can be challenging, a thorough and methodical process is key to avoiding pitfalls that could subject a health care organization to civil and potentially criminal liability. Hospitals and health care organizations should consult with legal counsel when creating these policies and procedures and developing a plan to minimize credentialing risks.

¹ "Dr. Death." Matt Goodman, D Magazine (Nov. 2016).
² "Anatomy of a Tragedy." Saul Elbein, Texas Observer (Aug. 2013).
³ Credentialing applications are generally part of the hospital’s peer review process and are protected under state statutes. None of the public documents or court filings contained a copy of his file but we presume he did not disclose the action since he was admitted to the medical staff without restrictions.
⁴ The ECFMG verifies medical school graduation and assesses the readiness of international medical graduates to enter into residency or fellowship programs in the United States that are accredited by the Accreditation Council for Graduate Medical Education.
⁵ "Bowie Man Pleads Guilty to Misusing a Social Security Number to Fraudulently Obtain a Medical License." Press Release, The United States Attorney’s Office District of Maryland (Nov. 2016).
⁶ Russell et al. v. Dimensions Health Corp., United States District Court of Maryland, Case Number 8:17-cv-03106.

About the authors: Erin Muellenberg is a health care attorney with Polsinelli LLP who counsels health care providers on medical staff and regulatory matters, licensing, accreditation, credentialing, peer reviews, and the full spectrum of compliance issues. Ryan McAteer is a health care attorney with Polsinelli LLP who focuses on physician alignment and other strategic affiliations, hospital and facility mergers and acquisitions, medical staff matters and other health care regulatory issues. Contact Erin at emuellenberg@polsinelli.com or 310.203.5322. Contact Ryan at rmcateer@polsinelli.com or 310.203.5368.