This new law directs the Florida Department of health (the "Department") to develop standardized forms to be completed by providers licensed under chapters 458 (medicine), 459 (osteopathic medicine), 460 (chiropractic medicine), and 461 (podiatric medicine). These forms will allow the "core credentials" of providers to be collected and maintained without unnecessary duplication. Core credentials include such information as professional education and training; peer references; licensure; social security number; board certification; hospital and managed care organization affiliations; professional society memberships; claims, suits judgments, or settlements; Medicare or Medicaid sanctions; civil or criminal law violations; and practitioner profiling data. Providers are to return the forms to the Department and may also submit the form to a "credentials verification entity" (CVE) of the provider's choice.
CVEs must be accredited by a national quality assurance program such as the Joint Commission on Accreditation of Health Care Organizations (JCAHO) or the National Committee for Quality Assurance (NCQA). The statutorily conceived CVEs are to verify and report a provider's core credentials at the request of a health care entity whenever a provider applies for privileges with that health care entity. The term "health care entity" is broadly defined and includes any licensed or certified Florida health care facility or organization, any entity licensed by the Department of Insurance as a prepaid health care plan or health maintenance organization, and any insurer providing health care coverage through a provider network. Health care entities may obtain credentialing data from the Florida Department of Health's Division of Medical Quality Assurance (The "Division") or the provider appointed CVE. The law prohibits health care entities from requesting credentialing data from providers and primary sources if it is part of the core credentialing data maintained by the Department or the provider appointed CVE. However, if credentialing data in addition to that recorded by the Division or the provider appointed CVE is required by a health care entity's credentialing process, then that entity may collect that information itself, or request a contractee or the provider designated CVE to collect the necessary information.
Health care entities that rely on data obtained from CVEs or the Division are insulated from civil, criminal, and administrative liability. Instead, CVEs are liable for reporting inaccurate credentialing data to health care entities. Therefore, the statute requires CVEs to carry liability insurance. This shift in liability from health care entities to CVEs for negligent credentialing is perhaps the most significant aspect of the new legislation.
The House Committee on Health and Human Services Appropriations and the House Committee on Health Care Standards and Regulatory Reform both anticipate that costs for utilizing Department and CVE credentialing services will be borne by users of the system. Although the law does not allocate costs between providers and health care entities, the House committees predict that both providers and health care entities alike will enjoy considerable savings that will exceed the utilization costs of the new standardized credentialing process.
In the past, public dissemination of credentialing data was resisted by provider organizations because the broad scope of such disclosure was perceived to be overly intrusive. Last Year the legislature succeeded in passing section 455.565, Florida Statutes (1997), which provides for the reporting of credentialing data to the Department (commonly referred to as "profiling"), and authorizes public access to that information. This year's legislation takes disclosure one step further by allowing private entities to compile and maintain this data. However, the new law includes adequate privacy safeguards and ensures the accuracy of reported data by requiring accreditation of CVEs and instituting a thirty day period for physicians to review the data in the form in which it will be released. Furthermore, providers are not required to appoint CVEs to maintain their credentials. In any event, provider-credentialing data will already be publicly available from the Department pursuant to section 455.565, Florida Statutes (1997). Therefore, the new legislation does not increase the intrusiveness, or impact the potential accuracy, of the disclosure requirements for credentialing data as they existed under previous law.