Contact Us

Privacy Policy

Homepage / Privacy Policy
Table of Contents

Dr. Credentialing is committed to safeguarding the confidentiality, integrity, and security of provider and organizational information entrusted to us. As a healthcare credentialing, enrollment, and compliance services provider, we process sensitive professional, regulatory, and financial data necessary to secure payer participation and maintain regulatory compliance.

This Privacy Policy describes how we collect, use, store, and protect information in accordance with applicable federal and state laws, including the Health Insurance Portability and Accountability Act (HIPAA), the HITECH Act, CMS data security standards, and applicable privacy regulations. 

Our policies and operational controls are designed to ensure that information is handled responsibly, accessed only by authorized personnel, and protected against unauthorized disclosure, misuse, or loss.

Scope of This Privacy Policy

This Privacy Policy applies to information collected and processed through:

  • Credentialing and enrollment service engagements
  • Website inquiries and contact forms
  • Client onboarding and service agreements
  • Provider data submissions and compliance documentation
  • Secure electronic communications and document exchanges
  • Third-party payer portals and regulatory systems used on behalf of clients

This policy governs how information is handled throughout the lifecycle of credentialing, enrollment, compliance monitoring, and ongoing provider data management.

Information We Collect

To deliver credentialing, enrollment, regulatory, and compliance services, we collect information necessary to verify qualifications, establish payer participation, and maintain billing eligibility.

Provider Professional Information

We collect detailed professional credentials to support payer verification and regulatory compliance.

  • Full legal name, prior names, and demographic identifiers
  • National Provider Identifier (NPI) and taxonomy codes
  • State licensure numbers, issue dates, and expiration details
  • DEA registration and controlled substance authorizations
  • Education, training, residency, and fellowship history
  • Board certifications and specialty credentials
  • Work history and professional references
  • Hospital affiliations and privileging history

Business & Organizational Information

We collect business data required for payer contracting, enrollment, and financial processing.

  • Legal business name and structure documentation
  • Employer Identification Number (EIN) and tax documentation
  • Group NPI (Type II) registration data
  • Practice locations, service sites, and contact details
  • Ownership disclosures and managing employee information
  • Banking and financial information for EFT enrollment
  • Provider rosters and demographic standardization records

Regulatory & Compliance Information

We maintain compliance documentation required by federal and commercial payers.

  • CAQH profile and attestation records
  • PECOS and NPPES registry information
  • Medicare and Medicaid enrollment documentation
  • Sanction and exclusion screening results (OIG LEIE, SAM, OFAC)
  • CMS certification and state regulatory approvals
  • Accreditation documentation and survey readiness materials

We collect only the information necessary to perform contracted services and maintain compliance with payer and regulatory requirements.

How We Use Information

Information is used solely to support credentialing accuracy, payer participation, regulatory compliance, and billing readiness.

Credentialing & Verification Functions

  • Perform primary source verification of education, training, and licensure
  • Conduct sanction and exclusion screenings required by payers
  • Validate provider qualifications for network participation

Enrollment & Network Participation

  • Submit Medicare, Medicaid, and commercial payer applications
  • Maintain CAQH accuracy and payer directory listings
  • Support participation in government, commercial, and specialty networks

Compliance & Regulatory Requirements

  • Maintain audit-ready credentialing files and compliance documentation
  • Support CMS certification, accreditation, and regulatory approvals
  • Monitor recredentialing and revalidation deadlines

Billing & Financial Activation

  • Facilitate EDI, ERA, and EFT enrollment processes
  • Support claims payment setup and remittance workflows
  • Maintain provider data accuracy to prevent claim holds

Information is never sold or used for unrelated marketing purposes.

HIPAA Compliance & Protected Health Information (PHI)

Dr Credentialing operates in accordance with HIPAA administrative, physical, and technical safeguard requirements. While our services primarily involve provider and organizational data rather than patient records, limited Protected Health Information (PHI) may be encountered when required for payer enrollment or compliance documentation.

HIPAA Safeguards Implemented

Administrative Safeguards

  • Workforce training on HIPAA privacy and security requirements
  • Role-based access controls limiting data access to authorized personnel
  • Confidentiality agreements and compliance accountability policies
  • Incident response protocols and breach notification procedures

Technical Safeguards

  • Secure document transmission and encrypted data storage
  • Multi-factor authentication and access monitoring
  • Secure password protocols and system access controls
  • Audit logs and system activity monitoring

Physical Safeguards

  • Secure work environments and device protection protocols
  • Controlled access to systems and credentialing records
  • Secure document storage and disposal procedures

If PHI is processed on behalf of a covered entity, a Business Associate Agreement (BAA) is executed when required.

How We Share Information

We share information only when necessary to fulfill credentialing and enrollment services or comply with legal obligations.

Authorized Disclosures May Include

  • Medicare, Medicaid, and commercial insurance payers
  • Credentialing verification organizations (CVOs)
  • Accreditation bodies and regulatory agencies
  • Hospitals and medical staff offices for privileging
  • Clearinghouses and billing system integrations

Disclosure Principles

  • Information is shared only as required to complete services
  • Minimum necessary standards are applied to all disclosures
  • Data is transmitted using secure and compliant methods

We do not sell, rent, or trade provider or organizational information.

Data Security & Protection Measures

We maintain comprehensive safeguards to protect sensitive information from unauthorized access, disclosure, or misuse.

Security Practices Include

  • Encrypted file storage and secure document transfer protocols
  • Restricted system access based on role and service requirements
  • Continuous monitoring for unauthorized access attempts
  • Secure credential storage and password management practices
  • Regular system updates and security risk mitigation measures

These safeguards are designed to protect data integrity and confidentiality throughout the credentialing lifecycle.

Data Retention & Record Management

We retain information only as long as necessary to fulfill contractual, regulatory, and compliance obligations.

Retention Practices

  • Credentialing and compliance records maintained for audit readiness
  • Retention periods aligned with payer, CMS, and regulatory requirements
  • Secure archiving of inactive records
  • Secure destruction of records when retention periods expire

Retention policies ensure compliance while minimizing unnecessary data storage.

Your Privacy Rights & Responsibilities

Healthcare organizations and providers maintain rights regarding their information.

You May Request

  • Updates or corrections to provider or organizational data
  • Confirmation of information maintained on your behalf
  • Secure transfer of credentialing records when authorized
  • Information regarding how your data is used or disclosed

Providers and organizations are responsible for supplying accurate information and promptly reporting updates to maintain compliance and billing eligibility.

Website Data & Cookies

Our website may collect limited technical information to improve functionality and user experience.

Information Collected Automatically

  • IP address and browser type
  • Pages visited and time spent on site
  • Device and system information

This information is used for site performance monitoring and is not linked to credentialing data.

Policy Updates

We may update this Privacy Policy periodically to reflect regulatory changes, operational improvements, or security enhancements. Updated versions will be posted with a revised effective date.