Credentialing & Privileging | 06.10.26
Credentialing Red Flags: When to Escalate, Pause, or Proceed
By Sara Collins, CPCS, CPMSM, CPPS
Credentialing professionals operate at the intersection of patient safety, regulatory compliance, and organizational risk. Each day, we review files containing malpractice settlements, licensure actions, peer references, disclosure discrepancies, and performance concerns. Most findings are routine. Some are not.
It’s important to remember that not every finding is a red flag, but every red flag demands action. The challenge lies in knowing when to escalate, when to pause, and when to proceed, while also being able to justify each decision under regulatory scrutiny.
Credentialing is not merely an administrative function. It is a governance safeguard and governance requires disciplined analysis.
Viewing Red Flags Through the Regulatory Lens
Both the Centers for Medicare & Medicaid Services (CMS) and Joint Commission (JC) make clear that credentialing decisions require more than document collection.
CMS places ultimate responsibility for the quality of care on the Governing Body. That responsibility includes verifying qualifications, evaluating competence, and ensuring ongoing oversight. Nowhere does CMS suggest that simply assembling documents satisfies that obligation.
Similarly, Joint Commission standards emphasize deliberate evaluation. A completed checklist does not demonstrate thoughtful governance. Surveyors often ask:
- How was this information analyzed?
- What triggered further review?
- What rationale supported the decision?
In negligent credentialing litigation, liability rarely stems from something no one knew. More often, it arises from something that was known and documented but not thoroughly evaluated. Plaintiff attorneys routinely center their case on one phrase: “You knew.”
The defensible response is, “We knew. We analyzed.We acted appropriately.” That response requires structure.
Not Every Finding Is a Red Flag
Credentialing files frequently contain informational findings such as:
- A single malpractice settlement from many years ago.
- A dismissed licensure inquiry.
- A verified gap in practice.
- A resolved professionalism concern.
These items warrant review and documentation, but they do not automatically require escalation. Overreaction can be as problematic as underreaction. Automatic escalation of every isolated issue creates inconsistency, undermines fairness, and dilutes attention from genuine risk.The critical question becomes, “What differentiates informational findings from true red flags?”
A Structured Differentiation Model
One practical way to reduce subjectivity is to apply a three-tier differentiation framework of green, yellow, and red.
Green: Informational
Green findings are:
- Isolated.
- Remote in time.
- Fully disclosed.
- Low clinical significance.
Green does not mean “ignore.” It means review, document, and proceed.
Yellow: Concerning/Pause
Yellow represents emerging uncertainty:
- An emerging pattern.
- Increasing frequency.
- Guarded or incomplete explanations.
- Moderate clinical concern.
Yellow calls for pause. Clarification may be needed and/or additional verification may be appropriate. This is the point where disciplined evaluation matters most. Underreaction creates exposure while premature escalation creates inconsistency.
Red: Escalation Trigger
Red findings involve:
- Established patterns.
- Recent and clinically significant events.
- Failure to disclose required information.
- Multiple corroborating concerns.
- Ongoing investigations or restrictions.
At this level, the file moves beyond routine processing and becomes a governance decision. Escalation is not punitive. It is protective of patients, the medical staff, the organization, and even the physician’s due process rights.
Applying TSR: Time, Severity, Relevance
To further bring clarity and consistency to decision-making, consider applying a three-part lens of time, severity, and relevance (TSR).
Time
- How recent are the events?
- Is there clustering within a short timeframe?
- Did events occur during independent practice or medical training?
Three claims over 20 years do not carry the same weight as three claims within 24 months. Recency and acceleration often signal increased risk.
Severity
- Was there patient harm?
- Was there deviation from the standard of care?
- Were privileges restricted?
- Was reporting required (e.g., to the National Practitioner Data Bank (NPDB)?
Not all settlements reflect the same level of clinical concern. Severity matters.
Relevance
- Does the concern relate directly to the privileges requested?
- Is it the same specialty or procedure?
- Is the behavior or clinical issue likely to recur within the proposed scope of practice?
Relevance ensures that escalation decisions remain anchored to patient safety within the clinical context, not general discomfort.
The Escalation Pathway: Structure Protects Process
When escalation is warranted, it should follow a defined pathway aligned with medical staff bylaws and organizational policy. Consider the below pathway:
- Clear documentation of facts, dates, and objective findings.
- Review by medical staff leadership (department chair, credentials committee, chief of staff, or chief medical officer (CMO).
- Advancement to the Medical Executive Committee when thresholds are met.
- Early engagement of legal counsel when due process or organizational risk is implicated.
- Governing Body involvement when required under CMS accountability standards.
Consistency is critical. Legal counsel often focuses not on the substance of one case, but on whether similar cases were treated similarly. Inconsistency creates discoverability and discoverability drives liability. Escalation must therefore be structured, documented, and aligned with bylaws and precedent. When these elements are present, the organization is protected.
Communication: Moving from Instinct to Analysis
Escalation discussions should be anchored in objective data rather than subjective discomfort. Instead of saying, “I’m uncomfortable with this,” say, “There are three similar malpractice settlements within a four-year period, and one was not disclosed on the application.”
Anchor recommendations in policy, such as, “Under our medical staff policy, this pattern meets criteria for Credentials Committee review.” This shifts the conversation from opinion to governance process.
Executives and legal counsel are not asking whether a physician is good or bad. They are asking whether the organization’s process is defensible. Structure turns instinct into analysis. Analysis creates defensibility.
Final Thoughts
Every credentialing file represents a decision that carries implications for patient safety, professional integrity, and organizational risk. When credentialing professionals apply a consistent framework and analyze findings through the lens of TSR, decisions become disciplined rather than reactive. Disciplined decisions protect everyone involved.
Credentialing is governance in action. When we evaluate thoughtfully, document clearly, and escalate appropriately, we strengthen not only our processes, but the integrity of the healthcare system itself.
Sara Collins, CPCS, CPMSM, CPPS
Sara Collins, CPCS, CPMSM, CPPS serves as assistant vice president of professional medical affairs for Lifepoint Health, where she provides enterprise oversight of medical staff governance, credentialing and privileging, peer review, and regulatory compliance across a multi-state health system. She leads strategic initiatives focused on risk mitigation, standardized evaluation frameworks, and defensible governance practices.
Sara is an active member of the National Association Medical Staff Services (NAMSS)
and also serves on the American Telemedicine Association’s Policy and Leadership Councils and NAMSS Courses Subcommittee. She is passionate about strengthening the role of credentialing professionals as critical partners in patient safety and organizational protection.