Telehealth Credentialing and Privileging for Health Systems

Before a physician can treat a patient at a hospital, that hospital must verify the physician is who they say they are, can do what they claim to do, and is licensed to practice where the patient is sitting. That process — credentialing and privileging — predates telehealth by decades. What telehealth did was expose how poorly the process scales when a cardiologist in Cleveland is reading an echocardiogram for a patient in rural Montana without ever setting foot in the Montana facility. This page covers how credentialing and privileging apply to telehealth delivery, the regulatory frameworks that govern it, and the practical decision points where health systems must choose between competing compliance paths.

Definition and scope

Credentialing is the verification process: confirming a provider's education, training, licensure, board certifications, malpractice history, and clinical competence. Privileging is the authorization step that follows — the formal grant of permission to perform specific clinical activities within a specific organization.

In a traditional inpatient setting, both processes happen at the hospital where the patient receives care. Telehealth breaks that assumption. When a distant-site physician delivers care via live video to a patient at an originating-site facility, one of two things must happen: the originating-site hospital credentials and privileges the distant provider independently, or it uses a streamlined pathway that relies on the distant provider's home institution.

The Joint Commission, which accredits roughly 22,000 healthcare organizations in the United States (The Joint Commission, 2024), and the Centers for Medicare & Medicaid Services (CMS) both address telehealth credentialing in their standards — and they don't always align perfectly, which is the kind of bureaucratic situation that keeps compliance officers employed.

CMS Conditions of Participation at 42 CFR §482.12(a) allow hospitals to credential and privilege telemedicine physicians using a "credentialing by proxy" model, in which the originating site relies on the distant site's credentialing decisions rather than conducting its own full review.

How it works

The credentialing-by-proxy pathway, formalized under CMS rules, requires a written agreement between the originating-site hospital and the distant-site entity. That agreement must specify:

  1. The distant site is a Medicare-participating hospital or telemedicine entity that meets CMS standards.
  2. The distant site's credentialing and privileging decisions are made by a medical staff that follows a credentialing process equivalent to the originating site's own standards.
  3. The originating site's governing body approves the use of the proxy pathway.
  4. The distant-site entity provides the originating site with a current list of the distant provider's privileges.
  5. The originating site's medical staff reviews performance data on distant providers at least every 2 years — the same cycle required for standard privilege renewal.

This framework shifts the credentialing burden upstream to the distant site. For a health system running a telestroke program across 12 community hospitals, that consolidation is operationally essential. Without it, each of those 12 hospitals would need to independently process, verify, and maintain credentials for every neurologist on the program — a paper trail that could slow stroke response times in ways that have direct clinical consequences.

The Joint Commission's telemedicine credentialing standards, published in its Hospital Accreditation Standards, mirror the CMS proxy model but add the requirement that the originating site's medical staff be the body granting privileges — a distinction that matters during accreditation surveys.

Common scenarios

Three deployment patterns dominate how health systems encounter these rules in practice.

Hub-and-spoke telemedicine networks — A health system operates a central hub hospital with specialized physicians who provide services to smaller spoke facilities. The spoke hospitals use credentialing by proxy, relying on the hub's credentialing decisions. This model is common in teleICU programs and telestroke networks.

Third-party telemedicine vendor arrangements — A hospital contracts with an external telemedicine company whose physicians provide after-hours emergency coverage. Here, the vendor functions as the distant site. The written agreement must still meet CMS standards, and the vendor must demonstrate an equivalent credentialing process. This is where gaps frequently appear — vendor contracts that are detailed on billing terms but thin on credentialing equivalency documentation.

Cross-state specialist consultations — A pediatric subspecialist licensed in one state consults on patients at a facility in a different state. The credentialing question intersects with telehealth state licensure requirements: the provider must hold a license valid in the patient's state before privileges can be granted at all. State licensure compacts like the Interstate Medical Licensure Compact, which had enrolled 40 participating states and territories as of 2024 (IMLC, 2024), reduce friction here but don't eliminate the privileging step.

Decision boundaries

The central decision point for health systems is whether a given telehealth arrangement qualifies for credentialing by proxy or requires independent credentialing.

Proxy is available when: the distant site is a Medicare-participating hospital, the written agreement is in place, and the arrangement involves a physician or practitioner providing clinical services to the originating site's patients.

Proxy is not available when: the distant provider is employed directly by the originating hospital (full independent credentialing applies), the distant site is not a Medicare-participating entity, or the arrangement involves non-clinical telemedicine services like administrative consultation.

For telehealth billing and coding purposes, the credentialing status of the rendering provider also affects which claims can be submitted and under which provider number — so a privileging gap doesn't stay contained in the credentialing department for long.

Health systems building or expanding telemedicine programs should treat credentialing infrastructure as a prerequisite, not a compliance afterthought. The telehealth provider guide covers the broader operational setup, while the regulatory landscape shaping all of these decisions is mapped across nationaltelehealthauthority.com.

References