Delegated credentialing: what the contract actually says.
Delegation agreements with hospitals and health systems can accelerate credentialing — or create a new set of compliance problems. The difference is in what the contract actually delegates and what oversight it requires.
Delegated credentialing sounds like a time-saver. Instead of running primary source verification on every physician at a large health system — verifying licenses, malpractice history, board certifications, DEA registrations, sanction screenings — you accept the health system's credentialing work and rely on their committee approval. The health system has already done the work. You just need to accept it.
In practice, delegation agreements are only a time-saver if you understand exactly what you are accepting and what you still own. We have reviewed delegation agreements that planners assumed covered the full credentialing process — only to discover during an NCQA audit that the health system's program didn't meet the plan's accreditation standard, that the plan's annual oversight audit had never been conducted, and that provider files at the health system were missing elements that the plan was legally required to have. The time saved on the front end created significantly more work on the back end.
Understanding what you're actually agreeing to when you sign a delegation agreement starts with the contract.
What gets delegated — and what doesn't
A well-structured delegation agreement typically delegates the following to the health system:
- Initial credentialing of new providers. When a physician joins the health system, the health system runs the PSV process and their committee approves the provider. The plan accepts that approval.
- Re-credentialing. The health system runs the recredentialing cycle (typically every three years) and the plan accepts the continued approval.
- Primary source verification for the delegated file elements. License, board certification, malpractice coverage, DEA registration — the health system verifies these and the plan does not re-verify independently.
What typically does not get delegated — and where plans sometimes assume wrongly:
- Sanction screening. OIG exclusion list screening and SAM (System for Award Management) checks must be conducted by the plan, not just the health system. Federal exclusion obligations run to the plan, not through the delegate. Run your own sanction screens, on your own schedule, regardless of what the delegation agreement says about the health system's process.
- State license validation for states outside the health system's coverage. A health system in one state may not have a credentialing process that covers multi-state licensure. If your network extends to states the health system doesn't credential for, those licenses are your responsibility to verify.
- The plan's own credentialing committee review for high-risk providers. Some plans retain the right to conduct additional review for providers with adverse history, malpractice claims, or licensure actions — even when those providers have been approved by the health system. Spell this out in the agreement so expectations are clear on both sides.
The oversight requirements
Here is the part of delegation agreements that gets missed most often: delegation doesn't transfer responsibility. It transfers the work. The plan remains responsible for the credentialing outcomes of the delegated program.
NCQA and CMS both require that delegation agreements include an oversight program. At minimum, that means:
- Annual audits of the delegate's credentialing files. You need to pull a sample of the health system's credentialing files, verify that the PSV elements are complete, and confirm that their process meets your accreditation standards. This is a real audit — not a review of a summary report the health system provides.
- Review of the delegate's committee minutes. You need documentation that the health system's credentialing committee is actually functioning — meeting on schedule, reviewing files, making decisions. Committee minutes are the evidence.
- Assessment against your credentialing standards. The health system's credentialing program must meet your standards — not theirs. If you are NCQA-accredited, their program needs to be NCQA-compliant. If their standards are lower than yours, delegation creates a compliance gap.
If an audit finds the delegate's program is non-compliant, you are responsible for the remediation. You can work with the health system to fix the gaps, or you can terminate the delegation and take the credentialing work back in-house. Have a contingency plan for the second scenario. Terminating a delegation agreement mid-year while maintaining network adequacy requires more credentialing capacity than most plans have on standby.
When delegation makes sense — and when it doesn't
Delegation is the right tool in specific situations. It is the wrong tool when the situation doesn't fit, even if it seems like it would save time.
Delegation makes sense when: you are contracting with a large, established health system that has an active, documented credentialing program; the health system's program has been independently verified as meeting your accreditation standards; the majority of your specialists in a market are employed by or affiliated with that system; and you have the internal capacity to conduct annual delegation audits.
Delegation doesn't make sense when: the organization is a small or medium-sized medical group with an informal credentialing process; the health system is in a market where you can't independently verify their program's compliance with your accreditation standard; you need real-time visibility into individual provider credentialing status (delegation agreements typically don't give you that); or you don't have the capacity to conduct annual audits that would hold the delegation in good standing.
The hidden cost of delegation is the audit program. Conducting a meaningful annual audit of a large health system's credentialing program — pulling files, reviewing PSV documentation, checking committee minutes — is time-intensive. Don't enter a delegation agreement if you are not prepared to run the oversight program it requires. A delegated program that hasn't been audited is not a compliant delegated program.
Delegation shifts who does the verification. It doesn't shift who is responsible.
Delegation agreements are a legitimate tool. Use them for large, stable, audited health systems where the economics of full PSV on every physician don't make operational sense. Run your own program for everyone else. The hybrid approach — delegation for major health systems, direct credentialing for independent and small-group providers — is more work to manage than going one way or the other, but it is also where most large plan networks end up. The key is documenting both tracks clearly and staffing the oversight obligations for each.
Ready to start?
Two weeks. A build plan worth running.
Fixed fee, no commitment past the diagnostic. You walk out with a plan — whether you run it with us or not.
Schedule the diagnostic