Credentialing in Healthcare: The Complete Guide for Long-Term Care Facilities, SNFs, CCRCs and ASCs

What Is Credentialing in Healthcare?

Credentialing in healthcare is the formal process of verifying that healthcare providers — and the facilities that employ them — meet the qualifications, licensure, training, and compliance standards required to deliver safe, high-quality care.

It is not a one-time event. It is an ongoing operational function that determines whether your facility can legally bill Medicare and Medicaid, pass a regulatory survey, and defend itself against fraud liability. For long-term care facilities, nursing homes, skilled nursing facilities (SNFs), senior living, continuing care retirement communities (CCRCs), and short-term care, specialty group practices and ambulatory surgical centers (ASCs), credentialing encompasses two parallel tracks: provider and staff credentialing and facility credentialing — and both must be maintained continuously.

The credentialing process has grown significantly more complex over the past two decades, driven by the expansion of provider scope of practice, the addition of accrediting bodies, and the requirements of third-party payers including Medicare, Medicaid, and private insurers. Today, credentialing is a strategic function — not just a compliance checkbox — that directly influences how quickly providers can begin delivering care, how facilities perform during surveys, and how effectively organizations manage regulatory and financial risk.

Why Credentialing Matters: The Stakes for Your Facility

For long-term care administrators, executive directors, human resource directors, directors of operations, directors or nursing and compliance directors, the consequences of credentialing failures are concrete:

• Survey citations and civil monetary penalties (CMPs): A single lapsed nurse license or missed OIG exclusion check discovered during a CMS survey can result in an immediate citation, per-day penalties, and a pattern flag that follows your facility through every future inspection.
• Loss of billing privileges: Gaps in Medicare or Medicaid enrollment — including missed revalidation deadlines — can suspend your ability to bill, cutting off cash flow for every resident or patient in your care.
• Federal fraud exposure: Employing a provider listed on the OIG Exclusion List in any role that touches Medicare or Medicaid services — regardless of how indirect — creates federal fraud and abuse liability with no exceptions.
• Claim denials: Credential errors are a leading cause of claim denials. For long-term care organizations, payer credentialing gaps can trigger retroactive denials that are difficult or impossible to recover.
• Reputational and Five Star rating damage: CMS's Five Star rating system now uses your two most recent surveys (as of July 2025), making each survey significantly more consequential for your public profile.

The goal of credentialing is not to complete paperwork. It is to ensure that the people and organizations delivering care are qualified to do so — and that the systems protecting that assurance never go dark.

The Two Tracks of Healthcare Credentialing

Most discussions of credentialing focus on one track or the other. Organizations that manage both comprehensively are the ones best protected against citations, denials, and compliance failures.

Track 1: Provider and Staff Credentialing

Provider and staff credentialing verifies that each individual delivering or supporting care holds the qualifications required by their role — and that those qualifications remain current.

This includes:

• Education, training, and degree verification
• State licensure — confirmed and continuously monitored, not just verified at hire
• Board certifications and specialty credentials
• National Provider Identifier (NPI) registration
• Malpractice history and professional references
• OIG Exclusion List verification — federal law requires this be checked before hire and monthly thereafter
• State exclusion and sanction list checks
• Background checks and abuse registry verification — must be completed before any first day of resident contact
• Continuing education and training credentials (HIPAA, infection control, emergency preparedness, dementia care)

Track 2: Facility Credentialing

Facility credentialing ensures the organization itself is in good standing with the payers, regulators, and accrediting bodies it depends on. This track is often underestimated — until a revalidation lapses or a payer network contract expires.

This includes:

• Medicare and Medicaid enrollment and revalidation (Form CMS-855A for SNFs)
• Payer network credentialing with commercial insurers
• State facility operating license
• Medicare/Medicaid certification status
• Voluntary accreditation (The Joint Commission, AAAHC for ASCs, ACHC)
• Ownership and management disclosure requirements (now required for SNFs under updated CMS-855A)

Types of Credentialing in Healthcare

Credentialing differs depending on the setting, the provider type, and the purpose. Understanding the distinct types helps organizations know exactly what they are — and are not — managing.

1. Provider Credentialing (Clinical Staff)

The most familiar form of credentialing, provider credentialing applies to physicians, surgeons, nurse practitioners, physician assistants, CRNAs, and other licensed clinical professionals. It verifies education, residency, fellowship, board certifications, licensure, malpractice history, and any disciplinary actions.

For long-term care and SNF settings, this includes the physicians, nurse practitioners, and physician assistants who serve as attending providers, as well as medical directors whose oversight responsibilities now include expanded scrutiny under the April 2025 CMS surveyor guidance revisions (F841).

2. Staff Credentialing (Nursing and Allied Health)

In long-term care settings, staff credentialing is the highest-volume credentialing function. It covers:

• Registered Nurses (RN) and Licensed Practical Nurses (LPN): State licenses must be actively verified by the facility — not self-reported — and monitored continuously for renewals, disciplinary actions, and lapses.
• Certified Nursing Assistants (CNAs): Must have completed an approved training and competency evaluation program (NATCEP or equivalent). State nurse aide registry status must be confirmed and kept current.
• Nursing Facility Administrators (NFAs): State-specific licensing with investigation tracking and sanctions monitoring.
• Allied health professionals (physical therapists, occupational therapists, speech-language pathologists): Field-specific licenses and certifications with their own renewal cycles.

For outpatient healthcare organizations as Ambulatory Surgical Centers (ASCs), staff credentialing extends to surgical technologists, registered nurses in perioperative roles, anesthesia personnel, and the full clinical team involved in outpatient procedures.

3. Payer Credentialing (Insurance Network Enrollment)

Payer credentialing is the process by which a provider or facility is enrolled with insurance companies — including Medicare, Medicaid, and commercial payers — to receive reimbursement for services delivered.

This is separate from clinical credentialing. A provider can be fully licensed and qualified clinically but unable to bill for their services if payer credentialing is incomplete or has lapsed. In long-term care, the most critical payer credentialing function is maintaining active Medicare and Medicaid enrollment, including required revalidations.

Key facts:

• Credentialing delays cause approximately 85–90% of provider enrollment delays
• The average payer credentialing process takes 60–180 days
• Gaps in enrollment can result in retroactive claim denials

4. Facility Credentialing

As described above, facility credentialing verifies the organization's own standing — operating licenses, Medicare/Medicaid enrollment, accreditation status, and payer contracts. For SNFs, the January 2026 CMS revalidation deadline introduced new ownership disclosure requirements for private equity and REIT interests. For ASCs, accreditation through AAAHC or The Joint Commission is often required for Medicare certification and state licensure.

5. Privileging

Privileging is related to but distinct from credentialing. Where credentialing verifies qualifications, privileging authorizes a specific provider to perform specific procedures at a specific facility. Privileging is most relevant in hospital and ASC settings, where a surgeon's credentials may be verified but their privileges to perform a particular procedure at your facility must be separately authorized and documented.

In ASCs specifically, the Accreditation Association for Ambulatory Health Care (AAAHC) and The Joint Commission have extensive credentialing and privileging requirements, because procedures range from minor surgeries to more complex interventions — all performed on an outpatient basis where efficiency and safety systems must work in concert.

The Credentialing Process: Step by Step

Whether for staff or facility, the core credentialing process follows a consistent structure. Understanding each step helps organizations identify where delays and errors most commonly occur.

Step 1: Application The provider or facility submits a complete application including education records, licenses, certifications, malpractice insurance documentation, work history, and professional references. Completeness at this stage is the single biggest factor in preventing delays.

Step 2: Primary Source Verification (PSV) Credentials are verified directly from the issuing source — not from the applicant. This means contacting the medical school, state licensing board, certifying body, and other original sources. PSV is the core of credentialing's value: it cannot be shortcut or delegated to the applicant.

Step 3: Background and Exclusion Screening Background checks confirm no disqualifying criminal history. OIG Exclusion List verification confirms the individual is not excluded from participation in federal healthcare programs. State-specific sanction and abuse registries are checked. These must be completed before any patient or resident contact begins.

Step 4: Committee Review A credentialing committee — typically including the medical director, administrator, and compliance officer — reviews verified information and makes a determination on approval, conditional approval, or denial.

Step 5: Enrollment and Notification For payer credentialing, the approved provider or facility is enrolled with relevant payers. For staff credentialing, the individual is cleared for their role. Documentation is filed and made accessible for audits and surveys.

Step 6: Ongoing Monitoring and Recredentialing This is the step most organizations underinvest in. Credentials expire. Licenses lapse. Exclusions are added monthly. Ongoing monitoring — including monthly OIG checks, automated license expiration alerts, and scheduled recredentialing cycles — is what separates a credentialing system from a credentialing folder.

Credentialing in Long-Term Care: What Makes It Different

Long-term care, Senior Living and CCRC credentialing is more complex and higher-volume than most other healthcare settings. Here is why.

Volume: For every 100 employees, a typical nursing home manages 2,800 to 4,000 credentialing due dates per year — roughly 250 per month. These span licenses, certifications, training completions, vaccination records, background checks, and more.

Regulatory intensity: Long-term care is among the most heavily regulated healthcare settings. CMS conducts unannounced surveys, and the consequences of credentialing failures are immediate and documented on Care Compare. Survey results directly affect Five Star ratings, which are now calculated using only the two most recent surveys (effective July 2025).

OIG monitoring: The OIG has specifically called out LTC facilities for inadequate staff credentialing. OIG recommendations now include adding credentialing compliance measures directly to LTC surveys — meaning surveyors are looking specifically for OIG exclusion check records, not just licenses.

Staff turnover: Long-term care has among the highest staff turnover rates in healthcare. High turnover means a continuous stream of new hire credentialing to manage — and greater risk of gaps when onboarding is rushed.

Reliance on manual and paper-based processes: Many long-term care organizations still manage credentialing and compliance through spreadsheets, paper files, and fragmented systems. This creates challenges around visibility, audit readiness, expiration tracking, and operational efficiency — especially in environments with high staff turnover and complex regulatory requirements.

Training credentials: Unlike hospitals, LTC facilities must manage a full library of mandatory staff training credentials — HIPAA (45 CFR §164.530), infection control (42 CFR §483.95(e)), emergency preparedness (42 CFR §483.73), dementia care (42 CFR §483.95(g) and state law), and more. These are not soft skills. They are federally mandated credentials that surveyors specifically review.

Credentialing in Ambulatory Surgery Centers (ASCs): Unique Considerations

ASCs credential providers in much the same way as hospitals, but with important differences driven by their outpatient focus and accreditation requirements.

Accreditation is central: AAAHC and The Joint Commission both have extensive credentialing and privileging requirements for ASCs. Meeting these standards is required for Medicare certification in most states and is a condition of many commercial payer contracts.

Provider mix: ASCs typically credential a mix of surgeons (often with independent practice privileges), anesthesiologists or CRNAs, and employed nursing and clinical staff. Each category has its own credentialing pathway and renewal cycle.

Privileging by procedure: Because ASCs perform a defined set of procedures, privileging is tightly scoped. A provider must be specifically privileged for each procedure type at your facility — not just credentialed generically.

Speed pressure: ASC credentialing often faces pressure to move quickly to enable new providers to begin generating revenue. But credentialing delays — which frequently stem from incomplete initial applications — are the leading cause of credentialing bottlenecks. A systematic process upfront prevents the scramble later.

Continuous monitoring: Like all healthcare organizations, ASCs must monitor providers continuously after initial credentialing. License expirations, disciplinary actions, and exclusion list additions do not wait for recredentialing cycles.

The 8 Most Common Credentialing Mistakes — and How to Avoid Them

1. Checking the OIG Exclusion List only at hire Federal rules require monthly verification for all individuals whose work touches Medicare or Medicaid. An excluded employee discovered six months after hire creates the same liability as one discovered on day one — but now you have a pattern of non-compliance.

The fix: Automate OIG checks monthly. Do not rely on HR to remember.

2. Relying on staff to self-report renewals The facility is legally responsible for verification — not the employee. Waiting for a nurse to tell you their license is expiring is not a credentialing system.

The fix: Set automated expiration alerts 60–90 days before any license, certification, or training credential expires.

3. Treating credentialing as a hire-in function, not an ongoing one Most citation risk lives in the gap between initial verification and what happens over the following months and years.

The fix: Build credentialing monitoring into daily operations, not just onboarding. Survey readiness is a daily standard, not a pre-survey project.

4. Inadequate documentation for audits Verbal assurances and internal emails do not satisfy CMS. Per-day penalties for credentialing violations stop only when written, credible evidence of correction is received by CMS — not when you fix the problem internally.

The fix: Maintain survey-ready documentation at all times, stored securely and accessible within minutes.

5. Missing payer revalidation deadlines Medicare and Medicaid revalidations have deadlines. Missed deadlines can trigger deactivation of billing privileges. For SNFs, the January 2026 revalidation cycle introduced new ownership disclosure requirements that created compliance gaps for many facilities.

The fix: Track revalidation deadlines on the same system as staff credentialing. They are part of the same compliance function.

6. Failing to credential contracted and agency staff OIG exclusion, background check, and license verification requirements apply to everyone providing care — including contract, per diem, and agency staff. Facilities cannot outsource the compliance obligation to the staffing agency.

The fix: Require credential documentation from staffing agencies and verify it before the first shift, not after.

7. Ignoring training credentials HIPAA, infection control, emergency preparedness, and dementia care training are mandatory, documented credentials — not optional orientations. Surveyors look for them specifically.

The fix: Track training credentials on the same system as clinical licenses. Set expiration alerts. Treat them with the same urgency as a nursing license.

8. Managing it all in spreadsheets A spreadsheet does not send automated alerts, does not verify OIG status, and does not produce an audit trail. It is also only as accurate as the last person who updated it.

The fix: Implement a purpose-built credentialing platform that automates tracking, verification, reminders, and documentation — freeing your team to focus on care.

Credentialing and Privileging: Understanding the Difference

Credentialing and privileging are related processes that are often discussed together but serve distinct purposes.

Credentialing is the process of verifying that a provider meets the qualifications required to practice — their education, training, licensure, certifications, and background.

Privileging is the process of authorizing a credentialed provider to perform specific clinical activities at a specific organization. Privileges are facility-specific and procedure-specific. A surgeon credentialed at your ASC is not automatically privileged to perform every procedure — each privilege must be separately reviewed and granted.

In long-term care, privileging is less common than in hospital or ASC settings, but medical directors and attending physicians may still require facility-specific privileging depending on your state regulations and accreditation requirements.

How Technology Is Transforming Healthcare Credentialing

Manual credentialing — tracking due dates in spreadsheets, sending reminder emails, downloading documents to folders, checking exclusion lists one by one — is not just inefficient. It is a structural compliance risk.

Modern credentialing platforms address this through:

• Automated expiration tracking and alerts that notify administrators 60–90 days before any credential expires
• Automated OIG and state exclusion list monitoring that runs monthly without manual intervention
• Centralized document management that stores all credentials, licenses, training records, and facility documents in a single, secure, audit-ready system
• Employee self-service that allows staff to submit credentials directly through the platform, reducing administrative burden and improving compliance rates
• Real-time reporting that shows survey-ready status across your organization at any moment

The results are measurable. Long-term care organizations that have implemented automated credentialing platforms have reported a 90% reduction in administrative workload and a 70% improvement in credential collection compliance immediately upon implementation.

What to Look for in a Credentialing Platform for LTC and ASCs

Not all credentialing platforms are built for long-term care or ASC settings. When evaluating solutions, prioritize these capabilities:

• Built for your setting: Does the platform understand LTC survey requirements, F-tag implications, and ASC accreditation standards — or is it a generic HR tool adapted for healthcare?
• Automated OIG monthly monitoring: Not a manual check tool. Monthly automated monitoring for every employee.
• License verification integrations: Direct integrations with state licensing boards and nurse aide registries, not manual upload workflows.
• Training credential tracking: Can it collect and store HIPAA, infection control, emergency preparedness, and dementia care training certifications alongside clinical licenses?
• Facility-level document management: Can it store and track facility permits, contracts, equipment warranties, accreditation documents, and policies — not just staff credentials?
• Audit-ready reporting: Can you produce a complete, organized credential report for a surveyor in minutes?
• Implementation speed: A credentialing platform that takes six months to implement creates its own compliance gap. Look for platforms that can be deployed rapidly.

Credentialing Compliance in 2026: What Has Changed

The regulatory environment for credentialing has shifted significantly heading into 2026. Organizations that have not updated their processes are operating on outdated standards.

CMS surveyor guidance overhaul (April 28, 2025): A sweeping revision of LTC surveyor guidance introduced new Critical Element Pathways, expanded medical director oversight requirements under F841, consolidated psychotropic medication citations, and updated transfer and discharge standards. Facilities with staff training predating April 2025 need to update their protocols.

Five Star rating methodology change (July 2025): CMS now calculates the health inspection rating using only the two most recent standard surveys, down from three. Recent survey performance is now significantly more consequential for public ratings and census.

SNF Medicare revalidation (January 2026): The updated Form CMS-855A introduced new ownership and management disclosure requirements, including private equity and REIT interests. This was the third extension of the deadline — facilities that have not completed revalidation should address it immediately.

OIG national concern areas: For FY2025 and FY2026, CMS identified nurse staffing, unnecessary psychotropic medication use, and facility-initiated discharges as LTC health national concern areas. These receive heightened scrutiny during federal monitoring surveys.

Frequently Asked Questions About Healthcare Credentialing

How long does credentialing take? Payer credentialing typically takes 60–180 days, depending on the payer, state, and completeness of the initial application. Incomplete applications are the single biggest cause of delays. Staff credentialing for a new hire should be initiated before the start date and primary source verification completed before any patient or resident contact.

What is the difference between credentialing and licensing? Licensing is granted by a state board and authorizes a provider to practice in that state. Credentialing is the verification process by which an organization confirms that a provider holds valid licenses and meets all other qualification standards. Licensure is an input to credentialing — not a substitute for it.

Does credentialing apply to temporary and agency staff? Yes. OIG exclusion verification, background checks, and license verification requirements apply to all staff providing care — including contract, per diem, and agency employees. The facility cannot transfer this compliance obligation to the staffing agency.

How often should credentialing be updated? OIG exclusion checks must be performed monthly. License and certification expirations should be tracked with alerts 60–90 days in advance. Full recredentialing for clinical providers is typically required every two years, but ongoing monitoring must happen continuously between cycles.

What happens if a credentialing gap is discovered during a survey? Depending on scope and severity, a credentialing gap can result in a deficiency citation, civil monetary penalties that accrue per day, a pattern flag on future surveys, or — in the most serious cases — referral for fraud and abuse review. Remediation requires documented, written evidence of correction, not just a verbal commitment.

Conclusion: Credentialing Is a Daily Operation, Not a One-Time Event

Credentialing in healthcare is the foundation of safe, compliant, financially stable operations. For long-term care facilities, SNFs, and ambulatory surgery centers, it is also one of the highest-risk administrative functions — not because it is inherently complex, but because the consequences of gaps are immediate, documented, and compounding.

The facilities and organizations that consistently pass surveys, protect their Medicare and Medicaid billing, and maintain strong Five Star ratings are not the ones that scramble before an audit. They are the ones that have built credentialing into their daily operations — automated, monitored, and documented as a matter of course.

The technology to do this exists. The regulatory expectation that you do it is clear. The only variable is whether your organization acts before a gap is discovered — or after.

Perla is a credentialing automation platform built exclusively for Long-Term care organizations, Senior Living, SNFs, Nursing Homes, Continuum Care organizations, and outpatient facilities such as ASCs. Perla automates OIG exclusion monitoring, license tracking, credential collection, training compliance, and facility document management so your team can focus on what matters most: the people in your care. Give us a call at 202-800-5858 to learn how we can help with your credentialing needs.

References

1. Patel R, Sharma S. Credentialing. StatPearls [Internet]. Treasure Island (FL): StatPearls Publishing; 2026. Available from: https://www.ncbi.nlm.nih.gov/books/NBK519504/
2. CAQH. Provider Credentialing: Explained. https://www.caqh.org/blog/provider-credentialing-explained
3. 42 CFR §483.95 — Staff Training Requirements (eCFR)
4. 42 CFR §483.73 — Emergency Preparedness
5. 45 CFR §164.530 / §164.308 — HIPAA Privacy and Security Rules
6. CMS. Long-Term Care Surveyor Guidance Revisions. April 28, 2025.
7. Reed Smith LLP. LTC Regulatory Update. July 2025.

‍