CHAPTER I: DEPARTMENT OF PUBLIC HEALTH
SUBCHAPTER u: MISCELLANEOUS PROGRAMS AND SERVICES
PART 965 HEALTH CARE PROFESSIONAL CREDENTIALS DATA COLLECTION CODE
SECTION 965.140 REQUIRED POLICIES AND PROCEDURES
Section 965.140 Required Policies and Procedures
a) Each health care entity, health care plan, hospital, or other credentialing entity shall adopt and implement a policy or policies on the process of credentialing and credentials verification within their organization, including requests for additional information and confidentiality of information.
b) Each health care entity and health care plan shall complete the process of verifying a health care professional's credentials data in a timely fashion and shall complete the process of credentialing or recredentialing of the health care professional within 60 days after the submission of all credentials data and completion of verification of the credentials data to be used in credentialing and recredentialing. (Section 15(f) of the Act)
c) Any credentials data collected or obtained by the health care entity, health care plan, or hospital shall be confidential, as provided by law, and otherwise may not be redisclosed without written consent of the health care professional, except that in any proceeding to challenge credentialing or recredentialing, or in any judicial review, the claim of confidentiality shall not be invoked to deny a health care professional, health care entity, health care plan, or hospital access to or use of credentials data. Nothing in this subsection prevents a health care entity, health care plan, or hospital from disclosing any credentials data to its officers, directors, employees, agents, subcontractors, medical staff members, any committee of the health care entity, health care plan, or hospital involved in the credentialing process, or accreditation bodies or licensing agencies. However, any redisclosure of credentials data contrary to this subsection is prohibited. (Section 15(h) of the Act)
d) To make the form beneficial and effective for health care professionals, health care entities, health care plans, and hospitals, additional commonly collected business data are also being collected in the form. Nothing in the Act or this Part shall be considered to prohibit sharing of business data for business purposes of the health care entity, health care plan, or hospital.
e) Health care entities, health care plans, and hospitals may delegate credentialing and recredentialing activities.
(Source: Amended at 48 Ill. Reg. 12398, effective August 1, 2024)