Address file confidentiality in your bylaws

Your facility’s medical staff bylaws or policies must outline the process for access to the credentials file. The credentials file is the property of the hospital and must be maintained with strictest confidence and security. The files must be maintained by the designated agent of the organization in locked storage or secure electronic format. Medical staff and administrative leaders may access credentials files for peer review and institutional reasons. In general, files may be shown to accreditation and licensure agency representatives, but only with the permission of the CEO or designee.

Your medical staff bylaws and policies should also indicate when practitioners may review their credentials file. This might be allowed in the following circumstances:

1. On written request approved by the current medical staff president, CEO, or credentials committee chair.
2. In the presence of the MSP, a designee of administration, or a medical staff leader.
3. When confidential letters of reference have been removed. Confidential letters should be sequestered in a separate file and removed from the formal credentials file prior to review by the practitioner.

A written or electronic record is created and placed in the file confirming the dates and circumstances of the review.

Source: The Medical Staff Office Manual