Who puts the “Primary” in “Primary Source Verification” anyway? 

by Adrienne Bolger in

TL;DR: Primary Source Verification in credentialing is the idea that particular information, (like your college major and the date you graduated from college) must be confirmed as coming from a particular primary source (like the college that granted you the degree). It sounds logical… until it isn’t. This trilogy of articles presents BlocHealth’s proposed way of accomplishing the same goals as of today’s Primary Source Verification processes.

Article 1 (this article) summarizes how the term is actually used in the healthcare credentialing space. Article 2 will discuss PSV usage in today’s digital world.

Article 3 will cover how BlocHealth intends to extend the definition of PSV with the next generation of technology: the blockchain.

About the Author

Before I became BlocHealth’s Chief Technology Officer (CTO), I had to learn about healthcare credentialing. I quickly ran into the term “Primary Source Verification” and got frustrated with the vagueness of the phrase. This article summarizes how the term is actually used in the healthcare credentialing domain and how that turned out to be surprising to me, a stranger with an engineering background.

What is Primary Source Verification? 

According to the National Association of Medical Staff Services (NAMSS), someone who performs Primary Source Verification: Obtains and verifies a credential directly from the original issuing entity

In general, PSV is the process of verifying information about a healthcare professional by asking the primary source of information that either initially recorded or generated certain information. Employers perform PSV when considering potential employees. Health insurance companies also perform PSV when they decide whether or not they will allow a healthcare professional to bill their members for services rendered. PSV at its heart is about professional standards and fraud prevention. Is that person in scrubs who is about to perform a septal myectomy on your grandma qualified to do so? How do you know? PSV is one way of trying to put these fears to rest.

What’s a good primary source? It can be a ‘who’ or a ‘what’. Obvious examples of primary sources include a former employer, the U.S. Federal Government, colleges, medical boards, and other organizations like the American Red Cross. Organizations or people that issue licenses or numbers and maintain records to go with them are basically all primary sources of trust. A primary source is almost never the professional themselves because primary sources are used as a cross-check for fraud prevention. However, a healthcare professional can be a primary source for other professionals: a peer reference letter can be considered a primary source verification.

The Problem with “Primary”: It Isn’t. 

Organizations that issue licenses to increase trust and to decrease fraud across medical professions sound great, but PSV isn’t actually this straightforward. My engineer brain hit a wall when I learned that “primary” in the credentialing field… just isn’t primary! It can also actually mean actually a “trusted secondary” source. A “primary” source can be an originator of information… or a designated collector of information… or a paid 3rd party. For example, the American Medical Association sells several software and database products that are aggregates of other primary sources of information. Because the AMA is a trusted, well-regarded organization and they verify with these other primary sources, paying the AMA for specific profile data is considered “primary source verification” by the standards of some governing bodies of hospitals… but not all of them.

So who gets this special “trusted secondary” status? It depends on history, politics, and a few other things. Engineers commonly see standards as checklists. In the IT world, for example, various security compliance rules and ISO standards are presented as a set of tasks to accomplish. If you do X, Y, and Z, and someone checks your work, you are “trusted.” You can be labeled as a secure website domain and issued a certificate by going through an audit process. This process is available to anyone. For a real-world example, go find your nearest electronic power cord brick and look for a “CE” stamp of approval on it. That standard, while it requires work to get, is published, and available to any organization that wants to do the work. If you design a power cord not to catch fire, and you run a set of tests showing the power cord does not catch fire, you can be awarded a “trusted” certification.  

Do the “primary” or what we’ll call “trusted secondary” sources in credentialing follow this kind of process to achieve trust? In a word, no. Mostly, it’s a social contract based on the perception of trust. Sometimes it’s a non-profit. Sometimes it’s a 3rd party software that’s been paid by the original organization to be an official digital or paperwork agent. Sometimes it’s the other way around: a company can be the trusted representatives of a primary source because they have paid money for the copy of trusted data. There are rules and standards, but they aren’t applied evenly. This kind of contract makes it easy for existing trusted organizations, like medical schools, to fall back on their historical status to be trusted, but difficult for newer organizations to gain trust quickly.

As a CTO, I see this as a business problem for software companies like BlocHealth. That’s likely not interesting to you as the reader, but what you may find interesting is that this is also a general problem for those in healthcare trying to enhance standards of care in newer industries and streamline existing processes with technology in any way. Just to note a few of the people looking to improve our world, at BlocHealth, we’ve talked to people and organizations who want everything from:

  • Better standards for hiring in the booming business of urgent care centers 
  • Faster processes for credentialing telehealth providers 
  • Increased education standards for RNs.  
  • The ability to reduce physician and advanced practitioner paperwork load to decrease burnout 

These people all run into a roadblock with the current methods of determining what counts as ‘primary’ sourcing because who can get that status is a political process. How can these newer organizations update the existing standards of care? What will make them “primary” or “trusted secondary” sources of information? And how can they supply credentials in a digital world when the current method of becoming ‘trusted’ requires you to exist for 100 years or pay money to someone who is? 

The issue of who to trust, and how to prove you can be trusted is as difficult as it ever was, but BlocHealth has some thoughts on that as well in part 2 of this series.