It is second nature for hospitals to engage in thorough credentialing functions for physicians. Credentialing is required by the Medicare Conditions of Participation, the JCAHO, and many state laws. See 42 C.F.R. § 482.22; Comprehensive Accreditation Manual for Hospitals: The Official Handbook, Standards MS.4.10 and 4.20 (2004); and Md. Code Ann., Health Gen. §19-319(e). Even in the absence of legal requirements, hospitals have learned from experience that they are subject to many risks simply because physicians practice medicine within the hospital. Many of these risks could be avoided if the hospital had sufficient information about a physician in advance. As a result, medical staff bylaws require that physicians supply a great amount of information about themselves to hospitals as part of the process of gaining privileges to practice within the hospital. This includes completing a lengthy application form and authorizing the hospital to obtain information about the physician held by others.

Why is so much information required of physicians? Physicians are responsible for the medical care provided to patients admitted to the hospital. Both the hospital and the law look to physicians to make appropriate medical judgments on behalf of patients. The failure to do so can result in great harm and even death. Hospitals are therefore held to a standard to inquire about the credentials of physicians before they are allowed to practice in the hospital. This includes information regarding licensure, education, specialty certifications, references, and experiences at other hospitals and claims history. By gathering this information, hospitals can make an informed judgment as to whether a physician presents too great a risk to patients or the hospital to be allowed to practice in the hospital.

Beyond physicians, there are many other categories of personnel, both employed and non-employed, working in hospitals. These include nurses and other licensed staff such as respiratory therapists, physician assistants, and licensed practical nurses, and numerous categories of unlicensed staff including environmental service personnel, dietary personnel, security personnel, finance personnel, unit clerks/secretaries, human relations personnel, and maintenance staff. These staff members provide important services to patients, visitors and other employees in the hospital. They also have relatively free access to various areas of the hospital and to patients, visitors, and other employees of the hospital. As a result, hospitals have a responsibility to act prudently in hiring, or otherwise retaining, people to provide services. This includes securing certain information about people before making a decision to hire them. The balance of this article will focus on the importance of credentialing or securing background information on nonphysician personnel of a hospital, how this may be accomplished and some practical advice for implementing a program to accomplish this.

Legal Issues
The primary legal issue for hospitals in this context is the concept of negligent credentialing or hiring. This concept holds that a hospital (or any employer) will be held responsible for harm caused to others by an employee where the hospital or employer knew, or should have known, of certain aspects of an employee's background that made it foreseeable that the employee would engage in certain behavior and that such behavior could cause harm to others. 27 Am. Jur.2d Employment Relationship § 472 (1996). Since the standard of conduct for a hospital is not just what it knew, but also what it should have known, hospitals need to conduct certain background investigations of potential employees to determine if they present threats to others in the hospital environment. The scope and nature of these investigations depend upon the position for which an individual is being considered and his or her access to persons or things that may be at risk based upon the results of a background inquiry. If a hospital fails to perform a reasonable investigation into an employee's background and a third party suffers harm that is proximately caused by that failure, then the hospital will be responsible for that harm.

It is important to distinguish between the direct liability imposed on an employer for the failure to perform a reasonable background inquiry on an employee and the indirect liability imposed on an employer for an employee's actions performed within the scope of his or her employment. The former situation involves the liability of the employer as a result of the breach of a duty owed by the employer. The latter situation involves the vicarious liability of the employer as a result of the breach of a duty owed by the employee. The application of the doctrine of respondeat superior results in liability to the employer (as well as the employee) when the employee negligently performs an action within the scope of his duties for the employer. See, e.g., Ramsey v. Physicians Memorial Hospital, Inc., 36 Md. App. 42, 373 A.2d 26 (1977).

As an example, assume that a hospital hires a delivery person to drive a hospital-owned ambulance. The driver ends up having an accident that causes an injury to a third party as he is performing his responsibilities for the hospital. If the driver is found to be negligent in the performance of his responsibilities, under the doctrine of respondeat superior, the hospital will also be found to be responsible for the damages caused by the accident if it is established that the driver was doing what he was hired to do (i.e., drive). However, if it is established that the driver was drunk while he was driving and that he had a history of several prior offenses of driving while intoxicated but the hospital hired him anyway, then the hospital faces the real possibility of being found to have violated its independent duty to make a reasonable inquiry into the employee's background before hiring him in order to reasonably ensure that the employee is able to safely perform his duties. The hospital's liability in this case rests not on the negligent conduct of the employee, but on the negligent conduct of the hospital in failing to perform a reasonable background investigation of the employee.

What Investigation Is Required?
JCAHO's Comprehensive Accreditation Manual for Hospitals provides some guidance regarding this issue. Standard HR 1.20 requires that: "The hospital has a process to ensure that a person's qualifications are consistent with his or her job responsibilities." Joint Commission on Accreditation of Healthcare Organizations, Comprehensive Accreditation Manual for Hospitals: The Official Handbook (2004). In order to determine what kind of investigation is required, the hospital first must have a well-defined description of the responsibilities that attach to a given job. This will allow the hospital to set forth the explicit qualifications needed in order to perform those responsibilities. It will also provide the hospital the opportunity to delineate those areas of the hospital to which the employee should have access and what information the employee may have access to in the performance of the position. By considering both the functions of the position and the opportunities for exposure inherent in the position, the hospital can make a knowledgeable decision as to not only the qualifications necessary for the employee to perform the position but also what factors may disqualify the employee from being considered for the position.

In addition to the direct relationship between the work to be performed and the exposure of the employee to various areas of the hospital, as a general matter, the greater the level of trust or responsibility placed in an employee the greater the scrutiny of his or her background should be. An excellent example of this is for compliance officers or other persons with substantial responsibility for compliance. Compliance officers are responsible for various aspects of a hospital's compliance program and ensuring that the program is implemented. The primary purpose of a compliance plan is to ensure that an organization has a cohesive and organized plan to address how it will make good faith efforts to stay in compliance with the various laws and regulations that apply to it. For hospitals this includes many serious issues, including the prevention of fraudulent and abusive activities. It is foreseeable that if a hospital's compliance officer has a criminal history of being convicted of embezzlement or other crimes involving dishonesty that such person may also engage in dishonest behavior as a compliance officer. See United States Sentencing Commission, Guidelines Manual, § 8C2.5 (f) and Application Note 3(k)(3) to § 8A1.2 (Nov. 2003). Although there is no guarantee that the individual would engage in dishonest behavior again, if he does, the hospital would be charged with such knowledge because trustworthiness is such an important consideration in filling that position.

What information is relevant for any given position is a factual issue that needs to be determined on a case-by-case basis. What is important for a nurse may not be important for a deliveryman and vice versa. However, it is important for hospitals to have an approach for addressing this issue.

What You Can Do
One way to approach this issue would be to make an individual decision regarding the background investigation needed for every employee and job classification. However, that would not be a practical solution because of the time involved to make such determinations. Nor would it likely be effective because it would involve different people with different skills and abilities making decisions on an ad hoc basis. The results would inevitably be inconsistent and incomplete.

A better way is to develop a policy that addresses the issue in a comprehensive fashion. A good starting point is to carefully review the existing position descriptions for all jobs in the hospital with the understanding that the ultimate goal is to place groups of jobs into categories that will require the same background investigations. The advantage of this is that once the determination is made that a position falls into a certain category, the scope of the background investigation is defined by the category.

Next, a determination should be made regarding the minimum amount of information that will be required for any employee. Examples of this type of information may include verification of identity, immigration status, criminal background, exclusion from federal or state programs and licensure (where required for the position). This type of information is important for both legal reasons (e.g., not employing a person who has been excluded from participation in the Medicare program) and to guard against hiring persons for any position that have certain background characteristics. Depending upon the number of categories of positions a hospital ends up with, the amount of background information required for each succeeding category can then be increased based upon the perceived relevancy of the information to the position (and the potential for harm to be caused by the employee) and the level of trust reposed in the employee.

Conclusion
Hospitals have an obligation to gather a certain quantity and quality of background information on all of their employees. This obligation is reflected in the requirements of the Joint Commission as an accreditation standard. It is also reflected in the common law of negligence. It is foreseeable that patients, visitors, or other employees may suffer harm as a result of a hospital's failure to make reasonable efforts to ensure that prospective employees do not possess certain background characteristics. The nature of the background characteristics that should be screened for will vary depending upon the requirements and access of the job in question and the level of trust required by that job. By adopting a systematic policy approach to obtaining background information on prospective employees, hospitals will provide a safer and more effective environment for their patients, employees and visitors, and protect themselves from liability. s