It is readily apparent that electronic media and the internet are making it much easier to collect, organize and maintain data regarding individuals in our society. This is as true with respect to health care employees, and physicians in particular, as it is of anyone else. Information about physicians’ conduct, publications, and interactions with industry, as well as their regulatory, investigatory, and disciplinary history, is increasingly available through public sources. Information about practice patterns and quality of clinical performance can be readily analyzed, as data gathering tools begin to proliferate, and “analytics” is a rapidly growing field. Perhaps by September 30, 2013 (under the current regulatory timetable), even more information will become available, as the public reporting provisions of the Physician Payment Sunshine aspect of the Patient Protection and Affordable Care Act  become operational.  Various state counterparts are already in effect.  These trends coincide with the development of new paradigms for care delivery, which will require hospitals, health plans, and other providers to learn about the quality and productivity of their medical staff members and, perhaps more importantly, prospective members of the medical staff.  New payment methodologies also drive the need for comprehensive information about clinicians and their practice patterns.

As businesses begin to take advantage of these developments, collecting, organizing and analyzing such data to sell to end users in the healthcare industry, the applicability of the Fair Credit Reporting Act (FCRA) can easily be overlooked. The FCRA, better known for its application in the credit arena, regulates the collection, dissemination and use of “consumer information” for employment purposes as well, and provides various protections for individuals related to the use and accuracy of this information. “Employment” for the purposes of the FCRA is very broadly defined, and likely includes deciding whether to engage physicians in various capacities, as well as whether to initiate, restrict or terminate clinical privileges or membership on the medical staff.

Requirements of FCRA in these circumstances include:

• Individuals must consent to the report being given to the employer;

• Individuals must be informed of information used against them, and be advised of the identity of the entity providing the information;

• Individuals must have the right to dispute incomplete or inaccurate information; and

• Individuals have the right to obtain all of the information concerning them that is in the Credit Reporting Agency’s files.

Many states have consumer protection and reporting laws as well, with analogous, albeit differing, requirements.

In this age of free flowing information, hospitals, health plans, other providers, and suppliers of information to them should (i) develop an understanding of how technology and the law interact to increase the amount of information about them that is available; and (ii) be cognizant of requirements beyond the healthcare environment, such as those found in the Fair Credit Reporting Act, that apply to and may limit the manner in which the information is gathered and used.

You may also be interested in our recent blog entitled FTC Warns That Background Searches via Mobile App May Violate the Fair Credit Reporting Act.

Back to Health Law Advisor Blog

Search This Blog

Blog Editors


Related Services



Jump to Page


Sign up to receive an email notification when new Health Law Advisor posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.