The Credentialer

Home / Security

Security & compliance

Built for data you're accountable for.

The Credentialer handles provider, contract, and screening data for healthcare organizations. We treat it accordingly - with encryption, isolation, access control, and a screening design that fails loud, never silent.

Data protection

Encrypted and isolated

  • TLS in transit; encryption at rest for stored data and documents.
  • Per-tenant isolation so one organization's data is never visible to another.
  • Document storage with scoped, time-limited access links.
Access control

Least privilege by role

  • Role-based permissions - admins, specialists, read-only, and tribal/portal roles.
  • Scoped access so users see only the clinics and records they should.
  • Token-based sessions; credentials are never shared across organizations.
Accountability

Traceable by design

  • Status and ownership recorded at every stage of a contract or credential.
  • Agreement acceptance captured with version and timestamp.
  • Exception queues surface anything that needs a human decision.
The fail-safe that matters

A broken exclusion feed flags. It never returns a false "clear."

Screening providers against OIG LEIE, SAM.gov, and CMS is only safe if a missing or stale source is treated as unknown, not clear. The Credentialer is built so a source that can't be reached, or data that's out of date, raises an error for review - because the most dangerous result in compliance is a confident "all clear" that isn't true.

OIG LEIE

Federal exclusions

Screened against the loaded exclusion database; a stale or empty load surfaces as an error, not a pass.

SAM.gov

System for Award Management

Live screening against the configured key; a misconfigured or failing key returns an error, never a verified-clear.

CMS Preclusion

Entitlement-aware

Represented as "no entitlement / not screened" where access isn't granted - never a green clear it can't substantiate.

Posture

Where we stand on healthcare compliance.

PHI and intake forms

Public forms on this website - including the demo request - are not a secure channel and should never contain protected health information (PHI). Provider and contract data lives inside the authenticated application, not in marketing forms or email.

Business Associate Agreements

For customers who require one, a Business Associate Agreement (BAA) is handled as part of the written customer agreement. Talk to us about your requirements during onboarding.

Hosting & infrastructure

The application runs on managed cloud infrastructure with encrypted transport, network isolation between tenants, and routine backups. Production access is restricted and operational changes go through review.

Responsible disclosure

If you believe you've found a security issue, contact us at info@compver.com. We appreciate good-faith reports and will work with you to resolve them.

The Credentialer is software for contracting and credentialing workflow support. It does not make clinical, legal, or licensure determinations, and screening results should be reviewed by qualified staff before action. This page describes our security approach and is not itself a contractual commitment; specific obligations are governed by your written agreement.

Have a security questionnaire?

Send it over - we're used to vendor reviews and will turn it around with your team.

Contact us See the platform