Who Owns Your Medical Credentials? (The Answer Might Surprise You)

Ask a working physician, PA, or NP who owns their medical credentials and most will say "I do." It's an intuitive answer. The license is in their name. The board certification is theirs. The DEA registration was issued to them personally. The CME hours were earned by them, on their time, often on their dime.

Then they change jobs.

The first thing they discover is that almost none of those records — in their primary, audit-ready form — are stored anywhere they can access. The state board owns the license file. The hospital medical staff office owns the privileging packet. CAQH owns the application. The specialty board owns the certification record. The DEA owns the registration database. The employer LMS owns the BLS card upload, the OSHA training, the EHR competency, and the fit-test record. The CME provider sits on the certificate of completion until you log in and pull it.

The provider, in primary form, owns almost nothing.

This is the ownership gap. It is the single biggest reason credentialing is so painful at every transition — new hospital, new state, new payer, new locum assignment, new fellowship — and it is the central problem Caliber was built to solve. Below is the full map of who actually owns what in your credential file, why it matters, and what the smart move is.

The Map: Who Owns What

There are seven primary owners of pieces of a typical clinician's credential file. None of them are the clinician.

1. The State Medical Board (or Nursing Board, or Pharmacy Board) — Owns the License

The license is yours in the sense that it bears your name and authorizes your practice. The license file — the application materials, the CME attestation history, the disciplinary record, any malpractice disclosures, the verifications received from your medical school and residency — lives in the state board's database. The board is the primary source.

Verification of your license is what hospitals, payers, and other states actually trust. Your physical wall certificate is a souvenir. The primary source verification (PSV) call to the board is the credential.

What this means in practice: if you need to demonstrate your license is in good standing, you cannot do it yourself in a way anyone trusts. The destination party calls the board.

2. The Specialty Board — Owns Certification Status

ABMS member boards (ABEM, ABIM, ABFM, etc.), the AOA boards, the NCCPA, the AANP and ANCC for nurse practitioners, BPS for pharmacists — each of them owns the certification record. Your status (certified, recertifying, time-limited, lapsed) lives in their database. Your CME or MOC progress against the recertification cycle lives in their system.

You can see your own status by logging in. You cannot extract it as a portable document that any third party will accept as primary source. The PSV call goes to the board.

3. The DEA — Owns the Controlled Substance Registration

DEA registration is state-specific and federally issued. The DEA database is the primary source. Your registration certificate is a printout that becomes invalid the moment you change addresses or move states. There is no "your copy" of the registration in any meaningful long-term sense. The verification call goes to the DEA, or through the NTIS database that the DEA feeds.

4. CAQH — Owns the Standardized Application

CAQH ProView is a third-party utility that exists to reduce the duplication of credentialing applications. Once you populate your CAQH profile, payers and credentialing entities can pull a standardized application from it rather than asking you to fill out a brand-new one for each engagement. CAQH owns the application database. You author the content; they own the storage and distribution mechanism.

This is one of the few systems where the provider has a logged-in view of their own data. But the data is structured for application use, not for personal records. It does not contain a full document trail. Many providers discover at credentialing time that their CAQH attestation is months out of date, and that the documents attached are old.

5. The Hospital Medical Staff Office — Owns the Privileging File

This is the part that surprises most providers. Your hospital privileging file — the file the medical staff office maintains on you — contains:

• The original primary source verifications collected at initial credentialing
• Every reappointment cycle's documentation
• OPPE (ongoing professional practice evaluation) data
• FPPE (focused professional practice evaluation) records
• Peer references
• Quality and case review notes
• Any complaint, incident, or remediation history

This file is owned by the hospital. When you leave that hospital, you do not get a copy. You can request a verification letter, but the underlying file — the OPPE data, the peer references, the quality reviews — belongs to the medical staff office and stays there.

This becomes load-bearing when you apply for privileges at the next hospital. The new medical staff office writes to your prior medical staff office for an affiliation letter. What that letter says is determined by the prior hospital, not by you.

6. The Employer Learning Management System — Owns Training Records

Every hospital and every health system runs an LMS — HealthStream, Cornerstone, Workday Learning, Relias, an in-house build. That LMS owns:

• BLS, ACLS, PALS, ATLS, NRP completion records (even when you uploaded the card yourself)
• HIPAA, OSHA, bloodborne pathogen, fit testing, fire safety
• EHR (Epic, Cerner, Meditech) competency completions
• Sexual harassment, code of conduct, conflict of interest training
• Department-specific training modules and competency assessments

When your employment ends, your access to that LMS ends. You typically have a short window — sometimes 30 days, sometimes 0 — to pull whatever records you need. After that, requests go through HR, often with delay or fees, and frequently with the original module-completion certificates no longer available.

This is the single most common credentialing trap providers run into when they change jobs. They assume their certifications are "on file" somewhere they can retrieve them. They are not — they are in an LMS they no longer have access to.

7. The CME or CE Provider — Owns the Certificate

Every CME provider — ACCME-accredited or otherwise — owns the certificate of completion you earned. Most modern providers store these in a portal you can log into and download. Many older providers do not, and the certificate has to be requested manually. CE Broker (in nursing-board states) and CPE Monitor (for pharmacists) aggregate some of this, but the universe of CME providers is enormous and there is no central index.

CME you earned 8 years ago for a specialty board recertification, from a provider that has since merged or shut down a portal, can be functionally unrecoverable.

What the Provider Actually Owns

Strip the above away and the answer comes into focus. In primary, audit-ready form, you own:

• Your personal copies of CME certificates, if you downloaded them at the time
• Your personal copies of training cards (BLS, ACLS, etc.), if you saved the PDF before your employer LMS access expired
• Your CV — which is your narrative summary, not a primary source document
• Your wallet license card — which expires
• Your personal copies of board certificates — souvenirs, not primary source

Everything credentialed-grade — the verifiable record — sits in someone else's database.

This is why credentialing always feels like reconstruction rather than retrieval. Because for most providers, that is exactly what it is.

Why the Ownership Gap Matters

Three places where this becomes a load-bearing problem.

Job Transitions

When you leave a hospital, the credential file you accumulated there — including the OPPE data, the peer references the medical staff office wrote, the affiliation letter contents — is gone from your personal access. The new hospital reaches out to the old one. What comes back is whatever the prior medical staff office decides to send, on whatever timeline they prioritize.

If your departure was acrimonious, this is not abstract. If your prior employer is slow to respond, the new credentialing slows with it. You have no leverage over a process that gates your start date.

Audits

State board audits, CMS audits, payer audits, and Joint Commission surveys all want primary source documentation. You attest to CME on a renewal application; the board can audit you to produce the certificates. If your CME providers have moved on, your old employer LMS is gone, and you didn't keep your own records, the audit becomes an exercise in begging.

This is the most common reason providers get into compliance trouble — not the failure to do the CME, but the failure to retain the proof of CME.

Locum and Multi-State Practice

A locum physician working in three states with two assignments is dealing with eight to twelve different credentialing entities. Each has its own packet, its own verification process, its own timeline. The application data is the same; the storage and accountability are not. CAQH covers some of this, but not the OPPE data, not the BLS card, not the prior-hospital privileging history.

The smart locum builds a personal credential file that mirrors what every credentialing entity is going to ask for, and keeps it current the way a tax accountant keeps records — because there is no central place that does it for them.

What "Caliber as the Provider-Owned Layer" Actually Means

Caliber does not replace the state board. It does not replace the hospital medical staff office. It does not replace CAQH. Those entities own what they own; they will continue to own it; the credentialing system depends on them owning it.

What Caliber does is sit beneath the provider as the provider-owned copy of everything across all those systems. When you complete a CME activity, the certificate goes into your Caliber vault — once, with original timestamp, recoverable forever. When you finish a BLS renewal, the card goes in. When you submit a privileging packet, the packet (including every supporting document) gets archived in your vault. When your DEA renews, the new certificate is captured. When your state license renews, the renewal confirmation is captured.

The board still owns the license file. The hospital still owns the privileging file. The DEA still owns the registration database. But you own a parallel, complete, audit-ready copy of every document that flowed through every one of those systems for as long as you've been a clinician.

That is the ownership gap closed. Not by replacing primary source verification — which is a regulatory and trust function that cannot be replaced — but by making sure the provider has a parallel record that survives every job change, every employer LMS shutoff, every CME provider portal migration, every state move.

The Practical Move

If you take nothing else from this article, take this: between today and your next job change, build the parallel record. Whether you use Caliber, a meticulous Dropbox folder, or a binder, the principle is the same. Every credentialed event in your career generates a document. That document needs to live somewhere you control, separately from any system your employer or vendor owns.

The shorter version of all of this is: when the day comes that you need to prove what you've done — for a hospital, a payer, a board, an attorney, an audit — the only file that you can be certain is still there is the one you kept yourself.

That is what credential ownership actually is. And it is the part of credentialing that nobody teaches you and nobody else is going to do for you.

Related reading

• Medical Credentialing Checklist for Emergency Medicine Providers — the document inventory side of this same problem
• First-Time Credentialing Checklist for EM Residents and New Graduates (2026) — building the parallel record from day one
• What the CMS 30-Day Credentialing Deadline Means for EM Providers — why faster credentialing makes ownership matter more