Your Credentialing Process Is the Last Line of Defense Against Fraudulent Nursing Diplomas

Nurses with fake diplomas treated patients. The credentialing system existed to prevent exactly this.

Between 2016 and 2023, nurses who purchased fraudulent diplomas from Florida-based schools worked clinical shifts in US hospitals. They drew blood and administered medication using credentials that were never earned.

The Department of Justice confirmed the scale in September 2025. Phase II of Operation Nightingale charged 12 defendants for selling fraudulent nursing diplomas and transcripts from now-closed, for-profit Florida nursing schools (DOJ Press Release, September 15, 2025). Phase I had already secured 30 criminal convictions in 2023. The total scheme involved an estimated 7,600 fake diplomas (HHS Office of Inspector General, "Fraud Charges Filed Against 12 Defendants in Phase II of Operation Nightingale").

The graduates who purchased these credentials did not all fail. Many sat for the NCLEX exam. Those who passed received real state licenses. They were hired into real clinical roles. They worked alongside legitimately trained nurses.

The fraud was not sophisticated. The fix is not complicated either. Primary source verification, done properly, catches this. The problem is that many organizations still do not do it properly.

How the fraud chain works

The mechanics matter because they reveal where the verification process fails.

A diploma mill issues a credential. The document looks authentic. It carries the school's name, a graduation date, a degree title. In some cases, transcripts were fabricated to include clinical rotation hours that never happened.

The graduate submits that diploma as part of a nursing license application. State boards require candidates to hold a degree from an accredited nursing program before sitting for the NCLEX. If the school appears legitimate, the application proceeds.

Here is where the chain gets dangerous. The NCLEX is a real exam. Passing it requires genuine nursing knowledge, and many purchasers of fraudulent diplomas failed. But some passed. A passing NCLEX score, combined with a state license application that references an apparently accredited school, produces a valid nursing license.

At this point, the fraud becomes invisible to any employer relying on license verification alone. The license is real. The NCLEX score is real. The diploma behind both of them is not.

Where primary source verification breaks down

Primary source verification means confirming a credential directly with the issuing institution. For a nursing diploma, that means contacting the school that granted the degree and confirming enrollment, attendance, clinical hours, and graduation.

In practice, three shortcuts create gaps.

Accepting candidate-supplied documents at face value. A photocopy of a diploma or a PDF transcript submitted by the candidate is not verification. It is a claim. Verification requires independent confirmation from the source.

Checking the license without checking the education. Many credentialing workflows verify the state license and stop there. The license confirms that the board accepted the application. It does not confirm that the underlying education was legitimate. Operation Nightingale demonstrated exactly this gap: valid licenses built on fraudulent foundations.

Skipping school accreditation checks. Even when an organization contacts the school directly, confirming that the school itself held proper accreditation at the time of graduation is a separate step. Several of the schools in the Operation Nightingale scheme had lost accreditation or were under investigation while still issuing diplomas.

Each of these shortcuts is understandable. Credentialing teams manage hundreds of provider files. Manual verification against the issuing institution for every credential in every file takes time that most teams do not have. The shortcuts are not malicious. They are structural.

The liability sits with the hiring organization

Federal prosecution targeted the sellers and the buyers of fraudulent diplomas. But healthcare organizations that employed these individuals face their own exposure.

Joint Commission standards require organizations to verify credentials through primary sources. NCQA credentialing standards mandate primary source verification within defined timeframes, now shortened to 120 days for Accreditation and 90 days for CVO Certification under the July 2025 updates.

An organization that hired a nurse with a fraudulent diploma faces questions about its verification process. If the process relied on candidate-supplied documents or license-only checks, the gap is documented in the credentialing file. That file is the first thing reviewed in any adverse event investigation.

The governance liability extends beyond the compliance team. CEOs and board members carry accountability for ensuring that credentialing processes meet regulatory standards. A single fraudulent credential that results in patient harm creates regulatory and legal exposure for the organization, with reputational consequences that follow.

What a closed verification loop looks like

Closing the gap does not require a different philosophy. It requires executing the existing standard without the shortcuts that volume and time pressure create.

A complete primary source verification process for a nursing diploma starts with confirming the school's accreditation status at the time of graduation through the relevant accrediting body. The next step is contacting the school directly to verify enrollment and degree conferral. The NCLEX result is then cross-referenced through Nursys or the state board. Each verification is documented with a date stamp and source reference. Four distinct checks, each producing its own auditable record.

When this runs manually, each step involves phone calls, faxes, emails, and wait times that can stretch into weeks. Multiply that across every provider in the organization and the volume becomes the enemy of thoroughness.

Automated credentialing platforms close this gap. Credentially runs primary source verification as a structured workflow: each credential triggers a verification request to the issuing source, tracks the response, flags discrepancies, and closes the loop with a documented audit trail. Each verification produces a recorded exchange with the primary source, stored in the provider's credentialing file and available on demand for any audit or inspection.

For the specific vulnerability that Operation Nightingale exposed, automated PSV addresses the gap directly. The platform does not accept a candidate-supplied document as verified. It contacts the source. If the source does not respond, or if the response does not match the candidate's claim, the credential stays open. Nothing progresses until the verification closes.

Continuous monitoring catches what onboarding misses

Operation Nightingale unfolded over years. Some of the diplomas were issued as far back as 2016. Nurses hired with fraudulent credentials in 2017 or 2018 may have passed initial verification if the school was still operating and responding to inquiries at the time.

The fraud was uncovered by federal investigators, not by employer credentialing processes. That points to a second gap: what happens after the initial hire.

Continuous credential monitoring tracks changes to a provider's credential status throughout their employment. If a school loses accreditation or a license is suspended, continuous monitoring surfaces that change. Credentially's ongoing monitoring runs against state licensing boards and OIG exclusion lists, flagging status changes as they occur rather than waiting for the next recredentialing cycle. SAM.gov screening runs on the same automated schedule.

For organizations operating across multiple states, where a single provider may hold licenses in several jurisdictions through the Nurse Licensure Compact, this ongoing visibility is the difference between discovering a problem at the next scheduled review and discovering it when it happens.

What compliance leaders should take from this

Operation Nightingale is a federal enforcement action. The compliance question it raises is local. An organization's verification process either confirms credentials at the source or confirms receipt of a document. The distinction determines whether a credentialing file is evidence of verification or evidence of collection. Regulators, insurers, and plaintiff attorneys understand the difference.

Credentially was built for healthcare credentialing and compliance, and has been in continuous development since 2017. The platform's PSV workflow was designed around clinical credential types, including the specific verification steps that would have caught the fraudulent diplomas in this case. Primary source verification and continuous monitoring run as automated workflows within a single system, producing the audit-ready documentation that compliance teams need when surveyors or investigators ask how a provider was credentialed.

Seven thousand six hundred diplomas were fraudulent. The credentialing process at the point of hire was the control that should have prevented placement. Organizations reviewing their PSV process can request a walkthrough of how automated verification runs against the specific credential types involved in Operation Nightingale. Book a demo.

What is Operation Nightingale?

Operation Nightingale is a Department of Justice enforcement action targeting the sale of fraudulent nursing diplomas from Florida-based nursing schools. Phase I secured 30 criminal convictions in 2023. Phase II charged 12 additional defendants in September 2025. The scheme involved an estimated 7,600 fake diplomas, confirmed by HHS Office of Inspector General enforcement records.

What is primary source verification in healthcare credentialing?

Primary source verification means confirming a provider's credentials directly with the institution that issued them. For a nursing diploma, this means contacting the school to verify enrollment, clinical hours, and degree conferral, rather than accepting a candidate-supplied copy of the document.

Why did Operation Nightingale nurses pass credentialing checks?

Many hiring organizations verified the state nursing license without verifying the underlying education. Because the NCLEX exam and the state license were both legitimate, license-only verification did not catch the fraudulent diploma that enabled the license application.

How does automated primary source verification prevent credential fraud?

Automated PSV platforms contact the issuing institution directly, track the response, flag discrepancies, and maintain a documented audit trail. The credential does not clear until the source confirms it, removing the reliance on candidate-supplied documents that manual processes often default to under time pressure.