NCQA Credentialing Standards 2025–2026: What Is New and How to Stay Compliant

As of July 1, 2025, NCQA updated its credentialing standards, which are currently undergoing active audits. If your credentialing program has not been updated to reflect the new PSV timelines, monitoring requirements, and documentation standards, you risk failing your next NCQA review. Organizations undergoing their 2026 review cycles are failing surveys due to these new requirements.

Changes to the Update

The new update represents the most significant revision to credentialing standards in a long time. These changes reflect the reality that technology has enabled faster verification and that the regulatory environment requires more near-real-time data. Here are the key changes every credentialing team needs to implement.

1. Shortened Primary Source Verification (PSV) Windows

Organizations that relied on the previous 180-day window to manage credentialing backlogs must now comply with the shorter deadline.

What this means operationally: If your credentialing team was managing a backlog by timing PSV completion near the end of the previous 180-day window, you may have lost a significant buffer. For organizations doing manual PSV, a 90-day window is aggressive. Automated PSV, which completes in minutes rather than days, is now a practical necessity for CVO certification, not just an efficiency improvement.

2. Monthly Exclusion Monitoring Is Now Mandatory

Providers should be checked each month to confirm they are not on any Medicare or Medicaid exclusion lists, and their licenses should be kept current with no gaps. This isn’t limited to initial credentialing — it’s an ongoing responsibility between credentialing cycles as well. Every month, run screenings against the OIG exclusion list, SAM.gov, and any applicable state Medicaid exclusion databases, and keep track of license expiration dates as they approach. If an issue comes up in the interim, it should be reviewed and documented through the peer review process.

3. Single Credentialing Program Consolidation

Credentialing, Accreditation, and CVO Certification have been rolled into a single Credentialing program. Organizations can now choose to certify specific functions — such as credentialing itself or license-to-practice verification — or pursue full accreditation. While this offers more flexibility, it also means you’ll need to be clear about which type of certification fits the work your organization is doing.

4. Practitioner Demographic Data Collection

NCQA introduced expanded requirements for collecting practitioner demographic data — race, ethnicity, languages spoken, and other equity-relevant information — as part of broader health equity initiatives. While not required for credentialing decisions, it is increasingly part of accreditation evaluations and will grow in importance in subsequent standards updates.

Accreditation vs. Certification: The Distinction That Matters for Vendor Selection

If you are evaluating a credentialing vendor, this is the most important distinction to understand:

• CVO Certification is for organizations that perform primary source verification on behalf of others. It covers up to 11 evaluation elements. Health plans using an NCQA-certified CVO can receive automatic credit for that CVO's work — reducing your audit scope and accelerating delegation agreements.
• Credentialing Accreditation is for organizations with full oversight of the credentialing process, including a credentialing committee that approves providers for the network. Most health plans and health systems pursue Accreditation for their internal programs.

Vendor due diligence note. When evaluating a CVO, do not accept "NCQA certified" at face value. Certification covers up to 11 evaluation elements — but not every certified CVO is certified for all of them. Ask specifically: which elements are your certification verified for? Then check the NCQA Report Card directly. Fewer than 100 organizations hold NCQA CVO Certification. CertifyOS holds certification across all 11 elements.

Compliance Checklist

Use this checklist to identify gaps in your credentialing processes before they surface during an NCQA audit.

• PSV timeline audit. After the application is submitted, you’re on the clock — 90 days to wrap up PSVs for certification, or 120 days for accreditation.
• Monthly monitoring operational. Verify that OIG, SAM.gov, and state Medicaid exclusion checks are running monthly — not quarterly or at recredentialing cycles only.
• Monitoring documentation. Every monthly exclusion check needs to be documented with a date. NCQA auditors aren’t looking for spreadsheets — they want proper timestamped logs.
• CVO vendor scope confirmed. If you delegate any credentialing to a third-party CVO, verify their NCQA certification covers the relevant elements. It is better to request the current excerpt from their NCQA Report Card.
• Recredentialing cycles updated. NCQA requires recredentialing every 36 months from the last approval date — exactly 36 months, not approximately. Audit your upcoming cycle dates and confirm that the 90–120-day advance start is built in.
• Attestation currency. Provider attestation must be completed within 180 days of the credentialing committee decision. Review your attestation dates for any providers who are due for recredentialing.
• Demographic data collection. Begin collecting practitioner race, ethnicity, and language data as part of your credentialing application, even if it is not yet scored in your current accreditation cycle.

How CertifyOS Addresses the 2025–2026 NCQA Standards

CertifyOS holds NCQA CVO Certification across all 11 credentialing evaluation elements — one of fewer than 100 organizations with this designation. Here's how our platform specifically addresses each major 2025 standards update.

• Automated PSV in minutes, not days. 600+ direct primary source integrations complete verifications automatically. 90%+ of PSV elements complete without manual intervention — well within the 90-day Certification window.
• Monthly monitoring — automated. OIG, SAM.gov, state Medicaid, and license status checks run continuously. Monthly monitoring runs automatically, and your team receives alerts when something changes; this is not a monthly task to run manually.
• Audit-ready timestamped logs. Every PSV, exclusion check, and monitoring event is logged with source, timestamp, and result. Your NCQA audit file is continuously built. There is no scrambling when the auditor calls.
• NCQA-compliant committee workflow. Virtual credentialing committee with NPDB integration, peer-review routing, and decision documentation built in. Every committee action is logged and audit-ready.
• Recredentialing cycle tracking. Automated 36-month cycle tracking with advanced alerts at 120 and 90 days. No provider misses a deadline between cycles.
• Auto-credit for delegating health plans. Health plans that use CertifyOS as their CVO can receive automatic NCQA credit, thereby directly reducing your accreditation audit scope.

Are You Ready to Assess Your NCQA Compliance Posture?

CertifyOS offers a complimentary NCQA compliance gap assessment for health plans and health systems preparing for their 2026 accreditation review. We will map your current process against the July 2025 standards and identify specific gaps. There will be no sales pitch! Request your assessment today.