The National Committee for Quality Assurance (NCQA) has released updated standards for credentialing processes among payers for 2025. NCQA finalized these new guidelines in August 2024 after collecting nearly 1,500 comments from 65 organizations during the 6-week public commentary period on the proposed updates, along with feedback from industry experts.
The new standards raise the bar for credentialing processes, calling for decreased verification windows and increased monitoring in case of adverse actions, among other changes. The updates reflect NCQA’s commitment to patient safety, upholding high standards for oversight of credential eligibility throughout the entire provider lifecycle. Though these guidelines take effect on July 1, 2025, payers must act now to ensure they can ramp up their credentialing processes appropriately.
As payers prepare to meet the new standards, three areas will likely require the highest lift: monthly credential expiration tracking, reduced verification timelines, and increased ongoing monitoring requirements.
Monthly credential expiration tracking
Because credentialing typically works on a three-year cycle, naturally, some credentials will expire between cycles. The responsibility for credential expiration tracking has previously fallen to other departments, usually compliance, but the 2025 NCQA updates will bring credentialing into the fold as well.
The 2025 guidelines will require expiration date tracking on a monthly basis for every provider who requires credentialing. Note that this doesn’t call for monthly monitoring of all credential information—only monthly monitoring of the license expiration date, which most payers don’t have an infrastructure to support. And monitoring license expiration dates isn’t as simple as it may sound.
Since accountability for expiration tracking has historically lived outside of credentialing, payers have a limited amount of time to build a credentialing workflow that includes continuous visibility of expiration dates. Even payers who have a smooth process for ongoing monitoring elsewhere within their organization will need to prioritize updating and/or connecting workflows before the guidelines go into effect.
Reduced verification timelines
In a nod to the importance of data integrity, NCQA’s 2025 guideline updates will reduce verification timelines to ensure that payers are working with more current information. These timelines were originally set when manual credentialing was more common, but today, most payers rely on automation to access the information they need in far less time.
These updated guidelines reflect the dynamic nature of credentials. Now that automation speeds up access to credentialing data NCQA is acknowledging that meaningful changes to a credential, such as disciplinary action or exclusion, could occur before a credentialing packet is complete. Shorter verification timelines mitigate risk and protect patient safety, while also speeding up the time to credential providers so they can start treating patients and payers can start collecting revenue.
- For NCQA-accredited organizations—those that perform the full scope of credentialing services—the timeframe will decrease from 180 days to 120 days.
- For NCQA-certified organizations—CVOs that verify credentials via a primary source but don’t perform the entire credentialing process—the timeframe will decrease from 120 days to 90 days.
While creating the new guidelines, NCQA measured their existing customers’ ability to meet these reduced timeframes and found that most were already operating well within the existing standards. This is good news for payers since the transition will be relatively easy for those who have already embraced automation, though the shortened timeframes will leave less room for error. For those who haven’t automated their credential verification, now is the time to fast-track that initiative.
Increased ongoing monitoring requirements
In a move to provide greater visibility into providers’ eligibility status over time, NCQA’s 2025 guidelines will require ongoing monitoring of each enrolled provider on a monthly basis (at least every 30 days).
This step recognizes that much can happen between credentialing and recredentialing cycles, and the credentialing process should include a more holistic look at a provider’s ongoing eligibility. This requirement includes monthly monitoring for:
- Medicare and Medicaid exclusions
- Sanctions and disciplinary actions
- And the addition of SAM.gov as a primary source
NCQA has designed this requirement not just to encourage oversight, but to spur payers into action when they discover an adverse event. When ongoing monitoring uncovers an exclusion, sanction, or other disciplinary action, it should be reported either to the Credentialing Committee or to another designated peer-review body to ensure that action will be taken.
This may be quite an adjustment for payers who are used to the compliance department owning ongoing monitoring, but it signals a need for greater collaboration within payer organizations. The responsibility may ultimately lie elsewhere, but credentialing has to be accountable for determining a provider’s eligibility, too.
How payer organizations can prepare
While payers still have time to prepare for the higher standards, the clock is ticking. The process of credentialing and re-credentialing providers requires a massive dedication of payer resources including time, team members, and technology. These resources must be adjusted to account for NCQA’s updated requirements, which will require a heavy lift in terms of technology and infrastructure.
Not sure where to start? With nearly 15 years of experience in ongoing exclusion monitoring and credential verification, ProviderTrust is here to help payers meet the new NCQA standards. ProviderTrust’s NCQA-certified credentialing solution for payers goes above and beyond the new standards, reducing initial credentialing turnaround times by 97% and supplying ongoing visibility into your population’s eligibility to work.
