Blog

Your Providers Were Screened 90 Days Ago. Under the New NCQA Standards, That Gap Is Already a Compliance Failure.

A 90-day gap is no longer acceptable

Until July 2025, quarterly screening against the OIG List of Excluded Individuals and Entities and SAM.gov was standard practice for most credentialing teams. NCQA's updated credentialing standards changed that. Monthly screening is now the baseline. Organizations still running quarterly checks are already out of compliance.

A health system with 2,000 credentialed providers now needs to run and document 24,000 individual screening events per year, up from 8,000. For credentialing teams already stretched thin, this is not a minor adjustment. It is a structural change to how monitoring gets done.

NCQA also tightened primary source verification windows and restructured the relationship between Credentialing Accreditation and CVO Certification. New data collection requirements apply to every application template. The operational consequences compound across the full credentialing cycle.

What changed in the NCQA 2025 credentialing standards

Here is a full accounting of the changes that took effect in July 2025 and are now fully operative. NCQA published corrections and clarifications in November 2025, so this reflects the current state as of early 2026.

Monthly OIG and SAM.gov screening

The screening interval moved from every 90 days to every 30 days. Every credentialed provider must be checked against the OIG LEIE database and the SAM.gov exclusion records monthly. The requirement applies to both Credentialing Accreditation and CVO Certification programs.

The civil monetary penalty for employing or contracting with an excluded individual is up to $25,595 per item or service claimed to a federal healthcare program. That figure was updated in January 2026 by the OIG and applies per line item, not per provider. A single excluded provider billing 40 services in a month creates potential liability exceeding $1 million.

Shortened PSV windows

Primary source verification windows tightened by a third across both programs:

  • Credentialing Accreditation: 180 days reduced to 120 days
  • CVO Certification: 120 days reduced to 90 days

A verification completed on day one of a credentialing cycle now expires faster. For large provider rosters, this compresses the window in which completed verifications remain valid, which means more verifications will need to be re-run before committee review if the cycle takes longer than expected.

The practical effect: credentialing teams that previously had comfortable margins now have almost none. A missing reference letter can push a verification past its window. A slow state board response can force a restart. Any single bottleneck in the workflow creates that risk.

Program consolidation

NCQA is merging Credentialing Accreditation and CVO Certification into a single unified program. Organizations holding both will need to understand how the consolidated requirements map to their existing workflows.

The merger also introduces a new Interim Survey option. This provides a structured path to full Credentialing Accreditation within 18 months, which lowers the entry barrier for organizations that have not previously pursued NCQA accreditation.

Expanded peer review sharing

Credentialing findings must now be shared beyond the credentialing committee to a designated peer-review body. The standard requires a defined process for routing findings that have clinical quality implications. Credentialing teams need a documented workflow showing how findings move from credentialing review to peer review, with audit-ready records of each step.

New demographic data fields

Applications must now include fields for race, ethnicity, and language. Completion is voluntary for providers, but the fields must be present on the application. This is a straightforward form update, but it affects every application template and any automated application workflow.

The compliance team's new monthly workload

The monthly screening mandate is the change with the most immediate operational weight. Here is what compliance teams need to evaluate.

Volume and documentation

Monthly screening triples the number of screening events compared to quarterly. Each screening must be documented with the date run, source checked, result, and any follow-up action. If your current process involves downloading the OIG LEIE database, running a manual match against your provider roster, and filing the results, that process now runs twelve times a year instead of four.

For CVOs managing credentials on behalf of multiple health plans or health systems, the volume multiplies again. A CVO managing 5,000 providers across three clients runs 180,000 documented screening events annually.

Response protocols

A positive match on an OIG or SAM screen requires immediate action. The provider must be removed from billing federal programs while the match is investigated. False positives happen. Names match, but NPIs or dates of birth do not. Your screening process needs a documented protocol covering how matches are verified, how findings escalate to legal or compliance leadership, and how the credentialing committee and designated peer-review body are notified. Each step should produce an auditable record.

Audit trail integrity

NCQA surveyors will look for evidence that monthly screening is happening on schedule and that results are being reviewed, acted on, and documented. A gap month is visible. A batch of twelve screenings run in the week before a survey looks exactly like what it is.

Connecting screening to the full credentialing lifecycle

Monthly screening is not a standalone task. It sits within a broader credentialing lifecycle that now has tighter tolerances at every stage. Shortened PSV windows and expanded peer review requirements compound the pressure: initial verifications must move faster, and findings must flow through additional governance steps before they reach their new destination at the designated peer-review body. On top of that, teams managing both Accreditation and CVO Certification need to reconcile their workflows under the consolidated program structure.

Manual processes handled quarterly screening adequately for most organizations. Monthly screening at the volumes required, combined with compressed verification windows and stricter documentation standards, is a fundamentally different operational problem. At these volumes, manual processes will miss a month or misfile a result. Automation is an operational requirement, not an efficiency preference.

Credentially approaches this as a platform that handles the full credentialing lifecycle in a single system. Automated screening runs against OIG and SAM.gov databases on a configurable schedule, with each check producing a timestamped audit trail. Positive matches are flagged for immediate review. When a credential verification is completed, the platform tracks its validity window and alerts the compliance team before it expires, whether that window is 120 days or 90.

The upstream credentialing workflow runs in the same system: primary source verification, license validation, reference collection, and committee-ready file assembly. When a screening finding needs to move from the credentialing committee to a peer-review body, the workflow routes it with a documented handoff. The audit trail a surveyor needs is already assembled because every step was recorded in one place.

Credentially has been building for healthcare credentialing and compliance since 2017, and the platform's monitoring capabilities have been shaped by the operational realities that compliance teams actually face during survey preparation and day-to-day credential management.

Across its UK customer base, the platform has reduced compliance administration by 68%. The same automation capabilities are configured for US regulatory requirements, including the monthly OIG and SAM screening this article describes. The practical result is that compliance teams spend less time on manual screening and documentation, and more time on investigating matches, managing escalations, and preparing for the judgment calls that positive findings require.

An operational checklist for compliance teams

Use this as a starting point for evaluating your current state against the updated NCQA requirements:

  • Screening frequency: confirm monthly OIG LEIE and SAM.gov checks are scheduled and running for every credentialed provider
  • Documentation standard: each screening event records date, source, result, reviewer, and any follow-up action
  • PSV window compliance: verify that all primary source verifications fall within the new 120-day (Accreditation) or 90-day (CVO) windows at the time of committee review
  • Peer review routing: establish a documented workflow for sharing credentialing findings with the designated peer-review body
  • Application templates: add race, ethnicity, and language fields (voluntary for providers) to all credentialing applications
  • Match response protocol: document the process for investigating positive OIG/SAM matches, including verification steps, escalation path, billing removal, and notification requirements
  • Program consolidation readiness: map your current Credentialing Accreditation and CVO Certification workflows to the unified program structure

The November 2025 corrections and clarifications from NCQA addressed specific interpretation questions from the field. Review those corrections against your current compliance documentation to confirm alignment.

To see how Credentially automates monthly screening and audit trail assembly for US credentialing teams, request a compliance walkthrough. Book a demo.

How often must OIG and SAM screening be performed under the updated NCQA standards?

Every 30 days. The previous quarterly (90-day) interval no longer meets NCQA credentialing requirements. This applies to both Credentialing Accreditation and CVO Certification programs.

What is the civil monetary penalty for employing an excluded provider?

Up to $25,595 per item or service claimed to a federal healthcare program while the excluded individual is employed or under contract. This figure was updated by the OIG in January 2026.

How much did the PSV verification window change?

The primary source verification window shortened by approximately one third. Credentialing Accreditation moved from 180 days to 120 days. CVO Certification moved from 120 days to 90 days.

What is the new Interim Survey option?

NCQA introduced an Interim Survey as a structured entry point for organizations pursuing Credentialing Accreditation. It provides a glidepath to full accreditation within 18 months.

Do credentialing applications need to collect demographic data now?

Applications must include fields for race, ethnicity, and language. Providers complete these fields voluntarily. The fields must be present on the application form regardless.

Your Providers Were Screened 90 Days Ago. Under the New NCQA Standards, That Gap Is Already a Compliance Failure.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
UK: +44 (0) 330 818 2414US: +1 (254) 877 9814sales@credentially.iosupport@credentially.io

UK: 52 Grosvenor Gardens, 1st Floor, London SW1W 0AU

USA: 98 Cutter Mill Rd, STE 466, Great Neck NY 11021

AboutCareers
Api docsHelp CentreStatus
SecurityTerms of UseTerms and ConditionsData Processing
Agreement
ISO
GDPR
UK: +44 (0) 330 818 2414US: +1 (254) 877 9814sales@credentially.iosupport@credentially.io

UK: 52 Grosvenor Gardens, 1st Floor, London SW1W 0AU

USA: 98 Cutter Mill Rd, STE 466, Great Neck NY 11021

AboutCareers
Api docsHelp CentreStatus
SecurityTerms of UseTerms and ConditionsData Processing
Agreement
ISO
GDPR