Modernizing Data Validation for HEDIS®: The Evolving Role of Primary Source Verification (PSV)

Moving confidence upstream to support scalable, digital quality measurement

What to Know

Data validation is moving upstream

Confidence in clinical data needs to be established earlier in the data lifecycle, not only at the point of audit.

“Fit-for-use” data is the foundation

NCQA is defining standardized data quality specifications to determine whether data are suitable for measurement, reporting and care. Data quality assessments aligned with these specification provide automated, scalable methods for assessing data quality.

Validation becomes continuous

Data quality can be assessed across the data lifecycle rather than verified at a single point in time.

The role of Primary Source Verification (PSV) is evolving

Beginning MY 2027, NCQA is transitioning away from PSV as a universal requirement for HEDIS health plan reporting while continuing to use it as a targeted, risk-based tool.

This is a data quality shift, not just an audit change

The result is more trustworthy data across reporting, analytics and care delivery.

Overview

Trusted data is the foundation of credible quality improvement—but traditional validation methods have not kept pace with today’s data environment. As clinical data is increasingly exchanged across interoperable networks and used across reporting, analytics, and clinical workflows, manual, retrospective approaches cannot support confidence at scale.

NCQA is advancing a more scalable approach by defining “fit-for-use” data and enabling its assessment through validation programs that support continuous monitoring across the data lifecycle. This shift is designed to reduce reporting burden and allow organizations to embed HEDIS data quality checks directly into the workflows that generate, exchange and use clinical data—rather than relying primarily on downstream verification.

How Trust Is Built in Data Today

Organizations build trust in their data through a combination of internal data quality checks and external validation. Many have established processes to assess completeness, accuracy, and consistency within their own systems.

However, there is not a universally applied, standardized set of specifications that defines whether data are fit-for-use for HEDIS, and internal data quality checks do not always incorporate HEDIS-specific requirements. As a result, data used for care management and reporting may still be missing, incomplete or implausible.

NCQA’s HEDIS® Compliance Audit™ and Data Aggregator Validation programs have served as the trusted mechanisms for validating supplemental data used in HEDIS health plan reporting — either at the point of audit or upstream through validated data streams. Both rely on PSV, a manual process used to confirm that data can be traced to its original source, such as an electronic health record or medical chart. While effective, PSV is labor-intensive and difficult to scale across large data volumes and complex, multi-system environments.

At the same time, federal interoperability initiatives and FHIR‑based data exchange are transforming how clinical data is accessed and shared. In this environment:

  • Manual chart review becomes increasingly burdensome.
  • Data increasingly flows through complex, multi‑system pipelines.
  • Validation must occur continuously, not only at audit time.

As data exchange evolves, so must the way trust is established. NCQA’s approach focuses on defining and assessing whether interoperable clinical data are fit for use for HEDIS —ensuring they are usable, stable and plausible—without relying solely on individual, chart-level verification.

Modernizing PSV: Moving Confidence Upstream

NCQA’s approach is to eliminate PSV as a universal requirement for HEDIS health plan one reporting and replace it with more scalable methods for assessing data quality across clinical data pipelines.

In this modernized model, confidence in data is established earlier in the data lifecycle, through standardized and repeatable validation mechanisms.

Within this framework, PSV’s role evolves to become:

  • Targeted, rather than universally applied.
  • Risk-based, used when data quality concerns are identified.
  • One component of a broader trust framework, rather than the primary mechanism.

The goal is not less rigor. It is rigor embedded where it does the most good—in the data itself, not only at audit.

This evolution preserves rigor while aligning validation with how data is actually exchanged and used today. NCQA’s approach is consistent with broader industry direction, including FHIR-based interoperability and emerging HL7 frameworks.

How to Engage and What’s Ahead

NCQA is actively working with industry stakeholders to test, refine and operationalize these approaches.

  • 1
    Participate in Data Quality Specifications Beta

    Organizations can begin implementing NCQA’s Data Quality Specifications to assess how fit‑for‑use criteria apply within their data environments.

  • 2
    Software Prevalidation Beta (Summer 2026)

    Software vendors can participate in a Beta prevalidation program to demonstrate correct implementation of data quality checks and help refine the methodology.

  • 3
    Health Plan Convening

    NCQA will convene health plans to gather input and help shape the future roadmap for data validation and the evolution of PSV.

  • 4
    Roadmap Publication (Fall 2026)

    NCQA will publish a roadmap outlining the transition to more scalable validation approaches, including criteria and expectations for organizations.

  • 5
    Transition Beginning MY 2027

    NCQA intends to transition away from PSV as a universal requirement for HEDIS® health plan reporting beginning in Measurement Year 2027 for organizations that meet the criteria defined in the roadmap.

Frequently Asked Questions

Is Primary Source Verification (PSV) going away today?

No. PSV remains an important part of HEDIS® data validation today.  Beginning MY 2027, NCQA is transitioning away from PSV as a universal requirement for HEDIS health plan reporting, for organizations that meet defined criteria. Until then, existing validation and audit processes remain in place. Over time, PSV is expected to evolve into a more targeted, risk-based method used when additional verification is needed.

How will I know if my organization can transition away from PSV?

NCQA will publish a roadmap this fall outlining the criteria, expectations, and approaches to support this transition. Beta testing and industry convenings will play a critical role in shaping that guidance. These efforts are designed to maintain the integrity of HEDIS results while strengthening confidence in the data used for measurement.

How can my organization get involved in shaping these approaches?

Organizations can participate in several ways:

  • Implement NCQA’s Data Quality Specifications as part of the beta program.
  • Participate in the software prevalidation beta (for technology vendors).
  • Join the NCQA convening to help shape the roadmap and future validation framework (for health plans).

Broad participation is critical to ensuring these approaches are practical, scalable, and effective across the ecosystem.

What does this mean for the HEDIS audit process overall?

The HEDIS Compliance Audit remains a critical component of ensuring the integrity, comparability and trustworthiness of reported results. As data validation approaches evolve, the audit is expected to incorporate more standardized and automated methods, reducing reliance on manual processes like PSV while maintaining rigorous oversight.