Menu

FAQ Directory: Credentials Verification Organization

Filter Results
  • Save
  • Email
  • Print
expand all

8.15.2024 Retroactive Changes to System Controls Standards NCQA posted a memo with changes to the NCQA Accreditation Standards for the 2024 and 2025 Standards Years indicating that organizations are no longer required to describe their process for system controls monitoring or their auditing methodology in their policies and procedures (e.g., UM 12, Element A, factor 7 in HPA is scored NA). Does this mean organizations are no longer required to monitor their UM and CR system controls as required in the oversight elements (e.g., UM 12, Element B in HPA)?

No. Organizations are still required to monitor for system controls. The NA for the system controls policies and procedures requirement (e.g., UM 12, Element A, factor 7, in Health Plan Accreditation) does not affect an organization’s ability to meet the corresponding system controls monitoring requirement (e.g., UM 12, Element B in Health Plan Accreditation); it means the organization is not required to describe the monitoring process in its policies and procedures, but must monitor that its systems are protecting data from unauthorized modifications. Also, as noted in “Related information” in the monitoring requirements (e.g., UM 12, Element B in Health Plan Accreditation), NCQA only reviews specific components for monitoring (e.g., for UM, NCQA reviews that the organization monitored receipt and notification dates).

Note: The referenced memo is on the NCQA website at https://www.ncqa.org/wp-content/uploads/2025-Retroactive-Changes-Memo_Final.pdf. It applies to the 2024/2025 standards year only; no exceptions (NA scores or other changes) will be made for the 2023 or prior standards years. Surveys conducted on standards prior to 2024 standards will be reviewed and scored accordingly; any corrective actions issued prior to the 2024 standards still apply

CVO 2024

11.15.2023 CVO: Using SAM.gov for Medicare/Medicaid Sanctions Is SAM.gov an acceptable source for verifying Medicare and Medicaid sanctions?

Yes. Organizations may use SAM.gov to verify Medicare and Medicaid sanctions for CVO 11, Element A and CVO 14, Element C.

CVO 2022

10.16.2023 CAQH Application: Illegal drug use question (CVO) Does the CAQH application question about lack of current illegal drug use meet the intent of NCQA’s requirement in CVO 12, Element A, factor 2 and CVO 13, Element A, factor 2?

Yes, the following CAQH question meets the intent of the requirement in  CVO 12, Element A, factor 2 and CVO 13, Element A, factor 2:

Are you currently engaged in the illegal use of drugs?* ("Currently" means sufficiently recent to justify a reasonable belief that the use of drugs may have an ongoing impact on one's ability to practice medicine. It is not limited to the day of, or within a matter of days or weeks before the date of application, rather that it has occurred recently enough to indicate the individual is actively engaged in such conduct. "Illegal use of drugs" refers to drugs whose possession or distribution is unlawful under the Controlled Substances Act, 21 U.S.C. § 812.22. It "does not include the use of a drug taken under supervision by a licensed health care professional, or other uses authorized by the Controlled Substances Act or other provision of Federal law." The term does include, however, the unlawful use of prescription controlled substances.)"

CAQH provides additional information regarding what "currently" means that aligns with language in the explanation of CVO 12, Element A, factor 2 and CVO 13, Element A, factor 2 that the organization may use more general or extensive language to query practitioners about impairment.

CVO 2022

10.16.2023 Credentialing application question about present illegal drug use (CVO) Would the following question on a credentialing application meet the intent of CVO 12, Element A, factor 2 and CVO 13, Element A, factor 2? “Are you currently using illegal drugs that could affect your ability to practice medicine?”

Yes. NCQA uses language in the Explanation that organizations may use more general or extensive language to query practitioners about impairment.

Note: This question was previously posted on August 15, 2023 and reevaluated by NCQA. This FAQ answer replaces the previously posted response.

CVO 2022

8.15.2023 Lack of present illegal drug use Does NCQA require practitioners to attest to their lack of present and past illegal drug use?

NCQA requires practitioners to attest to their lack of present illegal drug use, but not to past drug use or history of drug use.

Organizations are not required to refer exclusively to the present; therefore, an organization may choose to ask about both present and past drug use.

CVO 2024

7.17.2023 CVO: Use of software to collect credentialing information (API) May an organization use an application program interface (API) that retrieves data directly from a primary or approved source, even though it is not a web crawler?

Yes. Organizations may use an API to access data from a primary or approved source, and must provide documentation that the API collects information only from primary or approved sources.

Organizations that use an API must still meet the “Appropriate documentation” requirements in CVO 1, Element A, including documentation that the organization's staff reviewed the information.

As noted in an FAQ from February 15, 2023, use of another entity’s software to collect credentialing information is not considered delegation unless the entity also reviews the information on the organization’s behalf.

CVO 2024

6.15.2023 Use of a Delegate's Self-Service Portal for Delegation Reporting Is it acceptable for organizations to pull reports from a delegate’s system for the delegation agreement reporting requirement?

Yes, if the delegation agreement addresses the required information in the Explanation. The delegation agreement must specify:

  • How often the organization accesses the reports (i.e., must be at least semiannually). The frequency must be specified. Stating “on demand” or “as needed” does not meet the requirement.
  • What information is reported by the delegate in the delegate's system about the delegated activities.
  • How the organization will access the delegate’s system, and to whom information is reported (i.e., to appropriate committees or individuals in the organization).

CVO 2023

5.15.2023 Definition of Annual Does NCQA’s definition of “annual” allow for a 2-month grace period?

As noted in the Glossary appendix, NCQA’s long-standing definition of “annual” is 12 months plus a 2-month grace period (12–14 months). “Grace period” refers to allowing organizations to complete an activity after it is due and not before it is due.

CVO 2023

2.15.2023 Use of software to collect credentialing information Is it considered delegation if an organization uses software to only collect credentialing information?

No. The use of another entity’s software to collect credentialing information is not considered delegation unless the other entity also reviews the information on the organization's behalf. NCQA standards allow organizations to use software to collect credentialing information from approved sources, as long as organization staff document that the information was reviewed and verified.

CVO 2023

9.15.2022 Use of expired board certification to verify education and training Can an expired board certification be used to verify education and training?

Yes. Because the board would have primary-source verified education and training before awarding certification, NCQA allows organizations to use expired board certifications to meet the requirements. Education and training information does not change even if board certification expires.

CVO 2022

9.15.2022 Use of NSC to verify education and training Can the National Student Clearinghouse be used to verify education and training?

Although the National Student Clearinghouse (NSC) is not an approved source for primary source verification, NCQA allows verification of credentials through an agent of an approved source. NSC can serve as an agent for some institutions. 

Before using NSC, the organization must obtain documentation of a contractual relationship between it and the approved source (institutions that work with NSC). The contractual relationship must entitle the agent to provide verification of credentials on behalf of the approved source. 

CVO 2022

9.15.2022 Electronic signatures Are electronic signatures (e.g., DocuSign) acceptable?

Yes, if there is a unique electronic signature or identifier and if the organization can demonstrate that the signature/identifier can only be entered by the signatory. NCQA reviews organizations’ security and login policies and procedures to confirm that the signature/identifier can only be entered by the signatory.

CVO 2022