NCQA standards are the quality and credentialing rules that accredit US health plans and verify provider qualifications. This 2026 guide breaks down health plan accreditation, the July 2025 credentialing overhaul that cut verification windows and added monthly monitoring, HEDIS measures, the new star ratings, and the step-by-step survey process to get accredited.

Set by the National Committee for Quality Assurance, NCQA standards are the benchmarks a health plan or credentialing organization must meet to earn accreditation or certification. They govern how plans manage quality, networks, utilization, and member rights, and how organizations verify and monitor the providers in their networks.

Key Points to Know

  • NCQA is a private, non-profit organization founded in 1990. It is not a federal agency, and its accreditation is voluntary, though many states and payers now require it.
  • Health Plan Accreditation is a 3-year credential scored across 7 standards categories and built on HEDIS and CAHPS performance data.
  • The biggest recent change landed July 1, 2025: NCQA cut the primary source verification window from 180 days to 120 days for Credentialing Accreditation and 90 days for Credentialing Certification.
  • Providers must be recredentialed every 36 months from the last approval date, on a fixed documented cycle, with monthly checks of OIG, SAM.gov, the NPDB, and state licenses.
  • HEDIS has more than 90 measures across 6 domains, and more than 235 million people are enrolled in plans that report HEDIS results.
  • NCQA scrapped its old accreditation tiers in 2025 for a 0-to-5 star Health Plan Rating. Eleven plans earned a 5-star rating that year.

NCQA standards are the closest thing US managed care has to a shared rulebook. If you run a health plan or a credentialing operation, the July 2025 credentialing update is the part that bites first, because the shorter verification windows and monthly monitoring break workflows built around the old 180-day rule. In our experience helping providers get credentialed and enrolled across all 50 states, the organizations that pass cleanly treat the 36-month recredentialing clock as a fixed calendar, not a rough estimate.

What NCQA standards are, and who must follow them

NCQA standards are written rules for how a health plan or credentialing organization should run its quality, network, and credentialing functions. The National Committee for Quality Assurance (NCQA) publishes them, updates them on a set schedule, and checks performance against them during a survey.

Here is the first thing people get wrong. NCQA is a private, independent non-profit, founded in 1990. It is not part of the government. So when you read about “NCQA guidelines,” that is a private standard-setter at work, not a federal law. The distinction matters, because compliance decisions sometimes hinge on whether a rule is statute, an interstate agreement, or a voluntary standard.

Voluntary does not mean optional in practice. Many state Medicaid programs require NCQA accreditation for the managed care plans they contract with. The federal Centers for Medicare & Medicaid Services grants NCQA deeming authority for parts of Medicare Advantage. And most large commercial payers expect it. The result: a private credential ends up working like a license to do business in managed care.

By the numbers: NCQA calls itself the largest accreditor of health plans in the country. More than 235 million people are in plans that report HEDIS results, the performance data that feeds its accreditation scores.

NCQA has been at this since the early 1990s. It started by measuring and accrediting health plans, ran its first public report-card pilot in 1995, and built HEDIS into the scorecard purchasers now expect. Since 2008, the measures have also been applied at the provider and practice level. That long track record is part of why a private credential carries the weight it does.

NCQA accreditation is voluntary on paper. In contracting, it behaves like a requirement.

The NCQA accreditation and certification programs

NCQA runs more than one program, and the standards differ by program. Most people mean one of two things when they say “NCQA standards”: the Health Plan Accreditation framework, or the Credentialing standards. The table below maps the programs that come up most often in licensing and credentialing work.

ProgramWhat it evaluatesWho it is for
Health Plan Accreditation (HPA)Quality, network, utilization management, credentialing, member rights, scored with HEDIS and CAHPSHMOs, PPOs, POS, EPO plans, Medicaid and Exchange plans
Credentialing AccreditationFull-scope credentialing: policies, committee, verification, recredentialing, monitoringOrganizations that run their own credentialing program
Credentialing Certification (former CVO Certification)Primary source verification onlyCredentials verification organizations (CVOs) that verify for others
Health Equity AccreditationCulture, data collection, language services, reducing disparitiesPlans and organizations, often as a supplement to HPA
Patient-Centered Medical Home (PCMH) RecognitionTeam-based primary care, access, care coordinationPrimary care practices and clinicians
Utilization Management and Case ManagementHow coverage decisions and care management are runPlans and delegated vendors

One 2025 change is worth flagging here. NCQA folded the old standalone CVO Certification into a single Credentialing program with two tracks. Organizations now choose full Accreditation for a complete credentialing operation, or Certification for verification-only services such as a CVO. If you hire a vendor, the track they hold tells you exactly what they are certified to do.

Why NCQA accreditation matters

Accreditation is more than a badge on a website. It is the credential that lets a plan or a credentialing organization win contracts, satisfy regulators, and skip duplicative audits. For organizations in managed care, that combination is hard to replace.

The payoffs are concrete. Many state Medicaid agencies will only contract with accredited plans. CMS recognizes NCQA for parts of Medicare Advantage. Commercial purchasers and employers read the star ratings before they buy. For a credentials verification organization, NCQA certification is often the difference between landing a health-plan client and getting passed over, because a delegating plan can rely on that certification to shrink its own audit scope.

There is a patient-safety case too. A documented, repeatable credentialing process catches a revoked license or a fresh sanction before a provider ever sees a member. That is the point of the standards: turn provider vetting into something consistent and auditable instead of ad hoc.

The NCQA standards behind Health Plan Accreditation

Health Plan Accreditation is a three-year credential, and it is the only program in the industry that bases results on both clinical performance and consumer experience. Plans are measured against seven standards categories, then graded with HEDIS and CAHPS data on top of the structural review.

For surveys running July 1, 2025 through June 30, 2026, the standards categories are:

  1. Quality Management and Improvement
  2. Population Health Management
  3. Network Management
  4. Utilization Management
  5. Credentialing and Recredentialing
  6. Members’ Rights and Responsibilities
  7. Member Connections

Medicaid plans carry an extra category for Medicaid benefits and services. NCQA also broke Population Health Management and Network Management out into their own categories in the 2025 standards, and moved care coordination into the quality standards.

It helps to know what each category actually checks. Quality Management and Improvement looks at how a plan finds problems in care and fixes them. Network Management covers whether members can reach the right providers without unreasonable travel or wait times. Utilization Management governs how coverage decisions get made, including who reviews a denial and how fast an appeal moves. Population Health Management asks whether the plan sorts its members by need and runs programs that match. Credentialing and Recredentialing folds in the same provider-vetting rules covered later in this guide. Together these categories decide whether a plan earns the structural points that sit underneath its star rating.

The grading itself changed too. In 2025, NCQA retired the old word-based tiers, Excellent, Commendable, Accredited, and Provisional, and moved to a 0-to-5 star Health Plan Rating. Accreditation status now adds bonus points to a plan’s rating rather than producing a separate label.

Watch out: older guides still describe NCQA Health Plan Accreditation as “six categories” with fixed percentage weights like 40% for quality. That structure is out of date. The current framework uses seven categories (eight for Medicaid) and a star-based rating, so do not build a gap analysis off the old breakdown.

NCQA credentialing standards: what changed in July 2025

NCQA credentialing standards define how an organization confirms a practitioner is qualified, what it must verify, and how it documents those decisions. The July 2025 update was the biggest revision in years, and it is already showing up in surveys. Run the old rules and you risk a deficiency.

Here is what actually changed, in plain terms:

  • Shorter verification windows. Primary source verification must now be completed within 120 days before the committee decision for Credentialing Accreditation, and 90 days for Credentialing Certification. The old limit was 180 days.
  • Monthly monitoring, not annual. Organizations must check exclusion lists every month against the OIG List of Excluded Individuals and Entities, SAM.gov, the NPDB, and applicable state boards, with documented escalation to a peer-review body when something turns up.
  • A fixed 36-month recredentialing clock. Recredentialing is due every 36 months from the last approval date. Not “about three years.” The process should start 90 to 120 days ahead.
  • A tighter notification window. Credentialing decisions must be communicated within 30 calendar days.
  • Demographic data collection. Applications now include voluntary fields for practitioner race, ethnicity, and languages spoken, paired with a clear non-discrimination statement.
  • A new information-integrity standard. Organizations must run an annual audit of their credentialing data and access controls, and train staff on data integrity each year.
Bar chart showing the NCQA primary source verification window shrinking from 180 days under the old rule to 120 days for Credentialing Accreditation and 90 days for Credentialing Certification after the July 2025 NCQA standards update
Source: NCQA Credentialing standards, effective July 1, 2025

NCQA grandfathered files credentialed or recredentialed before July 1, 2025, so those still follow the old timelines until the next cycle. New and renewing files follow the new ones.

Checklist, a quick credentialing-compliance pass for 2026:

  • Confirm every PSV is completed inside the 120-day (or 90-day) window before committee review.
  • Move exclusion and license checks to a monthly cadence with a documented escalation path.
  • Map each provider’s 36-month recredentialing date and start 90 to 120 days early.
  • Update application forms with the demographic fields and non-discrimination statement.
  • Schedule the annual information-integrity audit and staff training.

Real scenario: a regional health plan in Columbus carried a comfortable backlog under the 180-day rule. Files verified in March, committee in August, no problem. Under the 120-day window, that same file expires before review, so the plan has to re-verify and reschedule. The fix is rarely more staff. It is moving verification closer to the committee date and tracking the clock per file.

What NCQA verifies: primary source verification

Credentialing lives or dies on primary source verification, which means confirming a credential with the source that issued it rather than taking the applicant’s word for it. NCQA names the acceptable source for each element. Secondary copies and prior-cycle verifications do not meet the standard.

ElementWhat is checkedPrimary source
LicenseA valid, active license at the time of reviewThe state medical or nursing board
DEA or CDS registrationAuthority to prescribe in each state of practiceThe DEA, plus state controlled-substance registries
Education and trainingHighest level: medical school, residency, fellowshipThe school, program, or board certification
Board certificationVerified when the practitioner claims itABMS or the specialty board
Work historyAt least five years, gaps over six months explainedThe application and attestation
Malpractice historyUp to five years of claims and settlementsThe National Practitioner Data Bank (NPDB)
Sanctions and exclusionsState, Medicare, and Medicaid actionsNPDB, OIG LEIE, and SAM.gov

The provider’s attestation also has a clock. It must be current within 180 days of the credentialing committee decision, and it has to confirm the basics: ability to perform the role, no current substance use that impairs practice, disclosure of any license loss or felony, and active malpractice coverage. The malpractice history check pulls from the NPDB, and a single reported claim is rarely disqualifying on its own; what the committee weighs is the pattern. Our explainer on how medical malpractice records work covers what actually lands in the data bank.

Timeline graphic showing the NCQA recredentialing cycle as a fixed 36-month clock, with ongoing monthly monitoring throughout, recredentialing started 90 to 120 days before the deadline, and the file completed by month 36
Source: NCQA Credentialing standards (recredentialing every 36 months from last approval)

Verification is only half the job. A credentialing committee of practicing peers reviews each file and makes the approval decision, and NCQA expects that committee to apply consistent criteria rather than rubber-stamp whatever the verification team assembles. A clean file can move through a streamlined medical-director review, but anything with a malpractice pattern, a board action, or an unexplained work-history gap has to go to the full committee. The standard wants a documented rationale for every approval and every denial, not just a signature.

Between cycles, the plan cannot go quiet. The 2025 monthly monitoring rule means checking each provider against the exclusion lists, the NPDB, and state license data every 30 days, and many organizations now enroll their practitioners in NPDB Continuous Query so a new report surfaces the day it is filed. When a check turns up a sanction or a lapsed license, the standard requires a documented review and, where warranted, escalation to the peer-review body. Catching a problem in month four instead of month thirty-six is the whole reason the rule exists.

Pro tip: a complete, current CAQH profile does most of this work for you. CAQH ProView meets the data-collection requirements of NCQA, URAC, and The Joint Commission, and most plans pull from it for both initial credentialing and recredentialing. Keeping it attested and clean is the single cheapest way to speed a file. For the full picture on timing, see our breakdown of provider enrollment and credentialing timeframes.

HEDIS measures and how they connect to NCQA standards

HEDIS is the performance data that turns NCQA accreditation from a paperwork review into a results-based grade. The Healthcare Effectiveness Data and Information Set (HEDIS) is a standardized set of measures NCQA owns and updates every year, and it lets purchasers compare one plan against another on the same yardstick.

HEDIS includes more than 90 measures across six domains of care: effectiveness of care, access and availability, experience of care, utilization and risk-adjusted utilization, health plan descriptive information, and measures reported through electronic clinical data systems. Roughly 90% of US health plans use it, and an NCQA-approved auditor must validate the results before they are reported publicly.

Infographic of HEDIS at a glance showing more than 90 HEDIS measures, 6 domains of care, more than 235 million people in HEDIS-reporting plans, and roughly 90 percent of US health plans using HEDIS
Source: NCQA HEDIS program; AHRQ

The set is not static. For Measurement Year 2025, NCQA added three measures and retired four, including new measures on timely documentation after a mammogram and tighter blood-pressure control reporting. It keeps shifting toward digital, electronic data collection to cut the reporting burden. Member experience comes from CAHPS, a survey family that the federal Agency for Healthcare Research and Quality maintains, which NCQA folds into the HEDIS submission.

The data does not stay locked inside NCQA either. Plans buy access to Quality Compass, NCQA’s benchmarking database, to see how their HEDIS results compare against competitors and national percentiles. That is how a plan learns whether its diabetes or childhood-immunization numbers are actually good or just average. Employers and state purchasers read the same benchmarks when they decide which plans to offer. For a provider, the takeaway is concrete: the HEDIS measures your plan cares about are the gaps it will push you to close, from overdue screenings to medication adherence, because your charts feed its score.

NCQA Health Plan Ratings and report cards

NCQA Health Plan Ratings translate all that data into a single 0-to-5 star score that consumers, employers, and states can read at a glance. The rating is a weighted average of a plan’s HEDIS and CAHPS scores, plus the Medicare Health Outcomes Survey, with a bonus for accredited plans.

In the 2025 ratings, released in time for open enrollment, about a thousand commercial, Medicare Advantage, and Medicaid plans earned a star rating. Eleven plans hit 5 stars, more than double the prior year, and 55 reached 4.5. NCQA treats 4.5 and 5 stars as the top tier. The ratings sit on NCQA’s public Health Plan Report Card, which is also where you can confirm an organization’s accreditation or certification status before you contract with it.

States lean on these ratings to pick Medicaid plans, and federal value-based payment programs use the underlying performance data to reward plans that score well. That is the practical reason accreditation status carries a bonus: it nudges plans toward the credential and the public reporting that comes with it.

If you are vetting a plan or a vendor, the Report Card is also the fastest way to confirm a claim. Search the organization by name, and the listing shows its current accreditation or certification status and the date it was granted. A status that reads as expired or “in process” is worth a direct question before you sign, since a delegating plan inherits the risk of a partner whose credential has lapsed.

How to become NCQA accredited: the survey process

Getting accredited is a structured project, not a quick application. Most organizations need about 12 months from the first gap analysis to a completed survey, and NCQA offers an Interim Survey path that gets first-timers to full accreditation within roughly 18 months.

  1. Talk to NCQA. The process starts with a conversation with a program expert to confirm eligibility and the right program.
  2. Buy the Standards and Guidelines. The full requirements, scoring, and policies live in that document.
  3. Run a gap analysis. Use NCQA’s Interactive Survey Tool to compare your current operation against each standard.
  4. Submit the online application and schedule the survey.
  5. Align your processes to the standards: policies, committee structure, verification timelines, monitoring.
  6. Complete the survey, which combines an off-site document review and an on-site or virtual evaluation.
  7. Receive the decision after a review oversight committee scores the findings.

One eligibility rule trips people up. For Credentialing Accreditation, an organization has to perform credentialing for at least half its practitioner network, and if it delegates more than half its verification or decision-making, those delegates have to be NCQA accredited or certified themselves. Over 150 organizations currently hold NCQA Credentialing Accreditation.

Budget and timeline are the two questions every first-timer asks. NCQA does not publish flat pricing, because survey fees scale with the program, the size of the organization, and the product lines in scope, so the only reliable number comes from a quote tied to your application. Plan for the survey fee itself plus the staff hours to align policies, sit for the review, and remediate any findings. The larger cost is usually internal: the months of process work the standards force you to document. Organizations that treat the gap analysis seriously in month one tend to avoid the expensive scramble in month eleven.

NCQA vs URAC vs The Joint Commission

NCQA is not the only accreditor, and the right one depends on what your organization does. For health plans, CVOs, and managed care, NCQA and URAC are the two main reference points. The Joint Commission dominates a different lane: hospitals and facilities.

AccreditorFoundedFocusBest fit
NCQA1990Health plans, credentialing, HEDIS-based qualityPlans and CVOs needing national commercial and Medicaid recognition
URAC1990Function-based: 30+ programs across PBM, specialty pharmacy, telehealth, case managementDigital health, pharmacy, telehealth, and emerging-field organizations
The Joint Commission1951Hospitals, facilities, patient safetyHospitals and health systems (CMS deeming for hospitals)

The short version: NCQA tends to win when national commercial contracting, HEDIS performance, or Medicaid recognition drives the decision, since most plans chose NCQA after the Affordable Care Act and made it the default. URAC fits organizations built around a single function or a newer field. Plenty of large organizations carry both, and CAQH ProView feeds credentialing data to all of them.

How NCQA standards affect individual providers

NCQA accredits organizations, not individual clinicians. But the standards still reach down to every physician, PA, and nurse in a network, because providers are the ones being verified, monitored, and recredentialed against them. When a plan tightens its process to stay accredited, your file feels it.

From the files we process, three things keep providers out of trouble. Keep your state license active and your renewal dates tracked, because a lapse now shows up in NCQA’s monthly monitoring almost immediately, and our physician licensing service exists largely to keep those dates from slipping. Keep your CAQH profile attested and accurate. And know what sits on your federal record, since the NPDB is queried at both initial credentialing and every recredentialing. If you want the mechanics, our guide to how NPDB reporting works walks through what gets reported and why.

The faster monitoring cuts both ways. A new sanction or license action surfaces within weeks now, not at the next three-year review, so a clean, current record is more valuable than it used to be. It is also worth watching where the field is heading, which we track in the latest credentialing trends.

Our team handles the heavy lifting behind NCQA compliance: primary source verification, license renewals, payer enrollment, and CAQH upkeep for physicians, PAs, and nurses across all 50 states. Get your providers verified and enrolled without missing a deadline.


This article provides general guidance only. NCQA standards change on a regular schedule and vary by program and product line. Always verify current requirements with the official NCQA Standards and Guidelines at ncqa.org before building or auditing a compliance program. Last fact-checked: June 23, 2026.

Written by David Ivaniuk, CEO Medicallicensing · Last updated: June 23, 2026 · Last fact-checked: June 23, 2026

FAQs about NCQA Standards

  • What does NCQA stand for, and is it a government agency?
    NCQA stands for the National Committee for Quality Assurance. It is a private, independent non-profit founded in 1990, not a federal agency. Its accreditation is voluntary, though many states and payers require it, which makes it function like a requirement in managed care.
  • What are the NCQA credentialing standards?
    They define how an organization verifies a practitioner’s license, training, work history, malpractice record, and sanctions, how its credentialing committee makes decisions, and how it monitors providers between cycles. The standards specify the acceptable primary source for each element.
  • How often does NCQA require recredentialing?
    Every 36 months from the last approval date, on a fixed and documented cycle. NCQA does not accept informal tracking or grace periods. Most organizations begin the recredentialing process 90 to 120 days before the deadline to allow time for verification and committee review.
  • What changed in the NCQA credentialing standards in 2025?
    As of July 1, 2025, the primary source verification window dropped from 180 days to 120 days for Accreditation and 90 days for Certification. NCQA also requires monthly exclusion and license checks, a 30-day decision notice, voluntary demographic data collection, and an annual information-integrity audit.
  • What is the difference between NCQA Credentialing Accreditation and Certification?
    Accreditation covers a full credentialing program, including committee review, recredentialing, and monitoring, and is meant for organizations that credential their own networks. Certification covers verification services only and is the track for credentials verification organizations that verify on behalf of others.
  • What is HEDIS, and how does it relate to NCQA standards?
    HEDIS is the Healthcare Effectiveness Data and Information Set, a standardized set of more than 90 performance measures NCQA owns. It supplies the clinical performance data, alongside CAHPS member surveys, that NCQA uses to score Health Plan Accreditation and its star ratings.
Still have questions? Do not hesitate to contact us

References

  1. NCQA. “Health Plan Accreditation.” Retrieved June 23, 2026. Link.
  2. NCQA. “Credentialing.” Retrieved June 23, 2026. Link.
  3. NCQA. “HEDIS Measures.” Retrieved June 23, 2026. Link.
  4. NCQA. “NCQA Releases 2025 Health Plan Ratings.” Retrieved June 23, 2026. Link.
  5. Agency for Healthcare Research and Quality. “Major Health Plan Quality Measurement Sets.” Retrieved June 23, 2026. Link.
  6. National Practitioner Data Bank (HRSA). Retrieved June 23, 2026. Link.