Blog /

NCQA Audit Readiness: Establishing Credentialing Policies and Procedures, Auditing Credentialing Packets, Reviewing Ongoing Monitoring Reports



The healthcare industry is changing at a rapid pace, and maintaining consistent compliance is becoming more difficult. The need for establishing credentialing policies and procedures that integrate departments and use automation and technology will not only help you reduce risk exposure, safeguard patients, and guarantee alignment with quality standards but also cut down on administrative strain.

If you’re preparing for an NCQA audit, it is essential to gain an overview of the key components of the NCQA audit process and how your organization can ensure compliance.

What is an NCQA audit?

NCQA is an evidence-based accreditation program that evaluates the operations of organizations providing full-scope credentialing services, which include verifying providers credentials, designated credentialing-committee review of providers, and monitoring sanctions.

NCQA provides a framework of standards for credentialing and recredentialing of healthcare providers, which includes an audit indicating whether an organization has met specific performance measures. These measures include having in place credentialing policies and procedures and an audit of a sampling of completed credentialing packets and specific reports.

Read our full post on what NCQA is and why the accreditation is important for a Credentials Verification Organization (CVO).

NCQA Audit Process

Credentialing Policies and Procedures

NCQA reviews an organization's credentialing policies and procedures to ensure they are meeting all NCQA requirements. Credentialing policies and procedures outline how a credentialing committee is composed and their responsibilities (including a non-discrimination clause), acceptable verification and monitoring processes, notification procedures and more.

See an example of an organization’s Credentialing Policies and Procedures with NCQA references and a credentialing/recredentialing checklist.

Organizations may delegate credentialing responsibilities to an NCQA accredited CVO, to ensure they are implementing industry best practices that help them accurately and efficiently credential and recredential healthcare providers.

If delegating, a written delegation agreement is needed to outline the delegated activities and should describe the process by which the organization evaluates the delegated entity's performance and describe the remedies available to the organization if the delegated entity does not fulfill its obligations.

Many delegated agreements also include details around the format, timeliness, and accuracy of data. The organization should also clearly state in the agreement that they retain the right to approve, suspend and terminate individual providers.

Here at Verifiable, we help organizations as they build out their credentialing department, including their credentialing committee, credentialing policies and procedures and obtaining access for NCQA compliance. We put a formal delegation agreement in place clearly delineating responsibilities with assurances in regards to timeliness and accuracy of data. With the Verifiable Salesforce app you have constant access to your real-time data, allowing you to manage, report and build out processes and automations that best meet your organization’s needs.

Auditing Credentialing Packets

During an audit, NCQA uses what is often called the 8/30 rule to review an initial sample of 8 credentialing packets completed within the past twelve months, then an additional 22 files if any of the original 8 fail (totaling 30 credentialing packets altogether). This review validates evidence and procedures as outlined by an organization’s credentialing policies and procedures.

Organizations may be asked for further information or supporting documentation, and will be notified of audit findings and status within 30 days of the audit’s conclusion.

The Verifiable platform allows organizations a simple way to manage their provider data, while giving them access to easily download credentialing packets for review, providing the evidence an organization needs to demonstrate they meet NCQA requirements.

Ongoing Monitoring Reports: Medicare/Medicaid Sanctions

In order for an organization to be NCQA compliant when credentialing a provider, they must meet certain requirements. The following NCQA components make up a credentialing packet:

  • How primary source verification information is received, dated and stored
  • How modified information is tracked and dated from its initial verification.
  • Staff who are authorized to review, modify and delete information, and circumstances when modification or deletion is appropriate.
  • The security controls in place protect the information from unauthorized modification (including limiting access and requiring strong passwords).

These oversight processes include reviewing staff who accessed the information and if any of the data was modified or deleted. Verifiable helps organizations meet this requirement through access log reports, which include information about who accessed the data, when the data was accessed, what the data includes and the actions taken (viewed, edited, deleted).

Verifiable makes this and any other custom report easily obtainable utilizing the Salesforce Verifiable App and Verifiable’s API, where you get real-time access to your data and can pull ad hoc reports with any data you want, including for your NCQA audit.

How Verifiable Can Help

NCQA audits ensure you are meeting necessary federal, state and payer requirements. Not having the proper policies in place or failing to meet other requirements, not only slow the audit down, but they also expose you to additional risk and liability, delay relationships and payments with payers, and decrease the quality of you provider network in general.

Verifiable helps organizations achieve NCQA readiness and compliance by helping them set up their entire credentialing department. We work to ensure your organization is aware of requirements and industry best practices as it helps you stand up a credentialing committee, create and implement credentialing policies and procedures, and obtain access to all necessary data, including NPDB, for NCQA compliance. In addition, Verifiable provides the necessary data and reports to ensure your company stays compliant month-over-month.

Request a demo to learn more about how Verifiable can provide CVO and audit assistance for your organization.

More articles