How Should You Prepare for NCQA Changes on Credentialing Systems Controls?

ncqa Mar 27, 2024
MHR Credentialing Changes

By Nancy Ross Bell, RN

Estimated time to read: 3 minutes

Now that the standards have included Credentialing Systems Controls for health plans for quite some time and for CR and CVOs more recently, it’s time to consider NCQA’s proposed changes to the 2025 standards, where systems controls evolve to information integrity!

In this blog, we alert you to major proposed changes related to credentialing information integrity, key dates, and necessary steps to prepare your organization.

If you are wondering why MHR is not waiting until the final standards are released, it’s because, if passed, these changes will take a fair amount of time and effort within your organization to implement.

Please note: The information in this blog is based on proposed changes to the 2025 NCQA standards. NCQA is due to release the final 2025 standards for online publications in August 2024 and e-pubs in early September, which you can purchase through the NCQA Store. Always refer to the final published version of the standards for a complete description of all changes, updates, and corrections.

Why is NCQA Proposing Changes to Standards on Systems Controls?

According to NCQA, since introducing systems controls in the 2020 standards, NCQA has found that in some cases, organizations or delegates were submitting “fraudulent, misleading or improper information in preparation for their NCQA Survey…” (Overview of Proposed Updates to Accreditation Standards and Programs. NCQA. November 2023).  Because of this, NCQA is aligning with state and federal authorities to promote information integrity within the healthcare industry.

Highlight of Five Proposed Changes to Credentialing

Please note: Additional changes in the standards are proposed.

  1. Standard CR 3: A-D Credentialing Information Integrity will replace CR 1: C Credentialing System Controls and CR 1: D Credentialing System Controls Oversight.
  2. NCQA now defines what is considered inappropriate documentation and updates instead of allowing organizations to potentially permit inappropriate modifications of data. Inappropriate documentation and updates include:
    • falsifying credentialing dates
    • creating documents without performing the required activities
    • fraudulently altering existing documents
    • attributing verification or review to an individual who did not perform the activity
    • updates to information by unauthorized individuals

(CR 3: A. 4. NCQA Proposed Standard Updates 2025)

       3. CR 3: C Audit and Analysis will replace CR 1: C as a Must-Pass Element, shifting focus from complying with policies and procedures to demonstrating evidence of information integrity and appropriate modifications gathered through audits.

4. CR 3: B Requires training on information integrity for all credentialing staff upon hire and annually.

5. Requires a standardized process of auditing information, thereby avoiding variation in monitoring and confusion, a qualitative analysis of findings, and an audit for effectiveness 3-6 months after an annual audit for inappropriate information.

What is Your Timeline?

August 31,   2024, NCQA releases final standards.

July 01, 2025, Effective date for new standards where all changes must be made and implemented. 

Look-back periods:

CR 3 A: Documented process – Prior to the survey date (All Surveys)

CR 3 B: Reports, Materials – At least once during the prior year (All Surveys)

CR 3 C: Reports – At least once during the prior year (Initial and Renewal Surveys)

CR 3 D: Documented Process, Reports, and Materials - At least once during the prior year (Initial and Renewal Surveys)

  • 3B: Training: upon hire and annually
  • 3C: Audits for inappropriate documentation: Annually (Must-Pass)
  • 3C: Qualitative analysis: Annually (Must-Pass)
  • 3D: Audits of effectiveness: 3-6 months after the annual audit for inappropriate documentation

 Plan Your Next Steps

  1. Update your documented processes for CR 3 A and D.
  2. Develop and/or update your staff’s training program to include information integrity. Deliver and document the program to all persons involved with credentialing.
  3. Update your audit logs, reports, and materials related to inappropriate information.
  4. Conduct an audit for inappropriate information for initial credentialing and recredentialing decisions.
  5. Conduct a qualitative analysis of findings. Remember to include all stakeholders in the analysis. Refer to NCQA’s Glossary for a full definition of qualitative analysis to ensure all components of the analysis are described in the report. Please note: Although the proposed standards do not require a quantitative analysis, we recommend that one be included as part of the analysis to document the number of files and those compliant and non-compliant.  
  6. Develop and implement a corrective action plan as appropriate.
  7. Conduct an effectiveness audit 3-6 months after the completion of the annual audit.
    • Don’t be caught short or run out of time. At least three months must occur after the audit to analyze effectiveness. 
    • Be sure to draw and document a conclusion of your action plan's effectiveness to correct the deficiencies.
  8. Make updates according to the final published standards.

Call to Action:     

Our blogs follow an internal quality review process with one of the MHR Consultants in addition to Susan Moore. This blog was written with expert input by Jean Lockington. For more information about Jean and our other consultants, please visit About Our Consultants on

Stay connected with news and updates!

Join our mailing list to receive the latest news and updates from our team.
Don't worry, your information will not be shared.

We hate SPAM. We will never sell your information, for any reason.