How Should You Prepare for Changes in Credentialing Delegation Agreements (CR 4) with NCQA’s Proposed 2025 Standard?

ncqa Apr 09, 2024
MHR Credentialing Delegation Agreements

By Nancy Ross Bell, RN

Estimated time to read: 3 minutes

As your organization transitions from credentialing system control to information integrity, so must your credentialing delegates. Similar to our last blog on How Should You Prepare for NCQA Changes on Credentialing Systems Controls? MHR is getting ahead of NCQA’s proposed changes to the 2025 standards.

If passed as drafted, we anticipate you may need extra time to implement the changes for mutually agreed-upon documents, update documented processes, develop new audits and reports, and evaluate effectiveness.

Please note: The information in this blog is based on proposed changes to the 2025 NCQA standards. NCQA is due to release the online version of the final 2025 standards in August 2024 and the e-pub versions in September. All final changes must be implemented by July 01, 2025.

Always refer to the final published version of the standards for a complete description of all changes, updates, and corrections. Purchase your standards through the NCQA Store.

Why is NCQA Proposing Changes to Standards on Delegating Credentialing?

According to NCQA, Credentialing information integrity refers to maintaining and safeguarding the information used in the initial and recredentialing process against inappropriate documentation and updates. (CR 4 A (factor 4) Explanation: Delegation of CR, Proposed Standards Updates to 2025 Accreditation Programs). If organizations delegate any credentialing functions or activities covered in the scope of the standards, then delegates must adhere to the exact requirements on inappropriate documentation and updates to credentialing information. Ultimately, this supports the quality of healthcare received by practitioners and providers. 

What Are the Changes?

Delegation activities must be mutually agreed upon in a dated, binding document or communication between your organization and delegated entities. Once the 2025 standards are finalized by NCQA, delegation activities should be updated in your agreements. 

Delegation Agreements on Performance Monitoring

  • Agreements must state the organization’s process for monitoring and evaluating the delegate’s performance related to credentialing activities on inappropriate documentation and updates. CR 4: A: (factor 4)
  • Agreements must specify NCQA’s five descriptors of inappropriate activity (See CR 4: A: (factor 4) for a full description)
  • falsifying credentialing dates
  • creating documents without performing the required activities
  • fraudulently altering existing documents
  • attributing verification or review to an individual who did not perform the activity
  • updates to information by unauthorized individuals

Annual Audits for Inappropriate Documentation and Updates

The organization must address three new activities for delegation agreements that will be in effect for 12 months or longer. CR 4: C: (factors 5, 6, & 7)

  • Annually audits each delegate’s credentialing files for inappropriate documentation and inappropriate updates to credentialing information. (factor 5)
  • Implements corrective actions for each delegate if found not compliant during the annual audit (factor 6)
  • Conducts an audit of the effectiveness of corrective actions for each delegate 3-6 months after completion of the annual audit. (factor 7)

Please note: NCQA explains in the proposed standards how the audits are to be conducted for CR 4: C: (factors 5 and 7).

Automatic credit is available for CR 4: C: (factors 5-7) if all the organization’s delegates are NCQA-Accredited under the 2025 standards or later.

Implementing a Corrective Action Plan CR 4: C: (factor 6)

For each delegate with inappropriate documentation or updates/findings identified in factor 5 during the annual audit, a corrective action plan for all findings must be taken or planned with a time frame specified for actions and the titles of responsible staff.

Conduct an Audit of the Effectiveness of Corrective Actions CR 4: C: (factor 7)

Within 3-6 months of the annual audit of information, an audit of effectiveness is required for each delegate. The audit is followed by a qualitative analysis and conclusion as demonstrated by evidence such as a report or minutes that are reviewed and evaluated.

Please note: Although the proposed standards do not require a quantitative analysis, we recommend that one be included as part of the analysis to document the number of files and those compliant and non-compliant as a result of the corrective actions.   

Using Cloud-Based Storage Functions?

In the proposed standards, NCQA has made an Exception for delegates that only provide cloud-based credentialing data storage functions and do not provide services that create, modify, or use credentialing data.  In this situation, CR CR 4: C: (factors 5, 6, & 7) does not apply.

When Must New Delegated Agreements Be In Place? It Depends.

NCQA reviews delegation agreements in effect during the look-back period. Three scenarios can apply (CR 4: A (factor 4) Documentation).

  • If new delegation agreements were implemented on or after July 1, 2025, they must include requirements on the delegate’s credentialing information integrity.
  • If delegation agreements in place prior to July 1, 2025, address system controls under NCQA’s 2022-2024 standards, then delegation agreements need not be updated to address requirements on information integrity.
  • If delegation agreements in place prior to July 1, 2025, do NOT address system controls under the 2022-2024 standards, then delegation agreements must be updated with credentialing information integrity requirements.
    • It is important for credentialing staff responsible for delegation to work with their contracting or other staff who work with clients in changes/amendments in agreements. Without these new changes/revisions in agreements for information integrity, your organization will lose points at the time of your survey. Be proactive and start early to have the needed revisions made in your delegation agreements to meet the 2025 Standards.


In a table of credentialing delegates, insert four columns.

  • the effective date of the delegation agreements
  • if requirements on system controls are in place under the 2022-2024 standards
  • if delegates are NCQA-Accredited under the 2025 standards, then automatic credit may apply for some factors
  • Check which of the three scenarios described above apply and prioritize your action steps.


  • Audit effective dates of all credentialing delegates.
  • Identify and quantify the work and resources needed to update/modify the agreements, and audit oversight, including modifying the audit tool.
  • Review consequences for failure to perform within your delegation agreements if delegates do not fulfill requirements on information integrity (CR 4: A: factor 6).
  • Schedule reports for review by an appropriate oversight committee.
  • Be ready to take immediate corrective actions if needed.

Call to Action:     

  • MHR’s new Delegation Suite contains tools, templates, and guides to keep you on track with delegation oversight. As the 2025 standards are released, MHR will update all items as appropriate.
  • New to Delegation? Ask MHR about our unique training It is a “must-attend” course for individuals in the quality accreditation, provider relations, network contracting, and legal areas. One fee covers all organizational attendees.
  • Let MHR assess your updated documents and conduct a mock audit to gauge compliance. Give us a call! or email Susan K. Moore at

[email protected]

Our blogs follow an internal quality review process with one of the MHR Consultants in addition to Susan Moore. This blog was written with expert input by Jean Lockington. For more information about Jean and our other consultants, please visit About Our Consultants on


MHR: Driving healthcare quality one NCQA accreditation at a time


Stay connected with news and updates!

Join our mailing list to receive the latest news and updates from our team.
Don't worry, your information will not be shared.

We hate SPAM. We will never sell your information, for any reason.