Re-credentialing Requirements: What You Need to Know

Varun Krishnamurthy

February 6, 2026

What makes re-credentialing hard?

Is it the rules, the volume, the timing, or the pressure to get everything right?

Well, in all honesty, it’s all of them at once.

Re-credentialing occurs continuously, with providers due for review each month.

Payors expect licenses, certifications, sanctions, and history to be re-verified, even if the provider has been in the network for years.

To create an efficient recredentialing system, you need structure. You need to plan ahead, track deadlines, and follow a process to stay compliant.

In this guide, we’ll break down what payors require for re-credentialing and how to manage it in a way that works.

What is Re-Credentialing

Re-credentialing is the mandated, periodic process of reviewing a healthcare provider's qualifications. This review is essential to verify that the provider continues to meet the compliance and participation standards set by regulatory bodies like NCQA and CMS, as well as by most payors.

The core of re-credentialing involves a complete re-verification of primary source documents, which includes checking:

Licenses and certifications
Sanction history
Work experience

Once the necessary documentation is compiled, a credentialing committee must review and approve the file. Ultimately, this process serves to confirm the provider's ongoing qualification, eligibility, and safety for continued participation in the network.

Re-Credentialing vs Initial Credentialing: What’s the Difference?

It’s easy to assume re-credentialing is easier than initial credentialing. After all, the provider is already in the network, so there’s history, and there’s an existing relationship. But that’s not the case.

Re-credentialing assumes the provider is already approved, which can streamline tasks such as confirming continuous work history or reusing previously submitted background details. But even with this, payors still expect the same level of verification and oversight.

Here is a comparison between recredentialing and initial credentialing:

Aspect	Initial Credentialing	Re-Credentialing
When it occurs	When a new provider joins the network	Every 36 months after initial approval
Relationship status	No existing relationship	Existing, active provider relationship
Scope of review	Full verification from scratch	Full re-verification of existing credentials
Primary Source Verification (PSV)	Required for all credential elements	Required for all credential elements
Work history review	Full historical review	Review of continuity and gaps since the last cycle
Provider application	New, full application	Updated attestation and disclosures
Credentialing committee review	Required	Required
Typical timeline	60–120 days	30–60 days if managed proactively

‍

36-Month Cycle: Timeline Requirements

Under the National Committee for Quality Assurance (NCQA) standards, providers must be re-credentialed every 36 months (3 years).

Note: Not around three years. Not when it’s convenient. Exactly every three years from the last approval date.

So when people ask, “How often do providers need to be re-credentialed?” The answer is simple: every 36 months.

You might have trouble with timing. Many people make the mistake of starting on the day of the deadline.

Here are the critical timing rules that are important:

The re-credentialing process should begin 90 to 120 days before the expiration date.
Provider attestation must be current, meaning completed within 180 days of the credentialing committee decision.
All Primary Source Verifications must be completed before the committee review takes place.
There is no grace period. A lapsed credential is treated as a compliance violation.

Here’s an example timeline:

Provider last credentialed: January 15, 2023
Re-credentialing due by: January 15, 2026
Process should begin: September 2025 (about 120 days before)
Verifications completed by: December 2025
Committee review: Early January 2026

The important thing to remember is that you don’t start at the due date, as it would be impossible to complete.

What Must Be Re-Verified During Re-Credentialing? (Full Checklist)

Once re-credentialing starts, payors expect a full confirmation of the provider’s status. Platforms like Assured reduce that problem by automating Primary Source Verification across 2,000+ sources, so you don’t have to reconcile mismatched data.

Here is the full set of elements that must be re-verified during re-credentialing.

Element	Primary Source	Notes
State License	State medical board	Must be current and unrestricted
DEA Certificate	DEA database	Required if applicable to the provider’s scope
Board Certification	ABMS or specialty board	Only if the provider claims certification
Education / Training	School or national database	Medical school, residency, or required training
Work History	Direct verification or attestation	Minimum five-year history with gaps explained
Malpractice Insurance	Insurance carrier or provider attestation	Coverage must be current
Malpractice Claims History	National database query	Required query each cycle
Medicare / Medicaid Sanctions	Federal exclusion databases	Exclusion check required
State Sanctions	State licensing board	Disciplinary actions reviewed
Hospital Privileges	Hospital verification	Required if privileges are held

‍

Attestation Requirements

Aside from verification, the provider must submit a current attestation. This confirms that no material has changed and that the information on file is accurate.

The provider must attest to:

Ability to perform essential job functions
No physical or mental impairment affecting patient care
Any history of loss or restriction of license or privileges
Any felony convictions
Current malpractice insurance coverage
Accuracy and completeness of the application

Timing is also very important here. An attestation submitted outside the allowed window can delay committee review, even if all required verifications are complete.

Re-credentialing Process: Step by Step

Re-credentialing is very easy when you follow a routine and a process. When your steps are consistent, it’s easier to face fewer issues with the committee.

Here is how you can practice re-credentialing:

Step 1: Identify Providers Due for Re-credentialing

Start by pulling a report of providers whose credentials expire in the next 120 days. Sort the list by expiration date so you can start with the most urgent files.

At this stage, it helps to flag providers with known issues, such as prior malpractice claims, past sanctions, or delayed responses in previous cycles. This allows extra time to make corrections.

Step 2: Request Updated Information from the Provider

Once you have identified your providers, send out the re-credentialing request. This is usually an attestation form or short application update. If required, ask for an updated CV.

Set a clear response deadline, most often 30 days, and track the replies you get. Follow up early with providers who have not responded.

Step 3: Conduct Primary Source Verifications

After receiving the provider’s information, begin PSV. Run all required checks, including licenses, sanctions, malpractice coverage, and work history.

For each verification, document the source and the date it was completed. If anything is expired, missing, or does not match the application, flag it immediately.

Step 4: Review for Red Flags

Before preparing the committee file, review the record carefully.

Look for malpractice claims since the last credentialing, sanctions or exclusions, license restrictions, gaps in work history, or attestation disclosures that need follow-up. This step is about deciding if the file is clean or needs more information before committee review.

Step 5: Prepare the Committee File

Once verifications are complete, assemble the committee file. Include all verification results and clearly note any concerns that require discussion. Prepare a recommendation, such as approval, approval with conditions, or denial, based on the information collected.

Step 6: Committee Review and Decision

Present the file to the credentialing committee. The committee reviews the information and makes a decision, which must be documented in the meeting minutes.

If the decision is conditional or a denial, required follow-up and notification steps must be followed.

Step 7: Notify Provider and Update Systems

After the decision, notify the provider of their re-credentialing status.

Update the credentialing system with the new approval date and next cycle deadline. If applicable, update payor rosters and set the reminder for the next re-credentialing cycle.

NCQA Standards for Re-credentialing

Re-credentialing is guided by the National Committee for Quality Assurance (NCQA) credentialing standards.

These standards define how often re-credentialing must occur, what must be reviewed, and how decisions must be made.

Here are some of the standards for recredentialing:

Re-credentialing Cycle

As noted in the timeline section, NCQA requires providers to be re-credentialed at least every 36 months. The cycle is fixed and must be supported by a documented process. Informal tracking or manual reminders are not enough. Your organization must be able to show how providers are identified, reviewed, and approved on schedule.

Verification Sources

Primary source verification is required during re-credentialing. This includes verification of licensure, sanctions, and disciplinary actions. NCQA specifies acceptable sources for each element, and those sources must be used. Keep in mind that secondary confirmation or prior-cycle verification does not meet the standard.

Application and Attestation

Re-credentialing files must include a provider application or attestation. Required attestation includes your ability to perform duties, lack of impairment, disclosure of adverse actions, and confirmation of malpractice coverage.

The attestation must be completed within 180 days of the credentialing committee decision. An expired attestation can invalidate the file, even if all verifications are complete.

Credentialing Committee

Re-credentialing decisions must be made by a credentialing committee. The committee must include physician participation, and all approval or denial decisions must be documented. Informal approvals or staff-only decisions do not meet NCQA standards.

Ongoing Monitoring

NCQA also requires ongoing monitoring between re-credentialing cycles. This includes tracking sanctions, license actions, and complaints.

If you identify any issues mid-cycle, address them.

How to Track Re-Credentialing at Scale

When your organization exceeds a handful of providers, it becomes very difficult to track re-credentialing.

Spreadsheets, email reminders, and calendar notes may work for a small team, but once you’re dealing with 50, 100, or more providers, you risk missing a deadline.

A good tracking system should:

Send automatic alerts at 90, 60, and 30 days before credentials expire
Allow providers to complete attestations and upload documents themselves
Support or integrate with PSV, so checks are not done manually
Generate committee-ready packets without rebuilding files each time
Maintain a clear audit trail showing actions, dates, and decisions
Provide real-time reports on upcoming expirations and file status

When this tracking system is in place, it’s easier for you to practice re-credentialing. Some common tracking options include:

Approach	Pros	Cons
Spreadsheets	Free, familiar	Error-prone, no automation, breaks at scale
Credentialing software	Automated tracking, alerts, and audit trail	Cost and implementation time
Outsourced to CVO	Fully managed with expertise	Less direct control over timing and process

‍

Some of the most important metrics to monitor are:

Providers expiring in the next 30/60/90 days
Re-credentialing completion rate
Average time from initiation to completion
Overdue re-credentials (a compliance risk)

Instead of using spreadsheets, use software that gives you consistency and automation. Outsourcing to a credentialing verification organization (CVO) like Assured can centralise provider data, offer real-time status dashboards, automated alerts, and integrated PSV so you always know where each file is due for recredentialing.

Platforms like these not only track expirations but also monitor ongoing compliance across licenses and sanctions.

Consequences of Re-Credentialing Expiration for Providers and Organizations

What happens if your credentialing expires? Well, let’s find out below:

1. Immediate Impacts

Once credentialing expires, your provider is no longer compliant with the payor's rules. This simply means:

The provider technically cannot see patients under payer contracts
Claims tied to dates after expiration may be denied, delayed, or held
A compliance violation is created, even if the expiration is short

These issues usually show up weeks later, when claims are reviewed or audited, not on the day the credential expires.

2. Organizational Risks

A single expired file can create larger problems for the organization. Some common risks include:

Audit findings that require corrective action or monitoring
Payer contract violations, especially under delegated credentialing agreements
Increased scrutiny from accrediting bodies like the NCQA and The Joint Commission
Potential impact on accreditation status if expirations are frequent or systemic

3. Patient Care Implications

Credentialing lapses also affect patients. When a provider is removed from schedules or payers:

Appointments may be canceled or rescheduled
Patients may be redirected to other providers
Continuity of care can be disrupted, especially for ongoing treatment

These issues create frustration for patients and staff.

4. Recovery Process

Fixing an expiration issue is not easy or quick. In many cases:

The provider must go through full re-credentialing, not an expedited review
There is a gap in network participation during the review period
Revenue may be lost while claims cannot be billed or paid

The longer the lapse, the harder and more expensive it becomes to recover.

Common Re-credentialing Pitfalls

Many re-credentialing problems are predictable. They happen due to time gaps, missed follow-ups, or weak documentation.

Here are the most common re-credentialing mistakes to avoid:

1. Starting Too Late

Beginning re-credentialing 30 days before expiration does not give you room to correct any mistakes. One delayed response, slow verification, or a missed committee date can cause the credential to expire.

Start the process 90 to 120 days before the expiration date. This gives you time to resolve your issues without turning the file into an emergency.

2. Provider Non-Response

Failure by the provider to return the attestation or application will cause the file to stall, leading to expiration before the verification process can even start.

To prevent this, set a clear response deadline, send scheduled reminders, and create an escalation path. Inform your team that failure to respond can affect scheduling or payer participation.

3. Incomplete Verifications

A single missing item can invalidate your entire file.

To avoid this, use a checklist-driven workflow and track each verification by source and completion date. Files should not progress until you have completed every required element.

4. Outdated Attestation

This occurs when the attestation is signed too early and is older than 180 days at the time of committee review.

To prevent this, request time attestation carefully. If your committee review is delayed, request a new attestation rather than risk an expired one.

5. Missing Committee Documentation

This happens when the committee reviews the provider, but the decision is not clearly documented in the meeting minutes.

Use a standardized minutes template that records the provider name, decision, date, and any conditions. If it is not written down, it does not count.

6. Ignoring Ongoing Monitoring

This happens when a sanction, license action, or complaint occurs between cycles and goes undetected.

You can prevent this by running regular sanctions checks and continuous license monitoring. Re-credentialing is not the only compliance checkpoint.

How to Streamline and Automate Re-Credentialing

The fastest way to streamline your recredentialing is to remove repetitive tasks and let automated systems track your process.

You can track:

Automated Primary Source Verification (PSV) through integrated databases such as NPPES, NPDB, state licensing boards, OIG, and SAM
Provider self-service portals so clinicians can complete attestations and upload documents without email back-and-forth
Expiration dates with alerts at 90, 60, and 30 days

Approach	Average Time per Provider
Fully manual	4 to 6 hours
Partial automation	1 to 2 hours
Full automation + CVO	2 to 10 minutes

‍

With Assured, your team can automate tracking and monitoring. You can also use it as a full CVO partner. Either way, you miss fewer deadlines and have less manual work.

Never miss a re-credentialing deadline. See how Assured automates the process.

Varun is the CEO and co-founder of Assured, a technology-first platform that streamlines provider licensing, credentialing, and payer enrollment. The idea for Assured grew out of his experience building Dawn Health, a virtual sleep clinic acquired in 2023. There, he saw just how much administrative overhead slows down healthcare. Drawing on his engineering background, Varun set out to fix the problem—using AI to automate the most tedious, manual parts of provider onboarding. Today, Assured helps healthcare organizations reduce paperwork, speed up credentialing, and get providers in front of patients faster.