Test Blog Site

Menu
Facebook-square Instagram Linkedin

Your Provider Roster Is Either Right or It’s a Problem

What ACA health plans — and the employers and brokers who work with them — need to know about provider directory rules, and why “close enough” stopped being good enough a long time ago.

Let’s start with the uncomfortable truth: a lot of ACA health plans are out there right now with provider directories that are somewhere between “slightly stale” and “actively misleading.” We’re talking physicians listed who left the network two years ago, entity numbers that changed without a crosswalk, phone numbers that ring a fax machine. (Or nothing at all.)

Members search for a doctor, find one, show up for an appointment — and get billed out-of-network. That’s not a paperwork problem. That’s a person paying more than they should have, filing a complaint, and the plan getting a very unwelcome phone call from CMS.

Here’s what the rules actually say, what the real-world consequences look like when rosters break down, and how SHN’s credentialing infrastructure keeps plans on the right side of all of it.

What the Rules Say (And They Say Quite a Bit)

ACA Qualified Health Plans are subject to layered federal requirements on provider directory accuracy. These aren’t aspirational best practices from a trade association newsletter. They’re enforceable regulatory obligations.

45 CFR § 156.230 — The Core Provider Directory Rule

The foundational regulation. Plans must maintain a directory that is accurate, up-to-date, and complete — including each provider’s location, specialty, contact information, group affiliations, and whether they’re accepting new patients. It has to be publicly accessible without any login or barriers, and updated at minimum monthly.

Monthly. Not “when we get around to it.” Monthly.

45 CFR § 156.235 — Network Adequacy

Plans must maintain a network sufficient in number and types of providers to ensure covered services are accessible without unreasonable delay. For federally facilitated exchange plans, that means meeting quantitative time-and-distance standards assessed county by county. As of 2025, CMS added appointment wait-time standards — validated by unannounced secret shopper surveys.

Unannounced. As in, you don’t get to prep for them.

The 85% Accuracy Threshold

CMS applies an 85% directory accuracy threshold to ACA marketplace plans — the same standard used for Medicare Advantage. CMS found that nearly half of provider locations in MA directories had at least one inaccuracy and is applying the same scrutiny to QHP issuers. Plans that fall below 85% face corrective action requirements.

The No Surprises Act — 90-Day Attestation Cycle

Plans must confirm on a 90-day cycle that providers in their network are accurately listed and actively participating. Combined with secret shopper surveys and CMS monitoring, this makes one-time or annual roster verification inadequate. Compliance now requires continuous data accuracy, not a once-a-year checkbox.

NCQA Accreditation Standards

Plans holding or seeking NCQA Health Plan Accreditation face an additional layer of requirements around accurate provider data, continuous credentialing, and member access to in-network care. A plan with a deficient roster can find itself in regulatory trouble and accreditation jeopardy at the same time. That’s a fun week for nobody.

What Changed in 2026
Starting January 1, 2026, state-based marketplaces must conduct independent network adequacy reviews before certifying any plan as a QHP — replacing the old self-attestation model. The key changes:

•  Time-and-distance standards are now calculated by geographic distance (replacing estimated drive times), applied county by county

•  Plans must collect and report whether each network provider offers telehealth services

•  State marketplace plans are now subject to the same scrutiny previously applied only to federally-facilitated exchanges

•  CMS has formalized the corrective action plan process with an escalating penalty structure

The bottom line: someone will verify the data. Plans can no longer submit a roster and attest that it’s accurate. External validation is now the standard.

What Actually Happens When the Roster Breaks Down

A bad provider roster isn’t just an administrative inconvenience. It creates a cascade of problems.

For the Health Plan

Corrective action plans. Escalating financial penalties. Decertification risk — a plan that can’t demonstrate network adequacy can lose its QHP status on the Exchange. NCQA accreditation jeopardy. Member complaints, state insurance department investigations, and CMS filings. And reputational damage that doesn’t go away quietly.

For the TPA

This is where it gets sharp. A TPA’s ability to adjudicate claims correctly depends entirely on the health plan delivering an accurate, usable provider roster with valid entity numbers. Without it, the TPA can’t correctly identify in-network versus out-of-network providers, apply contracted rates to claims, meet turnaround standards, or produce accurate EOBs for members.

The Critical Point for TPAs
The obligation to maintain an accurate network sits with the issuer — not the TPA.

A TPA that documents roster deficiencies in writing and refuses to adjudicate under unusable data has strong legal grounds to shift liability back to the issuer.

A TPA that processes claims under a broken roster without flagging it does not.

Written notice. Documented deficiencies. Clear timelines. These are not just best practices — they’re how a TPA protects itself when an issuer delivers deficient data.

For Members

When providers are listed incorrectly or missing entirely, members unknowingly receive out-of-network care, face higher cost-sharing than their plan requires, or get claims denied incorrectly. Retroactive corrections are expensive and operationally painful — and they don’t erase the regulatory violation that occurred at the time of adjudication. Member harm is exactly what CMS is focused on preventing. It’s the clearest driver of enforcement activity.

How SHN’s Credentialing Infrastructure Addresses This

The root cause of most provider directory failures is the same: provider data is collected inconsistently, verified infrequently, and stored in systems that don’t talk to each other. Plans credential providers at onboarding and then rely on periodic self-reported updates. That model was inadequate before 2026. Now it’s a compliance liability.

SHN’s credentialing infrastructure treats provider data as a live, continuously maintained asset — not a static snapshot filed at certification and forgotten until something breaks.

  • Continuous primary source verification — licenses, board certifications, sanctions, and exclusions monitored in real time, not just at onboarding
  • Accurate entity-level data — correct NPI numbers, group affiliations, and billing entities maintained and updated as changes occur
  • Automated crosswalk documentation — when provider entity numbers change, the crosswalk is documented and transmitted, not assumed
  • Direct feed to adjudication — provider data flows into the claims system, eliminating the gap between what the directory says and what the TPA is working from
  • Audit-ready documentation — every credentialing action is logged with timestamps, making CMS corrective action responses and NCQA audits manageable instead of reactive

Questions Worth Asking Your Current Plan

If you work with an ACA plan — as an employer, benefits administrator, or plan sponsor — these are the questions that matter:

  • How often is the provider directory updated, and who is responsible for verifying the data?
  • What happens when a provider’s entity number changes mid-year? Is there a documented crosswalk process?
  • How does credentialing data feed to the TPA? Is it automatic, or a manual file transfer that can fall behind?
  • Has the plan ever received a CMS corrective action notice related to network adequacy or directory accuracy?
  • What’s the plan’s process for responding to secret shopper findings?

These aren’t gotcha questions. They’re the operational details that determine whether a plan can actually deliver what it promises to members — and stay out of regulatory trouble while doing it.

If the answers are vague, that’s information too.

Let’s Talk
Solidarity Health Network has been administering health plans for employers, unions, and ACA carriers since 1989. Our credentialing and TPA infrastructure is built to keep health plans compliant, provider data accurate, and claims adjudication running without interruption.

If you’re evaluating your current plan’s provider data management — or looking for a TPA that can handle the full administrative load — we’d welcome the conversation.

Visit us at www.shninc.org or give us a call. We’re actual humans who pick up the phone.

 

Solidarity Health Network, Inc.  |  Cleveland, Ohio  |  www.shninc.org

SOC 2 Type II Certified  |  HIPAA Compliant  |  Founded 1989

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp