Article · ComplianceThe lede
Here's the short version. The National Committee for Quality Assurance shortened credentialing timelines starting in 2025, and most practice managers are running on workflows that were built for the old rules. The math doesn't work anymore.
If you're an accredited organization, you used to have 180 days to complete a credentialing file. You now have 120. If you're a certified organization, you went from 120 days to 90. Same verifications. Same documentation. One-third less time.
Add the Joint Commission's new January 2026 audit trail standards on top of that, and the operational gap between what your credentialing team is doing and what's actually required is wider than most CFOs realize.
What this piece covers
- NCQA cut accredited timelines from 180 to 120 days and certified from 120 to 90.
- Monthly continuous monitoring against license, OIG, state boards, and SAM.gov is now required.
- Joint Commission automated audit-trail and peer-review standards take effect January 2026.
- PECOS, NPPES, CAQH, and internal-record discrepancies trigger payer holds and denials.
- A five-step playbook to measure days-to-billable, fix data gaps, and absorb the new workload.
What actually changed
Three concrete shifts hit the credentialing function in the last 12 months, and they're hitting together.
- Shorter timelines. NCQA cut credentialing windows from 180 days to 120 for accredited organizations and from 120 days to 90 for certified organizations. That's a 33 percent reduction across the board. Practices that were already running close to the old deadlines are now running past the new ones.
- Monthly continuous monitoring. As of July 1, 2025, every active provider has to be re-checked every 30 days against license status, OIG exclusions, state medical board actions, and SAM.gov. The old verify-once-at-credentialing, again-at-recredentialing model is out of compliance, even if your file looked clean six months ago.
- Tighter Joint Commission standards in January 2026. The new standards require automated audit trails and traceable peer review documentation. If a surveyor can't follow a clear digital paper trail showing who verified what and when, the file won't pass.
None of these changes are theoretical. They're already enforced. The grace period most credentialing teams were quietly hoping for didn't materialize.
Why most practices aren't ready
If you talk to credentialing leads at small and mid-sized US practices, you hear the same set of gaps over and over.
- The workflow is still mostly manual. Documents come in by email. They get stored in shared folders. Verifications happen by phone or fax. Status updates live in someone's head or on a whiteboard. None of that produces the audit trail the new rules require, and none of it scales to the new timeline.
- Monthly monitoring isn't actually monthly. A lot of practices do quarterly checks at best, and reactive checks at worst. Under the new rule, that's a compliance gap that grows by one provider every month.
- PECOS, NPPES, CAQH, and internal records don't match. Most practices have at least one provider whose address, NPI affiliation, or specialty code reads differently across systems. Payers cross-check these aggressively in 2026. Discrepancies trigger holds, claim denials, and slow-walked revalidations.
- There's no measurement of days-to-billable. Most practice managers can't tell you, off the top of their head, how long it actually takes their new providers to start generating revenue. Without that number, there's no way to know whether you're inside the 90 or 120 day window or not.
If any of those sound familiar, you're not behind because your team isn't working hard. You're behind because the rules changed faster than the workflow did.
The five-step playbook for this quarter
You don't need to rebuild the credentialing function in 90 days. You need to close the highest-risk gaps fast, and put a sustainable system in place behind it.
- Measure your current days-to-billable for every new hire in the last 12 months. Pull the data from offer letter date to first billable claim. If your median is above 90 days, you have a problem. If it's above 120, you have a fire.
- Run a discrepancy check across PECOS, NPPES, CAQH, and your internal records. Pick five providers at random and compare every field. If any don't match, assume the rest of your roster has the same issue and clean it up before payers find it for you.
- Switch monthly monitoring from a calendar task to an automated process. Whether you do it through a platform, a vendor, or a dedicated internal resource, it has to run on a schedule that doesn't depend on a single person remembering to log in.
- Build an audit trail that a surveyor could read without help. Every credentialing decision, verification, and document review needs a timestamp, a name, and a source. If it's still living in someone's email inbox, it's not ready for January 2026 standards.
- Decide how to absorb the new workload. The new rules add real hours to the credentialing function. You either hire, buy software, outsource, or accept the delays. The worst answer is to assume your current team can do 33 percent more work in the same hours.
The bottom line
The NCQA changes aren't a minor compliance update. They reshape the credentialing function and the financials that depend on it. Practices that adapt early will close out 2026 with faster onboarding, fewer denials, and audit files that hold up. Practices that don't will end the year explaining to leadership why providers are still waiting and revenue is still slipping.
At Medonix, we handle credentialing for US, Canadian, and UK providers, including monthly monitoring, payer enrollment, and audit-ready documentation built to the new 2026 standards. If your team is feeling the pressure of the shorter timelines, we can run a 30-minute review of your current workflow and tell you, plainly, where you stand.