Provider Directory Accuracy: Have You Reached Acceptance Yet?

By Laura Peth

New or updated federal and state-level regulations require current, accurate, and complete online provider directories. As a result, leadership in many health care organizations find themselves stuck in one of the five stages of grief: denial, anger, bargaining, depression, and acceptance.

The first four stages of grief are all dead-ends with costly unintended consequences to your organization. Given the importance of accurate provider directories in securing patient access to care, as well as the steep financial penalties involved in non-compliance, how can leadership achieve acceptance and move forward?

First, let’s review the regulatory landscape.


While the Centers for Medicare and Medicaid Services (CMS) require provider directories to be accurate and contain certain information[1], beginning in 2015 CMS noted that it had “become aware of a range of issues with online provider directories,” with recent provider and beneficiary complaints highlighting problems with accuracy on some of the Medicare Advantage Organization (MAO) provider directory information[2]. Subsequent Health Plan Management System (HPMS) memos and the Call Letters for Contract Years 2016 and 2017 detailed CMS’ intent to study provider directory accuracy, to provide additional guidance on its provider directory regulatory requirements, to initiate a three-pronged approach to monitor compliance with those regulations, and to verify the accuracy of online provider directories for plans offered by MAOs. The most significant sign that CMS considers provider directory accuracy to be a serious issue is the relocation of provider directory access guidance in the Medicare Managed Care Manual from Chapter 3 – Marketing,
to Chapter 4 – Beneficiary Protections.

CMS requirements include:

  • Update of provider directory information any time a plan becomes aware of changes and within 30 days of receiving the new information[3];
  • Regular (at least quarterly) communications/contacts with providers to ascertain their availability and, specifically, whether they are accepting new patients, in addition to requiring contracted providers to inform the plan of any changes to street address, phone number, and office hours or other changes that affect availability[4];
  • Developing and implementing a protocol to effectively address inquiries/complaints related to enrollees being denied access to a contracted provider with follow-through to make corrections to the online directory;
  • Online provider directories must be searchable.


State regulations vary, with some states requiring provider directories be updated only on an annual basis while others require more frequent updates. For example, in California, Senate Bill 137 enacted additional provider directory standards which go into effect on January 1, 2018 and will require weekly directory updates.

Bottom line: current, accurate, and complete provider directory data is a must-have at any point in time – but how do we get to that level of operation? Overwhelmed with these new requirements, which can cause organizational grief, it is tempting to choose less than stellar responses – or to not respond at all. With a dash of humor, we relate these choices to the first four stages of grief: denial, anger, bargaining, and depression.

  1. Denial
    “This isn’t happening. This isn’t happening.” It is normal to turn to our defense mechanism of rationalization to absorb new and significant changes. In this scenario, leadership assures itself that its current method of handling provider data will keep working just fine – without performing any examination to determine if this belief is valid. As a result, staff reacts to each needed change or quarterly request for updated provider directory data as if their hair is on fire. Proactive measures are never embedded into everyday processes
    throughout the organization.
  2. Anger
    For those not prepared to change, anger is the next emotion to surface. Within an organization, anger can take many forms. The anger stage may be displayed through commentary such as: “What are they thinking? We can’t commit those kinds of resources to ensure the directory is accurate each second of each day!” Or, “It’s the physician’s responsibility to make sure the information is accurate!” Anger may even take the form of seeking legal intervention to try to avoid the inevitable.
  3. Bargaining
    At this stage, leadership begins to perform analytics to determine which is more costly: investing in resources to ensure provider directory data processes are up to par or taking the fine? While the latter may seem a better choice initially, given enough time, the scale surely tips to the former option as the better choice. However, it is difficult for leadership to take a longer-term view prior to reaching the acceptance stage. For this reason, many organizations continue to make do with ineffective processes and systems. For these organizations, provider directory accuracy is consistently considered to be a one-time issue: a fire to be put out.
  4. Depression
    In times of grief, the desire for isolation is common. A large health plan begins to request its medical groups and management services organizations (MSOs) complete quarterly provider directory accuracy data reconciliations by sending out a form and a spreadsheet. Phones are not picked up. Discussions are neglected. Medical groups and MSOs find themselves receiving requests from multiple health plans with varying deadlines, formats, and directions. Yet these new requirements are more easily met with collaboration – between health plans and their contracted provider groups and entities.


Acceptance is where you want your organization to be, as therein lies opportunity. Getting to acceptance means leadership can begin to embed these regulatory requirements into everyday operations, as well as become strategic and proactive in their implementation and improvement. How can leadership achieve acceptance?

  • Connect the dots: Yes, there are new regulatory requirements for provider directory accuracy. How do these new requirements align with your existing mission, business objectives, strategic plan, and existing functions? How can leadership use the need to comply with these new regulatory requirements to build upon initiatives already underway in the organization? By incorporating new regulatory requirements into the organization’s identity, leadership can find any areas of synergy and reduce the need for completely new effort.For example, an organization’s existing quality improvement or compliance functions is a natural base from which to provide audit and oversight to the provider directory accuracy initiative. Quality improvement or compliance is traditionally charged with reviewing audits and internal monitoring reports to determine if a process is working effectively and producing the intended results. Enveloping the new provider directory accuracy requirements into existing functions, like quality improvement and compliance, ease these changes into an organization without sacrificing excellence.
  • Treat Data Integrity as the Foundation of Everything: Yes, everything! Data integrity – its maintenance and assurance of the accuracy and consistency of data over its life-cycle[5] – is an essential building block of all successful processes within your organization. Without it, the information upon which management makes decisions is worthless and an organization cannot hope to evidence compliance with any requirements.So how does an organization treat data integrity as the foundation of everything? By operationalizing data integrity. Within every process the issue of data integrity must be raised. To address data integrity within any process, it is helpful to ask the following questions:
    • How is data received within this process?
    • How do we prevent the recording of incorrect data?
    • How do we record data in a manner that is relevant to our regulatory responsibilities?
    • How is the data stored?
    • Who can modify the data?
    • How is data creation and data modification recorded?
    • What other functions could this data affect?
    • How is data funneled to these functions?
    • What audit processes are in place to ensure that data travels where it is supposed to go, is received timely, and is a catalyst for the appropriate process?

For example, how does your organization know that any complaints about the accuracy of its provider directory received by phone through its member services department are forwarded to the appropriate staff to ensure the affected information is updated in the directory within 30 days? Are you able to pull reports from your complaint (grievance) system by category so that you can track these complaints? Likewise, how and to whom does your provider relations department communicate that certain providers are no longer accepting new patients?

Without steps in place to audit these processes on an ongoing basis, the integrity of the provider directory data is compromised. When that data is compromised, it does not matter if you are pulling it on a weekly or quarterly basis – it will be inaccurate. More importantly, members do not have access to accurate information with which to make decisions about accessing care.

The return on investment from considering data integrity to be the foundation of everything cannot be overstated. While focusing on data integrity pays off significantly in the long run, it does require some front-end loading. For example, procedural changes your organization makes now to better track and act upon provider directory-related complaints may not show dividends for one to two quarters. However, an organization-wide focus on data integrity within all functions and processes will lead to effective overall operations – not just those related to provider directory accuracy, but in better management decisions due to access to more accurate information, greater ease in regulatory reporting, and better service to members.

  • Plan for the Future and Think Strategically: Wouldn’t it be nice to work in an organization with processes that are ahead of the regulatory curve? It is possible to get there through both constant quality improvement and collaboration. As previously discussed, drawing on the organization’s existing quality improvement or compliance functions for monitoring and oversight of new or existing provider directory processes is a means to transition the organization through familiar functions while maintaining excellence. Further, a quality improvement process does not simply stop when the organization is able to meet the regulatory requirement – it seeks to improve the efficiency and effectiveness of the process in doing so.

A common result of continuous quality improvement processes is a move toward standardization. For this reason, the next logical step in the provider directory accuracy arc is toward standardization. Moving toward standardization often occurs in fits and starts. We first standardize what we can control – our own organization.

Standardization of the organization’s processes and in how it communicates to others allows for greater accuracy in data collection and processing, thus improving data integrity (it always comes back to data integrity). Health plans would be well served to be planning now to standardize how they collect provider directory information from their downstream providers. When standardization within the organization is achieved, or at least is in progress, many leaders will begin to pursue industry-wide standardization. This of course can only be achieved through collaboration.

As organizations share lessons learned, a best practice-based standard will emerge.Health plans face and overcome challenges on an ongoing basis. Reaching acceptance in how they approach online provider directory accuracy requirements is a paramount objective.

Has your organization reached acceptance or is it stalled within the first four stages of grief? What changes need to occur to get to acceptance and beyond for your organization? The future begins now.

[1] 42 CFR 422.111(b)(3)(i) and 422.112(a)(1)
[2] February 20, 2015, CMS “NOTE TO: Medicare Advantage Organizations, Prescription Drug Plan Sponsors, and Other Interested Parties
[3] 42 CFR 422.110.2.2
[4] 42 CFR 422.110.2.2
[5] Boritz, J. “IS Practitioners’ Views on Core Concepts of Information Integrity”International Journal of Accounting Information Systems. Elsevier. Archived from the original on 5 October 2011.


Related Posts

When you first read about the Equifax cyber breach were you surprised?  It seemed odd
TRANSFORMATIVE APPROACH TO OPERATIONAL COST REDUCTIONS Healthcare September 28, 2017 The disruption occurring in the
When I was 30 and a young auditor for the California Department of Health Services,