What is CVO credentialing?
CVO credentialing is the process of outsourcing primary source verification to a certified third party (a Credentials Verification Organization or CVO) instead of managing it in-house across dozens of payers and licensing boards.
That means licenses, education history, malpractice claims, board certifications, and payer enrollment status all move off the ops team's plate.
The core of what CVOs do is called primary source verification (PSV): confirming credentials directly with the issuing source. PSV is required by NCQA and The Joint Commission. A provider can't bill most payers until PSV is complete.
How CVO credentialing works
A provider credential file passes through four stages, 15+ primary sources, and one committee vote before that provider can bill a single claim.
Stage 1: Application intake
The CVO receives the provider's information, usually pulled from their CAQH ProView profile.
It then checks the application for completeness and flags what's missing: work history gaps, expired documents, and unsigned releases. Incomplete applications sit until the provider supplies what's missing.
Stage 2: Primary source verification (PSV)
The CVO confirms every credential directly with the issuing source. Under NCQA's 2025 standards, NCQA-certified CVOs must complete PSV within 90 days.
PSV runs in parallel across:
- Medical school, residency, and fellowship with the issuing institutions
- State licenses with each state board where the provider practices
- Board certification with ABMS, AOA, or the relevant specialty board
- Malpractice history through the NPDB and malpractice insurers
- Sanctions and exclusions via OIG exclusion list, state Medicaid exclusion lists, and SAM.gov, plus the National Sex Offender Public Website (commonly included in CVO scope, though not strictly NCQA-mandated)
- DEA, NPI, and work history for the past 5 to 10 years
A typical file pulls from 15+ primary sources. Electronic queries return in hours. Mail and fax responses take weeks. The file moves at the pace of the slowest source.
Stage 3: File review
A credentialing specialist reviews the completed file for discrepancies and red flags, such as name mismatches between a license and NPI, unexplained malpractice claims, and unresolved work history gaps. Flagged items go back for follow-up before the file moves forward.
NCQA also requires a digital audit trail on every data change: who changed what, when, and why. A CVO that can't produce that audit trail on demand will fail a payer audit.
Stage 4: Committee review and approval
The file goes to a credentialing committee of peer providers and a medical director. Clean files get approved. Files with malpractice claims, disciplinary actions, or unresolved gaps get a deeper review and may require additional documentation or a provider interview.
Once approved, the provider enters ongoing monitoring: monthly sanctions checks, license expiration tracking, and re-credentialing every 36 months.
A clean file typically takes 90-120 days. Multi-state licensure, malpractice history, or documentation gaps push complex files past 150 days. Every week the file sits is a week the provider can't bill.
CVO credentialing vs. in-house credentialing
Whether to outsource credentialing to a CVO or run it in-house depends on your provider volume, budget, and how much control you need over timelines.
| Factor | CVO | In-house team |
|---|---|---|
| Cost per provider | $150 to $500+ per initial credential (verification only; payer enrollment typically priced separately) | Salary + benefits for dedicated staff |
| Turnaround time | 7 to 30+ days per provider | Depends on team capacity (often slower) |
| Visibility into progress | Limited (the CVO reports on its own timeline) | Full (the ops team owns the process) |
| Handles payer enrollment | Some CVOs include it, many don't | Yes, but portal-by-portal manually |
| NCQA compliance | Built in (if CVO is NCQA-certified) | Your responsibility to maintain |
| Scales with growth | Costs scale linearly per provider | Requires hiring more staff |
NCQA vs. URAC certification: what each evaluates
Both NCQA and URAC set standards for CVO credentialing, but they differ in scope and organizational fit.
NCQA CVO Certification offers 11 certification options covering specific credential types: license to practice, board certification, malpractice claims history, ongoing sanctions monitoring, and others. A CVO can be certified for all 11 or a subset, so confirm exactly which options a vendor's certification covers.
The certification cycle is three years. The biggest practical benefit is that when a health plan contracts with an NCQA-certified CVO, the CVO's verification work receives automatic credit on the plan's own accreditation survey.
URAC CVO Accreditation requires CVOs to meet 40 core standards plus four additional sets of requirements covering credential verification processes, data integrity, communications, and on-site reviews.
NCQA-accredited health plans benefit most from NCQA-certified CVOs. Organizations in digital health, telehealth, or specialty pharmacy may find that URAC aligns better. Some pursue both.
How to evaluate a CVO
Verify these three things before signing:
- Real turnaround data. Ask for the average and 90th percentile turnaround on completed files over the past 12 months. Vendors quote their best case. The 90th percentile is what the pipeline actually looks like.
- Error rate on completed files. The CVOs worth hiring track this number and share it.
- Scope clarity. Some CVOs deliver committee-ready files; others stop at verification. Payer enrollment is almost always separate. Confirm exactly what's in scope before signing.
What the contract should say:
- Liability allocation. If the CVO misses a sanction or expired license, the contracting organization typically carries the exposure. Indemnification needs to be explicit.
- Turnaround SLAs with consequences. Timelines should be in writing, with defined remedies when they're missed.
- Error rate thresholds. Set a maximum acceptable rate and define what happens when the CVO misses it. Without this, there's no lever to pull on declining quality.
Common CVO credentialing problems + how to avoid them
The problems that slow CVO credentialing down happen in the portals surrounding it. This is where Kaizen comes in:
- Slow CAQH profile updates. Providers forget to re-attest their CAQH ProView profile every 120 days, and payer enrollment stalls when it lapses. Our browser automation monitors attestation status across every provider's profile and flags upcoming expirations before they lapse.
- Payer portal enrollment delays. An enrollment application sits in United's queue for weeks with no status update, and no one knows until someone logs in to check. We log into every portal, pull status on every pending application, and push results to Slack on whatever cadence makes sense.
- Missing or expired documents. A license renewal slips through the cracks, and billing fails before anyone notices. We pull license status directly from state board portals and surface renewals that need action before they become billing problems.
- No visibility into where a file is stuck. Stalled files don't surface until they become billing problems. Continuous status monitoring means a stalled file shows up the day it stalls, instead of later when billing fails.
Choosing the right credentialing path
A CVO handles verification without building an internal credentialing team. Keeping it in-house gives you direct control over timelines and payer relationships. Both models work, but neither one eliminates the portal problem.
Enrollment status, license expirations, and sanctions data all live inside web portals with no notifications or APIs. Someone still has to log in and click through.
That's the layer Kaizen replaces, running credentialing and monitoring workflows across CAQH, Availity, payer portals, and state licensing boards regardless of which model an organization uses.
Stop paying people to do portal work that software can handle. Book a call and see how Kaizen automates provider credentialing.
Frequently asked questions
What should you look for when evaluating a CVO?
When evaluating a CVO, look for NCQA or URAC certification, average and 90th percentile turnaround times on completed files, error rates over the past 12 months, and client references from organizations with similar provider volume and specialty mix.
What happens if a CVO makes a verification error?
If a CVO makes a verification error, the contracting organization typically bears the compliance liability. Missed sanctions, expired licenses, or malpractice claims that reach a patient expose the contracting health plan or provider group to regulatory and legal consequences, which is why CVO contracts need explicit SLAs and indemnification terms.
Can you use a CVO for re-credentialing only?
Yes, you can use a CVO for re-credentialing only. The CVO runs the same PSV process against an already-established file, which typically moves faster than initial credentialing. Many organizations keep initial credentialing in-house and delegate re-credentialing to a CVO, since NCQA requires it every 36 months with monthly monitoring in between.
How does multi-state credentialing work with a CVO?
Multi-state credentialing with a CVO works by routing each state's verification through that state's licensing board, since requirements, timelines, and processes vary by jurisdiction. CVOs with established multi-state relationships reduce the coordination burden significantly compared to managing each state board directly.
