Provider directory accuracy has been a compliance expectation for years. What it has never been, until now, is a public metric. The REAL Health Providers Act, signed February 3, 2026, changes that in a way no guidance memo or audit cycle ever did. Starting plan year 2029, your accuracy score is visible to every broker, member, and regulator comparing plans. That is a different kind of accountability entirely.
Atlas Systems' 2025 Member Experience Monitor survey tells you what is already at stake before that score exists. Nearly six in ten insured adults have found at least one error in a provider directory. Of those, 80% said it made them trust their health plan less. That erosion happens quietly, one failed search at a time. From 2029, it will have a number attached to it.
And 2028 is closer than most planning cycles account for.
What Is the REAL Health Providers Act?
The Requiring Enhanced and Accurate Lists of Health Providers Act was signed into law on February 3, 2026, as part of the Consolidated Appropriations Act. It establishes the most specific federal statutory requirements Medicare Advantage has ever seen for provider directory accuracy, moving the standard from guidance-based expectations to enforceable law with real financial consequences for non-compliance.
Five core requirements define the law, and two timelines matter: plan year 2028 for compliance obligations, and plan year 2029 for public accountability.
The Five Requirements, in Plain Terms
Here is what each requirement actually means for the people doing this work day to day.
1. Verify every record every 90 days
This is not a new concept. CMS has expected quarterly outreach for years. What changes is the statutory weight behind it and the documentation it now requires. Plans need a system that tracks where each provider record sits in its verification window, flags records approaching their deadline, and logs the outcome of every check with a timestamp and a source. The 90-day cycle is not just a frequency standard. It requires a documented audit trail showing what was checked, when, and through which source. Most teams find the gap is not in outreach frequency but in that documentation.
2. Remove departed providers within five business days
When your organization determines that a provider is no longer participating in the network, you have five business days to remove them from the directory. That timeline only works if your network management system, your directory, and your credentialing platform are connected in real time. Plans where those systems still communicate through periodic file exports will miss this window regularly.
3. Submit an annual accuracy analysis to HHS
Every plan year starting in 2028, you conduct a random-sample accuracy audit and submit the results to HHS. CMS will define the exact methodology through guidance expected by August 2027. But the statute already signals what matters: every record in your sample needs a traceable, timestamped verification history. The analysis is not just an exercise, but the document you hand to regulators when they ask questions.
4. Protect members from cost-sharing when listings are wrong
If a member selects a provider based on an inaccurate directory listing and ends up out of network, your plan absorbs the cost-sharing difference. In CMS's 2018 audit of 64 Medicare Advantage organizations, inaccuracies with the highest likelihood of preventing access to care were found in nearly 46% of all reviewed locations. Each of those listings now carries a direct claims liability under the REAL Act.
5. Flag unverifiable records publicly
If your team cannot verify a provider's information within the 90-day window, the listing cannot simply stay as-is. The law requires an explicit indicator, something like "data unverified", visible to anyone reading the directory. This is the law's built-in enforcement mechanism between audit cycles. A failed verification does not stay hidden inside your systems. It appears on the directory face, visible to members, brokers, and regulators in real time. Plans that have been relying on the assumption that verification gaps are internal problems will need to rethink that.
Then in 2029, the Score Goes Public
This is the part of the law that changes the competitive conversation entirely.
Starting with plan year 2029, CMS publishes each plan's accuracy score in a machine-readable format. Plans are also required to display that score prominently on their own provider directory. Directory accuracy is no longer an internal compliance function. It becomes a matter of public accountability, member trust, and operational precision.
Think about what that means at open enrollment. Brokers comparing plans will see it. Members shopping for coverage will see it next to benefit details and premiums. During the 2025 open enrollment period, the Washington Post reported that the Medicare Advantage Plan Finder directory was producing conflicting information about which providers were covered by which plans. That story ran at exactly the moment enrollment decisions were being made. From 2029, that kind of exposure has a government-published number next to it.
Plans that have been building verified, documented accuracy history since 2026 will post a score that reflects years of sustained work. Plans that have not yet established a continuous verification program will post a score that reflects where they started. Those are different numbers, and they will be visible side by side.
Why the Existing Framework Has Not Been Enough
If your team has been running quarterly outreach and accuracy still feels like a moving target, you are not failing. The problem is structural.
Provider data changes constantly. Physicians move, retire, join hospital systems, change panel status, and update their hours. Large delegated groups may process hundreds of roster changes every month. When that information flows slowly or inconsistently from providers to payers, directory accuracy degrades faster than any quarterly cycle can recover it.
The delegated data problem sits at the center of this for most large health plans. No two provider groups send roster updates the same way or on the same schedule. Staff spend hours reformatting files, chasing missing NPIs, and correcting data that was already wrong when it arrived. Without source tagging at the record level, there is no way to trace an error back to its origin. The same errors return with the next roster submission from the same group, because the source was never addressed.
That is not a verification gap. It is a data pipeline gap. And the REAL Act's annual accuracy analysis will expose it, because errors without traceable origins cannot be fixed permanently.
If you want to understand what this looks like from the member side and why ghost networks have proven so difficult to eliminate, our piece on ghost networks in healthcare covers the full picture.
What Getting Ready Actually Requires
The plans best positioned in 2028 are not the ones that start preparing in 2028. They are investing now in three things.
Continuous, multi-source verification with a full audit trail. Batch outreach cannot meet the 90-day standard and cannot produce the documentation the accuracy analysis requires. Verification needs to draw on provider websites, government databases including NPPES and OIG LEIE, cross-plan consistency checks, and direct outreach to provider offices, with every step logged. That documentation trail is the deliverable, not just the outreach itself.
Connected systems that update at the same speed. The 5-day removal requirement exposes every plan where credentialing, directory, and provider data management systems run on separate update schedules. A provider termination that takes a week to travel from your credentialing platform to your public directory is already a violation. Real-time data flow is not optional under this law.
Source-tagged delegated data. When your accuracy analysis flags an error, you need to know where it came from. Without source attribution at the record level, you can fix the symptom in the directory, but the root cause stays embedded in the delegated group's next roster submission. Fixing the pipeline and documenting it is what sustained accuracy looks like.
How PRIME® by Atlas Systems Can Help
PRIME® by Atlas Systems is the only solution that mirrors the law's own 90-day standard with proactive, third-party verification built in. At the core of PRIME® is a six-layer Independent Audit methodology that runs on your behalf, continuously, across your entire network. This is not a checklist for your team to follow. It is a managed process with every step documented.
Each verification cycle draws on provider websites, government databases, cross-plan directory comparisons, and automated outreach to provider offices to confirm data points not always evident from public sources, including board certification status, hospital affiliations, and languages spoken at the practice. Human agents handle exceptions only, stepping in when automated outreach cannot resolve a discrepancy. Every record carries a timestamped audit trail.
PRIME® also helps mitigate the risk of displaying stale records unknowingly between cycles. Continuous monitoring of provider websites, the Death Master File, and state license board updates triggers re-verification the moment something changes, not just when the next 90-day window arrives.
For delegated data, PRIME® roster management tackles the root cause by streamlining payer-provider roster data exchange, including delegated provider data from provider groups, one of the primary sources of directory inaccuracies. When an error surfaces in your accuracy analysis, you can trace it to exactly where it originated and fix the source, not just the record.
PRIME® also offers a no-cost preliminary directory audit. You choose the line of business and the data fields. You see your current baseline before anyone outside your organization does.
Request your preliminary audit today!
Frequently Asked Questions
1. What is the REAL Health Providers Act?
On February 3, 2026, the Consolidated Appropriations Act, 2026 was signed into law. This legislation enacted the Requiring Enhanced and Accurate Lists of Health Providers Act (REAL Health Providers Act), which introduces new requirements for Medicare Advantage provider directory accuracy. It requires Medicare Advantage organizations to verify provider directory data every 90 days, remove departed providers within five business days, conduct annual accuracy analyses, and submit results to HHS. From plan year 2029, CMS publishes accuracy scores publicly and plans must display them on their own directories.
2. What is the difference between the 2028 and 2029 deadlines?
Plan year 2028 is when compliance requirements take effect: 90-day verification, 5-day removal, cost-sharing protections, and annual accuracy analysis submissions to HHS. Plan year 2029 is when scores go public. CMS posts them in a machine-readable file and plans must display them prominently on their own provider directories. Both deadlines are written into the statute.
3. When will CMS publish guidance on how accuracy will be measured?
Implementation guidance is expected by August 2027. Based on how CMS has conducted secret shopper audits historically, the approach will likely involve a standardized random-sampling methodology with plans submitting their own results. Plans should assume traceable, timestamped verification records will be central to what CMS measures.
4. How does this relate to the No Surprises Act?
The No Surprises Act established cost-sharing protections for out-of-network care in certain situations. The REAL Health Providers Act extends that protection specifically to situations where a member selects a provider based on an inaccurate directory listing. Both laws create financial liability when directory data is wrong. The REAL Act makes the mechanism explicit for directory errors.
5. Does this apply to Medicaid managed care plans too?
The REAL Health Providers Act as enacted applies to Medicare Advantage. The same Consolidated Appropriations Act included separate Medicaid directory accuracy requirements that took effect July 2025. Medicaid managed care plans should review those provisions separately.
.png?width=869&height=597&name=image%20(5).png)
-1.png?width=486&height=315&name=IDC%20Banner%20(1)-1.png)
.png?width=300&height=175&name=Rectangle%2034624433%20(2).png)
Provider Data Management
Provider-Payer Connect
Provider Credentialing
Provider Compliance Monitoring
Provider Directory Fulfillment
.webp)
.png)
.webp)
