A roster verification email arrives in your inbox. It uses generic language: “provider directory update,” “attestation required,” “verify your information.” It looks automated. Maybe it’s spam. Your office is already overwhelmed with prior authorizations, denials, and staffing issues.
So it gets archived.
Weeks later, new patient calls slow down. A referring office says they can’t find you in their payer’s directory. A patient asks, “Are you still in-network?”
Nothing about your contract changed.
You were quietly removed from the directory—without a notice, a call, or a warning.
In 2026, this is no longer theoretical. It is real, it is already happening, and it can affect practices in the very near future.
How a Medicare Rule Became an All-Payer Problem
Many of the most striking statistics about directory failures come from Medicare Advantage audits and federal oversight. That’s not because Medicare is uniquely broken, but because it is uniquely measured.
CMS found that 52 percent of Medicare Advantage provider directory locations contained at least one inaccuracy, many severe enough to prevent patient access.
In behavioral health, the problem is even more pronounced. The HHS Office of Inspector General reported in October 2025 that many Medicare Advantage and Medicaid managed care plans had limited behavioral health networks and inaccurate directories, with a large share of listed providers inactive or unreachable.
Those numbers are Medicare-heavy because that’s where CMS has the clearest authority to audit and publish results. But the rules, workflows, and enforcement pressure now extend well beyond Medicare Advantage.
Why?
Because several regulatory forces apply across payer types, and because national carriers increasingly operationalize a single directory and verification workflow across Medicare Advantage, Medicaid managed care, and commercial plans, typically built on a combination of CAQH data, payer credentialing systems, and third-party validation vendors.
Directory Accuracy Is Now Serious Business
For years, inaccurate provider directories were treated as an administrative nuisance. Regulators published reports. Advocacy groups complained about what regulators and investigators commonly refer to as “ghost networks.” Plans promised improvements. Very little changed.
That changed when directory data became a compliance and financial risk.
Medicare Advantage directories went federal-facing
As of January 1, 2026, Medicare Advantage plans are required to submit provider directory data directly to CMS for display through the Medicare Plan Finder, under CMS Final Rule CMS-4208-F2.
During the first open enrollment period using this system, reporting surfaced widespread errors: duplicate addresses, conflicting network statuses, and incorrect listings that confused seniors trying to choose coverage.
Once directory data is displayed on a federal website, plans are directly accountable for its accuracy.
The No Surprises Act changed verification expectations
The No Surprises Act requires group health plans and issuers to establish processes to maintain accurate provider directory information, including regular verification and timely updates.
Operationally, this has translated into:
- 90-day or quarterly verification cycles
- outreach to providers for attestations
- suppression or removal of providers who cannot be verified
These requirements apply broadly, not just to Medicare Advantage. While enforcement and penalties may differ by line of business, the verification cadence and expectations are now being applied across many commercial plans as well.
Under the No Surprises Act, inaccurate provider directories now carry direct financial consequences for plans. If a consumer relies on incorrect directory information and receives out-of-network care as a result, the plan is limited to in-network cost sharing and must count those amounts toward in-network deductibles and out-of-pocket limits. If the patient paid more, the plan must ensure a refund with interest.
That risk—claims being retroactively treated as in-network because a directory was wrong—is a major reason payers are aggressively removing providers they cannot verify.
Star Ratings raised the stakes
For Medicare Advantage plans, directory accuracy now affects Star Ratings, CMS quality scores that directly influence plan bonus payments and enrollment.
The fastest way for plans to reduce risk is not to manually fix every data error. It is to remove providers they cannot verify.
And that determination often hinges on whether an email was answered.
Roster Verification Is Now a Compliance Requirement
Most practices treat roster verification emails as low-priority administrative clutter.
They assume:
- “They already have our information.”
- “If nothing changed, no response should be fine.”
- “If it were important, someone would call.”
What’s actually happening behind the scenes is very different.
Who actually receives these notices
These notices do not go to a single, predictable place. Sometimes they are sent to the individual provider’s email on file. Sometimes they go to a general practice inbox. In other cases, they appear in payer portals, CAQH notifications, or through third-party validation vendors.
That fragmentation is part of the risk.
Credentialing teams and external credentialing partners can only respond to what they see. If verification emails are routed to an inbox no one actively monitors—or never forwarded to the person responsible for directory maintenance—the practice can still be marked “unverifiable,” even when credentialing support exists.
What payers are doing
Under directory accuracy obligations, payers must demonstrate that they attempted to verify provider information. When outreach goes unanswered, plans often document the non-response, flag the record as unverified, and take action to limit exposure.
That action may include:
- marking the provider as “not accepting new patients”
- suppressing the listing from search results
- removing the provider from the directory entirely
This is typically treated as an administrative default, not a contractual termination. As a result, practices often receive no formal notice.
Evidence this is already happening
In December 2025, the Illinois Chiropractic Society warned providers that insurers operating in the state were auditing directories every 90 days and that providers bear the risk of non-response, including potential suppression or removal from directories.
Providers across specialties have also publicly questioned the legitimacy of directory verification emails—particularly those sent by third-party validation vendors—only to later learn they were real and time-sensitive (provider discussions, Reddit, 2025).
What Actually Happens When the Email Is Ignored
While each payer’s internal process differs, the pattern is increasingly consistent:
- Verification request sent via email, portal message, or CAQH-linked workflow
- Non-response logged internally
- Provider record flagged as “unverifiable”
- Listing suppressed or removed from the directory to mitigate compliance risk
From the payer’s perspective, this is defensible. Federal and state rules require accurate directories. If a provider cannot be verified, the plan reduces exposure by removing them.
From the practice’s perspective, it feels sudden—because the consequences arrive long after the email was ignored.
The Patient and Revenue Impact Is Quiet—but Real
Directory suppression rarely breaks claims immediately. Existing patients may continue care. That’s what makes the problem easy to miss.
But directories still matter.
Research shows that patients relying on inaccurate mental health directories are significantly more likely to go out of network and receive surprise bills.
Referring offices routinely rely on payer directories to identify in-network specialists. When you disappear, referrals dry up without explanation.
The result is a slow revenue bleed:
- fewer new patient appointments
- fewer directory-driven referrals
- more staff time spent explaining network status to confused patients
By the time a practice identifies the cause, reinstatement can take weeks or longer.
Enforcement Is Spreading Beyond Payers
Historically, enforcement actions focused on insurers. That is changing.
State attorneys general have pursued major settlements related to inaccurate networks and misleading directories, particularly in behavioral health.
At the federal level, the HHS Office of Inspector General has explicitly recommended stronger monitoring and enforcement of directory accuracy across Medicare Advantage and Medicaid managed care, with implications for how plans manage provider data (HHS OIG Report, Oct 2025).
Under the No Surprises Act, providers themselves have obligations to maintain processes that support accurate directory information. If a provider repeatedly fails to respond and a patient complaint arises, the issue may no longer be framed as “payer error.”
What Practices Should Be Doing Right Now
This is not a one-time cleanup. It is an ongoing operational requirement.
At a minimum, practices should:
- audit what appears in public directories
- capture and route verification emails intentionally
- treat CAQH as a recurring process
- respond even when nothing has changed
- run a quarterly directory health check
If a practice does not have capacity to own this internally, that is not a failure. It is a signal that this function must be explicitly assigned or supported.
Why Directory Management Has Become a Credentialing Responsibility
Credentialing used to be about getting into networks.
In 2026, credentialing is also about:
- staying listed
- staying verified
- surviving recurring compliance cycles
- protecting patient access before denials appear
Directory accuracy is no longer an afterthought. It is infrastructure.
The New Reality
The CMS directory crackdown did not create a new problem. It exposed an old one.
With federal scrutiny rising, payers are moving quickly to reduce risk. Their cheapest option is to remove providers they cannot verify.
That makes silence dangerous.
The good news is that this outcome is almost always preventable. With clear ownership, repeatable processes, and attention to verification cycles, practices can stay listed, stay findable, and avoid the quiet revenue loss that follows directory suppression.
The email you’re deleting isn’t spam.
It’s a compliance checkpoint.
Managing directory accuracy, roster verification, and ongoing payer attestations is now part of maintaining network participation—not a one-time administrative task.
pie Health supports providers and practices with credentialing, payer enrollment, and ongoing maintenance work, including directory updates and verification workflows that are increasingly tied to compliance and reimbursement risk.
If you want to understand how these requirements apply to your specific payer mix or specialty, you can learn more about pie Health or request a credentialing consultation.
