CredentialTrack Pro← All articles

Primary source verification checklist for medical credentialing

Published May 20, 2026 · 9 min read · By CredentialTrack Pro Editorial Team

Primary source verification (PSV) is the part of credentialing where you confirm a credential by going directly to the organization that issued it — not by trusting a copy of a certificate the provider gave you. NCQA's credentialing standards (CR 1–8) and the Joint Commission's medical staff chapter both require PSV for the same core set of credentials, and most payers contractually require the same.

This checklist walks through every element you have to verify, where the canonical source lives, and the most common ways a file gets rejected at audit.

What "primary source" actually means

A primary source is the original issuer of the credential, or an entity explicitly designated as equivalent (FSMB for medical licenses, AMA Physician Masterfile for education, ECFMG for IMGs). A photocopy from the provider's CV is not a primary source. A screenshot from a third-party aggregator that doesn't designate itself as a primary source is not a primary source either.

The PSV checklist

1. Identity

  • Verify: Government-issued photo ID matches the name and date of birth on the application.
  • How: Visual inspection of a current ID, or an identity-verification service.
  • Save: A copy of the ID, the verifier's initials, and the verification date.

2. Education and training

  • Medical school: Verify directly with the school's registrar, or via the AMA Physician Masterfile (for MDs), AOA Profile (for DOs), or ECFMG (for IMGs).
  • Residency and fellowship: Verify directly with the program director's office, or via the AMA / AOA profile.
  • Save: Letter, certificate, or verification report from the source, dated within the application window.

3. Board certification

  • Verify: Current status and expiration with the issuing board.
  • Source: The ABMS CertificationMatters portal, the AOA profile, or the specific specialty board's verification page.

4. State medical (or professional) licenses

  • Verify: Every active and historical license, with status, expiration, and any board actions.
  • Source: The state's licensing board website, FSMB Physician Data Center for MDs/DOs, or Nursys for nurses.
  • Save: A screenshot or verification report that shows the state seal / source URL and the date of the search.

5. DEA registration

  • Verify: Current DEA registration and schedule, tied to the practice address.
  • Source: The DEA's online forms and applications portal, which links to the registration validation tool.
  • Note: A new DEA must include attestation of the one-time 8-hour MATE Act training.

6. Malpractice insurance

  • Verify: Current Certificate of Insurance (COI), plus a complete history of past coverage with carrier names and any gaps.
  • Save: Current COI naming the credentialing entity (or group) where required, with effective and expiration dates.

7. Malpractice and disciplinary history

  • Verify: Run a query against the National Practitioner Data Bank (NPDB) for malpractice payments and adverse actions.
  • Save: The NPDB response in the provider's file.

8. Federal exclusion screens

  • Verify: OIG LEIE, SAM.gov exclusions, and the provider's state Medicaid exclusion list.
  • Cadence: At credentialing, before payer enrollment, and monthly thereafter — see our OIG and SAM.gov verification checklist for the step-by-step.

9. Work history

  • Verify: A continuous five-year work history (NCQA CR 3), with any gap of 30 days or more explained in writing.
  • Source: CAQH ProView is usually sufficient, but be ready to ask the provider for clarification on any unexplained gap.

10. Attestation

  • Verify: The provider's signed attestation is current — within 180 days for NCQA initial credentialing, within 120 days for most payer purposes.
  • Source: CAQH ProView re-attestation date, or your internal attestation form.

How long PSV evidence stays valid

Under NCQA, most PSV elements are valid for 180 days for initial credentialing and the full 36-month cycle for re-credentialing. The clock starts on the date of the verification, not the date the provider's application was signed. Plan accordingly: if PSV starts late in the workflow, individual elements can age out before the file is approved.

The most common audit findings

  • No date on the verification. A screenshot without a date stamp is treated as no verification.
  • Source not identifiable. A printout that does not show the URL or board seal can be challenged.
  • Aged-out elements. NPDB queries and exclusion screens older than 180 days at the credentialing-committee date.
  • Work-history gaps with no explanation. Any gap of 30+ days needs a written explanation from the provider.

Where this fits in the workflow

PSV usually runs in parallel with payer enrollment. For a realistic view of how PSV affects your overall timeline, see our payer enrollment timeline guide. And if you want a tool that performs each PSV step, dates it, and files it for you, see CredentialTrack Pro for credentialing coordinators.

Keep reading