US Medical BillingRevenue cycle solutions
Credentialing

Primary source verification explained

Primary source verification (PSV) is the credentialing step that confirms a provider's qualifications by checking directly with the organization that issued or maintains each credential, rather than relying on a copy or a self-reported statement. It is the evidentiary backbone of credentialing, because a license, board certification, or education record only counts once it has been confirmed against the primary source — the licensing board, the certifying body, the school, or an approved equivalent. The specific elements verified, the acceptable sources, and how long a verification stays current all vary by payer, accrediting body, and jurisdiction, and they change over time.

Updated 7 min read

On this page

Key takeaways

What primary source verification means

Primary source verification means confirming a specific qualification with the entity that is authoritative for it. Instead of accepting a scanned diploma or a photocopied license, the verifier contacts — or queries an approved database maintained by — the issuing authority and confirms that the credential is genuine, currently valid, and free of restrictions that would matter to the review. This is what separates a credentialing file that merely collects documents from one that proves them, and it sits at the center of the broader work described in what is provider credentialing.

The reason PSV exists is risk. Credentials can be forged, lapse, or carry an action that a self-attestation would not reveal. By going to the source, an organization confirms the qualification as it stands at the moment of the check rather than as it appeared whenever a copy was made. What qualifies as an acceptable primary source — and whether a designated equivalent may stand in — is defined by the standards a health plan or facility follows, and those standards are periodically revised.

Source vs. document

What elements are typically verified

The elements subject to primary source verification are drawn from the credentialing file, and the exact list is set by the payer's or facility's policy. The items below are commonly included, but which ones apply — and the acceptable source for each — vary by payer, plan, and state, so the governing standard should always be checked directly.

  • State licensure to practice, confirmed with the relevant state licensing board.
  • Board certification status, confirmed with the certifying board or an approved verification service.
  • Education and postgraduate training, confirmed with the school or program (or an approved equivalent).
  • The Drug Enforcement Administration registration where a provider prescribes controlled substances.
  • Work history and, where required, hospital affiliations or clinical privileging.
  • Sanction, exclusion, and malpractice history checks against the applicable federal and state sources.

Identity anchors such as the National Provider Identifier (NPI) help tie a verified credential to the correct individual, which matters when names are common or a provider has practiced in several states. How these verified elements are assembled and stored is covered in building a credentialing file.

How verification is carried out

Verification methods differ by source. Some authorities publish real-time databases that a credentialing team can query directly; others respond to a written or electronic request; and for a subset, an accrediting body may accept a designated equivalent source in place of contacting the issuer. The workflow below is a general pattern, not a fixed rule — each payer and accrediting body defines acceptable methods and timeframes.

  1. Identify the required elements

    Determine which credentials the governing payer or facility standard requires to be verified for the provider type and setting.
  2. Locate the approved source for each

    Match each element to the primary source or the approved equivalent the standard allows — a state board, a certifying body, a school, or a recognized verification service.
  3. Query or request the confirmation

    Check the source directly, whether by real-time database query, a formal request, or a response letter, depending on what the source supports.
  4. Record the result and its date

    Capture what was confirmed, the source, and the date of verification, because a confirmation reflects only the moment it was made.
  5. Resolve discrepancies before completion

    If a result conflicts with the file — a lapsed license, a restriction, a name mismatch — the issue is investigated and cleared before the credential is treated as verified.

A verification is a snapshot in time

How PSV relates to enrollment and the CAQH profile

Primary source verification is often confused with adjacent steps, but it is distinct from each. It is one component of credentialing, which is itself distinct from provider enrollment — the act of joining a specific payer's network or program. The distinction between those two is explored in credentialing vs. enrollment. PSV also differs from privileging, which governs what a provider is authorized to do within a facility; see credentialing vs. privileging.

How primary source verification differs from related credentialing activities
How primary source verification differs from related credentialing activities
ActivityWhat it doesWho relies on it
Primary source verificationConfirms a credential directly with its issuing authorityPayers and facilities as the evidence behind a decision
CAQH profileCollects and stores self-reported provider data for reuseParticipating payers that pull the attested data
Provider enrollmentAdds a verified provider to a specific payer or programThe individual payer or government program
PrivilegingAuthorizes specific clinical activities within a facilityThe hospital or facility medical staff

A CAQH profile can supply the data a verifier works from, but the CAQH profile is self-reported and does not replace verification with the source.

For Medicare specifically, enrollment runs through the CMS system described in Medicare enrollment with PECOS, using the CMS-855 application family. Verification and enrollment are separate but sequenced activities: a payer generally verifies before it enrolls.

Timing, maintenance, and why it recurs

Because a verification reflects only the date it was performed, credentials must be re-verified on a recurring basis. This is why credentialing is never a one-time event. Standards set how often re-verification occurs, and payers and government programs run their own cycles — recredentialing on the commercial side and revalidation on the Medicare side. Those cycles are described in revalidation and recredentialing.

The interval between checks, the elements that must be re-verified, and the acceptable sources are all set by the governing standard and can change, so the current source is the authority. Verification timing also interacts with the effective date a payer assigns, since a network relationship generally cannot begin until verification and the associated review are complete. Planning around these dependencies is the subject of credentialing timelines and planning.

Rules vary and change

Common questions

Is primary source verification the same as credentialing?

No. Primary source verification is one step within credentialing — the step that confirms qualifications with their issuing authorities. Credentialing is the broader process that also includes collecting the application, reviewing the file, and reaching a decision.

Does a copy of a license count as primary source verification?

No. A photocopy or scan is evidence a credential existed at some point, but it is not a confirmation from the source. Verification requires checking directly with the issuing authority or an approved equivalent to confirm the credential is authentic and currently valid.

Can primary source verification replace enrollment with a payer?

No. Verification confirms qualifications, while enrollment adds a verified provider to a specific payer or program. They are separate steps, and a payer generally verifies credentials before it completes enrollment.

How long is a verification valid?

A verification reflects only the date it was performed, so it has a limited shelf life. The exact window and re-verification interval are set by each payer, accrediting body, and jurisdiction and can change, which is why the current published standard should be checked.

Does the CAQH profile handle primary source verification automatically?

No. A CAQH profile stores self-reported, attested provider data that verifiers and payers can reuse, but the data still has to be confirmed against primary sources. The profile supports verification; it does not perform it.

Authoritative sources

Ready to improve your revenue cycle?

Explore our services and knowledge base to see how we can help.