Primary source verification explained
Primary source verification (PSV) is the credentialing step that confirms a provider's qualifications by checking directly with the organization that issued or maintains each credential, rather than relying on a copy or a self-reported statement. It is the evidentiary backbone of credentialing, because a license, board certification, or education record only counts once it has been confirmed against the primary source — the licensing board, the certifying body, the school, or an approved equivalent. The specific elements verified, the acceptable sources, and how long a verification stays current all vary by payer, accrediting body, and jurisdiction, and they change over time.
Updated 7 min read
On this page
Key takeaways
- Primary source verification confirms a credential with its issuing authority instead of trusting a photocopy or an applicant's word.
- It is a distinct evidentiary step inside credentialing, not a synonym for the whole process or for enrollment.
- Which elements must be verified and from which sources is set by each payer, accrediting body, and state — and it changes over time.
- Some primary sources can be checked electronically in real time, while others require a designated agent, a query, or a written response.
- A verification has a limited shelf life, so timing matters and drives recredentialing and revalidation cycles.
What primary source verification means
Primary source verification means confirming a specific qualification with the entity that is authoritative for it. Instead of accepting a scanned diploma or a photocopied license, the verifier contacts — or queries an approved database maintained by — the issuing authority and confirms that the credential is genuine, currently valid, and free of restrictions that would matter to the review. This is what separates a credentialing file that merely collects documents from one that proves them, and it sits at the center of the broader work described in what is provider credentialing.
The reason PSV exists is risk. Credentials can be forged, lapse, or carry an action that a self-attestation would not reveal. By going to the source, an organization confirms the qualification as it stands at the moment of the check rather than as it appeared whenever a copy was made. What qualifies as an acceptable primary source — and whether a designated equivalent may stand in — is defined by the standards a health plan or facility follows, and those standards are periodically revised.
Source vs. document
What elements are typically verified
The elements subject to primary source verification are drawn from the credentialing file, and the exact list is set by the payer's or facility's policy. The items below are commonly included, but which ones apply — and the acceptable source for each — vary by payer, plan, and state, so the governing standard should always be checked directly.
- State licensure to practice, confirmed with the relevant state licensing board.
- Board certification status, confirmed with the certifying board or an approved verification service.
- Education and postgraduate training, confirmed with the school or program (or an approved equivalent).
- The Drug Enforcement Administration registration where a provider prescribes controlled substances.
- Work history and, where required, hospital affiliations or clinical privileging.
- Sanction, exclusion, and malpractice history checks against the applicable federal and state sources.
Identity anchors such as the National Provider Identifier (NPI) help tie a verified credential to the correct individual, which matters when names are common or a provider has practiced in several states. How these verified elements are assembled and stored is covered in building a credentialing file.
How verification is carried out
Verification methods differ by source. Some authorities publish real-time databases that a credentialing team can query directly; others respond to a written or electronic request; and for a subset, an accrediting body may accept a designated equivalent source in place of contacting the issuer. The workflow below is a general pattern, not a fixed rule — each payer and accrediting body defines acceptable methods and timeframes.
Identify the required elements
Determine which credentials the governing payer or facility standard requires to be verified for the provider type and setting.Locate the approved source for each
Match each element to the primary source or the approved equivalent the standard allows — a state board, a certifying body, a school, or a recognized verification service.Query or request the confirmation
Check the source directly, whether by real-time database query, a formal request, or a response letter, depending on what the source supports.Record the result and its date
Capture what was confirmed, the source, and the date of verification, because a confirmation reflects only the moment it was made.Resolve discrepancies before completion
If a result conflicts with the file — a lapsed license, a restriction, a name mismatch — the issue is investigated and cleared before the credential is treated as verified.
A verification is a snapshot in time
How PSV relates to enrollment and the CAQH profile
Primary source verification is often confused with adjacent steps, but it is distinct from each. It is one component of credentialing, which is itself distinct from provider enrollment — the act of joining a specific payer's network or program. The distinction between those two is explored in credentialing vs. enrollment. PSV also differs from privileging, which governs what a provider is authorized to do within a facility; see credentialing vs. privileging.
| Activity | What it does | Who relies on it |
|---|---|---|
| Primary source verification | Confirms a credential directly with its issuing authority | Payers and facilities as the evidence behind a decision |
| CAQH profile | Collects and stores self-reported provider data for reuse | Participating payers that pull the attested data |
| Provider enrollment | Adds a verified provider to a specific payer or program | The individual payer or government program |
| Privileging | Authorizes specific clinical activities within a facility | The hospital or facility medical staff |
A CAQH profile can supply the data a verifier works from, but the CAQH profile is self-reported and does not replace verification with the source.
For Medicare specifically, enrollment runs through the CMS system described in Medicare enrollment with PECOS, using the CMS-855 application family. Verification and enrollment are separate but sequenced activities: a payer generally verifies before it enrolls.
Timing, maintenance, and why it recurs
Because a verification reflects only the date it was performed, credentials must be re-verified on a recurring basis. This is why credentialing is never a one-time event. Standards set how often re-verification occurs, and payers and government programs run their own cycles — recredentialing on the commercial side and revalidation on the Medicare side. Those cycles are described in revalidation and recredentialing.
The interval between checks, the elements that must be re-verified, and the acceptable sources are all set by the governing standard and can change, so the current source is the authority. Verification timing also interacts with the effective date a payer assigns, since a network relationship generally cannot begin until verification and the associated review are complete. Planning around these dependencies is the subject of credentialing timelines and planning.
Rules vary and change
Common questions
Is primary source verification the same as credentialing?
No. Primary source verification is one step within credentialing — the step that confirms qualifications with their issuing authorities. Credentialing is the broader process that also includes collecting the application, reviewing the file, and reaching a decision.
Does a copy of a license count as primary source verification?
No. A photocopy or scan is evidence a credential existed at some point, but it is not a confirmation from the source. Verification requires checking directly with the issuing authority or an approved equivalent to confirm the credential is authentic and currently valid.
Can primary source verification replace enrollment with a payer?
No. Verification confirms qualifications, while enrollment adds a verified provider to a specific payer or program. They are separate steps, and a payer generally verifies credentials before it completes enrollment.
How long is a verification valid?
A verification reflects only the date it was performed, so it has a limited shelf life. The exact window and re-verification interval are set by each payer, accrediting body, and jurisdiction and can change, which is why the current published standard should be checked.
Does the CAQH profile handle primary source verification automatically?
No. A CAQH profile stores self-reported, attested provider data that verifiers and payers can reuse, but the data still has to be confirmed against primary sources. The profile supports verification; it does not perform it.
Key terms in this article
Defined once, on their own pages.
Continue learning
Where to go next in the credentialing cluster.
What is provider credentialing?
The full process that primary source verification sits inside.
Building a credentialing file
How verified elements are assembled and organized.
The CAQH profile
The self-reported data source verifiers often work from.
Credentialing vs. privileging
How confirming qualifications differs from authorizing clinical activity.
Revalidation and recredentialing
Why verification recurs on payer and program cycles.
Authoritative sources
- Centers for Medicare & Medicaid Services (CMS) (opens in a new tab)
Administers Medicare and Medicaid and publishes provider enrollment and program integrity rules.
- National Committee for Quality Assurance (NCQA) (opens in a new tab)
Publishes credentialing standards, including expectations for verifying credentials with their sources.
- CAQH (opens in a new tab)
Maintains a shared provider data profile used across participating health plans.
